Page MenuHomeIsabelle/Phabricator
Files F1600421

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/metadata/authors.toml b/metadata/authors.toml
--- a/metadata/authors.toml
+++ b/metadata/authors.toml
@@ -1,7450 +1,7459 @@
[abdulaziz]
name = "Mohammad Abdulaziz"
[abdulaziz.emails]
[abdulaziz.emails.abdulaziz_email]
user = [
"mohammad",
"abdulaziz",
]
host = [
"in",
"tum",
"de",
]
[abdulaziz.emails.abdulaziz_email1]
user = [
"mohammad",
"abdulaziz8",
]
host = [
"gmail",
"com",
]
[abdulaziz.homepages]
abdulaziz_homepage = "http://home.in.tum.de/~mansour/"
[adelsberger]
name = "Stephan Adelsberger"
[adelsberger.emails]
[adelsberger.emails.adelsberger_email]
user = [
"stvienna",
]
host = [
"gmail",
"com",
]
[adelsberger.homepages]
adelsberger_homepage = "http://nm.wu.ac.at/nm/sadelsbe"
[aehlig]
name = "Klaus Aehlig"
[aehlig.emails]
[aehlig.homepages]
aehlig_homepage = "http://www.linta.de/~aehlig/"
[aissat]
name = "Romain Aissat"
[aissat.emails]
[aissat.homepages]
[amani]
name = "Sidney Amani"
[amani.emails]
[amani.emails.amani_email]
user = [
"sidney",
"amani",
]
host = [
"data61",
"csiro",
"au",
]
[amani.homepages]
[ammer]
name = "Thomas Ammer"
[ammer.emails]
[ammer.emails.ammer_email]
user = [
"thomas",
"ammer",
]
host = [
"tum",
"de",
]
[ammer.homepages]
[andreka]
name = "Hajnal Andreka"
[andreka.emails]
[andreka.homepages]
andreka_homepage = "https://renyi.hu/en/researchers/hajnal-andreka"
[andronick]
name = "June Andronick"
[andronick.emails]
[andronick.homepages]
[aransay]
name = "Jesús Aransay"
[aransay.emails]
[aransay.emails.aransay_email]
user = [
"jesus-maria",
"aransay",
]
host = [
"unirioja",
"es",
]
[aransay.homepages]
aransay_homepage = "https://www.unirioja.es/cu/jearansa"
[argyraki]
name = "Angeliki Koutsoukou-Argyraki"
[argyraki.emails]
[argyraki.emails.argyraki_email]
user = [
"ak2110",
]
host = [
"cam",
"ac",
"uk",
]
[argyraki.homepages]
argyraki_homepage = "https://www.cl.cam.ac.uk/~ak2110/"
argyraki_homepage2 = "https://www.cst.cam.ac.uk/people/ak2110"
[armstrong]
name = "Alasdair Armstrong"
[armstrong.emails]
[armstrong.homepages]
[aspinall]
name = "David Aspinall"
[aspinall.emails]
[aspinall.homepages]
aspinall_homepage = "http://homepages.inf.ed.ac.uk/da/"
[ausaf]
name = "Fahad Ausaf"
[ausaf.emails]
[ausaf.homepages]
ausaf_homepage = "http://kcl.academia.edu/FahadAusaf"
[avigad]
name = "Jeremy Avigad"
[avigad.emails]
[avigad.emails.avigad_email]
user = [
"avigad",
]
host = [
"cmu",
"edu",
]
[avigad.homepages]
avigad_homepage = "http://www.andrew.cmu.edu/user/avigad/"
[back]
name = "Ralph-Johan Back"
[back.emails]
[back.homepages]
back_homepage = "http://users.abo.fi/Ralph-Johan.Back/"
[baksys]
name = "Mantas Bakšys"
[baksys.emails]
[baksys.emails.baksys_email]
user = [
"mb2412",
]
host = [
"cam",
"ac",
"uk",
]
[baksys.homepages]
baksys_homepage = "https://github.com/MantasBaksys"
[balbach]
name = "Frank J. Balbach"
[balbach.emails]
[balbach.emails.balbach_email]
user = [
"frank-balbach",
]
host = [
"gmx",
"de",
]
[balbach.homepages]
[ballarin]
name = "Clemens Ballarin"
[ballarin.emails]
[ballarin.emails.ballarin_email]
user = [
"ballarin",
]
host = [
"in",
"tum",
"de",
]
[ballarin.homepages]
ballarin_homepage = "http://www21.in.tum.de/~ballarin/"
[barsotti]
name = "Damián Barsotti"
[barsotti.emails]
[barsotti.homepages]
barsotti_homepage = "http://www.cs.famaf.unc.edu.ar/~damian/"
[bauer]
name = "Gertrud Bauer"
[bauer.emails]
[bauer.homepages]
[bauereiss]
name = "Thomas Bauereiss"
[bauereiss.emails]
[bauereiss.emails.bauereiss_email]
user = [
"thomas",
]
host = [
"bauereiss",
"name",
]
[bauereiss.homepages]
[bayer]
name = "Jonas Bayer"
[bayer.emails]
[bayer.emails.bayer_email]
user = [
"jonas",
"bayer999",
]
host = [
"gmail",
"com",
]
[bayer.homepages]
[becker]
name = "Heiko Becker"
[becker.emails]
[becker.emails.becker_email]
user = [
"hbecker",
]
host = [
"mpi-sws",
"org",
]
[becker.homepages]
[beeren]
name = "Joel Beeren"
[beeren.emails]
[beeren.homepages]
[bella]
name = "Giampaolo Bella"
[bella.emails]
[bella.emails.bella_email]
user = [
"giamp",
]
host = [
"dmi",
"unict",
"it",
]
[bella.homepages]
bella_homepage = "http://www.dmi.unict.it/~giamp/"
[bengtson]
name = "Jesper Bengtson"
[bengtson.emails]
[bengtson.homepages]
bengtson_homepage = "http://www.itu.dk/people/jebe"
[bentkamp]
name = "Alexander Bentkamp"
[bentkamp.emails]
[bentkamp.emails.bentkamp_email]
user = [
"bentkamp",
]
host = [
"gmail",
"com",
]
[bentkamp.emails.bentkamp_email1]
user = [
"a",
"bentkamp",
]
host = [
"vu",
"nl",
]
[bentkamp.homepages]
bentkamp_homepage = "https://www.cs.vu.nl/~abp290/"
[benzmueller]
name = "Christoph Benzmüller"
[benzmueller.emails]
[benzmueller.emails.benzmueller_email]
user = [
"c",
"benzmueller",
]
host = [
"gmail",
"com",
]
[benzmueller.emails.benzmueller_email1]
user = [
"c",
"benzmueller",
]
host = [
"fu-berlin",
"de",
]
[benzmueller.homepages]
benzmueller_homepage = "http://christoph-benzmueller.de"
benzmueller_homepage1 = "http://page.mi.fu-berlin.de/cbenzmueller/"
[beresford]
name = "Alastair R. Beresford"
[beresford.emails]
[beresford.emails.beresford_email]
user = [
"arb33",
]
host = [
"cam",
"ac",
"uk",
]
[beresford.homepages]
[berghofer]
name = "Stefan Berghofer"
[berghofer.emails]
[berghofer.emails.berghofer_email]
user = [
"berghofe",
]
host = [
"in",
"tum",
"de",
]
[berghofer.homepages]
berghofer_homepage = "http://www.in.tum.de/~berghofe"
[beringer]
name = "Lennart Beringer"
[beringer.emails]
[beringer.emails.beringer_email]
user = [
"lennart",
"beringer",
]
host = [
"ifi",
"lmu",
"de",
]
[beringer.homepages]
[bharadwaj]
name = "Abhijith Bharadwaj"
[bharadwaj.emails]
[bharadwaj.homepages]
[bhatt]
name = "Bhargav Bhatt"
[bhatt.emails]
[bhatt.emails.bhatt_email]
user = [
"bhargav",
"bhatt",
]
host = [
"inf",
"ethz",
"ch",
]
[bhatt.homepages]
[biendarra]
name = "Julian Biendarra"
[biendarra.emails]
[biendarra.homepages]
[bisping]
name = "Benjamin Bisping"
+orcid = "0000-0002-0637-0171"
[bisping.emails]
[bisping.emails.bisping_email]
user = [
"benjamin",
"bisping",
]
host = [
- "campus",
"tu-berlin",
"de",
]
[bisping.homepages]
+bisping_homepage = "https://bbisping.de"
[blanchette]
name = "Jasmin Christian Blanchette"
[blanchette.emails]
[blanchette.emails.blanchette_email]
user = [
"jasmin",
"blanchette",
]
host = [
"gmail",
"com",
]
[blanchette.emails.blanchette_email1]
user = [
"j",
"c",
"blanchette",
]
host = [
"vu",
"nl",
]
[blanchette.homepages]
blanchette_homepage = "http://www21.in.tum.de/~blanchet"
blanchette_homepage1 = "https://www.cs.vu.nl/~jbe248/"
[blasum]
name = "Holger Blasum"
[blasum.emails]
[blasum.emails.blasum_email]
user = [
"holger",
"blasum",
]
host = [
"sysgo",
"com",
]
[blasum.homepages]
[blumson]
name = "Ben Blumson"
[blumson.emails]
[blumson.emails.blumson_email]
user = [
"benblumson",
]
host = [
"gmail",
"com",
]
[blumson.homepages]
blumson_homepage = "https://philpeople.org/profiles/ben-blumson"
[bockenek]
name = "Joshua Bockenek"
[bockenek.emails]
[bockenek.homepages]
[boehme]
name = "Sascha Böhme"
[boehme.emails]
[boehme.emails.boehme_email]
user = [
"boehmes",
]
host = [
"in",
"tum",
"de",
]
[boehme.homepages]
boehme_homepage = "http://www21.in.tum.de/~boehmes/"
[bohrer]
name = "Rose Bohrer"
[bohrer.emails]
[bohrer.emails.bohrer_email]
user = [
"rose",
"bohrer",
"cs",
]
host = [
"gmail",
"com",
]
[bohrer.homepages]
[bordg]
name = "Anthony Bordg"
[bordg.emails]
[bordg.emails.bordg_email]
user = [
"apdb3",
]
host = [
"cam",
"ac",
"uk",
]
[bordg.homepages]
bordg_homepage = "https://sites.google.com/site/anthonybordg/"
[borgstroem]
name = "Johannes Borgström"
[borgstroem.emails]
[borgstroem.emails.borgstroem_email]
user = [
"johannes",
"borgstrom",
]
host = [
"it",
"uu",
"se",
]
[borgstroem.homepages]
[bortin]
name = "Maksym Bortin"
[bortin.emails]
[bortin.emails.bortin_email]
user = [
"maksym",
"bortin",
]
host = [
"nicta",
"com",
"au",
]
[bortin.emails.bortin_email1]
user = [
"mbortin",
]
host = [
"gmail",
"com",
]
[bortin.homepages]
[bottesch]
name = "Ralph Bottesch"
[bottesch.emails]
[bottesch.emails.bottesch_email]
user = [
"ralph",
"bottesch",
]
host = [
"uibk",
"ac",
"at",
]
[bottesch.homepages]
bottesch_homepage = "http://cl-informatik.uibk.ac.at/users/bottesch/"
[boulanger]
name = "Frédéric Boulanger"
[boulanger.emails]
[boulanger.emails.boulanger_email]
user = [
"frederic",
"boulanger",
]
host = [
"centralesupelec",
"fr",
]
[boulanger.homepages]
[bourke]
name = "Timothy Bourke"
[bourke.emails]
[bourke.emails.bourke_email]
user = [
"tim",
]
host = [
"tbrk",
"org",
]
[bourke.homepages]
bourke_homepage = "http://www.tbrk.org"
[boutry]
name = "Pierre Boutry"
[boutry.emails]
[boutry.emails.boutry_email]
user = [
"boutry",
]
host = [
"unistra",
"fr",
]
[boutry.homepages]
[boyton]
name = "Andrew Boyton"
[boyton.emails]
[boyton.emails.boyton_email]
user = [
"andrew",
"boyton",
]
host = [
"nicta",
"com",
"au",
]
[boyton.homepages]
[bracevac]
name = "Oliver Bračevac"
[bracevac.emails]
[bracevac.emails.bracevac_email]
user = [
"bracevac",
]
host = [
"st",
"informatik",
"tu-darmstadt",
"de",
]
[bracevac.homepages]
[brandt]
name = "Felix Brandt"
[brandt.emails]
[brandt.homepages]
brandt_homepage = "http://dss.in.tum.de/staff/brandt.html"
[breitner]
name = "Joachim Breitner"
[breitner.emails]
[breitner.emails.breitner_email]
user = [
"mail",
]
host = [
"joachim-breitner",
"de",
]
[breitner.emails.breitner_email1]
user = [
"joachim",
]
host = [
"cis",
"upenn",
"edu",
]
[breitner.homepages]
breitner_homepage = "http://pp.ipd.kit.edu/~breitner"
[brien]
name = "Nicolas Robinson-O'Brien"
[brien.emails]
[brien.homepages]
[brinkop]
name = "Hauke Brinkop"
[brinkop.emails]
[brinkop.emails.brinkop_email]
user = [
"hauke",
"brinkop",
]
host = [
"googlemail",
"com",
]
[brinkop.homepages]
[brodmann]
name = "Paul-David Brodmann"
[brodmann.emails]
[brodmann.emails.brodmann_email]
user = [
"p",
"brodmann",
]
host = [
"tu-berlin",
"de",
]
[brodmann.homepages]
[brucker]
name = "Achim D. Brucker"
[brucker.emails]
[brucker.emails.brucker_email]
user = [
"a",
"brucker",
]
host = [
"exeter",
"ac",
"uk",
]
[brucker.emails.brucker_email2]
user = [
"adbrucker",
]
host = [
"0x5f",
"org",
]
[brucker.homepages]
brucker_homepage = "https://www.brucker.ch/"
[bruegger]
name = "Lukas Brügger"
[bruegger.emails]
[bruegger.emails.bruegger_email]
user = [
"lukas",
"a",
"bruegger",
]
host = [
"gmail",
"com",
]
[bruegger.homepages]
[brun]
name = "Matthias Brun"
[brun.emails]
[brun.emails.brun_email]
user = [
"matthias",
"brun",
]
host = [
"inf",
"ethz",
"ch",
]
[brun.homepages]
[brunner]
name = "Julian Brunner"
[brunner.emails]
[brunner.emails.brunner_email]
user = [
"brunnerj",
]
host = [
"in",
"tum",
"de",
]
[brunner.homepages]
brunner_homepage = "http://www21.in.tum.de/~brunnerj/"
[bulwahn]
name = "Lukas Bulwahn"
[bulwahn.emails]
[bulwahn.emails.bulwahn_email]
user = [
"lukas",
"bulwahn",
]
host = [
"gmail",
"com",
]
[bulwahn.homepages]
[butler]
name = "David Butler"
[butler.emails]
[butler.emails.butler_email]
user = [
"dbutler",
]
host = [
"turing",
"ac",
"uk",
]
[butler.homepages]
butler_homepage = "https://www.turing.ac.uk/people/doctoral-students/david-butler"
[buyse]
name = "Maxime Buyse"
[buyse.emails]
[buyse.emails.buyse_email]
user = [
"maxime",
"buyse",
]
host = [
"polytechnique",
"edu",
]
[buyse.homepages]
[caballero]
name = "José Manuel Rodríguez Caballero"
[caballero.emails]
[caballero.emails.caballero_email]
user = [
"jose",
"manuel",
"rodriguez",
"caballero",
]
host = [
"ut",
"ee",
]
[caballero.homepages]
caballero_homepage = "https://josephcmac.github.io/"
[calk]
name = "Cameron Calk"
[calk.emails]
[calk.homepages]
[caminati]
name = "Marco B. Caminati"
[caminati.emails]
[caminati.homepages]
[campo]
name = "Alejandro del Campo"
[campo.emails]
[campo.emails.campo_email]
user = [
"alejandro",
"del-campo",
]
host = [
"alum",
"unirioja",
"es",
]
[campo.homepages]
[chaieb]
name = "Amine Chaieb"
[chaieb.emails]
[chaieb.homepages]
[chapman]
name = "Peter Chapman"
[chapman.emails]
[chapman.emails.chapman_email]
user = [
"pc",
]
host = [
"cs",
"st-andrews",
"ac",
"uk",
]
[chapman.homepages]
[chen]
name = "L. Chen"
[chen.emails]
[chen.homepages]
[chevalier]
name = "Loïc Chevalier"
[chevalier.emails]
[chevalier.homepages]
[christfort]
name = "Axel Christfort"
[christfort.emails]
[christfort.emails.christfort_email]
user = [
"axel",
]
host = [
"di",
"ku",
"dk",
]
[christfort.homepages]
[clouston]
name = "Ranald Clouston"
[clouston.emails]
[clouston.emails.clouston_email]
user = [
"ranald",
"clouston",
]
host = [
"cs",
"au",
"dk",
]
[clouston.homepages]
[cock]
name = "David Cock"
[cock.emails]
[cock.emails.cock_email]
user = [
"david",
"cock",
]
host = [
"nicta",
"com",
"au",
]
[cock.homepages]
[coghetto]
name = "Roland Coghetto"
[coghetto.emails]
[coghetto.emails.coghetto_email]
user = [
"roland_coghetto",
]
host = [
"hotmail",
"com",
]
[coghetto.homepages]
[coglio]
name = "Alessandro Coglio"
[coglio.emails]
[coglio.emails.coglio_email]
user = [
"coglio",
]
host = [
"kestrel",
"edu",
]
[coglio.homepages]
coglio_homepage = "http://www.kestrel.edu/~coglio"
[cohen]
name = "Ernie Cohen"
[cohen.emails]
[cohen.emails.cohen_email]
user = [
"ecohen",
]
host = [
"amazon",
"com",
]
[cohen.homepages]
[cordwell]
name = "Katherine Kosaian"
[cordwell.emails]
[cordwell.emails.cordwell_email]
user = [
"kcordwel",
]
host = [
"cs",
"cmu",
"edu",
]
[cordwell.homepages]
cordwell_homepage = "https://www.cs.cmu.edu/~kcordwel/"
[cousin]
name = "Marie Cousin"
[cousin.emails]
[cousin.emails.cousin_email]
user = [
"marie",
"cousin",
]
host = [
"grenoble-inp",
"org",
]
[cousin.homepages]
[cremer]
name = "Nils Cremer"
[cremer.emails]
[cremer.emails.cremer_email]
user = [
"nils",
"cremer",
]
host = [
"tum",
"de",
]
[cremer.homepages]
[crighton]
name = "Aaron Crighton"
[crighton.emails]
[crighton.emails.crighton_email]
user = [
"crightoa",
]
host = [
"mcmaster",
"ca",
]
[crighton.homepages]
[dalvit]
name = "Christian Dalvit"
[dalvit.emails]
[dalvit.emails.dalvit_email]
user = [
"chris",
"dalvit",
]
host = [
"gmail",
"com",
]
[dalvit.homepages]
[danilkin]
name = "Anton Danilkin"
[danilkin.emails]
[danilkin.emails.danilkin_email]
user = [
"anton",
"danilkin",
]
host = [
"ens",
"psl",
"eu",
]
[danilkin.homepages]
[dardinier]
name = "Thibault Dardinier"
[dardinier.emails]
[dardinier.emails.dardinier_email]
user = [
"thibault",
"dardinier",
]
host = [
"inf",
"ethz",
"ch",
]
[dardinier.homepages]
dardinier_homepage = "https://dardinier.me/"
[david]
name = "Marco David"
[david.emails]
[david.emails.david_email]
user = [
"marco",
"david",
]
host = [
"hotmail",
"de",
]
[david.homepages]
[debois]
name = "Søren Debois"
[debois.emails]
[debois.homepages]
[debrat]
name = "Henri Debrat"
[debrat.emails]
[debrat.emails.debrat_email]
user = [
"henri",
"debrat",
]
host = [
"loria",
"fr",
]
[debrat.homepages]
[decova]
name = "Sára Decova"
[decova.emails]
[decova.homepages]
[delemazure]
name = "Théo Delemazure"
[delemazure.emails]
[delemazure.homepages]
delemazure_homepage = "https://theo.delemazure.fr/"
[demeulemeester]
name = "Tom Demeulemeester"
[demeulemeester.emails]
[demeulemeester.homepages]
demeulemeester_homepage = "https://www.kuleuven.be/wieiswie/en/person/00131528"
[derrick]
name = "John Derrick"
[derrick.emails]
[derrick.emails.derrick_email]
user = [
"j",
"derrick",
]
host = [
"sheffield",
"ac",
"uk",
]
[derrick.homepages]
[desharnais]
name = "Martin Desharnais"
[desharnais.emails]
[desharnais.emails.desharnais_email]
user = [
"martin",
"desharnais",
]
host = [
"unibw",
"de",
]
[desharnais.emails.desharnais_email1]
user = [
"desharnais",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[desharnais.homepages]
desharnais_homepage = "https://martin.desharnais.me"
[diaz]
name = "Javier Díaz"
[diaz.emails]
[diaz.emails.diaz_email]
user = [
"javier",
"diaz",
"manzi",
]
host = [
"gmail",
"com",
]
[diaz.homepages]
[diekmann]
name = "Cornelius Diekmann"
[diekmann.emails]
[diekmann.emails.diekmann_email]
user = [
"diekmann",
]
host = [
"net",
"in",
"tum",
"de",
]
[diekmann.homepages]
diekmann_homepage = "http://net.in.tum.de/~diekmann"
[dirix]
name = "Stefan Dirix"
[dirix.emails]
[dirix.homepages]
[dittmann]
name = "Christoph Dittmann"
[dittmann.emails]
[dittmann.emails.dittmann_email]
user = [
"isabelle",
]
host = [
"christoph-d",
"de",
]
[dittmann.homepages]
dittmann_homepage = "http://logic.las.tu-berlin.de/Members/Dittmann/"
[divason]
name = "Jose Divasón"
[divason.emails]
[divason.emails.divason_email]
user = [
"jose",
"divason",
]
host = [
"unirioja",
"es",
]
[divason.homepages]
divason_homepage = "https://www.unirioja.es/cu/jodivaso/"
[doczkal]
name = "Christian Doczkal"
[doczkal.emails]
[doczkal.emails.doczkal_email]
user = [
"doczkal",
]
host = [
"ps",
"uni-saarland",
"de",
]
[doczkal.homepages]
[dongol]
name = "Brijesh Dongol"
[dongol.emails]
[dongol.emails.dongol_email]
user = [
"brijesh",
"dongol",
]
host = [
"brunel",
"ac",
"uk",
]
[dongol.homepages]
[doty]
name = "Matthew Doty"
[doty.emails]
[doty.emails.doty_email]
user = [
"matt",
]
host = [
"w-d",
"org",
]
[doty.homepages]
[dubut]
name = "Jérémy Dubut"
[dubut.emails]
[dubut.emails.dubut_email]
user = [
"dubut",
]
host = [
"nii",
"ac",
"jp",
]
[dubut.emails.dubut_email1]
user = [
"jeremy",
"dubut",
]
host = [
"aist",
"go",
"jp",
]
[dubut.homepages]
dubut_homepage = "http://group-mmm.org/~dubut/"
[dunaev]
name = "Georgy Dunaev"
[dunaev.emails]
[dunaev.emails.dunaev_email]
user = [
"georgedunaev",
]
host = [
"gmail",
"com",
]
[dunaev.homepages]
[dyckhoff]
name = "Roy Dyckhoff"
[dyckhoff.emails]
[dyckhoff.homepages]
dyckhoff_homepage = "https://rd.host.cs.st-andrews.ac.uk"
[eberl]
name = "Manuel Eberl"
orcid = "0000-0002-4263-6571"
[eberl.emails]
[eberl.emails.eberl_email]
user = [
"manuel",
]
host = [
"pruvisto",
"org",
]
[eberl.emails.eberl_email1]
user = [
"manuel",
"eberl",
]
host = [
"tum",
"de",
]
[eberl.emails.eberl_email2]
user = [
"manuel",
"eberl",
]
host = [
"uibk",
"ac",
"at",
]
[eberl.homepages]
eberl_homepage = "https://pruvisto.org/"
eberl_homepage2 = "https://www.in.tum.de/~eberlm"
[echenim]
name = "Mnacho Echenim"
[echenim.emails]
[echenim.emails.echenim_email]
user = [
"mnacho",
"echenim",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[echenim.homepages]
echenim_homepage = "https://lig-membres.imag.fr/mechenim/"
[edmonds]
name = "Chelsea Edmonds"
[edmonds.emails]
[edmonds.emails.edmonds_email]
user = [
"cle47",
]
host = [
"cam",
"ac",
"uk",
]
[edmonds.homepages]
edmonds_homepage = "https://www.cst.cam.ac.uk/people/cle47"
[engelhardt]
name = "Kai Engelhardt"
[engelhardt.emails]
[engelhardt.homepages]
[eriksson]
name = "Lars-Henrik Eriksson"
[eriksson.emails]
[eriksson.emails.eriksson_email]
user = [
"lhe",
]
host = [
"it",
"uu",
"se",
]
[eriksson.homepages]
[esparza]
name = "Javier Esparza"
[esparza.emails]
[esparza.homepages]
esparza_homepage = "https://www7.in.tum.de/~esparza/"
[essmann]
name = "Robin Eßmann"
[essmann.emails]
[essmann.emails.essmann_email]
user = [
"robin",
"essmann",
]
host = [
"tum",
"de",
]
[essmann.homepages]
[felgenhauer]
name = "Bertram Felgenhauer"
[felgenhauer.emails]
[felgenhauer.emails.felgenhauer_email]
user = [
"bertram",
"felgenhauer",
]
host = [
"uibk",
"ac",
"at",
]
[felgenhauer.emails.felgenhauer_email1]
user = [
"int-e",
]
host = [
"gmx",
"de",
]
[felgenhauer.homepages]
[feliachi]
name = "Abderrahmane Feliachi"
[feliachi.emails]
[feliachi.emails.feliachi_email]
user = [
"abderrahmane",
"feliachi",
]
host = [
"lri",
"fr",
]
[feliachi.homepages]
[fell]
name = "Julian Fell"
[fell.emails]
[fell.emails.fell_email]
user = [
"julian",
"fell",
]
host = [
"uq",
"net",
"au",
]
[fell.homepages]
[fernandez]
name = "Matthew Fernandez"
[fernandez.emails]
[fernandez.homepages]
[fiedler]
name = "Ben Fiedler"
[fiedler.emails]
[fiedler.emails.fiedler_email]
user = [
"ben",
"fiedler",
]
host = [
"inf",
"ethz",
"ch",
]
[fiedler.homepages]
[fleuriot]
name = "Jacques D. Fleuriot"
[fleuriot.emails]
[fleuriot.emails.fleuriot_email]
user = [
"Jacques",
"Fleuriot",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.emails.fleuriot_email1]
user = [
"jdf",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.homepages]
fleuriot_homepage = "https://www.inf.ed.ac.uk/people/staff/Jacques_Fleuriot.html"
[fleury]
name = "Mathias Fleury"
[fleury.emails]
[fleury.emails.fleury_email]
user = [
"fleury",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[fleury.emails.fleury_email1]
user = [
"mathias",
"fleury",
]
host = [
"jku",
"at",
]
[fleury.homepages]
fleury_homepage = "http://fmv.jku.at/fleury"
[foster]
name = "Michael Foster"
[foster.emails]
[foster.emails.foster_email]
user = [
"m",
"foster",
]
host = [
"sheffield",
"ac",
"uk",
]
[foster.homepages]
[fosterj]
name = "J. Nathan Foster"
[fosterj.emails]
[fosterj.homepages]
fosterj_homepage = "http://www.cs.cornell.edu/~jnfoster/"
[fosters]
name = "Simon Foster"
[fosters.emails]
[fosters.emails.fosters_email]
user = [
"simon",
"foster",
]
host = [
"york",
"ac",
"uk",
]
[fosters.homepages]
fosters_homepage = "https://www-users.cs.york.ac.uk/~simonf/"
[fouillard]
name = "Valentin Fouillard"
[fouillard.emails]
[fouillard.emails.fouillard_email]
user = [
"valentin",
"fouillard",
]
host = [
"limsi",
"fr",
]
[fouillard.homepages]
[friedrich]
name = "Stefan Friedrich"
[friedrich.emails]
[friedrich.homepages]
[from]
name = "Asta Halkjær From"
[from.emails]
[from.emails.from_email]
user = [
"ahfrom",
]
host = [
"dtu",
"dk",
]
[from.homepages]
from_homepage = "https://people.compute.dtu.dk/ahfrom/"
[fuenmayor]
name = "David Fuenmayor"
[fuenmayor.emails]
[fuenmayor.emails.fuenmayor_email]
user = [
"davfuenmayor",
]
host = [
"gmail",
"com",
]
[fuenmayor.homepages]
[furusawa]
name = "Hitoshi Furusawa"
[furusawa.emails]
[furusawa.homepages]
furusawa_homepage = "http://www.sci.kagoshima-u.ac.jp/~furusawa/"
[gammie]
name = "Peter Gammie"
[gammie.emails]
[gammie.emails.gammie_email]
user = [
"peteg42",
]
host = [
"gmail",
"com",
]
[gammie.homepages]
gammie_homepage = "http://peteg.org"
[gao]
name = "Xin Gao"
[gao.emails]
[gao.homepages]
[gaudel]
name = "Marie-Claude Gaudel"
[gaudel.emails]
[gaudel.emails.gaudel_email]
user = [
"mcg",
]
host = [
"lri",
"fr",
]
[gaudel.homepages]
[gay]
name = "Richard Gay"
[gay.emails]
[gay.emails.gay_email]
user = [
"gay",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[gay.homepages]
[georgescu]
name = "George Georgescu"
[georgescu.emails]
[georgescu.homepages]
[gheri]
name = "Lorenzo Gheri"
[gheri.emails]
[gheri.emails.gheri_email]
user = [
"lor",
"gheri",
]
host = [
"gmail",
"com",
]
[gheri.homepages]
[ghourabi]
name = "Fadoua Ghourabi"
[ghourabi.emails]
[ghourabi.emails.ghourabi_email]
user = [
"fadouaghourabi",
]
host = [
"gmail",
"com",
]
[ghourabi.homepages]
[gioiosa]
name = "Gianpaolo Gioiosa"
[gioiosa.emails]
[gioiosa.homepages]
[glabbeek]
name = "Rob van Glabbeek"
[glabbeek.emails]
[glabbeek.homepages]
glabbeek_homepage = "http://theory.stanford.edu/~rvg/"
[gomes]
name = "Victor B. F. Gomes"
[gomes.emails]
[gomes.emails.gomes_email]
user = [
"victor",
"gomes",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[gomes.emails.gomes_email2]
user = [
"victorborgesfg",
]
host = [
"gmail",
"com",
]
[gomes.emails.gomes_email4]
user = [
"vborgesferreiragomes1",
]
host = [
"sheffield",
"ac",
"uk",
]
[gomes.homepages]
gomes_homepage = "http://www.dcs.shef.ac.uk/~victor"
[gonzalez]
name = "Edgar Gonzàlez"
orcid = "0000-0002-9169-0769"
[gonzalez.emails]
[gonzalez.emails.gonzalez_email]
user = [
"edgargip",
]
host = [
"google",
"com",
]
[gonzalez.homepages]
[gore]
name = "Rajeev Gore"
[gore.emails]
[gore.emails.gore_email]
user = [
"rajeev",
"gore",
]
host = [
"anu",
"edu",
"au",
]
[gore.homepages]
[gouezel]
name = "Sebastien Gouezel"
[gouezel.emails]
[gouezel.emails.gouezel_email]
user = [
"sebastien",
"gouezel",
]
host = [
"univ-rennes1",
"fr",
]
[gouezel.homepages]
gouezel_homepage = "http://www.math.sciences.univ-nantes.fr/~gouezel/"
[grechuk]
name = "Bogdan Grechuk"
[grechuk.emails]
[grechuk.emails.grechuk_email]
user = [
"grechukbogdan",
]
host = [
"yandex",
"ru",
]
[grechuk.homepages]
[grewe]
name = "Sylvia Grewe"
[grewe.emails]
[grewe.emails.grewe_email]
user = [
"grewe",
]
host = [
"cs",
"tu-darmstadt",
"de",
]
[grewe.homepages]
[griebel]
name = "Simon Griebel"
[griebel.emails]
[griebel.emails.griebel_email]
user = [
"s",
"griebel",
]
host = [
"tum",
"de",
]
[griebel.homepages]
[grov]
name = "Gudmund Grov"
[grov.emails]
[grov.emails.grov_email]
user = [
"ggrov",
]
host = [
"inf",
"ed",
"ac",
"uk",
]
[grov.homepages]
grov_homepage = "http://homepages.inf.ed.ac.uk/ggrov"
[guerraoui]
name = "Rachid Guerraoui"
[guerraoui.emails]
[guerraoui.emails.guerraoui_email]
user = [
"rachid",
"guerraoui",
]
host = [
"epfl",
"ch",
]
[guerraoui.homepages]
[guiol]
name = "Hervé Guiol"
[guiol.emails]
[guiol.emails.guiol_email]
user = [
"herve",
"guiol",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[guiol.homepages]
[gunther]
name = "Emmanuel Gunther"
[gunther.emails]
[gunther.emails.gunther_email]
user = [
"gunther",
]
host = [
"famaf",
"unc",
"edu",
"ar",
]
[gunther.homepages]
[gutkovas]
name = "Ramunas Gutkovas"
[gutkovas.emails]
[gutkovas.emails.gutkovas_email]
user = [
"ramunas",
"gutkovas",
]
host = [
"it",
"uu",
"se",
]
[gutkovas.homepages]
[guttmann]
name = "Walter Guttmann"
[guttmann.emails]
[guttmann.emails.guttmann_email]
user = [
"walter",
"guttmann",
]
host = [
"canterbury",
"ac",
"nz",
]
[guttmann.homepages]
guttmann_homepage = "https://www.cosc.canterbury.ac.nz/walter.guttmann/"
[guzman]
name = "Laura P. Gamboa Guzman"
[guzman.emails]
[guzman.emails.guzman_email]
user = [
"lpgamboa",
]
host = [
"iastate",
"edu",
]
[guzman.homepages]
guzman_homepage = "https://sites.google.com/view/lpgamboa/home"
[haftmann]
name = "Florian Haftmann"
[haftmann.emails]
[haftmann.emails.haftmann_email]
user = [
"florian",
"haftmann",
]
host = [
"informatik",
"tu-muenchen",
"de",
]
[haftmann.homepages]
haftmann_homepage = "http://isabelle.in.tum.de/~haftmann"
[haslbeck]
name = "Max W. Haslbeck"
[haslbeck.emails]
[haslbeck.emails.haslbeck_email]
user = [
"maximilian",
"haslbeck",
]
host = [
"uibk",
"ac",
"at",
]
[haslbeck.emails.haslbeck_email1]
user = [
"haslbecm",
]
host = [
"in",
"tum",
"de",
]
[haslbeck.emails.haslbeck_email2]
user = [
"max",
"haslbeck",
]
host = [
"gmx",
"de",
]
[haslbeck.homepages]
haslbeck_homepage = "http://cl-informatik.uibk.ac.at/users/mhaslbeck/"
[haslbeckm]
name = "Maximilian P. L. Haslbeck"
[haslbeckm.emails]
[haslbeckm.emails.haslbeckm_email]
user = [
"haslbema",
]
host = [
"in",
"tum",
"de",
]
[haslbeckm.homepages]
haslbeckm_homepage = "http://in.tum.de/~haslbema/"
[havle]
name = "Oto Havle"
[havle.emails]
[havle.emails.havle_email]
user = [
"oha",
]
host = [
"sysgo",
"com",
]
[havle.homepages]
[hayes]
name = "Ian J. Hayes"
[hayes.emails]
[hayes.emails.hayes_email]
user = [
"ian",
"hayes",
]
host = [
"itee",
"uq",
"edu",
"au",
]
[hayes.homepages]
[he]
name = "Yijun He"
[he.emails]
[he.emails.he_email]
user = [
"yh403",
]
host = [
"cam",
"ac",
"uk",
]
[he.homepages]
[heimes]
name = "Lukas Heimes"
[heimes.emails]
[heimes.emails.heimes_email]
user = [
"heimesl",
]
host = [
"student",
"ethz",
"ch",
]
[heimes.homepages]
[helke]
name = "Steffen Helke"
[helke.emails]
[helke.emails.helke_email]
user = [
"helke",
]
host = [
"cs",
"tu-berlin",
"de",
]
[helke.homepages]
[hellauer]
name = "Fabian Hellauer"
[hellauer.emails]
[hellauer.emails.hellauer_email]
user = [
"hellauer",
]
host = [
"in",
"tum",
"de",
]
[hellauer.homepages]
[heller]
name = "Armin Heller"
[heller.emails]
[heller.homepages]
[henrio]
name = "Ludovic Henrio"
[henrio.emails]
[henrio.emails.henrio_email]
user = [
"Ludovic",
"Henrio",
]
host = [
"sophia",
"inria",
"fr",
]
[henrio.homepages]
[herzberg]
name = "Michael Herzberg"
[herzberg.emails]
[herzberg.emails.herzberg_email]
user = [
"mail",
]
host = [
"michael-herzberg",
"de",
]
[herzberg.homepages]
herzberg_homepage = "http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg"
[hess]
name = "Andreas V. Hess"
[hess.emails]
[hess.emails.hess_email]
user = [
"avhe",
]
host = [
"dtu",
"dk",
]
[hess.emails.hess_email1]
user = [
"andreasvhess",
]
host = [
"gmail",
"com",
]
[hess.homepages]
[hetzl]
name = "Stefan Hetzl"
[hetzl.emails]
[hetzl.emails.hetzl_email]
user = [
"hetzl",
]
host = [
"logic",
"at",
]
[hetzl.homepages]
hetzl_homepage = "http://www.logic.at/people/hetzl/"
[hibon]
name = "Quentin Hibon"
[hibon.emails]
[hibon.emails.hibon_email]
user = [
"qh225",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[hibon.homepages]
[higgins]
name = "Edward Higgins"
[higgins.emails]
[higgins.homepages]
[hirata]
name = "Michikazu Hirata"
[hirata.emails]
[hirata.emails.hirata_email]
user = [
"hirata",
"m",
"ac",
]
host = [
"m",
"titech",
"ac",
"jp",
]
[hirata.homepages]
[hoefner]
name = "Peter Höfner"
[hoefner.emails]
[hoefner.emails.hoefner_email]
user = [
"peter",
]
host = [
"hoefner-online",
"de",
]
[hoefner.homepages]
hoefner_homepage = "http://www.hoefner-online.de/"
[hoelzl]
name = "Johannes Hölzl"
[hoelzl.emails]
[hoelzl.emails.hoelzl_email]
user = [
"hoelzl",
]
host = [
"in",
"tum",
"de",
]
[hoelzl.homepages]
hoelzl_homepage = "http://home.in.tum.de/~hoelzl"
[hofmann]
name = "Martin Hofmann"
[hofmann.emails]
[hofmann.homepages]
hofmann_homepage = "http://www.tcs.informatik.uni-muenchen.de/~mhofmann"
[hofmeier]
name = "Paul Hofmeier"
[hofmeier.emails]
[hofmeier.emails.hofmeier_email]
user = [
"paul",
"hofmeier",
]
host = [
"tum",
"de",
]
[hofmeier.homepages]
[holub]
name = "Štěpán Holub"
[holub.emails]
[holub.emails.holub_email]
user = [
"holub",
]
host = [
"karlin",
"mff",
"cuni",
"cz",
]
[holub.homepages]
holub_homepage = "https://www2.karlin.mff.cuni.cz/~holub/"
[hosking]
name = "Tony Hosking"
[hosking.emails]
[hosking.homepages]
hosking_homepage = "https://www.cs.purdue.edu/homes/hosking/"
[hou]
name = "Zhe Hou"
[hou.emails]
[hou.emails.hou_email]
user = [
"zhe",
"hou",
]
host = [
"ntu",
"edu",
"sg",
]
[hou.homepages]
[hu]
name = "Shuwei Hu"
[hu.emails]
[hu.emails.hu_email]
user = [
"shuwei",
"hu",
]
host = [
"tum",
"de",
]
[hu.homepages]
[huffman]
name = "Brian Huffman"
[huffman.emails]
[huffman.emails.huffman_email]
user = [
"huffman",
]
host = [
"in",
"tum",
"de",
]
[huffman.emails.huffman_email1]
user = [
"brianh",
]
host = [
"cs",
"pdx",
"edu",
]
[huffman.homepages]
huffman_homepage = "http://cs.pdx.edu/~brianh/"
[hupel]
name = "Lars Hupel"
[hupel.emails]
[hupel.emails.hupel_email]
user = [
"lars",
]
host = [
"hupel",
"info",
]
[hupel.homepages]
hupel_homepage = "https://lars.hupel.info/"
[ijbema]
name = "Mark Ijbema"
[ijbema.emails]
[ijbema.emails.ijbema_email]
user = [
"ijbema",
]
host = [
"fmf",
"nl",
]
[ijbema.homepages]
[immler]
name = "Fabian Immler"
[immler.emails]
[immler.emails.immler_email]
user = [
"immler",
]
host = [
"in",
"tum",
"de",
]
[immler.emails.immler_email1]
user = [
"fimmler",
]
host = [
"cs",
"cmu",
"edu",
]
[immler.homepages]
immler_homepage = "https://home.in.tum.de/~immler/"
[israel]
name = "Jonas Israel"
[israel.emails]
[israel.homepages]
israel_homepage = "https://www.algo.tu-berlin.de/menue/people/jonas_israel/"
[ito]
name = "Yosuke Ito"
[ito.emails]
[ito.emails.ito_email]
user = [
"glacier345",
]
host = [
"gmail",
"com",
]
[ito.homepages]
[iwama]
name = "Fumiya Iwama"
[iwama.emails]
[iwama.emails.iwama_email]
user = [
"d1623001",
]
host = [
"s",
"konan-u",
"ac",
"jp",
]
[iwama.homepages]
[jacobsen]
name = "Frederik Krogsdal Jacobsen"
[jacobsen.emails]
[jacobsen.emails.jacobsen_email]
user = [
"fkjac",
]
host = [
"dtu",
"dk",
]
[jacobsen.homepages]
jacobsen_homepage = "http://people.compute.dtu.dk/fkjac/"
[jaskelioff]
name = "Mauro Jaskelioff"
[jaskelioff.emails]
[jaskelioff.homepages]
jaskelioff_homepage = "http://www.fceia.unr.edu.ar/~mauro/"
[jaskolka]
name = "Jason Jaskolka"
[jaskolka.emails]
[jaskolka.emails.jaskolka_email]
user = [
"jason",
"jaskolka",
]
host = [
"carleton",
"ca",
]
[jaskolka.homepages]
jaskolka_homepage = "https://carleton.ca/jaskolka/"
[jensen]
name = "Alexander Birch Jensen"
[jensen.emails]
[jensen.emails.jensen_email]
user = [
"aleje",
]
host = [
"dtu",
"dk",
]
[jensen.homepages]
jensen_homepage = "https://people.compute.dtu.dk/aleje/"
[jiang]
name = "Nan Jiang"
[jiang.emails]
[jiang.emails.jiang_email]
user = [
"nanjiang",
]
host = [
"whu",
"edu",
"cn",
]
[jiang.homepages]
[jiangd]
name = "Dongchen Jiang"
[jiangd.emails]
[jiangd.emails.jiangd_email]
user = [
"dongchenjiang",
]
host = [
"googlemail",
"com",
]
[jiangd.homepages]
[joosten]
name = "Sebastiaan J. C. Joosten"
[joosten.emails]
[joosten.emails.joosten_email]
user = [
"sebastiaan",
"joosten",
]
host = [
"uibk",
"ac",
"at",
]
[joosten.emails.joosten_email1]
user = [
"sjcjoosten",
]
host = [
"gmail",
"com",
]
[joosten.emails.joosten_email2]
user = [
"s",
"j",
"c",
"joosten",
]
host = [
"utwente",
"nl",
]
[joosten.homepages]
joosten_homepage = "https://sjcjoosten.nl/"
[jungnickel]
name = "Tim Jungnickel"
[jungnickel.emails]
[jungnickel.emails.jungnickel_email]
user = [
"tim",
"jungnickel",
]
host = [
"tu-berlin",
"de",
]
[jungnickel.homepages]
[kadzioka]
name = "Maya Kądziołka"
[kadzioka.emails]
[kadzioka.emails.kadzioka_email]
user = [
"afp",
]
host = [
"compilercrim",
"es",
]
[kadzioka.homepages]
[kaliszyk]
name = "Cezary Kaliszyk"
[kaliszyk.emails]
[kaliszyk.emails.kaliszyk_email]
user = [
"cezary",
"kaliszyk",
]
host = [
"uibk",
"ac",
"at",
]
[kaliszyk.homepages]
kaliszyk_homepage = "http://cl-informatik.uibk.ac.at/users/cek/"
[kammueller]
name = "Florian Kammüller"
[kammueller.emails]
[kammueller.emails.kammueller_email]
user = [
"flokam",
]
host = [
"cs",
"tu-berlin",
"de",
]
[kammueller.emails.kammueller_email1]
user = [
"florian",
"kammuller",
]
host = [
"gmail",
"com",
]
[kammueller.homepages]
kammueller_homepage = "http://www.cs.mdx.ac.uk/people/florian-kammueller/"
[kappelmann]
name = "Kevin Kappelmann"
[kappelmann.emails]
[kappelmann.emails.kappelmann_email]
user = [
"kevin",
"kappelmann",
]
host = [
"tum",
"de",
]
[kappelmann.homepages]
kappelmann_homepage = "https://www21.in.tum.de/team/kappelmk/"
[karayel]
name = "Emin Karayel"
orcid = "0000-0003-3290-5034"
[karayel.emails]
[karayel.emails.karayel_email]
user = [
"me",
]
host = [
"eminkarayel",
"de",
]
[karayel.homepages]
karayel_homepage = "https://orcid.org/0000-0003-3290-5034"
[kastermans]
name = "Bart Kastermans"
[kastermans.emails]
[kastermans.homepages]
kastermans_homepage = "http://kasterma.net"
[katovsky]
name = "Alexander Katovsky"
[katovsky.emails]
[katovsky.emails.katovsky_email]
user = [
"apk32",
]
host = [
"cam",
"ac",
"uk",
]
[katovsky.emails.katovsky_email1]
user = [
"alexander",
"katovsky",
]
host = [
"cantab",
"net",
]
[katovsky.homepages]
[kaufmann]
name = "Daniela Kaufmann"
[kaufmann.emails]
[kaufmann.homepages]
kaufmann_homepage = "http://fmv.jku.at/kaufmann"
[keefe]
name = "Greg O'Keefe"
[keefe.emails]
[keefe.homepages]
keefe_homepage = "http://users.rsise.anu.edu.au/~okeefe/"
[keinholz]
name = "Jonas Keinholz"
[keinholz.emails]
[keinholz.homepages]
[kerber]
name = "Manfred Kerber"
[kerber.emails]
[kerber.emails.kerber_email]
user = [
"mnfrd",
"krbr",
]
host = [
"gmail",
"com",
]
[kerber.homepages]
kerber_homepage = "http://www.cs.bham.ac.uk/~mmk"
[keskin]
name = "Ata Keskin"
orcid = "0000-0002-8296-1766"
[keskin.emails]
[keskin.emails.keskin_email]
user = [
"ata",
"keskin",
]
host = [
"tum",
"de",
]
[keskin.homepages]
[ketland]
name = "Jeffrey Ketland"
[ketland.emails]
[ketland.emails.ketland_email]
user = [
"jeffreyketland",
]
host = [
"gmail",
"com",
]
[ketland.homepages]
[kim]
name = "Sunpill Kim"
orcid = "0000-0002-7767-4084"
[kim.emails]
[kim.homepages]
[kirchner]
name = "Daniel Kirchner"
[kirchner.emails]
[kirchner.emails.kirchner_email]
user = [
"daniel",
]
host = [
"ekpyron",
"org",
]
[kirchner.homepages]
[klein]
name = "Gerwin Klein"
[klein.emails]
[klein.emails.klein_email]
user = [
"kleing",
]
host = [
"unsw",
"edu",
"au",
]
[klein.homepages]
klein_homepage = "http://www.cse.unsw.edu.au/~kleing/"
[klenze]
name = "Tobias Klenze"
[klenze.emails]
[klenze.emails.klenze_email]
user = [
"tobias",
"klenze",
]
host = [
"inf",
"ethz",
"ch",
]
[klenze.homepages]
[kleppmann]
name = "Martin Kleppmann"
[kleppmann.emails]
[kleppmann.emails.kleppmann_email]
user = [
"martin",
"kleppmann",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[kleppmann.homepages]
[kobayashi]
name = "Hidetsune Kobayashi"
[kobayashi.emails]
[kobayashi.homepages]
[koerner]
name = "Stefan Körner"
[koerner.emails]
[koerner.emails.koerner_email]
user = [
"s_koer03",
]
host = [
"uni-muenster",
"de",
]
[koerner.homepages]
[kolanski]
name = "Rafal Kolanski"
[kolanski.emails]
[kolanski.emails.kolanski_email]
user = [
"rafal",
"kolanski",
]
host = [
"nicta",
"com",
"au",
]
[kolanski.homepages]
[koller]
name = "Lukas Koller"
[koller.emails]
[koller.emails.koller_email]
user = [
"lukas",
"koller",
]
host = [
"tum",
"de",
]
[koller.homepages]
[krauss]
name = "Alexander Krauss"
[krauss.emails]
[krauss.emails.krauss_email]
user = [
"krauss",
]
host = [
"in",
"tum",
"de",
]
[krauss.homepages]
krauss_homepage = "http://www.in.tum.de/~krauss"
[kreuzer]
name = "Katharina Kreuzer"
[kreuzer.emails]
[kreuzer.emails.kreuzer_email]
user = [
"kreuzerk",
]
host = [
"in",
"tum",
"de",
]
[kreuzer.emails.kreuzer_email1]
user = [
"k",
"kreuzer",
]
host = [
"tum",
"de",
]
[kreuzer.homepages]
kreuzer_homepage = "https://www21.in.tum.de/team/kreuzer/"
[kuncak]
name = "Viktor Kuncak"
[kuncak.emails]
[kuncak.homepages]
kuncak_homepage = "http://lara.epfl.ch/~kuncak/"
[kuncar]
name = "Ondřej Kunčar"
[kuncar.emails]
[kuncar.homepages]
kuncar_homepage = "http://www21.in.tum.de/~kuncar/"
[kurz]
name = "Friedrich Kurz"
[kurz.emails]
[kurz.emails.kurz_email]
user = [
"friedrich",
"kurz",
]
host = [
"tum",
"de",
]
[kurz.homepages]
[lachnitt]
name = "Hanna Lachnitt"
[lachnitt.emails]
[lachnitt.emails.lachnitt_email]
user = [
"lachnitt",
]
host = [
"stanford",
"edu",
]
[lachnitt.homepages]
[lallemand]
name = "Joseph Lallemand"
[lallemand.emails]
[lallemand.emails.lallemand_email]
user = [
"joseph",
"lallemand",
]
host = [
"loria",
"fr",
]
[lallemand.homepages]
[lammich]
name = "Peter Lammich"
[lammich.emails]
[lammich.emails.lammich_email]
user = [
"lammich",
]
host = [
"in",
"tum",
"de",
]
[lammich.emails.lammich_email1]
user = [
"peter",
"lammich",
]
host = [
"uni-muenster",
"de",
]
[lammich.homepages]
lammich_homepage = "http://www21.in.tum.de/~lammich"
[lange]
name = "Christoph Lange"
[lange.emails]
[lange.emails.lange_email]
user = [
"math",
"semantic",
"web",
]
host = [
"gmail",
"com",
]
[lange.homepages]
[langenstein]
name = "Bruno Langenstein"
[langenstein.emails]
[langenstein.emails.langenstein_email]
user = [
"langenstein",
]
host = [
"dfki",
"de",
]
[langenstein.homepages]
[lattuada]
name = "Andrea Lattuada"
[lattuada.emails]
[lattuada.homepages]
lattuada_homepage = "https://andrea.lattuada.me"
[lauermann]
name = "Nils Lauermann"
[lauermann.emails]
[lauermann.emails.lauermann_email]
user = [
"Nils",
"Lauermann",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[lauermann.homepages]
[laursen]
name = "Christian Pardillo-Laursen"
[laursen.emails]
[laursen.emails.laursen_email]
user = [
"christian",
"laursen",
]
host = [
"york",
"ac",
"uk",
]
[laursen.homepages]
[lederer]
name = "Patrick Lederer"
[lederer.emails]
[lederer.homepages]
lederer_homepage = "https://www.cs.cit.tum.de/en/dss/members/patrick-lederer/"
[lee]
name = "Holden Lee"
[lee.emails]
[lee.emails.lee_email]
user = [
"holdenl",
]
host = [
"princeton",
"edu",
]
[lee.homepages]
[leek]
name = "Kevin Lee"
[leek.emails]
[leek.emails.leek_email]
user = [
"kfkl2",
]
host = [
"cam",
"ac",
"uk",
]
[leek.homepages]
[leustean]
name = "Laurentiu Leustean"
[leustean.emails]
[leustean.homepages]
[lewis]
name = "Corey Lewis"
[lewis.emails]
[lewis.emails.lewis_email]
user = [
"corey",
"lewis",
]
host = [
"data61",
"csiro",
"au",
]
[lewis.homepages]
[li]
name = "Wenda Li"
[li.emails]
[li.emails.li_email]
user = [
"wl302",
]
host = [
"cam",
"ac",
"uk",
]
[li.emails.li_email1]
user = [
"liwenda1990",
]
host = [
"hotmail",
"com",
]
[li.homepages]
li_homepage = "https://www.cl.cam.ac.uk/~wl302/"
[lim]
name = "Japheth Lim"
[lim.emails]
[lim.homepages]
[lindenberg]
name = "Christina Lindenberg"
[lindenberg.emails]
[lindenberg.homepages]
[linker]
name = "Sven Linker"
[linker.emails]
[linker.emails.linker_email]
user = [
"s",
"linker",
]
host = [
"liverpool",
"ac",
"uk",
]
[linker.homepages]
[liu]
name = "Junyi Liu"
[liu.emails]
[liu.homepages]
[liut]
name = "Tao Liu"
[liut.emails]
[liut.homepages]
[liuy]
name = "Yang Liu"
[liuy.emails]
[liuy.emails.liuy_email]
user = [
"yangliu",
]
host = [
"ntu",
"edu",
"sg",
]
[liuy.homepages]
[liy]
name = "Yangjia Li"
[liy.emails]
[liy.homepages]
[lochbihler]
name = "Andreas Lochbihler"
[lochbihler.emails]
[lochbihler.emails.lochbihler_email1]
user = [
"mail",
]
host = [
"andreas-lochbihler",
"de",
]
[lochbihler.homepages]
lochbihler_homepage = "http://www.andreas-lochbihler.de/"
[lochmann]
name = "Alexander Lochmann"
[lochmann.emails]
[lochmann.emails.lochmann_email]
user = [
"alexander",
"lochmann",
]
host = [
"uibk",
"ac",
"at",
]
[lochmann.homepages]
[lohner]
name = "Denis Lohner"
[lohner.emails]
[lohner.emails.lohner_email]
user = [
"denis",
"lohner",
]
host = [
"kit",
"edu",
]
[lohner.homepages]
lohner_homepage = "http://pp.ipd.kit.edu/person.php?id=88"
[loibl]
name = "Matthias Loibl"
[loibl.emails]
[loibl.homepages]
[londono]
name = "Alejandro Gómez-Londoño"
[londono.emails]
[londono.emails.londono_email]
user = [
"alejandro",
"gomez",
]
host = [
"chalmers",
"se",
]
[londono.homepages]
[losa]
name = "Giuliano Losa"
[losa.emails]
[losa.emails.losa_email]
user = [
"giuliano",
"losa",
]
host = [
"epfl",
"ch",
]
[losa.emails.losa_email1]
user = [
"giuliano",
]
host = [
"galois",
"com",
]
[losa.emails.losa_email2]
user = [
"giuliano",
]
host = [
"losa",
"fr",
]
[losa.homepages]
[lutz]
name = "Bianca Lutz"
[lutz.emails]
[lutz.emails.lutz_email]
user = [
"sowilo",
]
host = [
"cs",
"tu-berlin",
"de",
]
[lutz.homepages]
[lux]
name = "Alexander Lux"
[lux.emails]
[lux.emails.lux_email]
user = [
"lux",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[lux.homepages]
[madarasz]
name = "Judit Madarasz"
[madarasz.emails]
[madarasz.homepages]
madarasz_homepage = "https://users.renyi.hu/~madarasz/"
[makarios]
name = "T. J. M. Makarios"
[makarios.emails]
[makarios.emails.makarios_email]
user = [
"tjm1983",
]
host = [
"gmail",
"com",
]
[makarios.homepages]
[maletzky]
name = "Alexander Maletzky"
[maletzky.emails]
[maletzky.emails.maletzky_email]
user = [
"alexander",
"maletzky",
]
host = [
"risc",
"jku",
"at",
]
[maletzky.emails.maletzky_email1]
user = [
"alexander",
"maletzky",
]
host = [
"risc-software",
"at",
]
[maletzky.homepages]
maletzky_homepage = "https://risc.jku.at/m/alexander-maletzky/"
[mansky]
name = "Susannah Mansky"
[mansky.emails]
[mansky.emails.mansky_email]
user = [
"sjohnsn2",
]
host = [
"illinois",
"edu",
]
[mansky.emails.mansky_email1]
user = [
"susannahej",
]
host = [
"gmail",
"com",
]
[mansky.homepages]
[mantel]
name = "Heiko Mantel"
[mantel.emails]
[mantel.emails.mantel_email]
user = [
"mantel",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[mantel.homepages]
[margetson]
name = "James Margetson"
[margetson.emails]
[margetson.homepages]
[maric]
name = "Ognjen Marić"
[maric.emails]
[maric.emails.maric_email]
user = [
"ogi",
"afp",
]
host = [
"mynosefroze",
"com",
]
[maric.homepages]
[maricf]
name = "Filip Marić"
[maricf.emails]
[maricf.emails.maricf_email]
user = [
"filip",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[maricf.homepages]
maricf_homepage = "http://www.matf.bg.ac.rs/~filip"
[marmsoler]
name = "Diego Marmsoler"
[marmsoler.emails]
[marmsoler.emails.marmsoler_email]
user = [
"diego",
"marmsoler",
]
host = [
"tum",
"de",
]
[marmsoler.emails.marmsoler_email1]
user = [
"d",
"marmsoler",
]
host = [
"exeter",
"ac",
"uk",
]
[marmsoler.homepages]
marmsoler_homepage = "http://marmsoler.com"
[matache]
name = "Cristina Matache"
[matache.emails]
[matache.emails.matache_email]
user = [
"cris",
"matache",
]
host = [
"gmail",
"com",
]
[matache.homepages]
[mateo]
name = "Adrián Doña Mateo"
[mateo.emails]
[mateo.emails.mateo_email]
user = [
"adrian",
"dona",
]
host = [
"ed",
"ac",
"uk",
]
[mateo.homepages]
[matichuk]
name = "Daniel Matichuk"
[matichuk.emails]
[matichuk.homepages]
[matiyasevich]
name = "Yuri Matiyasevich"
[matiyasevich.emails]
[matiyasevich.homepages]
[maximova]
name = "Alexandra Maximova"
[maximova.emails]
[maximova.emails.maximova_email]
user = [
"amaximov",
]
host = [
"student",
"ethz",
"ch",
]
[maximova.homepages]
[meis]
name = "Rene Meis"
[meis.emails]
[meis.emails.meis_email]
user = [
"rene",
"meis",
]
host = [
"uni-muenster",
"de",
]
[meis.emails.meis_email1]
user = [
"rene",
"meis",
]
host = [
"uni-due",
"de",
]
[meis.homepages]
[merz]
name = "Stephan Merz"
[merz.emails]
[merz.emails.merz_email]
user = [
"Stephan",
"Merz",
]
host = [
"loria",
"fr",
]
[merz.homepages]
merz_homepage = "http://www.loria.fr/~merz"
[messner]
name = "Florian Messner"
[messner.emails]
[messner.emails.messner_email]
user = [
"florian",
"g",
"messner",
]
host = [
"uibk",
"ac",
"at",
]
[messner.homepages]
[mhalla]
name = "Mehdi Mhalla"
[mhalla.emails]
[mhalla.emails.mhalla_email]
user = [
"mhallam",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[mhalla.homepages]
[michaelis]
name = "Julius Michaelis"
[michaelis.emails]
[michaelis.emails.michaelis_email]
user = [
"isabelleopenflow",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email1]
user = [
"maintainafpppt",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email2]
user = [
"bdd",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email3]
user = [
"afp",
]
host = [
"liftm",
"de",
]
[michaelis.homepages]
michaelis_homepage = "http://liftm.de/"
[milehins]
name = "Mihails Milehins"
[milehins.emails]
[milehins.emails.milehins_email]
user = [
"mihailsmilehins",
]
host = [
"gmail",
"com",
]
[milehins.homepages]
[minamide]
name = "Yasuhiko Minamide"
[minamide.emails]
[minamide.emails.minamide_email]
user = [
"minamide",
]
host = [
"is",
"titech",
"ac",
"jp",
]
[minamide.homepages]
minamide_homepage = "https://sv.c.titech.ac.jp/minamide/index.en.html"
[mitchell]
name = "Neil Mitchell"
[mitchell.emails]
[mitchell.homepages]
[mitsch]
name = "Stefan Mitsch"
[mitsch.emails]
[mitsch.emails.mitsch_email]
user = [
"smitsch",
]
host = [
"cs",
"cmu",
"edu",
]
[mitsch.homepages]
[moedersheim]
name = "Sebastian Mödersheim"
[moedersheim.emails]
[moedersheim.emails.moedersheim_email]
user = [
"samo",
]
host = [
"dtu",
"dk",
]
[moedersheim.homepages]
moedersheim_homepage = "https://people.compute.dtu.dk/samo/"
[moeller]
name = "Bernhard Möller"
[moeller.emails]
[moeller.homepages]
moeller_homepage = "https://www.informatik.uni-augsburg.de/en/chairs/dbis/pmi/staff/moeller/"
+[montanari]
+name = "Luisa Montanari"
+orcid = "0000-0002-5270-0290"
+
+[montanari.emails]
+
+[montanari.homepages]
+
[mori]
name = "Coraline Mori"
[mori.emails]
[mori.emails.mori_email]
user = [
"coraline",
"mori",
]
host = [
"grenoble-inp",
"org",
]
[mori.homepages]
[muendler]
name = "Niels Mündler"
[muendler.emails]
[muendler.emails.muendler_email]
user = [
"n",
"muendler",
]
host = [
"tum",
"de",
]
[muendler.homepages]
[mulligan]
name = "Dominic P. Mulligan"
[mulligan.emails]
[mulligan.emails.mulligan_email]
user = [
"dominic",
"p",
"mulligan",
]
host = [
"googlemail",
"com",
]
[mulligan.emails.mulligan_email1]
user = [
"Dominic",
"Mulligan",
]
host = [
"arm",
"com",
]
[mulligan.homepages]
[munive]
name = "Jonathan Julian Huerta y Munive"
[munive.emails]
[munive.emails.munive_email]
user = [
"jjhuertaymunive1",
]
host = [
"sheffield",
"ac",
"uk",
]
[munive.emails.munive_email1]
user = [
"jonjulian23",
]
host = [
"gmail",
"com",
]
[munive.homepages]
[murao]
name = "H. Murao"
[murao.emails]
[murao.homepages]
[murray]
name = "Toby Murray"
[murray.emails]
[murray.emails.murray_email]
user = [
"toby",
"murray",
]
host = [
"unimelb",
"edu",
"au",
]
[murray.homepages]
murray_homepage = "https://people.eng.unimelb.edu.au/tobym/"
[myreen]
name = "Magnus O. Myreen"
orcid = "0000-0002-9504-4107"
[myreen.emails]
[myreen.emails.myreen_email]
user = [
"myreen",
]
host = [
"chalmers",
"se",
]
[myreen.homepages]
[nagashima]
name = "Yutaka Nagashima"
[nagashima.emails]
[nagashima.emails.nagashima_email]
user = [
"Yutaka",
"Nagashima",
]
host = [
"data61",
"csiro",
"au",
]
[nagashima.homepages]
[nagele]
name = "Julian Nagele"
[nagele.emails]
[nagele.emails.nagele_email]
user = [
"julian",
"nagele",
]
host = [
"uibk",
"ac",
"at",
]
[nagele.homepages]
[naraschewski]
name = "Wolfgang Naraschewski"
[naraschewski.emails]
[naraschewski.homepages]
[nedzelsky]
name = "Michael Nedzelsky"
[nedzelsky.emails]
[nedzelsky.emails.nedzelsky_email]
user = [
"MichaelNedzelsky",
]
host = [
"yandex",
"ru",
]
[nedzelsky.homepages]
[nemeti]
name = "István Németi"
[nemeti.emails]
[nemeti.homepages]
nemeti_homepage = "http://www.renyi.hu/~nemeti/"
[nemouchi]
name = "Yakoub Nemouchi"
[nemouchi.emails]
[nemouchi.emails.nemouchi_email]
user = [
"nemouchi",
]
host = [
"lri",
"fr",
]
[nemouchi.emails.nemouchi_email1]
user = [
"yakoub",
"nemouchi",
]
host = [
"york",
"ac",
"uk",
]
[nemouchi.homepages]
[nestmann]
name = "Uwe Nestmann"
[nestmann.emails]
[nestmann.homepages]
nestmann_homepage = "https://www.mtv.tu-berlin.de/nestmann/"
[neumann]
name = "René Neumann"
[neumann.emails]
[neumann.emails.neumann_email]
user = [
"rene",
"neumann",
]
host = [
"in",
"tum",
"de",
]
[neumann.homepages]
[nielsen]
name = "Finn Nielsen"
[nielsen.emails]
[nielsen.emails.nielsen_email]
user = [
"finn",
"nielsen",
]
host = [
"uni-muenster",
"de",
]
[nielsen.homepages]
[nikiforov]
name = "Denis Nikiforov"
[nikiforov.emails]
[nikiforov.emails.nikiforov_email]
user = [
"denis",
"nikif",
]
host = [
"gmail",
"com",
]
[nikiforov.homepages]
[nipkow]
name = "Tobias Nipkow"
orcid = "0000-0003-0730-515X"
[nipkow.emails]
[nipkow.emails.nipkow_email]
user = [
"nipkow",
]
host = [
"in",
"tum",
"de",
]
[nipkow.homepages]
nipkow_homepage = "https://www.in.tum.de/~nipkow/"
[nishihara]
name = "Toshiaki Nishihara"
[nishihara.emails]
[nishihara.homepages]
[noce]
name = "Pasquale Noce"
[noce.emails]
[noce.emails.noce_email]
user = [
"pasquale",
"noce",
"lavoro",
]
host = [
"gmail",
"com",
]
[noce.homepages]
[nordhoff]
name = "Benedikt Nordhoff"
[nordhoff.emails]
[nordhoff.emails.nordhoff_email]
user = [
"b",
"n",
]
host = [
"wwu",
"de",
]
[nordhoff.emails.nordhoff_email1]
user = [
"b_nord01",
]
host = [
"uni-muenster",
"de",
]
[nordhoff.homepages]
[noschinski]
name = "Lars Noschinski"
[noschinski.emails]
[noschinski.emails.noschinski_email]
user = [
"noschinl",
]
host = [
"gmail",
"com",
]
[noschinski.homepages]
noschinski_homepage = "http://www21.in.tum.de/~noschinl/"
[obua]
name = "Steven Obua"
[obua.emails]
[obua.emails.obua_email]
user = [
"steven",
]
host = [
"recursivemind",
"com",
]
[obua.homepages]
[ogawa]
name = "Mizuhito Ogawa"
[ogawa.emails]
[ogawa.homepages]
[oldenburg]
name = "Lennart Oldenburg"
[oldenburg.emails]
[oldenburg.homepages]
[olm]
name = "Markus Müller-Olm"
[olm.emails]
[olm.homepages]
olm_homepage = "http://cs.uni-muenster.de/u/mmo/"
[oosterhuis]
name = "Roelof Oosterhuis"
[oosterhuis.emails]
[oosterhuis.emails.oosterhuis_email]
user = [
"roelofoosterhuis",
]
host = [
"gmail",
"com",
]
[oosterhuis.homepages]
[oostrom]
name = "Vincent van Oostrom"
[oostrom.emails]
[oostrom.homepages]
[ortner]
name = "Veronika Ortner"
[ortner.emails]
[ortner.homepages]
[overbeek]
name = "Roy Overbeek"
[overbeek.emails]
[overbeek.emails.overbeek_email]
user = [
"Roy",
"Overbeek",
]
host = [
"cwi",
"nl",
]
[overbeek.homepages]
[pagano]
name = "Miguel Pagano"
[pagano.emails]
[pagano.emails.pagano_email]
user = [
"miguel",
"pagano",
]
host = [
"unc",
"edu",
"ar",
]
[pagano.homepages]
pagano_homepage = "https://cs.famaf.unc.edu.ar/~mpagano/"
[pal]
name = "Abhik Pal"
[pal.emails]
[pal.homepages]
[paleo]
name = "Bruno Woltzenlogel Paleo"
[paleo.emails]
[paleo.homepages]
paleo_homepage = "http://www.logic.at/staff/bruno/"
[palmer]
name = "Jake Palmer"
[palmer.emails]
[palmer.emails.palmer_email]
user = [
"jake",
"palmer",
]
host = [
"ed",
"ac",
"uk",
]
[palmer.homepages]
[park]
name = "Seung Hoon Park"
orcid = "0000-0001-7165-6857"
[park.emails]
[park.emails.park_email]
user = [
"seunghoon",
"park",
]
host = [
"cs",
"ox",
"ac",
"uk",
]
[park.homepages]
park_homepage = "https://www.cs.ox.ac.uk/people/simon.park/"
[parkinson]
name = "Matthew Parkinson"
[parkinson.emails]
[parkinson.homepages]
parkinson_homepage = "http://research.microsoft.com/people/mattpark/"
[parrow]
name = "Joachim Parrow"
[parrow.emails]
[parrow.emails.parrow_email]
user = [
"joachim",
"parrow",
]
host = [
"it",
"uu",
"se",
]
[parrow.homepages]
[parsert]
name = "Julian Parsert"
[parsert.emails]
[parsert.emails.parsert_email]
user = [
"julian",
"parsert",
]
host = [
"gmail",
"com",
]
[parsert.emails.parsert_email1]
user = [
"julian",
"parsert",
]
host = [
"uibk",
"ac",
"at",
]
[parsert.homepages]
parsert_homepage = "http://www.parsert.com/"
[paulson]
name = "Lawrence C. Paulson"
[paulson.emails]
[paulson.emails.paulson_email]
user = [
"lp15",
]
host = [
"cam",
"ac",
"uk",
]
[paulson.homepages]
paulson_homepage = "https://www.cl.cam.ac.uk/~lp15/"
[peltier]
name = "Nicolas Peltier"
[peltier.emails]
[peltier.emails.peltier_email]
user = [
"Nicolas",
"Peltier",
]
host = [
"imag",
"fr",
]
[peltier.homepages]
peltier_homepage = "http://membres-lig.imag.fr/peltier/"
[peters]
name = "Kirstin Peters"
[peters.emails]
[peters.emails.peters_email]
user = [
"kirstin",
"peters",
]
host = [
"tu-berlin",
"de",
]
[peters.homepages]
[petrovic]
name = "Danijela Petrovic"
[petrovic.emails]
[petrovic.homepages]
petrovic_homepage = "http://www.matf.bg.ac.rs/~danijela"
[pierzchalski]
name = "Edward Pierzchalski"
[pierzchalski.emails]
[pierzchalski.homepages]
[platzer]
name = "André Platzer"
[platzer.emails]
[platzer.emails.platzer_email]
user = [
"aplatzer",
]
host = [
"cs",
"cmu",
"edu",
]
[platzer.homepages]
platzer_homepage = "https://www.cs.cmu.edu/~aplatzer/"
[pohjola]
name = "Johannes Åman Pohjola"
[pohjola.emails]
[pohjola.emails.pohjola_email]
user = [
"j",
"amanpohjola",
]
host = [
"unsw",
"edu",
"au",
]
[pohjola.homepages]
[pollak]
name = "Florian Pollak"
[pollak.emails]
[pollak.emails.pollak_email]
user = [
"florian",
"pollak",
]
host = [
"gmail",
"com",
]
[pollak.homepages]
[popescu]
name = "Andrei Popescu"
[popescu.emails]
[popescu.emails.popescu_email]
user = [
"a",
"popescu",
]
host = [
"sheffield",
"ac",
"uk",
]
[popescu.emails.popescu_email1]
user = [
"uuomul",
]
host = [
"yahoo",
"com",
]
[popescu.emails.popescu_email2]
user = [
"a",
"popescu",
]
host = [
"mdx",
"ac",
"uk",
]
[popescu.homepages]
popescu_homepage = "https://www.andreipopescu.uk"
[porter]
name = "Benjamin Porter"
[porter.emails]
[porter.homepages]
[prathamesh]
name = "T.V.H. Prathamesh"
[prathamesh.emails]
[prathamesh.emails.prathamesh_email]
user = [
"prathamesh",
]
host = [
"imsc",
"res",
"in",
]
[prathamesh.homepages]
[preoteasa]
name = "Viorel Preoteasa"
[preoteasa.emails]
[preoteasa.emails.preoteasa_email]
user = [
"viorel",
"preoteasa",
]
host = [
"aalto",
"fi",
]
[preoteasa.homepages]
preoteasa_homepage = "http://users.abo.fi/vpreotea/"
[pusch]
name = "Cornelia Pusch"
[pusch.emails]
[pusch.homepages]
[qiu]
name = "Qi Qiu"
[qiu.emails]
[qiu.emails.qiu_email]
user = [
"qi",
"qiu",
]
host = [
"univ-lyon1",
"fr",
]
[qiu.homepages]
[rabe]
name = "Markus N. Rabe"
[rabe.emails]
[rabe.homepages]
rabe_homepage = "http://www.react.uni-saarland.de/people/rabe.html"
[rabing]
name = "Mathias Schack Rabing"
[rabing.emails]
[rabing.emails.rabing_email]
user = [
"mathiasrabing",
]
host = [
"outlook",
"com",
]
[rabing.homepages]
[raedle]
name = "Jonas Rädle"
[raedle.emails]
[raedle.emails.raedle_email]
user = [
"jonas",
"raedle",
]
host = [
"gmail",
"com",
]
[raedle.emails.raedle_email1]
user = [
"jonas",
"raedle",
]
host = [
"tum",
"de",
]
[raedle.homepages]
[raska]
name = "Martin Raška"
[raska.emails]
[raska.homepages]
[raszyk]
name = "Martin Raszyk"
[raszyk.emails]
[raszyk.emails.raszyk_email]
user = [
"martin",
"raszyk",
]
host = [
"inf",
"ethz",
"ch",
]
[raszyk.emails.raszyk_email1]
user = [
"m",
"raszyk",
]
host = [
"gmail",
"com",
]
[raszyk.homepages]
[rau]
name = "Martin Rau"
[rau.emails]
[rau.emails.rau_email]
user = [
"martin",
"rau",
]
host = [
"tum",
"de",
]
[rau.emails.rau_email1]
user = [
"mrtnrau",
]
host = [
"googlemail",
"com",
]
[rau.homepages]
[rauch]
name = "Nicole Rauch"
[rauch.emails]
[rauch.emails.rauch_email]
user = [
"rauch",
]
host = [
"informatik",
"uni-kl",
"de",
]
[rauch.homepages]
[raumer]
name = "Jakob von Raumer"
[raumer.emails]
[raumer.emails.raumer_email]
user = [
"psxjv4",
]
host = [
"nottingham",
"ac",
"uk",
]
[raumer.homepages]
[ravindran]
name = "Binoy Ravindran"
[ravindran.emails]
[ravindran.homepages]
[rawson]
name = "Michael Rawson"
[rawson.emails]
[rawson.emails.rawson_email]
user = [
"michaelrawson76",
]
host = [
"gmail",
"com",
]
[rawson.homepages]
[raya]
name = "Rodrigo Raya"
[raya.emails]
[raya.emails.raya_email]
user = [
"rodrigo",
"raya",
]
host = [
"epfl",
"ch",
]
[raya.homepages]
raya_homepage = "https://people.epfl.ch/rodrigo.raya"
[regensburger]
name = "Franz Regensburger"
[regensburger.emails]
[regensburger.emails.regensburger_email]
user = [
"Franz",
"Regensburger",
]
host = [
"thi",
"de",
]
[regensburger.homepages]
regensburger_homepage = "https://www.thi.de/suche/mitarbeiter/prof-dr-rer-nat-franz-regensburger"
[reiche]
name = "Sebastian Reiche"
[reiche.emails]
[reiche.homepages]
reiche_homepage = "https://www.linkedin.com/in/sebastian-reiche-0b2093178"
[reiter]
name = "Markus Reiter"
[reiter.emails]
[reiter.homepages]
[reynaud]
name = "Alban Reynaud"
[reynaud.emails]
[reynaud.homepages]
[ribeiro]
name = "Pedro Ribeiro"
[ribeiro.emails]
[ribeiro.homepages]
[richter]
name = "Stefan Richter"
[richter.emails]
[richter.emails.richter_email]
user = [
"richter",
]
host = [
"informatik",
"rwth-aachen",
"de",
]
[richter.homepages]
richter_homepage = "http://www-lti.informatik.rwth-aachen.de/~richter/"
[rickmann]
name = "Christina Rickmann"
[rickmann.emails]
[rickmann.emails.rickmann_email]
user = [
"c",
"rickmann",
]
host = [
"tu-berlin",
"de",
]
[rickmann.homepages]
[ridge]
name = "Tom Ridge"
[ridge.emails]
[ridge.homepages]
[rizaldi]
name = "Albert Rizaldi"
[rizaldi.emails]
[rizaldi.emails.rizaldi_email]
user = [
"albert",
"rizaldi",
]
host = [
"ntu",
"edu",
"sg",
]
[rizaldi.homepages]
[rizkallah]
name = "Christine Rizkallah"
[rizkallah.emails]
[rizkallah.homepages]
rizkallah_homepage = "https://www.mpi-inf.mpg.de/~crizkall/"
[robillard]
name = "Simon Robillard"
[robillard.emails]
[robillard.homepages]
robillard_homepage = "https://simon-robillard.net/"
[roessle]
name = "Ian Roessle"
[roessle.emails]
[roessle.homepages]
[romanos]
name = "Ralph Romanos"
[romanos.emails]
[romanos.emails.romanos_email]
user = [
"ralph",
"romanos",
]
host = [
"student",
"ecp",
"fr",
]
[romanos.homepages]
[rosskopf]
name = "Simon Roßkopf"
[rosskopf.emails]
[rosskopf.emails.rosskopf_email]
user = [
"rosskops",
]
host = [
"in",
"tum",
"de",
]
[rosskopf.homepages]
rosskopf_homepage = "http://www21.in.tum.de/~rosskops"
[rowat]
name = "Colin Rowat"
[rowat.emails]
[rowat.emails.rowat_email]
user = [
"c",
"rowat",
]
host = [
"bham",
"ac",
"uk",
]
[rowat.homepages]
[sabouret]
name = "Nicolas Sabouret"
[sabouret.emails]
[sabouret.homepages]
[sachtleben]
name = "Robert Sachtleben"
[sachtleben.emails]
[sachtleben.emails.sachtleben_email]
user = [
"rob_sac",
]
host = [
"uni-bremen",
"de",
]
[sachtleben.homepages]
[saile]
name = "Christian Saile"
[saile.emails]
[saile.homepages]
saile_homepage = "http://dss.in.tum.de/staff/christian-saile.html"
[sanan]
name = "David Sanan"
[sanan.emails]
[sanan.emails.sanan_email]
user = [
"sanan",
]
host = [
"ntu",
"edu",
"sg",
]
[sanan.homepages]
[sato]
name = "Tetsuya Sato"
[sato.emails]
[sato.emails.sato_email]
user = [
"tsato",
]
host = [
"c",
"titech",
"ac",
"jp",
]
[sato.homepages]
sato_homepage = "https://sites.google.com/view/tetsuyasato/"
[sauer]
name = "Jens Sauer"
[sauer.emails]
[sauer.emails.sauer_email]
user = [
"sauer",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sauer.homepages]
[schaeffeler]
name = "Maximilian Schäffeler"
[schaeffeler.emails]
[schaeffeler.emails.schaeffeler_email]
user = [
"schaeffm",
]
host = [
"in",
"tum",
"de",
]
[schaeffeler.homepages]
[scharager]
name = "Matias Scharager"
[scharager.emails]
[scharager.emails.scharager_email]
user = [
"mscharag",
]
host = [
"cs",
"cmu",
"edu",
]
[scharager.homepages]
[schimpf]
name = "Alexander Schimpf"
[schimpf.emails]
[schimpf.emails.schimpf_email]
user = [
"schimpfa",
]
host = [
"informatik",
"uni-freiburg",
"de",
]
[schimpf.homepages]
[schirmer]
name = "Norbert Schirmer"
[schirmer.emails]
[schirmer.emails.schirmer_email]
user = [
"norbert",
"schirmer",
]
host = [
"web",
"de",
]
[schirmer.homepages]
[schleicher]
name = "Dierk Schleicher"
[schleicher.emails]
[schleicher.homepages]
[schlichtkrull]
name = "Anders Schlichtkrull"
[schlichtkrull.emails]
[schlichtkrull.emails.schlichtkrull_email]
user = [
"andschl",
]
host = [
"dtu",
"dk",
]
[schlichtkrull.homepages]
schlichtkrull_homepage = "https://people.compute.dtu.dk/andschl/"
[schmaltz]
name = "Julien Schmaltz"
[schmaltz.emails]
[schmaltz.emails.schmaltz_email]
user = [
"Julien",
"Schmaltz",
]
host = [
"ou",
"nl",
]
[schmaltz.homepages]
[schmidinger]
name = "Lukas Schmidinger"
[schmidinger.emails]
[schmidinger.homepages]
[schmoetten]
name = "Richard Schmoetten"
[schmoetten.emails]
[schmoetten.emails.schmoetten_email]
user = [
"s1311325",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[schmoetten.homepages]
[schneider]
name = "Joshua Schneider"
[schneider.emails]
[schneider.emails.schneider_email]
user = [
"joshua",
"schneider",
]
host = [
"inf",
"ethz",
"ch",
]
[schneider.homepages]
[schoepe]
name = "Daniel Schoepe"
[schoepe.emails]
[schoepe.emails.schoepe_email]
user = [
"daniel",
]
host = [
"schoepe",
"org",
]
[schoepe.homepages]
[schoepf]
name = "Jonas Schöpf"
[schoepf.emails]
[schoepf.emails.schoepf_email]
user = [
"jonas",
"schoepf",
]
host = [
"uibk",
"ac",
"at",
]
[schoepf.homepages]
[scott]
name = "Dana Scott"
[scott.emails]
[scott.homepages]
scott_homepage = "http://www.cs.cmu.edu/~scott/"
[sefidgar]
name = "S. Reza Sefidgar"
[sefidgar.emails]
[sefidgar.emails.sefidgar_email]
user = [
"reza",
"sefidgar",
]
host = [
"inf",
"ethz",
"ch",
]
[sefidgar.homepages]
[seidl]
name = "Benedikt Seidl"
[seidl.emails]
[seidl.emails.seidl_email]
user = [
"benedikt",
"seidl",
]
host = [
"tum",
"de",
]
[seidl.homepages]
[seidler]
name = "Henning Seidler"
[seidler.emails]
[seidler.emails.seidler_email]
user = [
"henning",
"seidler",
]
host = [
"mailbox",
"tu-berlin",
"de",
]
[seidler.homepages]
[sewell]
name = "Thomas Sewell"
[sewell.emails]
[sewell.homepages]
[sickert]
name = "Salomon Sickert"
[sickert.emails]
[sickert.emails.sickert_email]
user = [
"s",
"sickert",
]
host = [
"tum",
"de",
]
[sickert.homepages]
sickert_homepage = "https://www7.in.tum.de/~sickert"
[siek]
name = "Jeremy Siek"
[siek.emails]
[siek.emails.siek_email]
user = [
"jsiek",
]
host = [
"indiana",
"edu",
]
[siek.homepages]
siek_homepage = "http://homes.soic.indiana.edu/jsiek/"
[simic]
name = "Danijela Simić"
[simic.emails]
[simic.emails.simic_email]
user = [
"danijela",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[simic.homepages]
simic_homepage = "http://poincare.matf.bg.ac.rs/~danijela"
[sison]
name = "Robert Sison"
[sison.emails]
[sison.homepages]
[smaus]
name = "Jan-Georg Smaus"
[smaus.emails]
[smaus.homepages]
smaus_homepage = "http://www.irit.fr/~Jan-Georg.Smaus"
[smola]
name = "Filip Smola"
[smola.emails]
[smola.emails.smola_email]
user = [
"f",
"smola",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[smola.homepages]
[snelting]
name = "Gregor Snelting"
[snelting.emails]
[snelting.homepages]
snelting_homepage = "http://pp.info.uni-karlsruhe.de/personhp/gregor_snelting.php"
[somaini]
name = "Ivano Somaini"
[somaini.emails]
[somaini.homepages]
[somogyi]
name = "Dániel Somogyi"
[somogyi.emails]
[somogyi.homepages]
[spasic]
name = "Mirko Spasić"
[spasic.emails]
[spasic.emails.spasic_email]
user = [
"mirko",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[spasic.homepages]
[spichkova]
name = "Maria Spichkova"
[spichkova.emails]
[spichkova.emails.spichkova_email]
user = [
"maria",
"spichkova",
]
host = [
"rmit",
"edu",
"au",
]
[spichkova.homepages]
[spitz]
name = "Maximilian Spitz"
[spitz.emails]
[spitz.emails.spitz_email]
user = [
"maximilian",
"spitz",
]
host = [
"tum",
"de",
]
[spitz.homepages]
[sprenger]
name = "Christoph Sprenger"
[sprenger.emails]
[sprenger.emails.sprenger_email]
user = [
"sprenger",
]
host = [
"inf",
"ethz",
"ch",
]
[sprenger.homepages]
[springsklee]
name = "Valentin Springsklee"
[springsklee.emails]
[springsklee.emails.springsklee_email]
user = [
"uidpn>",
]
host = [
"student",
"kit",
"edu",
]
[springsklee.homepages]
[staats]
name = "Charles Staats"
[staats.emails]
[staats.emails.staats_email]
user = [
"cstaats",
]
host = [
"google",
"com",
]
[staats.emails.staats_email1]
user = [
"charles",
"staats",
"iii",
]
host = [
"gmail",
"com",
]
[staats.homepages]
[stannett]
name = "Mike Stannett"
[stannett.emails]
[stannett.emails.stannett_email]
user = [
"m",
"stannett",
]
host = [
"sheffield",
"ac",
"uk",
]
[stannett.homepages]
[stark]
name = "Eugene W. Stark"
[stark.emails]
[stark.emails.stark_email]
user = [
"stark",
]
host = [
"cs",
"stonybrook",
"edu",
]
[stark.homepages]
[starosta]
name = "Štěpán Starosta"
[starosta.emails]
[starosta.emails.starosta_email]
user = [
"stepan",
"starosta",
]
host = [
"fit",
"cvut",
"cz",
]
[starosta.homepages]
starosta_homepage = "https://staroste.pages.fit/"
[steen]
name = "Alexander Steen"
[steen.emails]
[steen.homepages]
[steinberg]
name = "Matías Steinberg"
[steinberg.emails]
[steinberg.emails.steinberg_email]
user = [
"matias",
"steinberg",
]
host = [
"mi",
"unc",
"edu",
"ar",
]
[steinberg.homepages]
[stephan]
name = "Werner Stephan"
[stephan.emails]
[stephan.emails.stephan_email]
user = [
"stephan",
]
host = [
"dfki",
"de",
]
[stephan.homepages]
[sternagel]
name = "Christian Sternagel"
[sternagel.emails]
[sternagel.emails.sternagel_email]
user = [
"c",
"sternagel",
]
host = [
"gmail",
"com",
]
[sternagel.emails.sternagel_email1]
user = [
"christian",
"sternagel",
]
host = [
"uibk",
"ac",
"at",
]
[sternagel.homepages]
sternagel_homepage = "http://cl-informatik.uibk.ac.at/users/griff/"
[sternagelt]
name = "Thomas Sternagel"
[sternagelt.emails]
[sternagelt.homepages]
[stevens]
name = "Lukas Stevens"
[stevens.emails]
[stevens.emails.stevens_email]
user = [
"lukas",
"stevens",
]
host = [
"in",
"tum",
"de",
]
[stevens.homepages]
stevens_homepage = "https://www21.in.tum.de/team/stevensl"
[stock]
name = "Benedikt Stock"
[stock.emails]
[stock.emails.stock_email]
user = [
"benedikt1999",
]
host = [
"freenet",
"de",
]
[stock.homepages]
[stoeckl]
name = "Bernhard Stöckl"
[stoeckl.emails]
[stoeckl.emails.stoeckl_email]
user = [
"stoeckl",
]
host = [
"in",
"tum",
"de",
]
[stoeckl.homepages]
[stricker]
name = "Christian Stricker"
[stricker.emails]
[stricker.homepages]
stricker_homepage = "http://dss.in.tum.de/staff/christian-stricker.html"
[strnisa]
name = "Rok Strniša"
[strnisa.emails]
[strnisa.emails.strnisa_email]
user = [
"rok",
]
host = [
"strnisa",
"com",
]
[strnisa.homepages]
strnisa_homepage = "http://rok.strnisa.com/lj/"
[struth]
name = "Georg Struth"
[struth.emails]
[struth.emails.struth_email]
user = [
"g",
"struth",
]
host = [
"sheffield",
"ac",
"uk",
]
[struth.homepages]
struth_homepage = "http://staffwww.dcs.shef.ac.uk/people/G.Struth/"
[stueber]
name = "Anke Stüber"
[stueber.emails]
[stueber.emails.stueber_email]
user = [
"anke",
"stueber",
]
host = [
"campus",
"tu-berlin",
"de",
]
[stueber.homepages]
[stuewe]
name = "Daniel Stüwe"
[stuewe.emails]
[stuewe.homepages]
[sudbrock]
name = "Henning Sudbrock"
[sudbrock.emails]
[sudbrock.emails.sudbrock_email]
user = [
"sudbrock",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sudbrock.homepages]
[sudhof]
name = "Henry Sudhof"
[sudhof.emails]
[sudhof.emails.sudhof_email]
user = [
"hsudhof",
]
host = [
"cs",
"tu-berlin",
"de",
]
[sudhof.homepages]
[sulejmani]
name = "Ujkan Sulejmani"
[sulejmani.emails]
[sulejmani.emails.sulejmani_email]
user = [
"ujkan",
"sulejmani",
]
host = [
"tum",
"de",
]
[sulejmani.emails.sulejmani_email1]
user = [
"ujkan99",
]
host = [
"gmail",
"com",
]
[sulejmani.homepages]
[sutcliffe]
name = "Geoff Sutcliffe"
[sutcliffe.emails]
[sutcliffe.homepages]
[sylvestre]
name = "Jeremy Sylvestre"
[sylvestre.emails]
[sylvestre.emails.sylvestre_email]
user = [
"jeremy",
"sylvestre",
]
host = [
"ualberta",
"ca",
]
[sylvestre.emails.sylvestre_email1]
user = [
"jsylvest",
]
host = [
"ualberta",
"ca",
]
[sylvestre.homepages]
sylvestre_homepage = "http://ualberta.ca/~jsylvest/"
[szekely]
name = "Gergely Szekely"
[szekely.emails]
[szekely.homepages]
szekely_homepage = "https://users.renyi.hu/~turms/"
[taha]
name = "Safouan Taha"
[taha.emails]
[taha.emails.taha_email]
user = [
"safouan",
"taha",
]
host = [
"lri",
"fr",
]
[taha.homepages]
[tan]
name = "Yong Kiam Tan"
[tan.emails]
[tan.emails.tan_email]
user = [
"yongkiat",
]
host = [
"cs",
"cmu",
"edu",
]
[tan.homepages]
tan_homepage = "https://www.cs.cmu.edu/~yongkiat/"
[tanaka]
name = "Miki Tanaka"
[tanaka.emails]
[tanaka.emails.tanaka_email]
user = [
"miki",
"tanaka",
]
host = [
"unsw",
"edu",
"au",
]
[tanaka.homepages]
[tasch]
name = "Markus Tasch"
[tasch.emails]
[tasch.emails.tasch_email]
user = [
"tasch",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[tasch.homepages]
[taylor]
name = "Ramsay G. Taylor"
[taylor.emails]
[taylor.emails.taylor_email]
user = [
"r",
"g",
"taylor",
]
host = [
"sheffield",
"ac",
"uk",
]
[taylor.homepages]
[terraf]
name = "Pedro Sánchez Terraf"
[terraf.emails]
[terraf.emails.terraf_email]
user = [
"psterraf",
]
host = [
"unc",
"edu",
"ar",
]
[terraf.homepages]
terraf_homepage = "https://cs.famaf.unc.edu.ar/~pedro/home_en.html"
[thiemann]
name = "René Thiemann"
[thiemann.emails]
[thiemann.emails.thiemann_email]
user = [
"rene",
"thiemann",
]
host = [
"uibk",
"ac",
"at",
]
[thiemann.homepages]
thiemann_homepage = "http://cl-informatik.uibk.ac.at/users/thiemann/"
[thommes]
name = "Joseph Thommes"
[thommes.emails]
[thommes.emails.thommes_email]
user = [
"joseph-thommes",
]
host = [
"gmx",
"de",
]
[thommes.homepages]
[thomson]
name = "Fox Thomson"
[thomson.emails]
[thomson.emails.thomson_email]
user = [
"foxthomson0",
]
host = [
"gmail",
"com",
]
[thomson.homepages]
[tiu]
name = "Alwen Tiu"
[tiu.emails]
[tiu.emails.tiu_email]
user = [
"ATiu",
]
host = [
"ntu",
"edu",
"sg",
]
[tiu.homepages]
tiu_homepage = "http://users.cecs.anu.edu.au/~tiu/"
[toth]
name = "Balazs Toth"
[toth.emails]
[toth.emails.toth_email]
user = [
"balazs",
"toth",
]
host = [
"tum",
"de",
]
[toth.homepages]
[tourret]
name = "Sophie Tourret"
[tourret.emails]
[tourret.emails.tourret_email]
user = [
"stourret",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[tourret.homepages]
tourret_homepage = "https://www.mpi-inf.mpg.de/departments/automation-of-logic/people/sophie-tourret/"
[trachtenherz]
name = "David Trachtenherz"
[trachtenherz.emails]
[trachtenherz.homepages]
[traut]
name = "Christoph Traut"
[traut.emails]
[traut.homepages]
[traytel]
name = "Dmitriy Traytel"
[traytel.emails]
[traytel.emails.traytel_email]
user = [
"traytel",
]
host = [
"in",
"tum",
"de",
]
[traytel.emails.traytel_email1]
user = [
"traytel",
]
host = [
"inf",
"ethz",
"ch",
]
[traytel.emails.traytel_email2]
user = [
"traytel",
]
host = [
"di",
"ku",
"dk",
]
[traytel.homepages]
traytel_homepage = "https://traytel.bitbucket.io/"
[trelat]
name = "Vincent Trélat"
[trelat.emails]
[trelat.emails.trelat_email]
user = [
"vincent",
"trelat",
]
host = [
"depinfonancy",
"net",
]
[trelat.homepages]
[tuerk]
name = "Thomas Tuerk"
[tuerk.emails]
[tuerk.homepages]
[tuong]
name = "Frédéric Tuong"
[tuong.emails]
[tuong.emails.tuong_email]
user = [
"tuong",
]
host = [
"users",
"gforge",
"inria",
"fr",
]
[tuong.emails.tuong_email1]
user = [
"ftuong",
]
host = [
"lri",
"fr",
]
[tuong.homepages]
tuong_homepage = "https://www.lri.fr/~ftuong/"
[tuongj]
name = "Joseph Tuong"
[tuongj.emails]
[tuongj.homepages]
[tverdyshev]
name = "Sergey Tverdyshev"
[tverdyshev.emails]
[tverdyshev.emails.tverdyshev_email]
user = [
"stv",
]
host = [
"sysgo",
"com",
]
[tverdyshev.homepages]
[ullrich]
name = "Sebastian Ullrich"
[ullrich.emails]
[ullrich.emails.ullrich_email]
user = [
"sebasti",
]
host = [
"nullri",
"ch",
]
[ullrich.homepages]
[unruh]
name = "Dominique Unruh"
[unruh.emails]
[unruh.emails.unruh_email]
user = [
"unruh",
]
host = [
"ut",
"ee",
]
[unruh.homepages]
unruh_homepage = "https://www.ut.ee/~unruh/"
[urban]
name = "Christian Urban"
[urban.emails]
[urban.emails.urban_email]
user = [
"christian",
"urban",
]
host = [
"kcl",
"ac",
"uk",
]
[urban.homepages]
urban_homepage = "https://nms.kcl.ac.uk/christian.urban/"
[van]
name = "Hai Nguyen Van"
[van.emails]
[van.emails.van_email]
user = [
"hai",
"nguyenvan",
"phie",
]
host = [
"gmail",
"com",
]
[van.homepages]
[velykis]
name = "Andrius Velykis"
[velykis.emails]
[velykis.homepages]
velykis_homepage = "http://andrius.velykis.lt"
[verbeek]
name = "Freek Verbeek"
[verbeek.emails]
[verbeek.emails.verbeek_email]
user = [
"Freek",
"Verbeek",
]
host = [
"ou",
"nl",
]
[verbeek.emails.verbeek_email1]
user = [
"freek",
]
host = [
"vt",
"edu",
]
[verbeek.homepages]
[villadsen]
name = "Jørgen Villadsen"
[villadsen.emails]
[villadsen.emails.villadsen_email]
user = [
"jovi",
]
host = [
"dtu",
"dk",
]
[villadsen.homepages]
villadsen_homepage = "https://people.compute.dtu.dk/jovi/"
[voisin]
name = "Frederic Voisin"
[voisin.emails]
[voisin.homepages]
[vytiniotis]
name = "Dimitrios Vytiniotis"
[vytiniotis.emails]
[vytiniotis.homepages]
vytiniotis_homepage = "http://research.microsoft.com/en-us/people/dimitris/"
[wagner]
name = "Max Wagner"
[wagner.emails]
[wagner.emails.wagner_email]
user = [
"max",
]
host = [
"trollbu",
"de",
]
[wagner.homepages]
[waldmann]
name = "Uwe Waldmann"
[waldmann.emails]
[waldmann.emails.waldmann_email]
user = [
"waldmann",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[waldmann.homepages]
[wand]
name = "Daniel Wand"
[wand.emails]
[wand.emails.wand_email]
user = [
"dwand",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[wand.homepages]
[wang]
name = "Shuling Wang"
[wang.emails]
[wang.homepages]
[wassell]
name = "Mark Wassell"
[wassell.emails]
[wassell.emails.wassell_email]
user = [
"mpwassell",
]
host = [
"gmail",
"com",
]
[wassell.homepages]
[wasserrab]
name = "Daniel Wasserrab"
[wasserrab.emails]
[wasserrab.homepages]
wasserrab_homepage = "http://pp.info.uni-karlsruhe.de/personhp/daniel_wasserrab.php"
[watt]
name = "Conrad Watt"
[watt.emails]
[watt.emails.watt_email]
user = [
"caw77",
]
host = [
"cam",
"ac",
"uk",
]
[watt.homepages]
watt_homepage = "http://www.cl.cam.ac.uk/~caw77/"
[weber]
name = "Tjark Weber"
[weber.emails]
[weber.emails.weber_email]
user = [
"tjark",
"weber",
]
host = [
"it",
"uu",
"se",
]
[weber.homepages]
weber_homepage = "http://user.it.uu.se/~tjawe125/"
[weerwag]
name = "Timmy Weerwag"
[weerwag.emails]
[weerwag.homepages]
[weidner]
name = "Arno Wilhelm-Weidner"
[weidner.emails]
[weidner.emails.weidner_email]
user = [
"arno",
"wilhelm-weidner",
]
host = [
"tu-berlin",
"de",
]
[weidner.homepages]
[wenninger]
name = "Elias Wenninger"
[wenninger.emails]
[wenninger.homepages]
[wenzel]
name = "Makarius Wenzel"
[wenzel.emails]
[wenzel.emails.wenzel_email]
user = [
"makarius",
]
host = [
"sketis",
"net",
]
[wenzel.homepages]
[whitley]
name = "A Whitley"
[whitley.emails]
[whitley.emails.whitley_email]
user = [
"awhitley",
]
host = [
"gmail",
"com",
]
[whitley.homepages]
[wickerson]
name = "John Wickerson"
[wickerson.emails]
[wickerson.homepages]
wickerson_homepage = "http://www.doc.ic.ac.uk/~jpw48"
[willenbrink]
name = "Sebastian Willenbrink"
[willenbrink.emails]
[willenbrink.emails.willenbrink_email]
user = [
"sebastian",
"willenbrink",
]
host = [
"tum",
"de",
]
[willenbrink.homepages]
[wimmer]
name = "Simon Wimmer"
[wimmer.emails]
[wimmer.emails.wimmer_email]
user = [
"simon",
"wimmer",
]
host = [
"tum",
"de",
]
[wimmer.homepages]
wimmer_homepage = "http://home.in.tum.de/~wimmers/"
[wirt]
name = "Kai Wirt"
[wirt.emails]
[wirt.homepages]
[wolff]
name = "Burkhart Wolff"
[wolff.emails]
[wolff.emails.wolff_email]
user = [
"burkhart",
"wolff",
]
host = [
"lri",
"fr",
]
[wolff.homepages]
wolff_homepage = "https://www.lri.fr/~wolff/"
[wu]
name = "Chunhan Wu"
[wu.emails]
[wu.homepages]
[xu]
name = "Jian Xu"
[xu.emails]
[xu.homepages]
[yamada]
name = "Akihisa Yamada"
[yamada.emails]
[yamada.emails.yamada_email]
user = [
"akihisa",
"yamada",
]
host = [
"uibk",
"ac",
"at",
]
[yamada.emails.yamada_email1]
user = [
"ayamada",
]
host = [
"trs",
"cm",
"is",
"nagoya-u",
"ac",
"jp",
]
[yamada.emails.yamada_email2]
user = [
"akihisa",
"yamada",
]
host = [
"aist",
"go",
"jp",
]
[yamada.emails.yamada_email3]
user = [
"akihisayamada",
]
host = [
"nii",
"ac",
"jp",
]
[yamada.homepages]
yamada_homepage = "http://group-mmm.org/~ayamada/"
[ye]
name = "Lina Ye"
[ye.emails]
[ye.emails.ye_email]
user = [
"lina",
"ye",
]
host = [
"lri",
"fr",
]
[ye.homepages]
[yez]
name = "Zhengkun Ye"
[yez.emails]
[yez.emails.yez_email]
user = [
"zy307",
]
host = [
"cam",
"ac",
"uk",
]
[yez.homepages]
[ying]
name = "Shenggang Ying"
[ying.emails]
[ying.homepages]
[yingm]
name = "Mingsheng Ying"
[yingm.emails]
[yingm.homepages]
[yu]
name = "Lei Yu"
[yu.emails]
[yu.emails.yu_email]
user = [
"yulei0603",
]
host = [
"gmail",
"com",
]
[yu.homepages]
[zankl]
name = "Harald Zankl"
[zankl.emails]
[zankl.emails.zankl_email]
user = [
"Harald",
"Zankl",
]
host = [
"uibk",
"ac",
"at",
]
[zankl.homepages]
zankl_homepage = "http://cl-informatik.uibk.ac.at/users/hzankl"
[zee]
name = "Karen Zee"
[zee.emails]
[zee.emails.zee_email]
user = [
"kkz",
]
host = [
"mit",
"edu",
]
[zee.homepages]
zee_homepage = "http://www.mit.edu/~kkz/"
[zeller]
name = "Peter Zeller"
[zeller.emails]
[zeller.emails.zeller_email]
user = [
"p_zeller",
]
host = [
"cs",
"uni-kl",
"de",
]
[zeller.homepages]
[zeyda]
name = "Frank Zeyda"
[zeyda.emails]
[zeyda.emails.zeyda_email]
user = [
"frank",
"zeyda",
]
host = [
"york",
"ac",
"uk",
]
[zeyda.homepages]
[zhan]
name = "Bohua Zhan"
[zhan.emails]
[zhan.emails.zhan_email]
user = [
"bzhan",
]
host = [
"ios",
"ac",
"cn",
]
[zhan.homepages]
zhan_homepage = "http://lcs.ios.ac.cn/~bzhan/"
[zhang]
name = "Yu Zhang"
[zhang.emails]
[zhang.homepages]
[zhangx]
name = "Xingyuan Zhang"
[zhangx.emails]
[zhangx.homepages]
[zhann]
name = "Naijun Zhan"
[zhann.emails]
[zhann.homepages]
diff --git a/metadata/entries/Coupledsim_Contrasim.toml b/metadata/entries/Coupledsim_Contrasim.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Coupledsim_Contrasim.toml
@@ -0,0 +1,38 @@
+title = "Coupled Similarity and Contrasimilarity, and How to Compute Them"
+date = 2023-08-18
+topics = [
+ "Computer science/Concurrency",
+ "Mathematics/Games and economics",
+ "Logic/General logic/Modal logic",
+]
+abstract = """
+<p>We survey and extend characterizations of <em>coupled similarity</em> and <em>contrasimilarity</em> and prove properties relevant for algorithms computing their simulation preorders and equivalences.</p>
+
+<p>Coupled similarity and contrasimilarity are two weak forms of bisimilarity for systems with internal behavior. They have outstanding applications in contexts where internal choices must transparently be distributed in time or space, for example, in process calculi encodings or in action refinements.</p>
+
+<p>Our key contribution is to characterize the coupled simulation and contrasimulation preorders by <em>reachability games</em>. We also show how preexisting definitions coincide and that they can be reformulated using <em>coupled delay simulations</em>. We moreover verify a polynomial-time coinductive fixed-point algorithm computing the coupled simulation preorder. Through reduction proofs, we establish that deciding coupled similarity is at least as complex as computing weak similarity; and that contrasimilarity checking is at least as hard as trace inclusion checking.</p>"""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.bisping]
+homepage = "bisping_homepage"
+
+[authors.montanari]
+
+[contributors]
+
+[notify]
+bisping = "bisping_email"
+
+[history]
+
+[extra]
+
+[related]
+dois = [
+ "10.1007/978-3-030-17462-0_14",
+ "10.4204/EPTCS.339.5",
+]
+pubs = []
diff --git a/metadata/entries/IO_Language_Conformance.toml b/metadata/entries/IO_Language_Conformance.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/IO_Language_Conformance.toml
@@ -0,0 +1,30 @@
+title = "Conformance Relations between Input/Output Languages"
+date = 2023-09-01
+topics = [
+ "Computer science/Automata and formal languages",
+]
+abstract = """
+This entry formalises the paper of the same name by Huang et al. and presents a unifying characterisation of well-known conformance relations such as equivalence and language inclusion (reduction) on languages over input/output pairs.
+This characterisation simplifies comparisons between conformance relations and from it a fundamental necessary and sufficient criterion for conformance testing is developed."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.sachtleben]
+email = "sachtleben_email"
+
+[contributors]
+
+[notify]
+sachtleben = "sachtleben_email"
+
+[history]
+
+[extra]
+
+[related]
+dois = [
+ "10.1007/978-3-031-40132-9_4",
+]
+pubs = []
diff --git a/metadata/entries/S_Finite_Measure_Monad.toml b/metadata/entries/S_Finite_Measure_Monad.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/S_Finite_Measure_Monad.toml
@@ -0,0 +1,35 @@
+title = "S-Finite Measure Monad on Quasi-Borel Spaces"
+date = 2023-08-08
+topics = [
+ "Computer science/Semantics and reasoning",
+ "Mathematics/Measure and integration",
+ "Mathematics/Probability theory",
+]
+abstract = """
+The s-finite measure monad on quasi-Borel spaces provides a suitable denotational model for higher-order probabilistic programs with conditioning. This entry is a formalization of the s-finite measure monad and related notions, including s-finite measures, s-finite kernels, and a proof automation for quasi-Borel spaces which is an extension of our previous entry <a href=\"https://www.isa-afp.org/entries/Quasi_Borel_Spaces.html\"><i>Quasi-Borel Spaces</i></a>. We also implement several examples of probabilistic programs in previous works and prove their property.
+This work is a part of the work by Hirata, Minamide, and Sato, <i>Semantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL</i> presented at the 14th Conference on Interactive Theorem Proving (ITP2023)."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.hirata]
+email = "hirata_email"
+
+[authors.minamide]
+email = "minamide_email"
+
+[contributors]
+
+[notify]
+hirata = "hirata_email"
+
+[history]
+
+[extra]
+
+[related]
+dois = [
+ "10.4230/LIPIcs.ITP.2023.18",
+]
+pubs = []
diff --git a/metadata/entries/Standard_Borel_Spaces.toml b/metadata/entries/Standard_Borel_Spaces.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Standard_Borel_Spaces.toml
@@ -0,0 +1,29 @@
+title = "Standard Borel Spaces"
+date = 2023-08-08
+topics = [
+ "Mathematics/Analysis",
+ "Mathematics/Topology",
+]
+abstract = "This entry includes a formalization of standard Borel spaces and (a variant of) the Borel isomorphism theorem. A separable complete metrizable topological space is called a polish space and a measurable space generated from a polish space is called a standard Borel space. We formalize the notion of standard Borel spaces by establishing set-based metric spaces, and then prove (a variant of) the Borel isomorphism theorem. The theorem states that a standard Borel spaces is either a countable discrete space or isomorphic to $\\mathbb{R}$."
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.hirata]
+email = "hirata_email"
+
+[contributors]
+
+[notify]
+hirata = "hirata_email"
+
+[history]
+
+[extra]
+
+[related]
+dois = [
+ "10.4230/LIPIcs.ITP.2023.18",
+]
+pubs = []
diff --git a/metadata/entries/Transport.toml b/metadata/entries/Transport.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Transport.toml
@@ -0,0 +1,40 @@
+title = "Transport via Partial Galois Connections and Equivalences"
+date = 2023-10-11
+topics = [
+ "Computer science/Programming languages/Lambda calculi",
+ "Computer science/Programming languages/Type systems",
+ "Computer science/Semantics and reasoning",
+ "Mathematics/Order",
+]
+abstract = """
+This entry contains the accompanying formalisation of the paper
+<a href=\"https://conf.researchr.org/details/aplas-2023/aplas-2023-research-papers/15/Transport-via-Partial-Galois-Connections-and-Equivalences\">\"Transport via Partial Galois Connections and Equivalences\" (APLAS 2023)</a>.
+It contains a theoretical framework to transport programs via equivalences,
+subsuming the theory of <a href=\"https://doi.org/10.1007/978-3-319-03545-1_9\">Isabelle's Lifting package</a>.
+It also contains a prototype to automate transports using this framework in Isabelle/HOL,
+but this prototype is not yet ready for production.
+Finally, it contains a library on top of Isabelle/HOL's axioms,
+including various relativised concepts on orders, functions, binary relations,
+and Galois connections and equivalences."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.kappelmann]
+email = "kappelmann_email"
+
+[contributors]
+
+[notify]
+kappelmann = "kappelmann_email"
+
+[history]
+
+[extra]
+
+[related]
+dois = [
+ "10.48550/arXiv.2303.05244",
+]
+pubs = []
diff --git a/thys/Coupledsim_Contrasim/Contrasim_Set_Game.thy b/thys/Coupledsim_Contrasim/Contrasim_Set_Game.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Contrasim_Set_Game.thy
@@ -0,0 +1,706 @@
+section \<open>The Contrasimulation Preorder Set Game\<close>
+
+theory Contrasim_Set_Game
+imports
+ Simple_Game
+ Contrasimulation
+begin
+
+datatype ('s, 'a) c_set_game_node =
+ AttackerNode 's "'s set" |
+ DefenderSimNode 'a 's "'s set" |
+ DefenderSwapNode 's "'s set"
+
+fun (in lts_tau) c_set_game_moves ::
+ \<open>('s, 'a) c_set_game_node \<Rightarrow> ('s, 'a) c_set_game_node \<Rightarrow> bool\<close> where
+
+ simulation_challenge:
+ \<open>c_set_game_moves (AttackerNode p Q) (DefenderSimNode a p1 Q0) =
+ (p =\<rhd>a p1 \<and> Q = Q0 \<and> \<not> tau a)\<close> |
+
+ simulation_answer:
+ \<open>c_set_game_moves (DefenderSimNode a p1 Q) (AttackerNode p10 Q1) =
+ (p1 = p10 \<and> Q1 = dsuccs a Q)\<close> |
+
+ swap_challenge:
+ \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p1 Q0) =
+ (p \<Rightarrow>^\<tau> p1 \<and> Q = Q0)\<close> |
+
+ swap_answer:
+ \<open>c_set_game_moves (DefenderSwapNode p1 Q) (AttackerNode q1 P1) =
+ (q1 \<in> weak_tau_succs Q \<and> P1 = {p1})\<close> |
+
+ c_set_game_moves_no_step:
+ \<open>c_set_game_moves _ _ = False\<close>
+
+fun c_set_game_defender_node :: \<open>('s, 'a) c_set_game_node \<Rightarrow> bool\<close> where
+ \<open>c_set_game_defender_node (AttackerNode _ _) = False\<close> |
+ \<open>c_set_game_defender_node (DefenderSimNode _ _ _) = True\<close> |
+ \<open>c_set_game_defender_node (DefenderSwapNode _ _) = True\<close>
+
+subsection \<open>Contrasimulation Implies Winning Strategy in Set Game (Completeness)\<close>
+
+locale c_set_game =
+ lts_tau trans \<tau> +
+ simple_game c_set_game_moves c_set_game_defender_node
+for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> and
+ \<tau> :: \<open>'a\<close>
+begin
+
+fun strategy_from_mimicking_of_C ::
+ \<open>('s \<Rightarrow> ('s set) \<Rightarrow> bool) \<Rightarrow> ('s, 'a) c_set_game_node strategy\<close>
+ where
+
+ \<open>strategy_from_mimicking_of_C R ((DefenderSwapNode p1 Q)#play) =
+ (AttackerNode (SOME q1 . (\<exists>q. (q \<in> Q \<and> q \<Rightarrow>^\<tau> q1)) \<and> R q1 {p1}) {p1})\<close> |
+
+ \<open>strategy_from_mimicking_of_C R ((DefenderSimNode a p1 Q)#play) =
+ (AttackerNode p1 (SOME Q1 . Q1 = dsuccs a Q \<and> R p1 Q1))\<close> |
+
+ \<open>strategy_from_mimicking_of_C _ _ = undefined\<close>
+
+lemma csg_atknodes_precede_defnodes_in_plays:
+ assumes
+ \<open>c_set_game_defender_node n0\<close>
+ \<open>(n0#play) \<in> plays (AttackerNode p0 Q0)\<close>
+ shows \<open>\<exists>p Q. (hd play) = AttackerNode p Q \<and> c_set_game_moves (hd play) n0\<close>
+proof -
+ have \<open>n0 \<noteq> AttackerNode p0 Q0\<close> using assms by auto
+ hence mov: \<open>c_set_game_moves (hd play) n0\<close> using assms(2)
+ by (metis list.inject list.sel(1) plays.cases)
+ from assms(1) have def_cases:
+ \<open>\<exists>p1 Q. (\<exists>a. n0 = DefenderSimNode a p1 Q) \<or> n0 = DefenderSwapNode p1 Q\<close>
+ using c_set_game_defender_node.elims(2) by blast
+ then obtain p1 Q where
+ pQ_def: \<open>(\<exists>a. n0 = DefenderSimNode a p1 Q) \<or> n0 = DefenderSwapNode p1 Q\<close>
+ by auto
+ hence \<open>\<exists>p. (hd play) = AttackerNode p Q\<close>
+ proof (rule disjE)
+ assume \<open>\<exists>a. n0 = DefenderSimNode a p1 Q\<close>
+ then obtain a where a_def: \<open>n0 = DefenderSimNode a p1 Q\<close> ..
+ thus ?thesis using c_set_game_moves.elims(2)[OF mov] c_set_game_node.distinct(5) by auto
+ next
+ assume \<open>n0 = DefenderSwapNode p1 Q\<close>
+ thus ?thesis using c_set_game_moves.elims(2)[OF mov] c_set_game_node.distinct(5) by auto
+ qed
+ thus ?thesis using mov by auto
+qed
+
+lemma csg_second_play_elem_in_play_set:
+ assumes
+ \<open>(n0#play) \<in> plays (AttackerNode p0 Q0)\<close>
+ \<open>c_set_game_defender_node n0\<close>
+ shows
+ \<open>hd play \<in> set (n0 # play)\<close>
+proof -
+ from assms have \<open>n0 \<noteq> AttackerNode p0 Q0\<close> by auto
+ hence \<open>play \<in> plays (AttackerNode p0 Q0)\<close>
+ using assms(1) plays.cases no_empty_plays by blast
+ hence play_split: \<open>\<exists>x xs. play = x#xs\<close> using no_empty_plays
+ using plays.cases by blast
+ then obtain x where x_def: \<open>\<exists>xs. play = x#xs\<close> ..
+ have x_in_set: \<open>x \<in> set (n0#play)\<close> using x_def by auto
+ have x_head: \<open>x = hd play\<close> using x_def by auto
+ from x_in_set x_head show \<open>hd play \<in> set (n0 # play)\<close> by auto
+qed
+
+lemma csg_only_defnodes_move_to_atknodes:
+ assumes
+ \<open>c_set_game_moves n0 n1\<close>
+ \<open>n1 = AttackerNode p Q\<close>
+ shows
+ \<open>(\<exists>Qpred a. n0 = (DefenderSimNode a p Qpred)) \<or>
+ (\<exists>q Ppred. n0 = (DefenderSwapNode q Ppred) \<and> Q = {q})\<close>
+proof (cases n0 rule: c_set_game_node.exhaust)
+ case (AttackerNode s T)
+ hence \<open>c_set_game_moves (AttackerNode s T) (AttackerNode p Q)\<close> using assms by auto
+ hence \<open>False\<close> by simp
+ then show ?thesis by auto
+next
+ case (DefenderSimNode a s T)
+ then show ?thesis using assms by auto
+next
+ case (DefenderSwapNode s T)
+ hence \<open>c_set_game_moves (DefenderSwapNode s T) (AttackerNode p Q)\<close> using assms by auto
+ then show ?thesis using DefenderSwapNode by auto
+qed
+
+lemma c_set_game_strategy_retains_mimicking:
+ assumes
+ \<open>contrasimulation C\<close>
+ \<open>C p0 q0\<close>
+ \<open>play \<in> plays_for_0strategy
+ (strategy_from_mimicking_of_C (mimicking (set_lifted C))) (AttackerNode p0 {q0})\<close>
+ shows
+ \<open>n = AttackerNode p Q \<Longrightarrow> n \<in> set play \<Longrightarrow> mimicking (set_lifted C) p Q \<close>
+proof (induct arbitrary: n p Q rule: plays_for_0strategy.induct[OF assms(3)])
+ case init: 1
+ hence \<open>p = p0 \<and> Q = {q0}\<close> using init.prems(1) by auto
+ thus \<open>mimicking (set_lifted C) p Q\<close>
+ using assms R_is_in_mimicking_of_R set_lifted_def by simp
+next
+ case p0moved: (2 n0 play)
+ hence \<open>(n = strategy_from_mimicking_of_C
+ (mimicking (set_lifted C)) (n0 # play)) \<or> (n \<in> set (n0#play))\<close> by auto
+ thus ?case
+ proof(rule disjE)
+ assume \<open>n \<in> set (n0#play)\<close>
+ thus ?thesis using p0moved.prems p0moved.hyps(1,2) by blast
+ next
+ assume strat: \<open>n = strategy_from_mimicking_of_C
+ (mimicking (set_lifted C)) (n0 # play)\<close>
+ hence \<open>(\<exists>a Qpred. n0 = DefenderSimNode a p Qpred) \<or>
+ (\<exists>q Ppred. n0 = DefenderSwapNode q Ppred \<and> Q = {q})\<close>
+ using csg_only_defnodes_move_to_atknodes[OF p0moved.hyps(4), of \<open>p\<close> \<open>Q\<close>]
+ p0moved.prems(1)
+ by blast
+ thus ?case
+ proof (rule disjE)
+ assume \<open>\<exists>a Qpred. n0 = DefenderSimNode a p Qpred\<close>
+ then obtain a Qpred where n0_def: \<open>n0 = DefenderSimNode a p Qpred\<close> by auto
+ hence \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)
+ = AttackerNode p (SOME Q1. Q1 = dsuccs a Qpred \<and> (mimicking (set_lifted C)) p Q1)\<close>
+ using strategy_from_mimicking_of_C.simps(2) by auto
+ hence Q_def: \<open>Q = (SOME Q1. Q1 = dsuccs a Qpred \<and> (mimicking (set_lifted C)) p Q1)\<close>
+ using strat by (simp add: p0moved.prems(1))
+ have \<open>\<exists>ppred. hd play = (AttackerNode ppred Qpred) \<and> c_set_game_moves (hd play) n0\<close>
+ using csg_atknodes_precede_defnodes_in_plays
+ strategy0_plays_subset[OF p0moved.hyps(1)] assms(2,3) n0_def by force
+ then obtain ppred where ppred_def: \<open>hd play = (AttackerNode ppred Qpred)\<close>
+ and \<open>c_set_game_moves (hd play) n0\<close> by auto
+ hence \<open>ppred =\<rhd>a p\<close> \<open>a \<noteq> \<tau>\<close> using n0_def by auto
+ hence \<open>hd play \<in> set (n0 # play)\<close>
+ using csg_second_play_elem_in_play_set strategy0_plays_subset[OF p0moved.hyps(1)]
+ assms(3) n0_def
+ by (simp add: assms(3))
+ hence \<open>mimicking (set_lifted C) ppred Qpred\<close>
+ using p0moved.hyps(2) ppred_def by blast
+ hence \<open>mimicking (set_lifted C) p (dsuccs a Qpred)\<close>
+ using \<open>ppred =\<rhd>a p\<close> assms(1,2) mimicking_of_C_guarantees_action_succ \<open>a \<noteq> \<tau>\<close>
+ by auto
+ hence \<open>\<exists>Q. Q = (dsuccs a Qpred) \<and> mimicking (set_lifted C) p Q\<close> by auto
+ from someI_ex[OF this] show \<open>mimicking (set_lifted C) p Q\<close>
+ unfolding Q_def
+ using n0_def p0moved.hyps(4) by auto
+ next
+ assume \<open>(\<exists>q Ppred. n0 = DefenderSwapNode q Ppred \<and> Q = {q})\<close>
+ then obtain q Ppred where
+ n0_def: \<open>n0 = DefenderSwapNode q Ppred\<close> and
+ Q_def: \<open>Q = {q}\<close>
+ by auto
+ hence \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)
+ = AttackerNode (SOME p1.
+ (\<exists>p. p \<in> Ppred \<and> p \<Rightarrow>^\<tau> p1) \<and> (mimicking (set_lifted C)) p1 {q}) {q}\<close>
+ using strategy_from_mimicking_of_C.simps(1) by auto
+ hence p_def: \<open>p = (SOME p1.
+ (\<exists>p. p \<in> Ppred \<and> p \<Rightarrow>^\<tau> p1) \<and> (mimicking (set_lifted C)) p1 {q})\<close>
+ using strat p0moved.prems by auto
+ have \<open>\<exists>qpred. hd play = (AttackerNode qpred Ppred) \<and> c_set_game_moves (hd play) n0\<close>
+ using csg_atknodes_precede_defnodes_in_plays
+ strategy0_plays_subset[OF p0moved.hyps(1)] assms(3) n0_def
+ by force
+ then obtain qpred where qpred_def: \<open>hd play = (AttackerNode qpred Ppred)\<close>
+ and qpred_move: \<open>c_set_game_moves (hd play) n0\<close> by auto
+ hence p1: \<open>player1_position (hd play)\<close> by simp
+ have qpred_q_move: \<open>qpred \<Rightarrow>^\<tau> q\<close> using qpred_def qpred_move n0_def by simp
+ have \<open>hd play \<in> set (n0 # play)\<close>
+ using csg_second_play_elem_in_play_set strategy0_plays_subset[OF p0moved.hyps(1)]
+ assms(3) n0_def
+ by simp
+ hence \<open>mimicking (set_lifted C) qpred Ppred\<close>
+ using p0moved.hyps(2) qpred_def by blast
+ hence \<open>\<exists>p. p \<in> weak_tau_succs Ppred \<and> mimicking (set_lifted C) p {q}\<close>
+ using qpred_q_move assms(1,2) mimicking_of_C_guarantees_tau_succ by blast
+ hence \<open>\<exists>p. (\<exists>p0. p0 \<in> Ppred \<and> p0 \<Rightarrow>^\<tau> p) \<and> mimicking (set_lifted C) p {q}\<close>
+ using weak_tau_succs_def[of \<open>Ppred\<close>] by blast
+ from someI_ex[OF this] p_def have \<open>mimicking (set_lifted C) p {q}\<close> by simp
+ thus \<open>mimicking (set_lifted C) p Q\<close> using Q_def by blast
+ qed
+ qed
+next
+ case p1moved: (3 n1 play n1')
+ hence \<open>(n = n1') \<or> (n \<in> set (n1#play))\<close> by auto
+ thus ?case
+ proof (rule disjE)
+ assume \<open>n \<in> set (n1#play)\<close>
+ thus ?case using p1moved.prems p1moved.hyps(1,2) by blast
+ next
+ assume A1: \<open>n = n1'\<close>
+ hence \<open>c_set_game_defender_node n1'\<close>
+ using csg_only_defnodes_move_to_atknodes p1moved.hyps(3, 4) p1moved.prems(1)
+ by fastforce
+ hence \<open>False\<close> using A1 p1moved.prems(1) by auto
+ thus ?case by auto
+ qed
+qed
+
+lemma contrasim_set_game_complete:
+ assumes
+ \<open>contrasimulation C\<close>
+ \<open>C p0 q0\<close>
+ shows
+ \<open>player0_winning_strategy (strategy_from_mimicking_of_C
+ (mimicking (set_lifted C))) (AttackerNode p0 {q0})\<close>
+ unfolding player0_winning_strategy_def
+proof (safe)
+ fix play
+ assume A1: \<open>play \<in> (plays_for_0strategy
+ (strategy_from_mimicking_of_C (mimicking (set_lifted C))) (AttackerNode p0 {q0}))\<close>
+ thus \<open>player1_wins_immediately play \<Longrightarrow> False\<close>
+ unfolding player1_wins_immediately_def
+ proof clarify
+ assume A:
+ \<open>c_set_game_defender_node (hd play)\<close>
+ \<open>\<nexists>p'. c_set_game_moves (hd play) p'\<close>
+ have player0_has_succ_node:
+ \<open>c_set_game_defender_node (hd play) \<Longrightarrow> \<exists>p'. c_set_game_moves (hd play) p'\<close>
+ proof (induct rule: simple_game.plays_for_0strategy.induct[OF A1])
+ case init: 1
+ have \<open>\<not>c_set_game_defender_node (AttackerNode p0 {q0})\<close> by (simp add: assms)
+ hence \<open>False\<close> using init.prems by simp
+ then show ?case ..
+ next
+ case p0moved: (2 n0 play)
+ from p0moved.hyps have \<open>c_set_game_defender_node n0\<close> by simp
+ hence \<open>(\<exists>a p1 q. n0 = (DefenderSimNode a p1 q)) \<or> (\<exists>q P. n0 = DefenderSwapNode q P)\<close>
+ by (meson c_set_game_defender_node.elims(2))
+ hence \<open>\<not>c_set_game_defender_node (strategy_from_mimicking_of_C
+ (mimicking (set_lifted C)) (n0#play))\<close>
+ using p0moved.hyps(4)
+ c_set_game_moves.elims(2)[of \<open>n0\<close>
+ \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)\<close>]
+ by force
+ hence \<open>\<not>c_set_game_defender_node (hd (strategy_from_mimicking_of_C
+ (mimicking (set_lifted C)) (n0 # play) # n0 # play))\<close>
+ by simp
+ hence \<open>False\<close> using p0moved.prems ..
+ then show ?case ..
+ next
+ case p1moved: (3 n1 play n1')
+ hence \<open>\<not>c_set_game_defender_node n1\<close>
+ using p1moved.hyps by simp
+ then obtain p Q where n1_def: \<open>n1 = AttackerNode p Q\<close>
+ using c_set_game_defender_node.elims(3) by auto
+ hence in_mimicking: \<open>mimicking (set_lifted C) p Q\<close>
+ using c_set_game_strategy_retains_mimicking[OF assms, of \<open>n1#play\<close>, OF p1moved.hyps(1)]
+ by auto
+ have \<open>(\<exists>a p1. n1' = DefenderSimNode a p1 Q) \<or> (\<exists>p1. n1' = DefenderSwapNode p1 Q)\<close>
+ using p1moved.prems n1_def p1moved.hyps(4)
+ by (metis c_set_game_defender_node.elims(2) list.sel(1)
+ local.simulation_challenge local.swap_challenge)
+ thus ?case
+ proof (rule disjE)
+ assume A: \<open>\<exists>a p1. n1' = DefenderSimNode a p1 Q\<close>
+ then obtain a p1 where n1'_def : \<open>n1' = DefenderSimNode a p1 Q\<close> by auto
+ have move: \<open>c_set_game_moves (AttackerNode p Q) (DefenderSimNode a p1 Q)\<close>
+ using p1moved.hyps n1_def n1'_def by auto
+ hence \<open>p =\<rhd>a p1\<close> by auto
+ hence \<open>p \<Rightarrow>^a p1\<close> using steps.refl by blast
+ hence \<open>mimicking (set_lifted C) p1 (dsuccs a Q)\<close>
+ using mimicking_of_C_guarantees_action_succ move
+ by (metis in_mimicking assms(1) simulation_challenge tau_tau)
+ then obtain Q1 where \<open>Q1 = dsuccs a Q \<and> mimicking (set_lifted C) p1 Q1\<close> by blast
+ hence \<open>c_set_game_moves n1' (AttackerNode p1 Q1)\<close>
+ using A n1'_def by auto
+ thus \<open>\<exists>a. c_set_game_moves (hd (n1' # n1 # play)) a\<close> by auto
+ next
+ assume \<open>\<exists>p1. n1' = DefenderSwapNode p1 Q\<close>
+ then obtain p1 where n1'_def: \<open>n1' = DefenderSwapNode p1 Q\<close> ..
+ hence \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p1 Q)\<close>
+ using p1moved.hyps(4) n1_def by auto
+ hence p_succ: \<open>p \<Rightarrow>^\<tau> p1\<close> by auto
+ hence \<open>\<exists>q'. q' \<in> weak_tau_succs Q \<and> mimicking (set_lifted C) q' {p1}\<close>
+ using in_mimicking mimicking_of_C_guarantees_tau_succ assms(1) by auto
+ hence \<open>\<exists>q1. q1 \<in> weak_tau_succs Q \<and> mimicking (set_lifted C) q1 {p1}\<close> by auto
+ hence \<open>\<exists>q1 P1. c_set_game_moves n1' (AttackerNode q1 P1)\<close> using n1'_def by auto
+ thus \<open>\<exists>a. c_set_game_moves (hd (n1' # n1 # play)) a\<close> by auto
+ qed
+ qed
+ hence \<open>False\<close> using A by auto
+ thus ?thesis by auto
+ qed
+qed
+
+lemma csg_strategy_from_mimicking_of_C_sound:
+ assumes
+ \<open>contrasimulation C\<close>
+ \<open>C p0 q0\<close>
+ shows
+ \<open>sound_0strategy
+ (strategy_from_mimicking_of_C (mimicking (set_lifted C)))
+ (AttackerNode p0 {q0})\<close>
+ unfolding sound_0strategy_def
+proof (safe)
+ fix n0 play
+ assume A:
+ \<open>n0 # play \<in> plays_for_0strategy
+ (strategy_from_mimicking_of_C (mimicking (set_lifted C))) (AttackerNode p0 {q0})\<close>
+ \<open>c_set_game_defender_node n0\<close>
+ hence \<open>(\<exists>a p' Q. n0 = DefenderSimNode a p' Q) \<or> (\<exists>p' Q. n0 = DefenderSwapNode p' Q)\<close>
+ by (meson c_set_game_defender_node.elims(2))
+ thus \<open>c_set_game_moves n0
+ (strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0 # play))\<close>
+ proof(rule disjE)
+ assume \<open>\<exists>a p' Q. n0 = DefenderSimNode a p' Q\<close>
+ then obtain a p' Q where n0_def: \<open>n0 = DefenderSimNode a p' Q\<close> by auto
+ then obtain p where p_def: \<open>hd play = AttackerNode p Q\<close>
+ using A
+ by (metis csg_atknodes_precede_defnodes_in_plays simulation_challenge strategy0_plays_subset)
+ hence \<open>c_set_game_moves (AttackerNode p Q) (DefenderSimNode a p' Q)\<close>
+ by (metis A n0_def csg_atknodes_precede_defnodes_in_plays strategy0_plays_subset)
+ hence \<open>p =\<rhd>a p'\<close> \<open>\<not> tau a\<close> by auto
+ hence \<open>mimicking (set_lifted C) p Q\<close>
+ using c_set_game_strategy_retains_mimicking[OF assms] A p_def
+ assms(2) csg_second_play_elem_in_play_set strategy0_plays_subset
+ by fastforce
+ hence \<open>mimicking (set_lifted C) p' (dsuccs a Q)\<close>
+ using mimicking_of_C_guarantees_action_succ \<open>\<not> tau a\<close> \<open>p =\<rhd>a p'\<close> assms(1) tau_tau
+ by blast
+ hence Q1_ex: \<open>\<exists>Q'. Q' = dsuccs a Q \<and> mimicking (set_lifted C) p' Q'\<close> by auto
+ from n0_def have strat_succ:
+ \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)
+ = (AttackerNode p'
+ (SOME Q1 . Q1 = dsuccs a Q \<and> (mimicking (set_lifted C)) p' Q1))\<close>
+ by auto
+ then obtain Q1 where
+ \<open>AttackerNode p' (SOME Q1 . Q1 = dsuccs a Q \<and> (mimicking (set_lifted C)) p' Q1)
+ = AttackerNode p' Q1\<close>
+ by blast
+ hence Q1_def: \<open>Q1 = (SOME Q1 . Q1 = dsuccs a Q \<and> (mimicking (set_lifted C)) p' Q1)\<close>
+ by auto
+ have next_is_atk:
+ \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)
+ = (AttackerNode p' Q1)\<close>
+ using strat_succ Q1_def by auto
+ with someI_ex[OF Q1_ex] Q1_def
+ have mov_cond: \<open>Q1 = dsuccs a Q \<and> mimicking (set_lifted C) p' Q1\<close>
+ by blast
+ have \<open>c_set_game_moves n0 (AttackerNode p' Q1)\<close> using n0_def mov_cond by auto
+ thus ?thesis using next_is_atk by auto
+ next
+ assume \<open>\<exists>p' Q. n0 = DefenderSwapNode p' Q\<close>
+ then obtain p' Q where n0_def: \<open>n0 = DefenderSwapNode p' Q\<close> by auto
+ then obtain p where p_def: \<open>hd play = AttackerNode p Q\<close> using A
+ by (metis csg_atknodes_precede_defnodes_in_plays swap_challenge strategy0_plays_subset)
+ hence \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p' Q)\<close>
+ by (metis A n0_def csg_atknodes_precede_defnodes_in_plays strategy0_plays_subset)
+ hence \<open>p \<Rightarrow>^\<tau> p'\<close> by auto
+ hence \<open>mimicking (set_lifted C) p Q\<close>
+ using c_set_game_strategy_retains_mimicking[OF assms] A p_def
+ csg_second_play_elem_in_play_set strategy0_plays_subset
+ by fastforce
+ hence \<open>\<exists>q'. q' \<in> weak_tau_succs Q \<and> mimicking (set_lifted C) q' {p'}\<close>
+ using mimicking_of_C_guarantees_tau_succ \<open>p \<Rightarrow>^\<tau> p'\<close> assms(1) by auto
+ hence q1_ex: \<open>\<exists>q1. (\<exists>q.(q \<in> Q \<and> q \<Rightarrow>^\<tau> q1)) \<and> mimicking (set_lifted C) q1 {p'}\<close>
+ using weak_tau_succs_def by auto
+ hence strat: \<open>strategy_from_mimicking_of_C (mimicking (set_lifted C)) (n0#play)
+ = AttackerNode (SOME q1.
+ (\<exists>q. (q \<in> Q \<and> q \<Rightarrow>^\<tau> q1)) \<and> (mimicking (set_lifted C)) q1 {p'}) {p'}\<close>
+ using n0_def by auto
+ then obtain q1 where
+ \<open>AttackerNode (SOME q1.
+ (\<exists>q. (q \<in> Q \<and> q \<Rightarrow>^\<tau> q1)) \<and> (mimicking (set_lifted C)) q1 {p'}) {p'}
+ = AttackerNode q1 {p'}\<close> by blast
+ hence q1_def:
+ \<open>q1 = (SOME q1 . (\<exists>q. (q \<in> Q \<and> q \<Rightarrow>^\<tau> q1)) \<and> (mimicking (set_lifted C)) q1 {p'})\<close>
+ by auto
+ with someI_ex[OF q1_ex] have
+ \<open>\<exists>q. (q \<in> Q \<and> q \<Rightarrow>^\<tau> q1) \<and> mimicking (set_lifted C) q1 {p'}\<close>
+ by blast
+ hence \<open>q1 \<in> weak_tau_succs Q \<and> {p'} = {p'}\<close>
+ using weak_tau_succs_def by auto
+ thus ?thesis using n0_def strat q1_def by auto
+ qed
+qed
+
+subsection \<open>Winning Strategy Implies Contrasimulation in Set Game (Soundness)\<close>
+
+lemma csg_move_defsimnode_to_atknode:
+ assumes
+ \<open>c_set_game_moves (DefenderSimNode a p Q) n0\<close>
+ shows
+ \<open>n0 = AttackerNode p (dsuccs a Q)\<close>
+proof -
+ have \<open>\<exists>p1 Q1. n0 = AttackerNode p1 Q1\<close>
+ by (metis assms c_set_game_defender_node.elims(2, 3) c_set_game_moves_no_step(1, 6))
+ then obtain p1 Q1 where n0_def: \<open>n0 = AttackerNode p1 Q1\<close> by auto
+ hence \<open>p = p1\<close> using assms local.simulation_answer by blast
+ from n0_def have \<open>Q1 = dsuccs a Q\<close>
+ using assms local.simulation_answer by blast
+ thus ?thesis using \<open>p = p1\<close> n0_def by auto
+qed
+
+lemma csg_move_defswapnode_to_atknode:
+ assumes
+ \<open>c_set_game_moves (DefenderSwapNode p' Q) n0\<close>
+ shows
+ \<open>\<exists>q'. n0 = AttackerNode q' {p'} \<and> q' \<in> weak_tau_succs Q\<close>
+proof -
+ have \<open>\<not>c_set_game_defender_node n0\<close>
+ using assms c_set_game_moves_no_step(3, 4) c_set_game_defender_node.elims(2)
+ by metis
+ hence \<open>\<exists>q1 P1. n0 = AttackerNode q1 P1\<close>
+ by (meson c_set_game_defender_node.elims(3))
+ then obtain q1 P1 where n0_def: \<open>n0 = AttackerNode q1 P1\<close> by auto
+ hence \<open>P1 = {p'}\<close> using assms local.swap_answer by blast
+ from n0_def have \<open>q1 \<in> weak_tau_succs Q\<close> using assms by auto
+ thus ?thesis using \<open>P1 = {p'}\<close> n0_def by simp
+qed
+
+lemma csg_defsimnode_never_stuck:
+ assumes \<open>n0 = DefenderSimNode a p Q\<close>
+ shows \<open>\<exists>Q'. c_set_game_moves n0 (AttackerNode p Q')\<close>
+proof -
+ have \<open>c_set_game_moves (DefenderSimNode a p Q) (AttackerNode p (dsuccs a Q))\<close> by auto
+ thus ?thesis using assms by auto
+qed
+
+lemma csg_defender_can_simulate_prefix:
+ assumes
+ \<open>A \<noteq> []\<close>
+ \<open>p \<Rightarrow>$A p1\<close>
+ \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ \<open>sound_0strategy f (AttackerNode p00 {q00})\<close>
+ \<open>play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ \<open>hd play = AttackerNode p {q}\<close>
+ shows
+ \<open>\<exists>play p0.
+ ((DefenderSimNode (last A) p0 (dsuccs_seq_rec (rev (butlast A)) {q}))#play)
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})
+ \<and> word_reachable_via_delay A p p0 p1\<close>
+ using assms(1-3)
+proof (induct arbitrary: p1 rule: rev_nonempty_induct[OF assms(1)])
+ case single: (1 a)
+ hence \<open>\<not>tau a\<close> using \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> by (simp add: tau_def)
+ hence \<open>p \<Rightarrow>$[a] p1\<close> using single by auto
+ hence p_step: \<open>p \<Rightarrow>^a p1\<close> by blast
+ then obtain p0 where \<open>p =\<rhd>a p0\<close> \<open>p0 \<Rightarrow>^\<tau> p1\<close> using Cons \<open>\<not>tau a\<close> steps.refl by auto
+ hence \<open>\<exists>n0. n0 = DefenderSimNode a p0 {q} \<and> c_set_game_moves (AttackerNode p {q}) n0\<close>
+ using assms(4) \<open>\<not> tau a\<close> by simp
+ hence \<open>(DefenderSimNode a p0 {q})#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using assms(5,6)
+ by (metis c_set_game_defender_node.simps(1) list.collapse no_empty_plays
+ plays_for_0strategy.p1move strategy0_plays_subset)
+ hence inplay:
+ \<open>(DefenderSimNode (last [a]) p0 (dsuccs_seq_rec (rev (butlast [a])) {q}))#play
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ by auto
+ have \<open>p \<Rightarrow>$(butlast [a]) p\<close> by (simp add: steps.refl)
+ hence \<open>word_reachable_via_delay [a] p p0 p1\<close>
+ using word_reachable_via_delay_def \<open>p =\<rhd>a p0\<close> \<open>p0 \<Rightarrow>^\<tau> p1\<close> by auto
+ then show ?case using inplay by auto
+next
+ case snoc: (2 a as)
+ hence \<open>\<not>tau a\<close> using \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> by (simp add: tau_def)
+ then obtain a2 as2 where as_def: \<open>as = as2@[a2]\<close>
+ using list_rev_split[OF snoc.hyps(1)] by auto
+ have \<open>\<exists>p'. p \<Rightarrow>$ as p' \<and> p' \<Rightarrow>$[a] p1\<close>
+ using rev_seq_split[OF snoc.prems(2)] by blast
+ hence \<open>\<exists>p'. p \<Rightarrow>$ as p' \<and> p' \<Rightarrow>^a p1\<close> by blast
+ hence \<open>\<exists>p'. p \<Rightarrow>$ as p' \<and> p' \<Rightarrow>a p1\<close> using \<open>\<not>tau a\<close> by simp
+ then obtain p' where p'_def: \<open>p \<Rightarrow>$ as p'\<close> and p'_step: \<open>p' \<Rightarrow>a p1\<close> by auto
+ then obtain p11 where \<open>p' =\<rhd>a p11\<close> \<open>p11 \<Rightarrow>^\<tau> p1\<close>
+ using steps.refl \<open>\<not> tau a\<close> tau_tau by blast
+ hence \<open>\<exists>play p0.
+ DefenderSimNode (last as) p0 (dsuccs_seq_rec (rev (butlast as)) {q}) # play
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})
+ \<and> word_reachable_via_delay as p p0 p'\<close>
+ using p'_def snoc by auto
+ then obtain play p0
+ where play_def:
+ \<open>DefenderSimNode (last as) p0 (dsuccs_seq_rec (rev (butlast as)) {q}) # play
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ \<open>word_reachable_via_delay as p p0 p'\<close>
+ by auto
+ hence
+ \<open>DefenderSimNode a2 p0 (dsuccs_seq_rec (rev as2) {q}) # play
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using as_def by auto
+ then obtain n0 where
+ n0_def: \<open>n0 = DefenderSimNode a2 p0 (dsuccs_seq_rec (rev as2) {q})\<close> and
+ n0_in_play: \<open>n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ by auto
+ then obtain n1 where
+ n1_def: \<open>c_set_game_moves (DefenderSimNode a2 p0 (dsuccs_seq_rec (rev as2) {q})) n1\<close>
+ using csg_defsimnode_never_stuck by meson
+ hence n1_atk: \<open>n1 = AttackerNode p0 (dsuccs a2 ((dsuccs_seq_rec (rev as2) {q})))\<close>
+ using csg_move_defsimnode_to_atknode[OF n1_def] by auto
+ have n1_in_play: \<open>n1#n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using n1_def n0_in_play n0_def
+ by (metis assms(4) csg_move_defsimnode_to_atknode c_set_game_defender_node.simps(2)
+ plays_for_0strategy.simps sound_0strategy_def)
+ then obtain n0' where
+ n0'_def:
+ \<open>n0' = DefenderSimNode a p11 (dsuccs a2 ((dsuccs_seq_rec (rev as2) {q})))\<close> and
+ n0'_mov: \<open>c_set_game_moves n1 n0'\<close>
+ using p'_step n1_atk
+ by (metis (no_types, lifting) \<open>\<not> tau a\<close> \<open>p' =\<rhd> a p11\<close> word_reachable_via_delay_def
+ simulation_challenge play_def(2) steps_concat tau_tau)
+ hence in_play: \<open>n0'#n1#n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using n1_in_play
+ by (simp add: n1_atk plays_for_0strategy.p1move)
+ hence \<open>n0' = DefenderSimNode a p11 (dsuccs_seq_rec (rev (as2@[a2])) {q})\<close>
+ using n0'_def by auto
+ hence n0'_is_defSimNode: \<open>n0' = DefenderSimNode a p11 (dsuccs_seq_rec (rev (as)) {q})\<close>
+ using as_def by auto
+ from \<open>p \<Rightarrow>$ as p'\<close> \<open>p' =\<rhd>a p11\<close> \<open>p11 \<Rightarrow>^\<tau> p1\<close>
+ have \<open>word_reachable_via_delay (as@[a]) p p11 p1\<close>
+ using word_reachable_via_delay_def by auto
+ then show ?case using n0'_is_defSimNode in_play by auto
+qed
+
+lemma contrasim_set_game_sound:
+ assumes
+ \<open>player0_winning_strategy f (AttackerNode p00 {q00})\<close>
+ \<open>sound_0strategy f (AttackerNode p00 {q00})\<close>
+ defines
+ \<open>C == \<lambda> p q . (\<exists> play \<in> plays_for_0strategy f (AttackerNode p00 {q00}) .
+ hd play = AttackerNode p {q} \<and> (hd play = (AttackerNode p00 {q00})
+ \<or> (\<exists>P. hd (tl play) = DefenderSwapNode q P)))\<close>
+ shows
+ \<open>contrasimulation C\<close>
+ unfolding contrasimulation_def
+proof (safe)
+ fix p q p1 A
+ assume \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> \<open>p \<Rightarrow>$A p1\<close> \<open>C p q\<close>
+ hence \<open>p \<Rightarrow>$(taufree A) p1\<close> by (simp add: weak_step_over_tau)
+ hence \<open>\<exists> play \<in> plays_for_0strategy f (AttackerNode p00 {q00}).
+ hd play = AttackerNode p {q}
+ \<and> (hd play = (AttackerNode p00 {q00})
+ \<or> (\<exists>P. hd (tl play) = DefenderSwapNode q P))\<close>
+ using C_def \<open>p \<Rightarrow>$A p1\<close> \<open>C p q\<close> by auto
+ from this obtain play where
+ play_def: \<open>play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close> and
+ play_hd: \<open>hd play = AttackerNode p {q}\<close> and
+ \<open>hd play = (AttackerNode p00 {q00}) \<or> (\<exists>P. hd (tl play) = DefenderSwapNode q P)\<close>
+ by auto
+ hence \<open>\<not>player1_wins_immediately play\<close>
+ using assms(1) player0_winning_strategy_def by auto
+ hence \<open>(c_set_game_defender_node (hd play) \<and>
+ (\<nexists>p'. c_set_game_moves (hd play) p')) \<Longrightarrow> False\<close>
+ using player1_wins_immediately_def by auto
+ hence Def_not_stuck:
+ \<open>c_set_game_defender_node (hd play) \<Longrightarrow> (\<exists>p'. c_set_game_moves (hd play) p')\<close> by auto
+ from \<open>p \<Rightarrow>$A p1\<close> \<open>p \<Rightarrow>$(taufree A) p1\<close> \<open>C p q\<close>
+ show \<open>\<exists>q'. q \<Rightarrow>$ A q' \<and> C q' p1\<close>
+ proof (cases A rule: rev_cases)
+ case Nil
+ hence \<open>p \<Rightarrow>^\<tau> p1\<close> using \<open>p \<Rightarrow>$A p1\<close> by auto
+ hence \<open>\<exists>n0. n0 = DefenderSwapNode p1 {q}
+ \<and> c_set_game_moves (AttackerNode p {q}) n0\<close> by simp
+ from this obtain n0 where n0_def: \<open>n0 = DefenderSwapNode p1 {q}\<close>
+ and n0_move: \<open>c_set_game_moves (AttackerNode p {q}) n0\<close> by auto
+ have \<open>play = (hd play)#(tl play)\<close>
+ by (metis hd_Cons_tl no_empty_plays play_def strategy0_plays_subset)
+ hence \<open>n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using n0_def n0_move play_def play_hd
+ by (metis c_set_game_defender_node.simps(1) play_def
+ plays_for_0strategy.p1move)
+ hence \<open>\<exists>n1'. c_set_game_moves n0 n1'
+ \<and> n1'#n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using assms(2) n0_def sound_0strategy_def
+ by (meson c_set_game_defender_node.simps(3) plays_for_0strategy.p0move)
+ then obtain n1' where n1'_mov: \<open>c_set_game_moves n0 n1'\<close>
+ and in_play: \<open>n1'#n0#play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close> by auto
+ hence \<open>\<exists>q1. n1' = AttackerNode q1 {p1} \<and> (q1 \<in> weak_tau_succs {q})\<close>
+ by (metis c_set_game_defender_node.elims(2, 3) c_set_game_moves_no_step(3, 4)
+ swap_answer n0_def)
+ then obtain q1 where q1_def: \<open>n1' = AttackerNode q1 {p1}\<close>
+ and q_succ: \<open>q1 \<in> weak_tau_succs {q}\<close> by auto
+ hence q_tau: \<open>q \<Rightarrow>^\<tau> q1\<close> using weak_tau_succs_def by auto
+ from in_play q1_def n0_def have \<open>C q1 p1\<close> unfolding C_def by force
+ then show ?thesis using q_tau Nil by auto
+ next
+ case (snoc as a)
+ hence \<open>A \<noteq> []\<close> by auto
+ hence \<open>\<not>tau a\<close> using \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> snoc by (simp add: tau_def)
+ then obtain A_play p0 where gotoA:
+ \<open>DefenderSimNode (last A) p0 (dsuccs_seq_rec (rev (butlast A)) {q}) # A_play
+ \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ \<open>word_reachable_via_delay A p p0 p1\<close>
+ using csg_defender_can_simulate_prefix \<open>p \<Rightarrow>$A p1\<close>
+ \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> \<open>A \<noteq> []\<close> assms(2) play_def play_hd by meson
+ then obtain Q where \<open>Q = dsuccs_seq_rec (rev (butlast A)) {q}\<close> by auto
+ hence \<open>\<forall>q' \<in> Q. q \<Rightarrow>$(butlast A) q'\<close>
+ using in_dsuccs_implies_word_reachable by auto
+ then obtain n0 where
+ n0_def: \<open>n0 = DefenderSimNode a p0 (dsuccs_seq_rec (rev as) {q})\<close>
+ by auto
+ hence A_play_def: \<open>n0#A_play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using gotoA snoc by auto
+ then obtain n1 where n1_move: \<open>c_set_game_moves n0 n1\<close>
+ using n0_def
+ by (meson assms(2) c_set_game_defender_node.simps(2) sound_0strategy_def)
+ hence \<open>n1 = AttackerNode p0 (dsuccs a (dsuccs_seq_rec (rev as) {q}))\<close>
+ using csg_move_defsimnode_to_atknode n0_def by blast
+ hence \<open>n1 = AttackerNode p0 (dsuccs_seq_rec (a#(rev as)) {q})\<close>
+ using dsuccs_seq_rec.simps(2) by auto
+ hence \<open>n1 = AttackerNode p0 (dsuccs_seq_rec (rev (as@[a])) {q})\<close> by auto
+ hence n1_def: \<open>n1 = AttackerNode p0 (dsuccs_seq_rec (rev A) {q})\<close>
+ using snoc by auto
+ hence n1_in_play: \<open>n1#n0#A_play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using n0_def A_play_def n1_move assms(2) csg_move_defsimnode_to_atknode
+ plays_for_0strategy.p0move sound_0strategy_def
+ by fastforce
+ from \<open>word_reachable_via_delay A p p0 p1\<close> have \<open>p0 \<Rightarrow>^\<tau> p1\<close>
+ using word_reachable_via_delay_def by auto
+ then obtain n0' where n0'_move: \<open>c_set_game_moves n1 n0'\<close>
+ and n0'_def: \<open>n0' = DefenderSwapNode p1 (dsuccs_seq_rec (rev A) {q})\<close>
+ using swap_challenge tau_tau n1_def by blast
+ hence n0'_in_play:
+ \<open>n0'#n1#n0#A_play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using n1_in_play by (simp add: n1_def plays_for_0strategy.p1move)
+ then obtain n1' where n1'_move: \<open>c_set_game_moves n0' n1'\<close>
+ and in_strat: \<open>n1' = f(n0'#n1#n0#A_play)\<close>
+ using Def_not_stuck n0'_def assms(2) sound_0strategy_def by auto
+ then obtain q1 where q1_def: \<open>q1 \<in> weak_tau_succs (dsuccs_seq_rec (rev A) {q})\<close>
+ and n1'_def: \<open>n1' = AttackerNode q1 {p1}\<close> using n0'_def swap_answer
+ by (metis c_set_game_defender_node.cases c_set_game_moves_no_step(3, 7))
+ hence \<open>q1 \<in> {q1. \<exists>q0 \<in> (dsuccs_seq_rec (rev A) {q}). q0 \<Rightarrow>^\<tau> q1}\<close>
+ using weak_tau_succs_def by auto
+ also have \<open>... = {q1. \<exists>q0 \<in> (dsuccs_seq_rec (rev A) {q}). q \<Rightarrow>$A q0 \<and> q0 \<Rightarrow>^\<tau> q1}\<close>
+ using in_dsuccs_implies_word_reachable by auto
+ also have \<open>... \<subseteq> {q1. \<exists>q0 \<in> (dsuccs_seq_rec (rev A) {q}). q \<Rightarrow>$A q1}\<close>
+ using word_tau_concat by auto
+ also have \<open>... \<subseteq> {q1. q \<Rightarrow>$A q1}\<close> by auto
+ finally have \<open>q1 \<in> {q1. q \<Rightarrow>$A q1}\<close> .
+ hence q_goal: \<open>q \<Rightarrow>$A q1\<close> by auto
+ from n1'_move in_strat have
+ move_f: \<open>c_set_game_moves n0' (f(n0'#n1#n0#A_play))\<close> by auto
+ hence \<open>n1'#n0'#n1#n0#A_play \<in> plays_for_0strategy f (AttackerNode p00 {q00})\<close>
+ using in_strat plays_for_0strategy.p0move[OF n0'_in_play _ move_f] n0'_def by auto
+ hence \<open>C q1 p1\<close> unfolding C_def using n1'_def n0'_def by force
+ thus ?thesis using q_goal by auto
+ qed
+qed
+
+theorem winning_strategy_in_c_set_game_iff_contrasim:
+ shows
+ \<open>(\<exists> f . player0_winning_strategy f (AttackerNode p0 {q0})
+ \<and> sound_0strategy f (AttackerNode p0 {q0}))
+ = p0 \<sqsubseteq>c q0\<close>
+proof safe
+ fix f
+ assume
+ \<open>player0_winning_strategy f (AttackerNode p0 {q0})\<close>
+ \<open>sound_0strategy f (AttackerNode p0 {q0})\<close>
+ hence \<open>contrasimulation (\<lambda>p q. \<exists>play \<in> plays_for_0strategy f (AttackerNode p0 {q0}).
+ hd play = AttackerNode p {q} \<and>
+ (hd play = (AttackerNode p0 {q0}) \<or> (\<exists>P. hd (tl play) = DefenderSwapNode q P)))\<close>
+ using contrasim_set_game_sound by blast
+ thus \<open>p0 \<sqsubseteq>c q0\<close>
+ using plays_for_0strategy.init[of \<open>AttackerNode p0 {q0}\<close> f] list.sel(1) by force
+next
+ fix C
+ assume \<open>contrasimulation C\<close> \<open>C p0 q0\<close>
+ thus
+ \<open>(\<exists>f. player0_winning_strategy f (AttackerNode p0 {q0})
+ \<and> sound_0strategy f (AttackerNode p0 {q0}))\<close>
+ using contrasim_set_game_complete[OF _ _]
+ csg_strategy_from_mimicking_of_C_sound[OF _ _]
+ by blast
+qed
+
+end
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/Contrasim_Word_Game.thy b/thys/Coupledsim_Contrasim/Contrasim_Word_Game.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Contrasim_Word_Game.thy
@@ -0,0 +1,360 @@
+section \<open>The Contrasimulation Preorder Word Game\<close>
+
+theory Contrasim_Word_Game
+imports
+ Simple_Game
+ Contrasimulation
+begin
+
+datatype ('s, 'a) c_word_game_node =
+ AttackerNode 's 's |
+ DefenderNode "'a list" 's 's
+
+fun (in lts_tau) c_word_game_moves ::
+ \<open>('s, 'a) c_word_game_node \<Rightarrow> ('s, 'a) c_word_game_node \<Rightarrow> bool\<close> where
+
+ simulation_challenge:
+ \<open>c_word_game_moves (AttackerNode p q) (DefenderNode A p1 q0) =
+ (p \<Rightarrow>$A p1 \<and> q = q0 \<and> (\<forall>a\<in>set A. a \<noteq> \<tau>))\<close> |
+
+ simulation_answer:
+ \<open>c_word_game_moves (DefenderNode A p1 q0) (AttackerNode q1 p10) =
+ (q0 \<Rightarrow>$A q1 \<and> p1 = p10)\<close> |
+
+ c_word_game_moves_no_step:
+ \<open>c_word_game_moves _ _ = False\<close>
+
+fun c_word_game_defender_node :: \<open>('s, 'a) c_word_game_node \<Rightarrow> bool\<close> where
+ \<open>c_word_game_defender_node (AttackerNode _ _) = False\<close> |
+ \<open>c_word_game_defender_node (DefenderNode _ _ _) = True\<close>
+
+
+subsection \<open>Contrasimulation Implies Winning Strategy in Word Game (Completeness)\<close>
+
+locale c_word_game =
+ lts_tau trans \<tau> +
+ simple_game c_word_game_moves c_word_game_defender_node
+for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> and
+ \<tau> :: \<open>'a\<close> and
+ initial :: \<open>('s, 'a) c_word_game_node\<close>
+begin
+
+fun strategy_from_contrasim:: \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> ('s, 'a) c_word_game_node strategy\<close> where
+ \<open>strategy_from_contrasim R ((DefenderNode A p1 q0)#play) =
+ (AttackerNode (SOME q1 . R q1 p1 \<and> q0 \<Rightarrow>$A q1) p1)\<close> |
+ \<open>strategy_from_contrasim _ _ = undefined\<close>
+
+lemma cwg_atknodes_precede_defnodes_in_plays:
+ assumes
+ \<open>c_word_game_defender_node n0\<close>
+ \<open>n0 = DefenderNode A p' q\<close>
+ \<open>(n0#play) \<in> plays initial\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ shows \<open>\<exists>p. (hd play) = AttackerNode p q \<and> c_word_game_moves (hd play) n0\<close>
+proof -
+ have \<open>n0 \<noteq> initial\<close> using assms (2, 4) by auto
+ hence mov: \<open>c_word_game_moves (hd play) n0\<close> using assms(3)
+ by (metis list.inject list.sel(1) plays.cases)
+ hence \<open>\<exists>p. (hd play) = AttackerNode p q\<close> using assms(1 - 3)
+ by (metis c_word_game_node.inject(2) c_word_game_defender_node.simps(1) c_word_game_moves.elims(2))
+ thus ?thesis using mov by auto
+qed
+
+lemma cwg_second_play_elem_in_play_set :
+ assumes
+ \<open>(n0#play) \<in> plays initial\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ \<open>n0 = DefenderNode A p q\<close>
+ shows \<open>hd play \<in> set (n0 # play)\<close>
+proof -
+ from assms(2, 3) have \<open>n0 \<noteq> initial\<close> by auto
+ hence \<open>play \<in> plays initial\<close> using assms(1) plays.cases no_empty_plays by blast
+ hence play_split: \<open>\<exists>x xs. play = x#xs\<close> using no_empty_plays
+ using plays.cases by blast
+ then obtain x where x_def: \<open>\<exists>xs. play = x#xs\<close> ..
+ have x_in_set: \<open>x \<in> set (n0#play)\<close> using x_def by auto
+ have \<open>x = hd play\<close> using x_def by auto
+ with x_in_set show \<open>hd play \<in> set (n0 # play)\<close> by auto
+qed
+
+lemma cwg_contrasim_contains_all_strat_consistent_atknodes:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>R p0 q0\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ \<open>play \<in> plays_for_0strategy (strategy_from_contrasim R) initial\<close>
+shows \<open>((AttackerNode p q) \<in> set play) \<Longrightarrow> R p q\<close>
+ using assms(4)
+proof (induct arbitrary: p q rule: plays_for_0strategy.induct[OF assms(4)])
+ case 1
+ fix p q
+ assume \<open>(AttackerNode p q) \<in> (set [initial])\<close>
+ thus \<open>R p q\<close> using assms(3, 2) by simp
+next
+ case p0moved: (2 n0 play)
+ hence IH:\<open>AttackerNode p q \<in> set (n0#play) \<Longrightarrow> R p q\<close> by simp
+ from p0moved.prems have
+ \<open>(AttackerNode p q) \<in> set ((strategy_from_contrasim R (n0 # play))#n0#play)\<close>
+ by simp
+ hence \<open>(AttackerNode p q =
+ (strategy_from_contrasim R (n0 # play))) \<or> (AttackerNode p q \<in> set (n0#play))\<close>
+ by simp
+ thus \<open>R p q\<close>
+ proof (rule disjE)
+ assume \<open>AttackerNode p q \<in> set (n0#play)\<close>
+ thus \<open>R p q\<close> using IH by simp
+ next
+ assume A: \<open>AttackerNode p q = (strategy_from_contrasim R (n0 # play))\<close>
+ have \<open>\<exists>A ppred. n0 = (DefenderNode A q ppred)\<close>
+ using p0moved.hyps(3) strategy_from_contrasim.simps(1)[of \<open>R\<close>]
+ by (metis (no_types, lifting) A c_word_game_node.inject(1)
+ c_word_game_defender_node.elims(2))
+ then obtain A ppred where
+ n0_def: \<open>n0 = (DefenderNode A q ppred)\<close> \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ by (metis assms(3) c_word_game.cwg_atknodes_precede_defnodes_in_plays
+ simulation_challenge p0moved.hyps(1, 3) strategy0_plays_subset)
+ hence \<open>strategy_from_contrasim R (n0#play) =
+ AttackerNode (SOME q1. R q1 q \<and> ppred \<Rightarrow>$ A q1) q\<close>
+ using n0_def strategy_from_contrasim.simps(1)[of \<open>R\<close> \<open>A\<close> \<open>q\<close> \<open>ppred\<close> \<open>play\<close>] by auto
+ hence p_def: \<open>p = (SOME p1. R p1 q \<and> ppred \<Rightarrow>$ A p1)\<close> using A by auto
+ have \<open>\<exists>qpred. hd play = (AttackerNode qpred ppred) \<and> c_word_game_moves (hd play) n0\<close>
+ using cwg_atknodes_precede_defnodes_in_plays strategy0_plays_subset[OF p0moved.hyps(1)]
+ by (simp add: assms(3) n0_def p0moved.hyps(3))
+ then obtain qpred where qpred_def: \<open>hd play = (AttackerNode qpred ppred)\<close>
+ and qpred_move: \<open>c_word_game_moves (hd play) n0\<close> by auto
+ have qpred_q_move: \<open>qpred \<Rightarrow>$A q\<close> using qpred_def qpred_move n0_def by simp
+ have \<open>hd play \<in> set (n0 # play)\<close>
+ using cwg_second_play_elem_in_play_set strategy0_plays_subset[OF p0moved.hyps(1)] assms(3)
+ by (auto simp add: n0_def)
+ hence pred_R: \<open>R qpred ppred\<close>
+ by (simp add: qpred_def p0moved.hyps(1) p0moved.hyps(2))
+ have \<open>\<exists> p1 . R p1 q \<and> ppred \<Rightarrow>$ A p1\<close>
+ using qpred_q_move pred_R assms(1) \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ unfolding contrasimulation_def by blast
+ from someI_ex[OF this] show \<open>R p q\<close> unfolding p_def by blast
+ qed
+next
+ case p1moved: (3 n1 play n1')
+ from p1moved.hyps have IH:\<open>AttackerNode p q \<in> set (n1#play) \<Longrightarrow> R p q\<close> by simp
+ assume \<open>(AttackerNode p q) \<in> (set (n1'#n1#play))\<close>
+ hence \<open>(AttackerNode p q = n1') \<or> (AttackerNode p q \<in> set (n1#play))\<close> by auto
+ thus \<open>R p q\<close>
+ proof (rule disjE)
+ assume \<open>(AttackerNode p q \<in> set (n1#play))\<close>
+ thus \<open>R p q\<close> using p1moved.hyps by auto
+ next
+ assume A: \<open>AttackerNode p q = n1'\<close>
+ from p1moved.hyps have \<open>player1_position n1\<close> by simp
+ hence \<open>c_word_game_defender_node n1'\<close>
+ by (metis c_word_game_defender_node.simps(2) c_word_game_moves.elims(2) p1moved.hyps(4))
+ hence \<open>False\<close> using A by auto
+ thus \<open>R p q\<close> ..
+ qed
+qed
+
+lemma contrasim_word_game_complete:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>R p q\<close>
+ \<open>initial = AttackerNode p q\<close>
+ shows \<open>player0_winning_strategy (strategy_from_contrasim R) initial\<close>
+ unfolding player0_winning_strategy_def
+proof (safe)
+ fix play
+ assume A1: \<open>play \<in> plays_for_0strategy (strategy_from_contrasim R) initial\<close>
+ thus \<open>player1_wins_immediately play \<Longrightarrow> False\<close>
+ unfolding player1_wins_immediately_def
+ proof -
+ assume A: \<open>c_word_game_defender_node (hd play) \<and> (\<nexists>p'. c_word_game_moves (hd play) p')\<close>
+ have player0_has_succ_node: \<open>c_word_game_defender_node (hd play) \<Longrightarrow>
+ \<exists>p'. c_word_game_moves (hd play) p'\<close>
+ proof (induct rule: simple_game.plays_for_0strategy.induct[OF A1])
+ case init: 1
+ from assms(3) have \<open>\<not>c_word_game_defender_node (hd [initial])\<close> by simp
+ hence \<open>False\<close> using init.prems by simp
+ then show ?case ..
+ next
+ case p0moved: (2 n0 play)
+ from p0moved.hyps have \<open>c_word_game_defender_node n0\<close> by simp
+ hence \<open>\<exists>A p1 q. n0 = (DefenderNode A p1 q)\<close>
+ by (meson c_word_game_defender_node.elims(2))
+ hence \<open>\<not>c_word_game_defender_node (strategy_from_contrasim R (n0#play))\<close>
+ using p0moved.hyps(4) c_word_game_moves.elims(2)
+ [of \<open>n0\<close> \<open>strategy_from_contrasim R (n0#play)\<close>]
+ by force
+ hence \<open>False\<close> using p0moved.prems by simp
+ then show ?case ..
+ next
+ case p1moved: (3 n1 play n1')
+ hence \<open>\<not>c_word_game_defender_node n1\<close> using p1moved.hyps by simp
+ then obtain p q where n1_def: \<open>n1 = AttackerNode p q\<close>
+ using c_word_game_defender_node.elims(3) by auto
+ hence pq_in_R: \<open>R p q\<close>
+ using cwg_contrasim_contains_all_strat_consistent_atknodes[OF assms,
+ of \<open>n1#play\<close>, OF p1moved.hyps(1)]
+ by auto
+ have is_def: \<open>c_word_game_defender_node n1'\<close> using p1moved.prems by auto
+ then obtain A p1 q0 where n1'_def: \<open>n1' = DefenderNode A p1 q0\<close>
+ using c_word_game_defender_node.elims(2)[OF is_def] by auto
+ hence \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> using p1moved.hyps(4) n1_def by simp
+ have Move_n1_n1': \<open>c_word_game_moves (AttackerNode p q) (DefenderNode A p1 q0)\<close>
+ using p1moved.hyps n1_def n1'_def by auto
+ hence same_q: \<open>q0 = q\<close> by auto
+ from Move_n1_n1' have p_succ: \<open>p \<Rightarrow>$A p1\<close> by auto
+ from assms(1) have Contra:
+ \<open>\<And>p q p' A. (\<forall>a\<in>set A. a \<noteq> \<tau>) \<Longrightarrow> R p q \<Longrightarrow> p \<Rightarrow>$ A p'
+ \<Longrightarrow> (\<exists>q'. q \<Rightarrow>$ A q' \<and> R q' p')\<close>
+ unfolding contrasimulation_def by auto
+ hence \<open>\<exists> q'. (q \<Rightarrow>$ A q')\<and> R q' p1\<close>
+ using Contra[OF \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> pq_in_R p_succ] by auto
+ hence \<open>\<exists> p1 q1. c_word_game_moves n1' (AttackerNode p1 q1)\<close>
+ using same_q n1'_def by auto
+ then show ?case by auto
+ qed
+ thus \<open>False\<close> using A by auto
+ qed
+qed
+
+subsection \<open>Winning Strategy Implies Contrasimulation in Word Game (Soundness)\<close>
+
+lemma cwg_strategy_from_contrasim_sound:
+ assumes
+ \<open>R p0 q0\<close>
+ \<open>contrasimulation R\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ shows
+ \<open>sound_0strategy (strategy_from_contrasim R) initial\<close>
+ unfolding sound_0strategy_def
+proof (safe)
+ fix n0 play
+ assume A:
+ \<open>n0 # play \<in> plays_for_0strategy (strategy_from_contrasim R) initial\<close>
+ \<open>c_word_game_defender_node n0\<close>
+ then obtain A p1 q where n0_def: \<open>n0 = DefenderNode A p1 q\<close>
+ using c_word_game_defender_node.elims(2) by blast
+ then obtain p where p_def: \<open>hd play = AttackerNode p q\<close>
+ using n0_def A cwg_atknodes_precede_defnodes_in_plays assms(3) strategy0_plays_subset
+ by blast
+ hence \<open>c_word_game_moves (AttackerNode p q) (DefenderNode A p1 q)\<close>
+ using A n0_def
+ by (metis assms(3) cwg_atknodes_precede_defnodes_in_plays strategy0_plays_subset)
+ hence mov_p_p1: \<open>p \<Rightarrow>$A p1\<close> \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> by auto
+ from p_def have \<open>R p q\<close>
+ using cwg_contrasim_contains_all_strat_consistent_atknodes A assms
+ cwg_second_play_elem_in_play_set n0_def strategy0_plays_subset
+ by fastforce
+ with mov_p_p1 have q1_def: \<open>\<exists>q1. R q1 p1 \<and> q \<Rightarrow>$A q1\<close>
+ using assms(2) unfolding contrasimulation_def by blast
+ from n0_def have
+ \<open>strategy_from_contrasim R (n0 # play)
+ = (AttackerNode (SOME q1 . R q1 p1 \<and> q \<Rightarrow>$A q1) p1)\<close>
+ by auto
+ then obtain q' where
+ \<open>AttackerNode (SOME q1 . R q1 p1 \<and> q \<Rightarrow>$A q1) p1 = AttackerNode q' p1\<close> by blast
+ hence q'_def: \<open>q' = (SOME q1 . R q1 p1 \<and> q \<Rightarrow>$A q1)\<close> by auto
+ with someI_ex[OF q1_def] have \<open>R q' p1 \<and> q \<Rightarrow>$A q'\<close> by blast
+ thus \<open>c_word_game_moves n0 (strategy_from_contrasim R (n0 # play))\<close>
+ using q'_def by (simp add: n0_def)
+qed
+
+lemma contrasim_word_game_sound:
+ assumes
+ \<open>player0_winning_strategy f initial\<close>
+ \<open>sound_0strategy f initial\<close>
+ defines
+ \<open>R == \<lambda> p q . (\<exists> play \<in> plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ shows
+ \<open>contrasimulation R\<close> unfolding contrasimulation_def
+proof (safe)
+ fix p q p1 A
+ assume A1: \<open>p \<Rightarrow>$A p1\<close>
+ assume A2: \<open>R p q\<close> \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ hence \<open>\<exists> play . play \<in> plays_for_0strategy f initial \<and> hd play = AttackerNode p q\<close>
+ using R_def by auto
+ from this obtain play where play_def:
+ \<open>play \<in> plays_for_0strategy f initial \<and> hd play = AttackerNode p q\<close> ..
+ from assms(1) have \<open>\<not>player1_wins_immediately play\<close>
+ using player0_winning_strategy_def play_def by auto
+ hence \<open>(c_word_game_defender_node (hd play) \<and> (\<nexists>p'. c_word_game_moves (hd play) p'))
+ \<Longrightarrow> False\<close>
+ using player1_wins_immediately_def by auto
+ hence Def_not_stuck:
+ \<open>c_word_game_defender_node (hd play) \<Longrightarrow> (\<nexists>p'. c_word_game_moves (hd play) p')
+ \<Longrightarrow> False\<close>
+ by auto
+ have \<open>(p \<Rightarrow>$A p1) \<Longrightarrow> (((DefenderNode A p1 q)#play) \<in> plays_for_0strategy f initial)\<close>
+ proof -
+ have \<open>\<exists>n0. n0 = DefenderNode A p1 q\<close> by auto
+ from this obtain n0 where n0_def: \<open>n0 = DefenderNode A p1 q\<close> ..
+ have play_split: \<open>play = (hd play)#(tl play)\<close>
+ by (metis hd_Cons_tl play_def strategy0_plays_subset no_empty_plays)
+ hence inF:\<open>(hd play)#(tl play) \<in> plays_for_0strategy f initial\<close> by (simp add: play_def)
+ have pl1: \<open>player1_position (hd play)\<close> by (simp add: play_def)
+ have mov0:\<open>c_word_game_moves (hd play) (DefenderNode A p1 q)\<close>
+ using \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> by (auto simp add: play_def A1)
+ have \<open>(DefenderNode A p1 q)#(hd play)#(tl play) \<in> plays_for_0strategy f initial\<close>
+ using plays_for_0strategy.p1move[OF inF pl1 mov0] .
+ thus \<open>DefenderNode A p1 q#play \<in> plays_for_0strategy f initial\<close>
+ by (simp add: sym[OF play_split])
+ qed
+ hence def_in_f: \<open>(DefenderNode A p1 q)#play \<in> plays_for_0strategy f initial\<close>
+ by (simp add: A1)
+ hence \<open>\<not>(player1_wins_immediately (DefenderNode A p1 q#play))\<close>
+ using assms(1) player0_winning_strategy_def by auto
+ hence \<open>\<exists>n1. c_word_game_moves (DefenderNode A p1 q) n1\<close>
+ using player1_wins_immediately_def by auto
+ have move_ex: \<open>c_word_game_moves (DefenderNode A p1 q) (f (DefenderNode A p1 q # play))\<close>
+ using assms(2) def_in_f sound_0strategy_def by auto
+ hence in_f: \<open>f ((DefenderNode A p1 q) # play) # (DefenderNode A p1 q) # play
+ \<in> plays_for_0strategy f initial\<close>
+ using plays_for_0strategy.p0move[OF def_in_f] by auto
+ obtain n1 where
+ n1_def: \<open>n1 = f (DefenderNode A p1 q # play)\<close> and
+ n1_move: \<open>c_word_game_moves (DefenderNode A p1 q) n1\<close>
+ using move_ex by auto
+ hence \<open>\<exists>q1. n1 = (AttackerNode q1 p1)\<close>
+ using c_word_game_moves.elims(2)[of \<open>DefenderNode A p1 q\<close> n1] by auto
+ from this obtain q1 where
+ q1_def: \<open>n1 = (AttackerNode q1 p1)\<close> ..
+ have \<open>c_word_game_moves (DefenderNode A p1 q) (AttackerNode q1 p1)\<close>
+ using q1_def move_ex n1_def by auto
+ hence q1_succ: \<open>q \<Rightarrow>$A q1\<close> using c_word_game_moves.simps(2) by auto
+ have def: \<open>c_word_game_defender_node (DefenderNode A p1 q)\<close> by simp
+ hence \<open>(AttackerNode q1 p1)#(DefenderNode A p1 q)#play \<in> plays_for_0strategy f initial\<close>
+ using q1_def n1_def in_f by auto
+ then obtain R_play where
+ R_play_def: \<open>R_play = (AttackerNode q1 p1)#(DefenderNode A p1 q)#play\<close> and
+ R_play_in_f: \<open>R_play \<in> plays_for_0strategy f initial\<close> by simp
+ hence \<open>(hd R_play) = AttackerNode q1 p1\<close> by (simp add: R_play_def)
+ hence \<open>R q1 p1\<close> unfolding R_def using R_play_in_f by auto
+ thus \<open>R p q \<Longrightarrow> p \<Rightarrow>$ A p1 \<Longrightarrow> \<exists>q1. q \<Rightarrow>$ A q1 \<and> R q1 p1\<close> using q1_succ by auto
+qed
+
+theorem winning_strategy_in_c_word_game_iff_contrasim:
+ assumes
+ \<open>initial = AttackerNode p q\<close>
+ shows
+ \<open>(\<exists> f . player0_winning_strategy f initial \<and> sound_0strategy f initial)
+ = (\<exists> C. contrasimulation C \<and> C p q)\<close>
+proof
+ assume
+ \<open>(\<exists>f. player0_winning_strategy f initial \<and> sound_0strategy f initial)\<close>
+ then obtain f where
+ \<open>contrasimulation (\<lambda>p q.
+ \<exists>play\<in>plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ using contrasim_word_game_sound by blast
+ moreover have
+ \<open>(\<lambda>p q. \<exists>play\<in>plays_for_0strategy f initial. hd play = AttackerNode p q) p q\<close>
+ using assms plays_for_0strategy.init[of _ f] by (meson list.sel(1))
+ ultimately show \<open>\<exists> C. contrasimulation C \<and> C p q\<close> by blast
+next
+ assume
+ \<open>\<exists> C. contrasimulation C \<and> C p q\<close>
+ thus \<open>(\<exists>f. player0_winning_strategy f initial \<and> sound_0strategy f initial)\<close>
+ using contrasim_word_game_complete[OF _ _ assms]
+ cwg_strategy_from_contrasim_sound[OF _ _ assms] by blast
+qed
+
+end
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/Contrasimulation.thy b/thys/Coupledsim_Contrasim/Contrasimulation.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Contrasimulation.thy
@@ -0,0 +1,266 @@
+section \<open>Contrasimulation\<close>
+
+theory Contrasimulation
+imports
+ Weak_Relations
+begin
+
+context lts_tau
+begin
+
+subsection \<open>Definition of Contrasimulation\<close>
+
+definition contrasimulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>contrasimulation R \<equiv> \<forall> p q p' A . (\<forall> a \<in> set(A). a \<noteq> \<tau>) \<and> R p q \<and> (p \<Rightarrow>$ A p') \<longrightarrow>
+ (\<exists> q'. (q \<Rightarrow>$ A q') \<and> R q' p')\<close>
+
+lemma contrasim_simpler_def:
+ shows \<open>contrasimulation R =
+ (\<forall> p q p' A . R p q \<and> (p \<Rightarrow>$ A p') \<longrightarrow> (\<exists> q'. (q \<Rightarrow>$ A q') \<and> R q' p'))\<close>
+proof -
+ have \<open>\<And>A. \<forall>a\<in>set (filter (\<lambda>a. a \<noteq> \<tau>) A). a \<noteq> \<tau>\<close> by auto
+ then show ?thesis
+ unfolding contrasimulation_def
+ using word_steps_ignore_tau_addition word_steps_ignore_tau_removal
+ by metis
+qed
+
+abbreviation contrasimulated_by :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<sqsubseteq>c _" [60, 60] 65)
+ where \<open>contrasimulated_by p q \<equiv> \<exists> R . contrasimulation R \<and> R p q\<close>
+
+lemma contrasim_preorder_is_contrasim:
+ shows \<open>contrasimulation (\<lambda> p q . p \<sqsubseteq>c q)\<close>
+ unfolding contrasimulation_def
+ by metis
+
+lemma contrasim_preorder_is_greatest:
+ assumes \<open>contrasimulation R\<close>
+ shows \<open>\<And> p q. R p q \<Longrightarrow> p \<sqsubseteq>c q\<close>
+ using assms by auto
+
+lemma contrasim_tau_step:
+ \<open>contrasimulation (\<lambda> p1 q1 . q1 \<longmapsto>* tau p1)\<close>
+ unfolding contrasimulation_def
+ using steps.simps tau_tau tau_word_concat
+ by metis
+
+lemma contrasim_trans_constructive:
+ fixes R1 R2
+ defines
+ \<open>R \<equiv> \<lambda> p q . \<exists> pq . (R1 p pq \<and> R2 pq q) \<or> (R2 p pq \<and> R1 pq q)\<close>
+ assumes
+ R1_def: \<open>contrasimulation R1\<close> \<open>R1 p pq\<close> and
+ R2_def: \<open>contrasimulation R2\<close> \<open>R2 pq q\<close>
+ shows
+ \<open>R p q\<close> \<open>contrasimulation R\<close>
+ using assms(2,3,4,5) unfolding R_def contrasimulation_def by metis+
+
+lemma contrasim_trans:
+ assumes
+ \<open>p \<sqsubseteq>c pq\<close>
+ \<open>pq \<sqsubseteq>c q\<close>
+ shows
+ \<open>p \<sqsubseteq>c q\<close>
+ using assms contrasim_trans_constructive by blast
+
+lemma contrasim_refl:
+ shows
+ \<open>p \<sqsubseteq>c p\<close>
+ using contrasim_tau_step steps.refl by blast
+
+lemma contrasimilarity_equiv:
+ defines \<open>contrasimilarity \<equiv> \<lambda> p q. p \<sqsubseteq>c q \<and> q \<sqsubseteq>c p\<close>
+ shows \<open>equivp contrasimilarity\<close>
+proof -
+ have \<open>reflp contrasimilarity\<close>
+ using contrasim_refl unfolding contrasimilarity_def reflp_def by blast
+ moreover have \<open>symp contrasimilarity\<close>
+ unfolding contrasimilarity_def symp_def by blast
+ moreover have \<open>transp contrasimilarity\<close>
+ using contrasim_trans unfolding contrasimilarity_def transp_def by meson
+ ultimately show ?thesis using equivpI by blast
+qed
+
+lemma contrasim_implies_trace_incl:
+ assumes \<open>contrasimulation R\<close>
+ shows \<open>trace_inclusion R\<close>
+by (metis assms contrasim_simpler_def trace_inclusion_def)
+
+lemma contrasim_coupled:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>R p q\<close>
+ shows
+ \<open>\<exists> q'. q \<longmapsto>* tau q' \<and> R q' p\<close>
+ using assms steps.refl[of p tau] weak_step_seq.simps(1)
+ unfolding contrasim_simpler_def by blast
+
+lemma contrasim_taufree_symm:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>R p q\<close>
+ \<open>stable_state q\<close>
+ shows
+ \<open>R q p\<close>
+ using contrasim_coupled assms stable_tauclosure_only_loop by blast
+
+lemma symm_contrasim_is_weak_bisim:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>\<And> p q. R p q \<Longrightarrow> R q p\<close>
+ shows
+ \<open>weak_bisimulation R\<close>
+ using assms unfolding contrasim_simpler_def weak_sim_word weak_bisim_weak_sim by blast
+
+lemma contrasim_weakest_bisim:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>\<And> p q a. p \<longmapsto> a q \<Longrightarrow> \<not> tau a\<close>
+ shows
+ \<open>bisimulation R\<close>
+ using assms contrasim_taufree_symm symm_contrasim_is_weak_bisim weak_bisim_taufree_strong
+ by blast
+
+lemma symm_weak_sim_is_contrasim:
+ assumes
+ \<open>weak_simulation R\<close>
+ \<open>\<And> p q. R p q \<Longrightarrow> R q p\<close>
+ shows
+ \<open>contrasimulation R\<close>
+ using assms unfolding contrasim_simpler_def weak_sim_word by blast
+
+subsection \<open>Intermediate Relation Mimicking Contrasim\<close>
+
+definition mimicking :: "('s \<Rightarrow> 's set \<Rightarrow> bool) \<Rightarrow> 's \<Rightarrow> 's set \<Rightarrow> bool" where
+\<open>mimicking R p' Q' \<equiv> \<exists>p Q A.
+ R p Q \<and> p \<Rightarrow>$A p' \<and>
+ (\<forall>a \<in> set A. a \<noteq> \<tau>) \<and>
+ Q' = (dsuccs_seq_rec (rev A) Q)\<close>
+
+definition set_lifted :: "('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> 's \<Rightarrow> 's set \<Rightarrow> bool" where
+\<open>set_lifted R p Q \<equiv> \<exists>q. R p q \<and> Q = {q}\<close>
+
+lemma R_is_in_mimicking_of_R :
+ assumes \<open>R p Q\<close>
+ shows \<open>mimicking R p Q\<close>
+ using assms steps.refl lts_tau.weak_step_seq.simps(1)
+ unfolding mimicking_def by fastforce
+
+lemma mimicking_of_C_guarantees_tau_succ:
+ assumes
+ \<open>contrasimulation C\<close>
+ \<open>mimicking (set_lifted C) p Q\<close>
+ \<open>p \<Rightarrow>^\<tau> p'\<close>
+ shows \<open>\<exists>q'. q' \<in> (weak_tau_succs Q) \<and> mimicking (set_lifted C) q' {p'}\<close>
+proof -
+ obtain p0 Q0 A q0
+ where \<open>(set_lifted C) p0 Q0\<close> \<open>p0 \<Rightarrow>$A p\<close> \<open>\<forall>a \<in> set A. a \<noteq> \<tau>\<close> \<open>Q0 = {q0}\<close>
+ and Q_def: \<open>Q = (dsuccs_seq_rec (rev A) Q0)\<close>
+ using mimicking_def assms set_lifted_def by metis
+ hence \<open>C p0 q0\<close> using set_lifted_def by auto
+ have \<open>p0 \<Rightarrow>$(A@[\<tau>]) p'\<close> using \<open>p0 \<Rightarrow>$A p\<close> \<open>p \<Rightarrow>^\<tau> p'\<close> rev_seq_step_concat by auto
+ hence word: \<open>p0 \<Rightarrow>$A p'\<close>
+ by (metis \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> app_tau_taufree_list tau_def weak_step_over_tau)
+ then obtain q' where \<open>q0 \<Rightarrow>$A q'\<close> \<open>C q' p'\<close>
+ using assms contrasimulation_def[of \<open>C\<close>] \<open>C p0 q0\<close> \<open>\<forall>a \<in> set A. a \<noteq> \<tau>\<close> by blast
+ hence \<open>(set_lifted C) q' {p'}\<close> using set_lifted_def by auto
+ hence in_mimicking: \<open>mimicking (set_lifted C) q' {p'}\<close> using R_is_in_mimicking_of_R by auto
+ have \<open>q' \<in> weak_tau_succs (dsuccs_seq_rec (rev A) Q0)\<close>
+ using \<open>Q0 = {q0}\<close> \<open>q0 \<Rightarrow>$ A q'\<close>
+ by (simp add: word_reachable_implies_in_dsuccs)
+ hence \<open>q' \<in> weak_tau_succs Q\<close> using Q_def by simp
+ thus \<open>\<exists>q'. q' \<in> weak_tau_succs Q \<and> mimicking (set_lifted C) q' {p'}\<close> using in_mimicking by auto
+qed
+
+lemma mimicking_of_C_guarantees_action_succ:
+ assumes
+ \<open>contrasimulation C\<close>
+ \<open>mimicking (set_lifted C) p Q\<close>
+ \<open>p =\<rhd>a p'\<close>
+ \<open>a \<noteq> \<tau>\<close>
+ shows \<open>mimicking (set_lifted C) p' (dsuccs a Q)\<close>
+proof -
+ obtain p0 Q0 A q0
+ where \<open>(set_lifted C) p0 Q0\<close> \<open>p0 \<Rightarrow>$A p\<close> \<open>Q0 = {q0}\<close> \<open>\<forall>a \<in> set A. a \<noteq> \<tau> \<close>
+ and Q_def: \<open>Q = (dsuccs_seq_rec (rev A) Q0)\<close>
+ using mimicking_def assms set_lifted_def by metis
+ then obtain CS where CS_def: \<open>contrasimulation CS \<and> CS p0 q0\<close>
+ using assms set_lifted_def by (metis singleton_inject)
+ have notau: \<open>\<forall>a \<in> set (A@[a]). a \<noteq> \<tau>\<close>
+ using \<open>a \<noteq> \<tau>\<close> \<open>\<forall>a \<in> set A. a \<noteq> \<tau> \<close> by auto
+ have \<open>p \<Rightarrow>a p'\<close> using assms(3,4) steps.refl tau_def by auto
+ hence word: \<open>p0 \<Rightarrow>$(A@[a]) p'\<close>
+ using \<open>p0 \<Rightarrow>$A p\<close> rev_seq_step_concat
+ by (meson steps.step steps_concat)
+ then obtain q' where \<open>q0 \<Rightarrow>$(A@[a]) q' \<and> CS q' p'\<close>
+ using CS_def contrasimulation_def[of \<open>CS\<close>] notau
+ by fastforce
+ hence \<open>q' \<in> weak_tau_succs (dsuccs_seq_rec (rev (A@[a])) {q0})\<close>
+ using word_reachable_implies_in_dsuccs by blast
+ then obtain q1 where \<open>q1 \<in> dsuccs_seq_rec (rev (A@[a])) {q0}\<close> \<open>q1 \<Rightarrow>^\<tau> q'\<close>
+ using weak_tau_succs_def[of \<open>dsuccs_seq_rec (rev (A@[a])) {q0}\<close>] by auto
+ thus ?thesis
+ using word mimicking_def[of \<open>(set_lifted C)\<close>] \<open>(set_lifted C) p0 Q0\<close>
+ \<open>Q0 = {q0}\<close> Q_def notau simp_dsuccs_seq_rev by meson
+qed
+
+subsection \<open>Over-Approximating Contrasimulation by a Single-Step Version\<close>
+
+definition contrasim_step ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>contrasim_step R \<equiv> \<forall> p q p' a .
+ R p q \<and> (p \<Rightarrow>^a p') \<longrightarrow>
+ (\<exists> q'. (q \<Rightarrow>^a q')
+ \<and> R q' p')\<close>
+
+lemma contrasim_step_weaker_than_seq:
+ assumes
+ \<open>contrasimulation R\<close>
+ shows
+ \<open>contrasim_step R\<close>
+ unfolding contrasim_step_def
+proof ((rule allI impI)+)
+ fix p q p' a
+ assume
+ \<open>R p q \<and> p \<Rightarrow>^a p'\<close>
+ hence
+ \<open>R p q\<close> \<open>p \<Rightarrow>^a p'\<close> by safe
+ hence \<open>p \<Rightarrow>$ [a] p'\<close> by safe
+ then obtain q' where \<open>R q' p'\<close> \<open>q \<Rightarrow>$ [a] q'\<close>
+ using assms `R p q` unfolding contrasim_simpler_def by blast
+ hence \<open>q \<Rightarrow>^a q'\<close> by blast
+ thus \<open>\<exists>q'. q \<Rightarrow>^a q' \<and> R q' p'\<close> using `R q' p'` by blast
+qed
+
+lemma contrasim_step_seq_coincide_for_sims:
+ assumes
+ \<open>contrasim_step R\<close>
+ \<open>weak_simulation R\<close>
+ shows
+ \<open>contrasimulation R\<close>
+ unfolding contrasimulation_def
+proof (clarify)
+ fix p q p' A
+ assume
+ \<open>R p q\<close>
+ \<open>p \<Rightarrow>$ A p'\<close>
+ thus \<open>\<exists>q'. q \<Rightarrow>$ A q' \<and> R q' p'\<close>
+ proof (induct A arbitrary: p p' q)
+ case Nil
+ then show ?case using assms(1) unfolding contrasim_step_def
+ using tau_tau weak_step_seq.simps(1) by blast
+ next
+ case (Cons a A)
+ then obtain p1 where p1_def: \<open>p \<Rightarrow>^a p1\<close> \<open>p1 \<Rightarrow>$ (A) p'\<close> by auto
+ then obtain q1 where q1_def: \<open>q \<Rightarrow>^a q1\<close> \<open>R p1 q1\<close>
+ using assms(2) `R p q` unfolding weak_sim_weak_premise by blast
+ then obtain q' where \<open>q1 \<Rightarrow>$ (A) q'\<close> \<open>R q' p'\<close> using p1_def(2) Cons(1) by blast
+ then show ?case using q1_def(1) by auto
+ qed
+qed
+
+end
+end
diff --git a/thys/Coupledsim_Contrasim/Coupled_Simulation.thy b/thys/Coupledsim_Contrasim/Coupled_Simulation.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Coupled_Simulation.thy
@@ -0,0 +1,1261 @@
+section \<open>Coupled Simulation\<close>
+
+theory Coupled_Simulation
+ imports Contrasimulation
+begin
+
+context lts_tau
+begin
+
+subsection \<open>Van Glabbeeks's Coupled Simulation\<close>
+
+text \<open>We mainly use van Glabbeek's coupled simulation from his 2017 CSP paper @{cite "glabbeek2017"}.
+ Later on, we will compare it to other definitions of coupled (delay/weak) simulations.\<close>
+
+definition coupled_simulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>coupled_simulation R \<equiv> \<forall> p q .
+ R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists> q'. R p' q' \<and> q \<Rightarrow>^a q')) \<and>
+ (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p)\<close>
+
+abbreviation coupled_simulated_by :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<sqsubseteq>cs _" [60, 60] 65)
+ where \<open>coupled_simulated_by p q \<equiv> \<exists> R . coupled_simulation R \<and> R p q\<close>
+
+abbreviation coupled_similar :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<equiv>cs _" [60, 60] 65)
+ where \<open>coupled_similar p q \<equiv> p \<sqsubseteq>cs q \<and> q \<sqsubseteq>cs p\<close>
+
+text \<open>We call \<open>\<sqsubseteq>cs\<close> "coupled simulation preorder" and \<open>\<equiv>cs\<close> coupled similarity.\<close>
+
+subsection \<open>Position between Weak Simulation and Weak Bisimulation\<close>
+
+text \<open>Coupled simulations are special weak simulations, and symmetric weak bisimulations also
+ are coupled simulations.\<close>
+
+lemma coupled_simulation_weak_simulation:
+ \<open>coupled_simulation R =
+ (weak_simulation R \<and> (\<forall> p q . R p q \<longrightarrow> (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p)))\<close>
+ unfolding coupled_simulation_def weak_simulation_def by blast
+
+corollary coupled_simulation_implies_weak_simulation:
+ assumes \<open>coupled_simulation R\<close>
+ shows \<open>weak_simulation R\<close>
+ using assms unfolding coupled_simulation_weak_simulation ..
+
+corollary coupledsim_enabled_subs:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>weak_enabled p a\<close>
+ \<open>\<not> tau a\<close>
+ shows \<open>weak_enabled q a\<close>
+ using assms weak_sim_enabled_subs coupled_simulation_implies_weak_simulation by blast
+
+lemma coupled_simulation_implies_coupling:
+ assumes
+ \<open>coupled_simulation R\<close>
+ \<open>R p q\<close>
+ shows
+ \<open>\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p\<close>
+ using assms unfolding coupled_simulation_weak_simulation by blast
+
+lemma weak_bisim_implies_coupled_sim_gla17:
+ assumes
+ wbisim: \<open>weak_bisimulation R\<close> and
+ symmetry: \<open>\<And> p q . R p q \<Longrightarrow> R q p\<close>
+ \<comment>\<open>symmetry is needed here, which is alright because bisimilarity is symmetric.\<close>
+ shows \<open>coupled_simulation R\<close>
+unfolding coupled_simulation_def proof safe
+ fix p q p' a
+ assume \<open>R p q\<close> \<open>p \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. R p' q' \<and> (q \<Rightarrow>^a q')\<close>
+ using wbisim unfolding weak_bisimulation_def by simp
+next
+ fix p q
+ assume \<open>R p q\<close>
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R q' p\<close>
+ using symmetry steps.refl[of q tau] by auto
+qed
+
+subsection \<open>Coupled Simulation and Silent Steps\<close>
+
+text \<open>Coupled simulation shares important patterns with weak simulation when it comes to the
+ treatment of silent steps.\<close>
+
+lemma coupledsim_step_gla17:
+ \<open>coupled_simulation (\<lambda> p1 q1 . q1 \<longmapsto>* tau p1)\<close>
+ unfolding coupled_simulation_def
+ using lts.steps.simps by metis
+
+corollary coupledsim_step:
+ assumes
+ \<open>p \<longmapsto>* tau q\<close>
+ shows
+ \<open>q \<sqsubseteq>cs p\<close>
+ using assms coupledsim_step_gla17 by auto
+
+text \<open>A direct implication of this is that states on a tau loop are coupled similar.\<close>
+corollary strongly_tau_connected_coupled_similar:
+ assumes
+ \<open>p \<longmapsto>* tau q\<close>
+ \<open>q \<longmapsto>* tau p\<close>
+ shows \<open>p \<equiv>cs q\<close>
+ using assms coupledsim_step by auto
+
+lemma silent_steps_retain_coupled_simulation:
+assumes
+ \<open>coupled_simulation R\<close>
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>* A p'\<close>
+ \<open>A = tau\<close>
+shows \<open>\<exists> q' . q \<longmapsto>* A q' \<and> R p' q'\<close>
+ using assms(1,3,2,4) steps_retain_weak_sim
+ unfolding coupled_simulation_weak_simulation by blast
+
+lemma coupled_simulation_weak_premise:
+ \<open>coupled_simulation R =
+ (\<forall> p q . R p q \<longrightarrow>
+ (\<forall> p' a. p \<Rightarrow>^a p' \<longrightarrow>
+ (\<exists> q'. R p' q' \<and> q \<Rightarrow>^a q')) \<and>
+ (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p))\<close>
+ unfolding coupled_simulation_weak_simulation weak_sim_weak_premise by blast
+
+subsection \<open>Closure, Preorder and Symmetry Properties\<close>
+
+text \<open>The coupled simulation preorder \<open>\<sqsubseteq>cs\<close> @{emph \<open>is\<close>} a preoder and symmetric at the
+ stable states.\<close>
+
+lemma coupledsim_union:
+ assumes
+ \<open>coupled_simulation R1\<close>
+ \<open>coupled_simulation R2\<close>
+ shows
+ \<open>coupled_simulation (\<lambda> p q . R1 p q \<or> R2 p q)\<close>
+ using assms unfolding coupled_simulation_def by (blast)
+
+lemma coupledsim_refl:
+ \<open>p \<sqsubseteq>cs p\<close>
+ using coupledsim_step steps.refl by auto
+
+lemma coupledsim_trans:
+ assumes
+ \<open>p \<sqsubseteq>cs pq\<close>
+ \<open>pq \<sqsubseteq>cs q\<close>
+ shows
+ \<open>p \<sqsubseteq>cs q\<close>
+proof -
+ obtain R1 where R1_def: \<open>coupled_simulation R1\<close> \<open>R1 p pq\<close>
+ using assms(1) by blast
+ obtain R2 where R2_def: \<open>coupled_simulation R2\<close> \<open>R2 pq q\<close>
+ using assms(2) by blast
+ define R where R_def: \<open>R \<equiv> \<lambda> p q . \<exists> pq . (R1 p pq \<and> R2 pq q) \<or> (R2 p pq \<and> R1 pq q)\<close>
+ have \<open>weak_simulation R\<close> \<open>R p q\<close>
+ using weak_sim_trans_constructive
+ R1_def(2) R2_def(2)
+ coupled_simulation_implies_weak_simulation[OF R1_def(1)]
+ coupled_simulation_implies_weak_simulation[OF R2_def(1)]
+ unfolding R_def by auto
+ moreover have \<open>(\<forall> p q . R p q \<longrightarrow> (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p))\<close>
+ unfolding R_def
+ proof safe
+ fix p q pq
+ assume r1r2: \<open>R1 p pq\<close> \<open>R2 pq q\<close>
+ then obtain pq' where \<open>R1 pq' p\<close> \<open>pq \<longmapsto>* tau pq'\<close>
+ using r1r2 R1_def(1) unfolding coupled_simulation_weak_premise by blast
+ then moreover obtain q' where \<open>R2 pq' q'\<close> \<open>q \<longmapsto>* tau q'\<close>
+ using r1r2 R2_def(1) weak_step_tau_tau[OF `pq \<longmapsto>* tau pq'`] tau_tau
+ unfolding coupled_simulation_weak_premise by blast
+ then moreover obtain q'' where \<open>R2 q'' pq'\<close> \<open>q' \<longmapsto>* tau q''\<close>
+ using R2_def(1) unfolding coupled_simulation_weak_premise by blast
+ ultimately show \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (\<exists>pq. R1 q' pq \<and> R2 pq p \<or> R2 q' pq \<and> R1 pq p)\<close>
+ using steps_concat by blast
+ next \<comment>\<open>analogous with R2 and R1 swapped\<close>
+ fix p q pq
+ assume r2r1: \<open>R2 p pq\<close> \<open>R1 pq q\<close>
+ then obtain pq' where \<open>R2 pq' p\<close> \<open>pq \<longmapsto>* tau pq'\<close>
+ using r2r1 R2_def(1) unfolding coupled_simulation_weak_premise by blast
+ then moreover obtain q' where \<open>R1 pq' q'\<close> \<open>q \<longmapsto>* tau q'\<close>
+ using r2r1 R1_def(1) weak_step_tau_tau[OF `pq \<longmapsto>* tau pq'`] tau_tau
+ unfolding coupled_simulation_weak_premise by blast
+ then moreover obtain q'' where \<open>R1 q'' pq'\<close> \<open>q' \<longmapsto>* tau q''\<close>
+ using R1_def(1) unfolding coupled_simulation_weak_premise by blast
+ ultimately show \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (\<exists>pq. R1 q' pq \<and> R2 pq p \<or> R2 q' pq \<and> R1 pq p)\<close>
+ using steps_concat by blast
+ qed
+ ultimately have \<open>R p q\<close> \<open>coupled_simulation R\<close>
+ using coupled_simulation_weak_simulation by auto
+ thus ?thesis by blast
+qed
+
+interpretation preorder \<open>\<lambda> p q. p \<sqsubseteq>cs q\<close> \<open>\<lambda> p q. p \<sqsubseteq>cs q \<and> \<not>(q \<sqsubseteq>cs p)\<close>
+ by (standard, blast, fact coupledsim_refl, fact coupledsim_trans)
+
+lemma coupled_similarity_equivalence:
+ \<open>equivp (\<lambda> p q. p \<equiv>cs q)\<close>
+proof (rule equivpI)
+ show \<open>reflp coupled_similar\<close>
+ unfolding reflp_def by blast
+next
+ show \<open>symp coupled_similar\<close>
+ unfolding symp_def by blast
+next
+ show \<open>transp coupled_similar\<close>
+ unfolding transp_def using coupledsim_trans by meson
+qed
+
+lemma coupledsim_tau_max_eq:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>tau_max q\<close>
+ shows \<open>p \<equiv>cs q\<close>
+ using assms using coupled_simulation_weak_simulation coupling_tau_max_symm by metis
+
+corollary coupledsim_stable_eq:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>stable_state q\<close>
+ shows \<open>p \<equiv>cs q\<close>
+ using assms using coupled_simulation_weak_simulation coupling_stability_symm by metis
+
+subsection \<open>Coinductive Coupled Simulation Preorder\<close>
+
+text \<open>\<open>\<sqsubseteq>cs\<close> can also be characterized coinductively. \<open>\<sqsubseteq>cs\<close> is the greatest
+ coupled simulation.\<close>
+
+coinductive greatest_coupled_simulation :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close>
+ where gcs:
+ \<open>\<lbrakk>\<And> a p' . p \<longmapsto>a p' \<Longrightarrow> \<exists>q'. q \<Rightarrow>^^ a q' \<and> greatest_coupled_simulation p' q';
+ \<exists> q' . q \<longmapsto>* tau q' \<and> greatest_coupled_simulation q' p\<rbrakk>
+ \<Longrightarrow> greatest_coupled_simulation p q\<close>
+
+lemma gcs_implies_gws:
+ assumes \<open>greatest_coupled_simulation p q\<close>
+ shows \<open>greatest_weak_simulation p q\<close>
+ using assms by (metis greatest_coupled_simulation.cases greatest_weak_simulation.coinduct)
+
+lemma gcs_is_coupled_simulation:
+ shows \<open>coupled_simulation greatest_coupled_simulation\<close>
+ unfolding coupled_simulation_def
+proof safe
+ \<comment>\<open>identical to ws\<close>
+ fix p q p' a
+ assume ih:
+ \<open>greatest_coupled_simulation p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ hence \<open>(\<forall>x xa. p \<longmapsto>x xa \<longrightarrow> (\<exists>q'. q \<Rightarrow>^^ x q' \<and> greatest_coupled_simulation xa q'))\<close>
+ by (meson greatest_coupled_simulation.simps)
+ then obtain q' where \<open>q \<Rightarrow>^^ a q' \<and> greatest_coupled_simulation p' q'\<close> using ih by blast
+ thus \<open>\<exists>q'. greatest_coupled_simulation p' q' \<and> q \<Rightarrow>^a q'\<close>
+ unfolding weak_step_tau2_def by blast
+next
+ fix p q
+ assume
+ \<open>greatest_coupled_simulation p q\<close>
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> greatest_coupled_simulation q' p\<close>
+ by (meson greatest_coupled_simulation.simps)
+qed
+
+lemma coupled_similarity_implies_gcs:
+ assumes \<open>p \<sqsubseteq>cs q\<close>
+ shows \<open>greatest_coupled_simulation p q\<close>
+ using assms
+proof (coinduct)
+ case (greatest_coupled_simulation p1 q1)
+ then obtain R where \<open>coupled_simulation R\<close> \<open>R p1 q1\<close>
+ \<open>weak_simulation R\<close> using coupled_simulation_implies_weak_simulation by blast
+ then have \<open>(\<forall>x xa. p1 \<longmapsto>x xa \<longrightarrow>
+ (\<exists>q'. q1 \<Rightarrow>^x q' \<and> (xa \<sqsubseteq>cs q' \<or> greatest_coupled_simulation xa q'))) \<and>
+ (\<exists>q'. q1 \<longmapsto>* tau q' \<and>
+ (q' \<sqsubseteq>cs p1 \<or> greatest_coupled_simulation q' p1))\<close>
+ unfolding weak_step_tau2_def
+ using coupled_simulation_implies_coupling
+ weak_sim_ruleformat[OF \<open>weak_simulation R\<close>]
+ by (metis (no_types, lifting))
+ thus ?case by simp
+qed
+
+lemma gcs_eq_coupled_sim_by:
+ shows \<open>p \<sqsubseteq>cs q = greatest_coupled_simulation p q\<close>
+ using coupled_similarity_implies_gcs gcs_is_coupled_simulation by blast
+
+lemma coupled_sim_by_is_coupled_sim:
+ shows
+ \<open>coupled_simulation (\<lambda> p q . p \<sqsubseteq>cs q)\<close>
+ unfolding gcs_eq_coupled_sim_by using gcs_is_coupled_simulation .
+
+lemma coupledsim_unfold:
+ shows \<open>p \<sqsubseteq>cs q =
+ ((\<forall>a p'. p \<longmapsto>a p' \<longrightarrow> (\<exists>q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q')) \<and>
+ (\<exists>q'. q \<longmapsto>* tau q' \<and> q' \<sqsubseteq>cs p))\<close>
+ unfolding gcs_eq_coupled_sim_by weak_step_tau2_def[symmetric]
+ by (metis lts_tau.greatest_coupled_simulation.simps)
+
+subsection \<open>Coupled Simulation Join\<close>
+
+text \<open>The following lemmas reproduce Proposition 3 from @{cite glabbeek2017} that internal choice
+ acts as a least upper bound within the semi-lattice of CSP terms related by \<open>\<sqsubseteq>cs\<close> taking \<open>\<equiv>cs\<close>
+ as equality.\<close>
+
+lemma coupledsim_choice_1:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>\<And> pq a . pqc \<longmapsto>a pq \<longleftrightarrow> (a = \<tau> \<and> (pq = p \<or> pq = q))\<close>
+ shows
+ \<open>pqc \<sqsubseteq>cs q\<close>
+ \<open>q \<sqsubseteq>cs pqc\<close>
+proof -
+ define R1 where \<open>R1 \<equiv> (\<lambda>p1 q1. q1 \<longmapsto>* tau p1)\<close>
+ have \<open>R1 q pqc\<close>
+ using assms(2) steps_one_step R1_def by simp
+ moreover have \<open>coupled_simulation R1\<close>
+ unfolding R1_def using coupledsim_step_gla17 .
+ ultimately show q_pqc: \<open>q \<sqsubseteq>cs pqc\<close> by blast
+\<comment>\<open>next case\<close>
+ define R where \<open>R \<equiv> \<lambda> p0 q0 . p0 = q \<and> q0 = pqc \<or> p0 = pqc \<and> q0 = q \<or> p0 = p \<and> q0 = q\<close>
+ hence \<open>R pqc q\<close> by blast
+ thus \<open>pqc \<sqsubseteq>cs q\<close>
+ unfolding gcs_eq_coupled_sim_by
+ proof (coinduct)
+ case (greatest_coupled_simulation p1 q1)
+ then show ?case
+ unfolding weak_step_tau2_def R_def
+ proof safe
+ assume \<open>q1 = pqc\<close> \<open>p1 = q\<close>
+ thus \<open>\<exists>pa qa.
+ q = pa \<and> pqc = qa \<and>
+ (\<forall>x xa. pa \<longmapsto>x xa \<longrightarrow>
+ (\<exists>q'. qa \<Rightarrow>^x q' \<and> ((xa = q \<and> q' = pqc \<or> xa = pqc \<and> q' = q \<or> xa = p \<and> q' = q)
+ \<or> greatest_coupled_simulation xa q'))) \<and>
+ (\<exists>q'. qa \<longmapsto>* tau q' \<and>
+ ((q' = q \<and> pa = pqc \<or> q' = pqc \<and> pa = q \<or> q' = p \<and> pa = q)
+ \<or> greatest_coupled_simulation q' pa))\<close>
+ using `q \<sqsubseteq>cs pqc` step_tau_refl weak_sim_ruleformat tau_def
+ coupled_simulation_implies_weak_simulation[OF gcs_is_coupled_simulation]
+ unfolding gcs_eq_coupled_sim_by by fastforce
+ next
+ assume \<open>q1 = q\<close> \<open>p1 = pqc\<close>
+ thus \<open>\<exists>pa qa.
+ pqc = pa \<and> q = qa \<and>
+ (\<forall>x xa. pa \<longmapsto>x xa \<longrightarrow>
+ (\<exists>q'. qa \<Rightarrow>^x q' \<and> ((xa = q \<and> q' = pqc \<or> xa = pqc \<and> q' = q \<or> xa = p \<and> q' = q)
+ \<or> greatest_coupled_simulation xa q'))) \<and>
+ (\<exists>q'. qa \<longmapsto>* tau q' \<and>
+ ((q' = q \<and> pa = pqc \<or> q' = pqc \<and> pa = q \<or> q' = p \<and> pa = q)
+ \<or> greatest_coupled_simulation q' pa))\<close>
+ using R1_def \<open>coupled_simulation R1\<close> assms(2)
+ coupled_similarity_implies_gcs step_tau_refl by fastforce
+ next
+ assume \<open>q1 = q\<close> \<open>p1 = p\<close>
+ thus \<open>\<exists>pa qa.
+ p = pa \<and> q = qa \<and>
+ (\<forall>x xa. pa \<longmapsto>x xa \<longrightarrow> (\<exists>q'. qa \<Rightarrow>^x q' \<and> ((xa = q \<and> q' = pqc \<or> xa = pqc \<and> q' = q \<or> xa = p \<and> q' = q) \<or> greatest_coupled_simulation xa q'))) \<and>
+ (\<exists>q'. qa \<longmapsto>* tau q' \<and> ((q' = q \<and> pa = pqc \<or> q' = pqc \<and> pa = q \<or> q' = p \<and> pa = q) \<or> greatest_coupled_simulation q' pa))\<close>
+ using `p \<sqsubseteq>cs q` weak_sim_ruleformat
+ coupled_simulation_implies_weak_simulation[OF gcs_is_coupled_simulation]
+ coupled_simulation_implies_coupling[OF gcs_is_coupled_simulation]
+ unfolding gcs_eq_coupled_sim_by
+ by (auto, metis+)
+ qed
+ qed
+qed
+
+lemma coupledsim_choice_2:
+ assumes
+ \<open>pqc \<sqsubseteq>cs q\<close>
+ \<open>\<And> pq a . pqc \<longmapsto>a pq \<longleftrightarrow> (a = \<tau> \<and> (pq = p \<or> pq = q))\<close>
+ shows
+ \<open>p \<sqsubseteq>cs q\<close>
+proof -
+ have \<open>pqc \<longmapsto>\<tau> p\<close> using assms(2) by blast
+ then obtain q' where \<open>q \<longmapsto>* tau q'\<close> \<open>p \<sqsubseteq>cs q'\<close>
+ using assms(1) tau_tau unfolding coupled_simulation_def by blast
+ then moreover have \<open>q' \<sqsubseteq>cs q\<close> using coupledsim_step_gla17 by blast
+ ultimately show ?thesis using coupledsim_trans tau_tau by blast
+qed
+
+lemma coupledsim_choice_join:
+ assumes
+ \<open>\<And> pq a . pqc \<longmapsto>a pq \<longleftrightarrow> (a = \<tau> \<and> (pq = p \<or> pq = q))\<close>
+ shows
+ \<open>p \<sqsubseteq>cs q \<longleftrightarrow> pqc \<equiv>cs q\<close>
+ using coupledsim_choice_1[OF _ assms] coupledsim_choice_2[OF _ assms] by blast
+
+subsection \<open>Coupled Delay Simulation\<close>
+
+text \<open>\<open>\<sqsubseteq>cs\<close> can also be characterized in terms of coupled delay simulations, which are
+ conceptionally simpler than van Glabbeek's coupled simulation definition.\<close>
+
+text \<open>In the greatest coupled simulation, \<open>\<tau>\<close>-challenges can be answered by stuttering.\<close>
+lemma coupledsim_tau_challenge_trivial:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ shows
+ \<open>p' \<sqsubseteq>cs q\<close>
+ using assms coupledsim_trans coupledsim_step by blast
+
+lemma coupled_similarity_s_delay_simulation:
+ \<open>delay_simulation (\<lambda> p q. p \<sqsubseteq>cs q)\<close>
+ unfolding delay_simulation_def
+proof safe
+ fix p q R p' a
+ assume assms:
+ \<open>coupled_simulation R\<close>
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ {
+ assume \<open>tau a\<close>
+ then show \<open>p' \<sqsubseteq>cs q\<close>
+ using assms coupledsim_tau_challenge_trivial steps_one_step by blast
+ } {
+ show \<open>\<exists>q'. p' \<sqsubseteq>cs q' \<and> q =\<rhd>a q'\<close>
+ proof -
+ obtain q''' where q'''_spec: \<open>q \<Rightarrow>^a q'''\<close> \<open>p' \<sqsubseteq>cs q'''\<close>
+ using assms coupled_simulation_implies_weak_simulation weak_sim_ruleformat by metis
+ show ?thesis
+ proof (cases \<open>tau a\<close>)
+ case True
+ then have \<open>q \<longmapsto>* tau q'''\<close> using q'''_spec by blast
+ thus ?thesis using q'''_spec(2) True assms(1) steps.refl by blast
+ next
+ case False
+ then obtain q' q'' where q'q''_spec:
+ \<open>q \<longmapsto>* tau q'\<close> \<open>q' \<longmapsto>a q''\<close> \<open>q'' \<longmapsto>* tau q'''\<close>
+ using q'''_spec by blast
+ hence \<open>q''' \<sqsubseteq>cs q''\<close> using coupledsim_step by blast
+ hence \<open>p' \<sqsubseteq>cs q''\<close> using q'''_spec(2) coupledsim_trans by blast
+ thus ?thesis using q'q''_spec(1,2) False by blast
+ qed
+ qed
+ }
+qed
+
+definition coupled_delay_simulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+ where
+ \<open>coupled_delay_simulation R \<equiv>
+ delay_simulation R \<and> coupling R\<close>
+
+lemma coupled_sim_by_eq_coupled_delay_simulation:
+ \<open>(p \<sqsubseteq>cs q) = (\<exists>R. R p q \<and> coupled_delay_simulation R)\<close>
+ unfolding coupled_delay_simulation_def
+proof
+ assume \<open>p \<sqsubseteq>cs q\<close>
+ define R where \<open>R \<equiv> coupled_simulated_by\<close>
+ hence \<open>R p q \<and> delay_simulation R \<and> coupling R\<close>
+ using coupled_similarity_s_delay_simulation coupled_sim_by_is_coupled_sim
+ coupled_simulation_implies_coupling \<open>p \<sqsubseteq>cs q\<close> by blast
+ thus \<open>\<exists>R. R p q \<and> delay_simulation R \<and> coupling R\<close> by blast
+next
+ assume \<open>\<exists>R. R p q \<and> delay_simulation R \<and> coupling R\<close>
+ then obtain R where \<open>R p q\<close> \<open>delay_simulation R\<close> \<open>coupling R\<close> by blast
+ hence \<open>coupled_simulation R\<close>
+ using delay_simulation_implies_weak_simulation coupled_simulation_weak_simulation by blast
+ thus \<open>p \<sqsubseteq>cs q\<close> using \<open>R p q\<close> by blast
+qed
+
+subsection \<open>Relationship to Contrasimulation and Weak Simulation\<close>
+
+text \<open>Coupled simulation is precisely the intersection of contrasimulation and weak simulation.\<close>
+
+lemma weak_sim_and_contrasim_implies_coupled_sim:
+ assumes
+ \<open>contrasimulation R\<close>
+ \<open>weak_simulation R\<close>
+ shows
+ \<open>coupled_simulation R\<close>
+ unfolding coupled_simulation_weak_simulation
+ using contrasim_coupled assms by blast
+
+lemma coupledsim_implies_contrasim:
+ assumes
+ \<open>coupled_simulation R\<close>
+ shows
+ \<open>contrasimulation R\<close>
+proof -
+ have \<open>contrasim_step R\<close>
+ unfolding contrasim_step_def
+ proof (rule allI impI)+
+ fix p q p' a
+ assume
+ \<open>R p q \<and> p \<Rightarrow>^a p'\<close>
+ then obtain q' where q'_def: \<open>R p' q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using assms unfolding coupled_simulation_weak_premise by blast
+ then obtain q'' where q''_def: \<open>R q'' p'\<close> \<open>q' \<longmapsto>* tau q''\<close>
+ using assms unfolding coupled_simulation_weak_premise by blast
+ then have \<open>q \<Rightarrow>^a q''\<close> using q'_def(2) steps_concat by blast
+ thus \<open>\<exists>q'. q \<Rightarrow>^a q' \<and> R q' p'\<close>
+ using q''_def(1) by blast
+ qed
+ thus \<open>contrasimulation R\<close> using contrasim_step_seq_coincide_for_sims
+ coupled_simulation_implies_weak_simulation[OF assms] by blast
+qed
+
+lemma coupled_simulation_iff_weak_sim_and_contrasim:
+ shows \<open>coupled_simulation R \<longleftrightarrow> contrasimulation R \<and> weak_simulation R\<close>
+ using weak_sim_and_contrasim_implies_coupled_sim
+ coupledsim_implies_contrasim coupled_simulation_weak_simulation by blast
+
+subsection \<open>\<open>\<tau>\<close>-Reachability (and Divergence)\<close>
+
+text \<open>
+ Coupled similarity comes close to (weak) bisimilarity in two respects:
+
+ \<^item> If there are no \<open>\<tau>\<close> transitions, coupled similarity coincides with bisimilarity.
+
+ \<^item> If there are only finite \<open>\<tau>\<close> reachable portions, then coupled similarity contains a
+ bisimilarity on the \<open>\<tau>\<close>-maximal states. (For this, \<open>\<tau>\<close>-cycles have to be ruled out, which, as
+ we show, is no problem because their removal is transparent to coupled similarity.)
+\<close>
+
+lemma taufree_coupledsim_symm:
+ assumes
+ \<open>\<And> p1 a p2 . (p1 \<longmapsto>a p2 \<Longrightarrow> \<not> tau a)\<close>
+ \<open>coupled_simulation R\<close>
+ \<open>R p q\<close>
+ shows \<open>R q p\<close>
+ using assms(1,3) coupledsim_implies_contrasim[OF assms(2)] contrasim_taufree_symm
+ by blast
+
+lemma taufree_coupledsim_weak_bisim:
+ assumes
+ \<open>\<And> p1 a p2 . (p1 \<longmapsto>a p2 \<Longrightarrow> \<not> tau a)\<close>
+ \<open>coupled_simulation R\<close>
+ shows \<open>weak_bisimulation R\<close>
+ using assms contrasim_taufree_symm symm_contrasim_is_weak_bisim coupledsim_implies_contrasim[OF assms(2)]
+ by blast
+
+lemma coupledsim_stable_state_symm:
+ assumes
+ \<open>coupled_simulation R\<close>
+ \<open>R p q\<close>
+ \<open>stable_state q\<close>
+ shows
+ \<open>R q p\<close>
+ using assms steps_left unfolding coupled_simulation_def by metis
+
+text \<open>In finite systems, coupling is guaranteed to happen through \<open>\<tau>\<close>-maximal states.\<close>
+lemma coupledsim_max_coupled:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>\<And> r1 r2 . r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> \<comment>\<open>contracted tau cycles\<close>
+ \<open>\<And> r. finite {r'. r \<longmapsto>* tau r'}\<close>
+ shows
+ \<open>\<exists> q' . q \<longmapsto>* tau q' \<and> q' \<sqsubseteq>cs p \<and> tau_max q'\<close>
+proof -
+ obtain q1 where q1_spec: \<open>q \<longmapsto>* tau q1\<close> \<open>q1 \<sqsubseteq>cs p\<close>
+ using assms(1) coupled_simulation_implies_coupling coupledsim_implies_contrasim by blast
+ then obtain q' where \<open>q1 \<longmapsto>* tau q'\<close> \<open>(\<forall>q''. q' \<longmapsto>* tau q'' \<longrightarrow> q' = q'')\<close>
+ using tau_max_deadlock assms(2,3) by blast
+ then moreover have \<open>q' \<sqsubseteq>cs p\<close> \<open>q \<longmapsto>* tau q'\<close>
+ using q1_spec coupledsim_trans coupledsim_step steps_concat[of q1 tau q' q]
+ by blast+
+ ultimately show ?thesis by blast
+qed
+
+text \<open>In the greatest coupled simulation, \<open>a\<close>-challenges can be answered by a weak move without
+ trailing \<open>\<tau>\<close>-steps. (This property is what bridges the gap between weak and delay simulation for
+ coupled simulation.)\<close>
+lemma coupledsim_step_challenge_short_answer:
+ assumes
+ \<open>p \<sqsubseteq>cs q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ \<open>\<not> tau a\<close>
+ shows
+ \<open>\<exists> q' q1. p' \<sqsubseteq>cs q' \<and> q \<longmapsto>* tau q1 \<and> q1 \<longmapsto>a q'\<close>
+ using assms
+ unfolding coupled_sim_by_eq_coupled_delay_simulation
+ coupled_delay_simulation_def delay_simulation_def by blast
+
+text \<open>If two states share the same outgoing edges with except for one \<open>\<tau>\<close>-loop, then they cannot
+ be distinguished by coupled similarity.\<close>
+lemma coupledsim_tau_loop_ignorance:
+ assumes
+ \<open>\<And> a p'. p \<longmapsto>a p' \<or> p' = pp \<and> a = \<tau> \<longleftrightarrow> pp \<longmapsto>a p'\<close>
+ shows
+ \<open>pp \<equiv>cs p\<close>
+proof -
+ define R where \<open>R \<equiv> \<lambda> p1 q1. p1 = q1 \<or> p1 = pp \<and> q1 = p \<or> p1 = p \<and> q1 = pp\<close>
+ have \<open>coupled_simulation R\<close>
+ unfolding coupled_simulation_def R_def
+ proof (safe)
+ fix pa q p' a
+ assume
+ \<open>q \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. (p' = q' \<or> p' = pp \<and> q' = p \<or> p' = p \<and> q' = pp) \<and> q \<Rightarrow>^a q'\<close>
+ using assms step_weak_step_tau by auto
+ next
+ fix pa q
+ show \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (q' = q \<or> q' = pp \<and> q = p \<or> q' = p \<and> q = pp)\<close>
+ using steps.refl by blast
+ next
+ fix pa q p' a
+ assume
+ \<open>pp \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. (p' = q' \<or> p' = pp \<and> q' = p \<or> p' = p \<and> q' = pp) \<and> p \<Rightarrow>^a q'\<close>
+ using assms by (metis lts.steps.simps tau_def)
+ next
+ fix pa q
+ show \<open>\<exists>q'. p \<longmapsto>* tau q' \<and> (q' = pp \<or> q' = pp \<and> pp = p \<or> q' = p \<and> pp = pp)\<close>
+ using steps.refl[of p tau] by blast
+ next
+ fix pa q p' a
+ assume
+ \<open>p \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. (p' = q' \<or> p' = pp \<and> q' = p \<or> p' = p \<and> q' = pp) \<and> pp \<Rightarrow>^a q'\<close>
+ using assms step_weak_step_tau by fastforce
+ next
+ fix pa q
+ show \<open>\<exists>q'. pp \<longmapsto>* tau q' \<and> (q' = p \<or> q' = pp \<and> p = p \<or> q' = p \<and> p = pp)\<close>
+ using steps.refl[of pp tau] by blast
+ qed
+ moreover have \<open>R p pp\<close> \<open>R pp p\<close> unfolding R_def by auto
+ ultimately show ?thesis by blast
+qed
+
+subsection \<open>On the Connection to Weak Bisimulation\<close>
+
+text \<open>When one only considers steps leading to \<open>\<tau>\<close>-maximal states in a system without infinite
+ \<open>\<tau>\<close>-reachable regions (e.g. a finite system), then \<open>\<equiv>cs\<close> on these steps is a bisimulation.\<close>
+
+text \<open>This lemma yields a neat argument why one can use a signature refinement algorithm to
+ pre-select the tuples which come into question for further checking of coupled simulation
+ by contraposition.\<close>
+lemma coupledsim_eventual_symmetry:
+ assumes
+ contracted_cycles: \<open>\<And> r1 r2 . r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> and
+ finite_taus: \<open>\<And> r. finite {r'. r \<longmapsto>* tau r'}\<close> and
+ cs: \<open>p \<sqsubseteq>cs q\<close> and
+ step: \<open>p \<Rightarrow>^a p'\<close> and
+ tau_max_p': \<open>tau_max p'\<close>
+ shows
+ \<open>\<exists> q'. tau_max q' \<and> q \<Rightarrow>^a q' \<and> p' \<equiv>cs q'\<close>
+proof-
+ obtain q' where q'_spec: \<open>q \<Rightarrow>^a q'\<close> \<open>p' \<sqsubseteq>cs q'\<close>
+ using cs step unfolding coupled_simulation_weak_premise by blast
+ then obtain q'' where q''_spec: \<open>q' \<longmapsto>* tau q''\<close> \<open>q'' \<sqsubseteq>cs p'\<close>
+ using cs unfolding coupled_simulation_weak_simulation by blast
+ then obtain q_max where q_max_spec: \<open>q'' \<longmapsto>* tau q_max\<close> \<open>tau_max q_max\<close>
+ using tau_max_deadlock contracted_cycles finite_taus by force
+ hence \<open>q_max \<sqsubseteq>cs p'\<close> using q''_spec coupledsim_tau_challenge_trivial by blast
+ hence \<open>q_max \<equiv>cs p'\<close> using tau_max_p' coupledsim_tau_max_eq by blast
+ moreover have \<open>q \<Rightarrow>^a q_max\<close> using q_max_spec q'_spec q''_spec steps_concat by blast
+ ultimately show ?thesis using q_max_spec(2) by blast
+qed
+
+text \<open>Even without the assumption that the left-hand-side step \<open>p \<Rightarrow>^a p'\<close> ends in a \<open>\<tau>\<close>-maximal state,
+a situation resembling bismulation can be set up -- with the drawback that it only refers to
+a \<open>\<tau>\<close>-maximal sibling of \<open>p'\<close>.\<close>
+lemma coupledsim_eventuality_2:
+ assumes
+ contracted_cycles: \<open>\<And> r1 r2 . r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> and
+ finite_taus: \<open>\<And> r. finite {r'. r \<longmapsto>* tau r'}\<close> and
+ cbisim: \<open>p \<equiv>cs q\<close> and
+ step: \<open>p \<Rightarrow>^a p'\<close>
+ shows
+ \<open>\<exists> p'' q'. tau_max p'' \<and> tau_max q' \<and> p \<Rightarrow>^a p'' \<and> q \<Rightarrow>^a q' \<and> p'' \<equiv>cs q'\<close>
+proof-
+ obtain q' where q'_spec: \<open>q \<Rightarrow>^a q'\<close>
+ using cbisim step unfolding coupled_simulation_weak_premise by blast
+ then obtain q_max where q_max_spec: \<open>q' \<longmapsto>* tau q_max\<close> \<open>tau_max q_max\<close>
+ using tau_max_deadlock contracted_cycles finite_taus by force
+ hence \<open>q \<Rightarrow>^a q_max\<close> using q'_spec steps_concat by blast
+ then obtain p'' where p''_spec: \<open>p \<Rightarrow>^a p''\<close> \<open>q_max \<sqsubseteq>cs p''\<close>
+ using cbisim unfolding coupled_simulation_weak_premise by blast
+ then obtain p''' where p'''_spec: \<open>p'' \<longmapsto>* tau p'''\<close> \<open>p''' \<sqsubseteq>cs q_max\<close>
+ using cbisim unfolding coupled_simulation_weak_simulation by blast
+ then obtain p_max where p_max_spec: \<open>p''' \<longmapsto>* tau p_max\<close> \<open>tau_max p_max\<close>
+ using tau_max_deadlock contracted_cycles finite_taus by force
+ hence \<open>p_max \<sqsubseteq>cs p'''\<close> using coupledsim_step by blast
+ hence \<open>p_max \<sqsubseteq>cs q_max\<close> using p'''_spec coupledsim_trans by blast
+ hence \<open>q_max \<equiv>cs p_max\<close> using coupledsim_tau_max_eq q_max_spec by blast
+ moreover have \<open>p \<Rightarrow>^a p_max\<close>
+ using p''_spec(1) steps_concat[OF p_max_spec(1) p'''_spec(1)] steps_concat by blast
+ ultimately show ?thesis using p_max_spec(2) q_max_spec(2) `q \<Rightarrow>^a q_max` by blast
+qed
+
+lemma coupledsim_eq_reducible_1:
+ assumes
+ contracted_cycles: \<open>\<And> r1 r2 . r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> and
+ finite_taus: \<open>\<And> r. finite {r'. r \<longmapsto>* tau r'}\<close> and
+ tau_shortcuts:
+ \<open>\<And>r a r'. r \<longmapsto>* tau r' \<Longrightarrow> \<exists>r''. tau_max r'' \<and> r \<longmapsto>\<tau> r'' \<and> r' \<sqsubseteq>cs r''\<close> and
+ sim_vis_p:
+ \<open>\<And>p' a. \<not>tau a \<Longrightarrow> p \<Rightarrow>^a p' \<Longrightarrow> \<exists>p'' q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q'\<close> and
+ sim_tau_max_p:
+ \<open>\<And>p'. tau_max p' \<Longrightarrow> p \<longmapsto>* tau p' \<Longrightarrow> \<exists>q'. tau_max q' \<and> q \<longmapsto>* tau q' \<and> p' \<equiv>cs q'\<close>
+ shows
+ \<open>p \<sqsubseteq>cs q\<close>
+proof-
+ have
+ \<open>((\<forall>a p'. p \<longmapsto>a p' \<longrightarrow> (\<exists>q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q')) \<and>
+ (\<exists>q'. q \<longmapsto>* tau q' \<and> q' \<sqsubseteq>cs p))\<close>
+ proof safe
+ fix a p'
+ assume
+ step: \<open>p \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q'\<close>
+ proof (cases \<open>tau a\<close>)
+ case True
+ then obtain p'' where p''_spec: \<open>p \<longmapsto>\<tau> p''\<close> \<open>tau_max p''\<close> \<open>p' \<sqsubseteq>cs p''\<close>
+ using tau_shortcuts step tau_def steps_one_step[of p \<tau> p']
+ by (metis (no_types, lifting))
+ then obtain q' where q'_spec: \<open>q \<longmapsto>* tau q'\<close> \<open>p'' \<equiv>cs q'\<close>
+ using sim_tau_max_p steps_one_step[OF step, of tau, OF `tau a`]
+ steps_one_step[of p \<tau> p''] tau_def
+ by metis
+ then show ?thesis using `tau a` p''_spec(3) using coupledsim_trans by blast
+ next
+ case False
+ then show ?thesis using sim_vis_p step_weak_step_tau[OF step] by blast
+ qed
+ next
+ obtain p_max where \<open>p \<longmapsto>* tau p_max\<close> \<open>tau_max p_max\<close>
+ using tau_max_deadlock contracted_cycles finite_taus by blast
+ then obtain q_max where \<open>q \<longmapsto>* tau q_max\<close> \<open>q_max \<sqsubseteq>cs p_max\<close>
+ using sim_tau_max_p[of p_max] by force
+ moreover have \<open>p_max \<sqsubseteq>cs p\<close> using `p \<longmapsto>* tau p_max` coupledsim_step by blast
+ ultimately show \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> q' \<sqsubseteq>cs p\<close>
+ using coupledsim_trans by blast
+ qed
+ thus \<open>p \<sqsubseteq>cs q\<close> using coupledsim_unfold[symmetric] by auto
+qed
+
+lemma coupledsim_eq_reducible_2:
+ assumes
+ cs: \<open>p \<sqsubseteq>cs q\<close> and
+ contracted_cycles: \<open>\<And>r1 r2 . r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> and
+ finite_taus: \<open>\<And>r. finite {r'. r \<longmapsto>* tau r'}\<close>
+ shows
+ sim_vis_p:
+ \<open>\<And>p' a. \<not>tau a \<Longrightarrow> p \<Rightarrow>^a p' \<Longrightarrow> \<exists>q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q'\<close> and
+ sim_tau_max_p:
+ \<open>\<And>p'. tau_max p' \<Longrightarrow> p \<longmapsto>* tau p' \<Longrightarrow> \<exists>q'. tau_max q' \<and> q \<longmapsto>* tau q' \<and> p' \<equiv>cs q'\<close>
+proof-
+ fix p' a
+ assume
+ \<open>\<not> tau a\<close>
+ \<open>p \<Rightarrow>^a p'\<close>
+ thus \<open>\<exists>q'. q \<Rightarrow>^a q' \<and> p' \<sqsubseteq>cs q'\<close>
+ using cs unfolding coupled_simulation_weak_premise by blast
+next
+ fix p'
+ assume step:
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>tau_max p'\<close>
+ hence \<open>p \<Rightarrow>^\<tau> p'\<close> by auto
+ hence \<open>\<exists> q'. tau_max q' \<and> q \<Rightarrow>^\<tau> q' \<and> p' \<equiv>cs q'\<close>
+ using coupledsim_eventual_symmetry[OF _ finite_taus, of p q \<tau> p']
+ contracted_cycles cs step(2) by blast
+ thus \<open>\<exists> q'. tau_max q' \<and> q \<longmapsto>* tau q' \<and> p' \<equiv>cs q'\<close>
+ by auto
+qed
+
+subsection \<open>Reduction Semantics Coupled Simulation\<close>
+
+text \<open>The tradition to describe coupled simulation as special delay/weak simulation is quite
+ common for coupled simulations on reduction semantics as in @{cite "gp15" and "Fournet2005"},
+ of which @{cite "gp15"} can also be found in the AFP @{cite "Encodability_Process_Calculi-AFP"}.
+ The notions coincide (for systems just with \<open>\<tau>\<close>-transitions).\<close>
+
+definition coupled_simulation_gp15 ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>coupled_simulation_gp15 R \<equiv> \<forall> p q p'. R p q \<and> (p \<longmapsto>* (\<lambda>a. True) p') \<longrightarrow>
+ (\<exists> q'. (q \<longmapsto>* (\<lambda>a. True) q') \<and> R p' q') \<and>
+ (\<exists> q'. (q \<longmapsto>* (\<lambda>a. True) q') \<and> R q' p')\<close>
+
+lemma weak_bisim_implies_coupled_sim_gp15:
+ assumes
+ wbisim: \<open>weak_bisimulation R\<close> and
+ symmetry: \<open>\<And> p q . R p q \<Longrightarrow> R q p\<close>
+ shows \<open>coupled_simulation_gp15 R\<close>
+unfolding coupled_simulation_gp15_def proof safe
+ fix p q p'
+ assume Rpq: \<open>R p q\<close> \<open>p \<longmapsto>* (\<lambda>a. True) p'\<close>
+ have always_tau: \<open>\<And>a. tau a \<Longrightarrow> (\<lambda>a. True) a\<close> by simp
+ hence \<open>\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R p' q'\<close>
+ using steps_retain_weak_bisim[OF wbisim Rpq] by auto
+ moreover hence \<open>\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R q' p'\<close>
+ using symmetry by auto
+ ultimately show
+ \<open>(\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R p' q')\<close>
+ \<open>(\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R q' p')\<close> .
+qed
+
+lemma coupledsim_gla17_implies_gp15:
+ assumes
+ \<open>coupled_simulation R\<close>
+ shows
+ \<open>coupled_simulation_gp15 R\<close>
+ unfolding coupled_simulation_gp15_def
+proof safe
+ fix p q p'
+ assume challenge:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>*(\<lambda>a. True)p'\<close>
+ have tau_true: \<open>\<And>a. tau a \<Longrightarrow> (\<lambda>a. True) a\<close> by simp
+ thus \<open>\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R p' q'\<close>
+ using steps_retain_weak_sim assms challenge
+ unfolding coupled_simulation_weak_simulation by meson
+ then obtain q' where q'_def: \<open>q \<longmapsto>* (\<lambda>a. True) q'\<close> \<open>R p' q'\<close> by blast
+ then obtain q'' where \<open>q' \<longmapsto>* tau q''\<close> \<open>R q'' p'\<close>
+ using assms unfolding coupled_simulation_weak_simulation by blast
+ moreover hence \<open>q \<longmapsto>* (\<lambda>a. True) q''\<close>
+ using q'_def(1) steps_concat steps_spec tau_true by meson
+ ultimately show \<open>\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R q' p'\<close> by blast
+qed
+
+lemma coupledsim_gp15_implies_gla17_on_tau_systems:
+ assumes
+ \<open>coupled_simulation_gp15 R\<close>
+ \<open>\<And> a . tau a\<close>
+ shows
+ \<open>coupled_simulation R\<close>
+ unfolding coupled_simulation_def
+proof safe
+ fix p q p' a
+ assume challenge:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ hence \<open>p \<longmapsto>* (\<lambda>a. True) p'\<close> using steps_one_step by metis
+ then obtain q' where \<open>q \<longmapsto>* (\<lambda>a. True) q'\<close> \<open>R p' q'\<close>
+ using challenge(1) assms(1) unfolding coupled_simulation_gp15_def by blast
+ hence \<open>q \<Rightarrow>^a q'\<close> using assms(2) steps_concat steps_spec by meson
+ thus \<open>\<exists>q'. R p' q' \<and> q \<Rightarrow>^a q'\<close> using `R p' q'` by blast
+next
+ fix p q
+ assume
+ \<open>R p q\<close>
+ moreover have \<open>p \<longmapsto>* (\<lambda>a. True) p\<close> using steps.refl by blast
+ ultimately have \<open>\<exists>q'. q \<longmapsto>* (\<lambda>a. True) q' \<and> R q' p\<close>
+ using assms(1) unfolding coupled_simulation_gp15_def by blast
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R q' p\<close> using assms(2) steps_spec by blast
+qed
+
+
+subsection \<open>Coupled Simulation as Two Simulations\<close>
+
+text \<open>Historically, coupled similarity has been defined in terms of @{emph \<open>two\<close>} weak simulations
+ coupled in some way @{cite "sangiorgi2012" and "ps1994"}.
+ We reproduce these (more well-known) formulations and show that they are equivalent to the
+ coupled (delay) simulations we are using.\<close>
+
+\<comment>\<open>From @{cite "sangiorgi2012"}\<close>
+definition coupled_simulation_san12 ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> ('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>coupled_simulation_san12 R1 R2 \<equiv>
+ weak_simulation R1 \<and> weak_simulation (\<lambda> p q . R2 q p)
+ \<and> (\<forall> p q . R1 p q \<longrightarrow> (\<exists> q' . q \<longmapsto>* tau q' \<and> R2 p q'))
+ \<and> (\<forall> p q . R2 p q \<longrightarrow> (\<exists> p' . p \<longmapsto>* tau p' \<and> R1 p' q))\<close>
+
+lemma weak_bisim_implies_coupled_sim_san12:
+ assumes \<open>weak_bisimulation R\<close>
+ shows \<open>coupled_simulation_san12 R R\<close>
+ using assms weak_bisim_weak_sim steps.refl[of _ tau]
+ unfolding coupled_simulation_san12_def
+ by blast
+
+lemma coupledsim_gla17_resembles_san12:
+ shows
+ \<open>coupled_simulation R1 =
+ coupled_simulation_san12 R1 (\<lambda> p q . R1 q p)\<close>
+ unfolding coupled_simulation_weak_simulation coupled_simulation_san12_def by blast
+
+lemma coupledsim_san12_impl_gla17:
+ assumes
+ \<open>coupled_simulation_san12 R1 R2\<close>
+ shows
+ \<open>coupled_simulation (\<lambda> p q. R1 p q \<or> R2 q p)\<close>
+ unfolding coupled_simulation_weak_simulation
+proof safe
+ have \<open>weak_simulation R1\<close> \<open>weak_simulation (\<lambda>p q. R2 q p)\<close>
+ using assms unfolding coupled_simulation_san12_def by auto
+ thus \<open>weak_simulation (\<lambda>p q. R1 p q \<or> R2 q p)\<close>
+ using weak_sim_union_cl by blast
+next
+ fix p q
+ assume
+ \<open>R1 p q\<close>
+ hence \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R2 p q'\<close>
+ using assms unfolding coupled_simulation_san12_def by auto
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (R1 q' p \<or> R2 p q')\<close> by blast
+next
+ fix p q
+ assume
+ \<open>R2 q p\<close>
+ hence \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R1 q' p\<close>
+ using assms unfolding coupled_simulation_san12_def by auto
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (R1 q' p \<or> R2 p q')\<close> by blast
+qed
+
+subsection \<open>S-coupled Simulation\<close>
+
+text \<open>Originally coupled simulation was introduced as two weak simulations coupled at the stable
+ states. We give the definitions from @{cite "parrow1992" and "ps1994"} and a proof connecting
+ this notion to “our” coupled similarity in the absence of divergences following
+ @{cite "sangiorgi2012"}.\<close>
+
+\<comment>\<open>From @{cite "parrow1992"}\<close>
+definition coupled_simulation_p92 ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> ('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>coupled_simulation_p92 R1 R2 \<equiv> \<forall> p q .
+ (R1 p q \<longrightarrow>
+ ((\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists> q'. R1 p' q' \<and>
+ (q \<Rightarrow>^a q'))) \<and>
+ (stable_state p \<longrightarrow> R2 p q))) \<and>
+ (R2 p q \<longrightarrow>
+ ((\<forall> q' a. q \<longmapsto>a q' \<longrightarrow>
+ (\<exists> p'. R2 p' q' \<and>
+ (p \<Rightarrow>^a p'))) \<and>
+ (stable_state q \<longrightarrow> R1 p q)))\<close>
+
+lemma weak_bisim_implies_coupled_sim_p92:
+ assumes \<open>weak_bisimulation R\<close>
+ shows \<open>coupled_simulation_p92 R R\<close>
+using assms unfolding weak_bisimulation_def coupled_simulation_p92_def by blast
+
+lemma coupled_sim_p92_symm:
+ assumes \<open>coupled_simulation_p92 R1 R2\<close>
+ shows \<open>coupled_simulation_p92 (\<lambda> p q. R2 q p) (\<lambda> p q. R1 q p)\<close>
+using assms unfolding coupled_simulation_p92_def by blast
+
+definition s_coupled_simulation_san12 ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> ('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>s_coupled_simulation_san12 R1 R2 \<equiv>
+ weak_simulation R1 \<and> weak_simulation (\<lambda> p q . R2 q p)
+ \<and> (\<forall> p q . R1 p q \<longrightarrow> stable_state p \<longrightarrow> R2 p q)
+ \<and> (\<forall> p q . R2 p q \<longrightarrow> stable_state q \<longrightarrow> R1 p q)\<close>
+
+abbreviation s_coupled_simulated_by :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<sqsubseteq>scs _" [60, 60] 65)
+ where \<open>s_coupled_simulated_by p q \<equiv>
+ \<exists> R1 R2 . s_coupled_simulation_san12 R1 R2 \<and> R1 p q\<close>
+
+abbreviation s_coupled_similar :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<equiv>scs _" [60, 60] 65)
+ where \<open>s_coupled_similar p q \<equiv>
+ \<exists> R1 R2 . s_coupled_simulation_san12 R1 R2 \<and> R1 p q \<and> R2 p q\<close>
+
+lemma s_coupled_sim_is_original_coupled:
+ \<open>s_coupled_simulation_san12 = coupled_simulation_p92\<close>
+unfolding coupled_simulation_p92_def
+ s_coupled_simulation_san12_def weak_simulation_def by blast
+
+corollary weak_bisim_implies_s_coupled_sim:
+ assumes \<open>weak_bisimulation R\<close>
+ shows \<open>s_coupled_simulation_san12 R R\<close>
+ using assms s_coupled_sim_is_original_coupled weak_bisim_implies_coupled_sim_p92 by simp
+
+corollary s_coupled_sim_symm:
+ assumes \<open>s_coupled_simulation_san12 R1 R2\<close>
+ shows \<open>s_coupled_simulation_san12 (\<lambda> p q. R2 q p) (\<lambda> p q. R1 q p)\<close>
+ using assms coupled_sim_p92_symm s_coupled_sim_is_original_coupled by simp
+
+corollary s_coupled_sim_union_cl:
+ assumes
+ \<open>s_coupled_simulation_san12 RA1 RA2\<close>
+ \<open>s_coupled_simulation_san12 RB1 RB2\<close>
+ shows
+ \<open>s_coupled_simulation_san12 (\<lambda> p q. RA1 p q \<or> RB1 p q) (\<lambda> p q. RA2 p q \<or> RB2 p q)\<close>
+ using assms weak_sim_union_cl unfolding s_coupled_simulation_san12_def by auto
+
+corollary s_coupled_sim_symm_union:
+ assumes \<open>s_coupled_simulation_san12 R1 R2\<close>
+ shows \<open>s_coupled_simulation_san12 (\<lambda> p q. R1 p q \<or> R2 q p) (\<lambda> p q. R2 p q \<or> R1 q p)\<close>
+ using s_coupled_sim_union_cl[OF assms s_coupled_sim_symm[OF assms]] .
+
+lemma s_coupledsim_stable_eq:
+ assumes
+ \<open>p \<sqsubseteq>scs q\<close>
+ \<open>stable_state p\<close>
+ shows \<open>p \<equiv>scs q\<close>
+proof -
+ obtain R1 R2 where
+ \<open>R1 p q\<close>
+ \<open>weak_simulation R1\<close>
+ \<open>weak_simulation (\<lambda>p q. R2 q p)\<close>
+ \<open>\<forall>p q. R1 p q \<longrightarrow> stable_state p \<longrightarrow> R2 p q\<close>
+ \<open>\<forall>p q. R2 p q \<longrightarrow> stable_state q \<longrightarrow> R1 p q\<close>
+ using assms(1) unfolding s_coupled_simulation_san12_def by blast
+ moreover hence \<open>R2 p q\<close> using assms(2) by blast
+ ultimately show ?thesis unfolding s_coupled_simulation_san12_def by blast
+qed
+
+lemma s_coupledsim_symm:
+ assumes
+ \<open>p \<equiv>scs q\<close>
+ shows
+ \<open>q \<equiv>scs p\<close>
+ using assms s_coupled_sim_symm by blast
+
+lemma s_coupledsim_eq_parts:
+ assumes
+ \<open>p \<equiv>scs q\<close>
+ shows
+ \<open>p \<sqsubseteq>scs q\<close>
+ \<open>q \<sqsubseteq>scs p\<close>
+ using assms s_coupledsim_symm by metis+
+
+\<comment>\<open>From @{cite "sangiorgi2012"}, p.~226\<close>
+lemma divergence_free_coupledsims_coincidence_1:
+ defines
+ \<open>R1 \<equiv> (\<lambda> p q . p \<sqsubseteq>cs q \<and> (stable_state p \<longrightarrow> stable_state q))\<close> and
+ \<open>R2 \<equiv> (\<lambda> p q . q \<sqsubseteq>cs p \<and> (stable_state q \<longrightarrow> stable_state p))\<close>
+ assumes
+ non_divergent_system: \<open>\<And> p . \<not> divergent_state p\<close>
+ shows
+ \<open>s_coupled_simulation_san12 R1 R2\<close>
+ unfolding s_coupled_simulation_san12_def
+proof safe
+ show \<open>weak_simulation R1\<close> unfolding weak_simulation_def
+ proof safe
+ fix p q p' a
+ assume sub_assms:
+ \<open>R1 p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ then obtain q' where q'_def: \<open>q \<Rightarrow>^a q'\<close> \<open>p' \<sqsubseteq>cs q'\<close>
+ using coupled_sim_by_is_coupled_sim unfolding R1_def coupled_simulation_def by blast
+ show \<open>\<exists>q'. R1 p' q' \<and> q \<Rightarrow>^a q'\<close>
+ proof (cases \<open>stable_state p'\<close>)
+ case True
+ obtain q'' where q''_def: \<open>q' \<longmapsto>* tau q''\<close> \<open>q'' \<sqsubseteq>cs p'\<close>
+ using coupled_sim_by_is_coupled_sim q'_def(2)
+ unfolding coupled_simulation_weak_simulation by blast
+ then obtain q''' where q'''_def: \<open>q'' \<longmapsto>* tau q'''\<close> \<open>stable_state q'''\<close>
+ using non_divergence_implies_eventual_stability non_divergent_system by blast
+ hence \<open>q''' \<sqsubseteq>cs p'\<close>
+ using coupledsim_step_gla17 coupledsim_trans[OF _ q''_def(2)] by blast
+ hence \<open>p' \<sqsubseteq>cs q'''\<close>
+ using `stable_state p'` coupled_sim_by_is_coupled_sim coupledsim_stable_state_symm
+ by blast
+ moreover have \<open>q \<Rightarrow>^a q'''\<close> using q'_def(1) q''_def(1) q'''_def(1) steps_concat by blast
+ ultimately show ?thesis using q'''_def(2) unfolding R1_def by blast
+ next
+ case False
+ then show ?thesis using q'_def unfolding R1_def by blast
+ qed
+ qed
+ \<comment>\<open>analogous to previous case\<close>
+ then show \<open>weak_simulation (\<lambda>p q. R2 q p)\<close> unfolding R1_def R2_def .
+next
+ fix p q
+ assume
+ \<open>R1 p q\<close>
+ \<open>stable_state p\<close>
+ thus \<open>R2 p q\<close>
+ unfolding R1_def R2_def
+ using coupled_sim_by_is_coupled_sim coupledsim_stable_state_symm by blast
+next \<comment>\<open>analogous\<close>
+ fix p q
+ assume
+ \<open>R2 p q\<close>
+ \<open>stable_state q\<close>
+ thus \<open>R1 p q\<close>
+ unfolding R1_def R2_def
+ using coupled_sim_by_is_coupled_sim coupledsim_stable_state_symm by blast
+qed
+
+\<comment>\<open>From @{cite "sangiorgi2012"}, p.~227\<close>
+lemma divergence_free_coupledsims_coincidence_2:
+ defines
+ \<open>R \<equiv> (\<lambda> p q . p \<sqsubseteq>scs q \<or> (\<exists> q' . q \<longmapsto>* tau q' \<and> p \<equiv>scs q'))\<close>
+ assumes
+ non_divergent_system: \<open>\<And> p . \<not> divergent_state p\<close>
+ shows
+ \<open>coupled_simulation R\<close>
+ unfolding coupled_simulation_weak_simulation
+proof safe
+ show \<open>weak_simulation R\<close>
+ unfolding weak_simulation_def
+ proof safe
+ fix p q p' a
+ assume sub_assms:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. R p' q' \<and> q \<Rightarrow>^a q'\<close>
+ unfolding R_def
+ proof (cases \<open>p \<sqsubseteq>scs q\<close>)
+ case True
+ then obtain q' where \<open>p' \<sqsubseteq>scs q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using s_coupled_simulation_san12_def sub_assms(2) weak_sim_ruleformat by metis
+ thus \<open>\<exists>q'. (p' \<sqsubseteq>scs q' \<or> (\<exists>q'a. q' \<longmapsto>* tau q'a \<and> p' \<equiv>scs q'a)) \<and> q \<Rightarrow>^a q'\<close>
+ by blast
+ next
+ case False
+ then obtain q' where \<open>q \<longmapsto>* tau q'\<close> \<open>p \<equiv>scs q'\<close>
+ using sub_assms(1) unfolding R_def by blast
+ then obtain q'' where \<open>q' \<Rightarrow>^a q''\<close> \<open>p' \<sqsubseteq>scs q''\<close>
+ using s_coupled_simulation_san12_def sub_assms(2) weak_sim_ruleformat by metis
+ hence \<open>p' \<sqsubseteq>scs q'' \<and> q \<Rightarrow>^a q''\<close> using steps_concat `q \<longmapsto>* tau q'` by blast
+ thus \<open>\<exists>q'. (p' \<sqsubseteq>scs q' \<or> (\<exists>q'a. q' \<longmapsto>* tau q'a \<and> p' \<equiv>scs q'a)) \<and> q \<Rightarrow>^a q'\<close>
+ by blast
+ qed
+ qed
+next
+ fix p q
+ assume
+ \<open>R p q\<close>
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R q' p\<close> unfolding R_def
+ proof safe
+ fix R1 R2
+ assume sub_assms:
+ \<open>s_coupled_simulation_san12 R1 R2\<close>
+ \<open>R1 p q\<close>
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> (q' \<sqsubseteq>scs p \<or> (\<exists>q'a. p \<longmapsto>* tau q'a \<and> q' \<equiv>scs q'a))\<close>
+ proof -
+ \<comment>\<open>dropped a superfluous case distinction from @cite{sangiorgi2012}\<close>
+ obtain p' where \<open>stable_state p'\<close> \<open>p \<longmapsto>* tau p'\<close>
+ using non_divergent_system non_divergence_implies_eventual_stability by blast
+ hence \<open>p \<Rightarrow>^\<tau> p'\<close> using tau_tau by blast
+ then obtain q' where \<open>q \<longmapsto>* tau q'\<close> \<open>p' \<sqsubseteq>scs q'\<close>
+ using s_coupled_simulation_san12_def weak_sim_weak_premise sub_assms tau_tau
+ by metis
+ moreover hence \<open>p' \<equiv>scs q'\<close> using `stable_state p'` s_coupledsim_stable_eq by blast
+ ultimately show ?thesis using `p \<longmapsto>* tau p'` s_coupledsim_symm by blast
+ qed
+ qed (metis s_coupledsim_symm)
+qed
+
+text \<open>While this proof follows @{cite "sangiorgi2012"}, we needed to deviate from them by also
+ requiring rootedness (shared stability) for the compared states.\<close>
+theorem divergence_free_coupledsims_coincidence:
+ assumes
+ non_divergent_system: \<open>\<And> p . \<not> divergent_state p\<close> and
+ stability_rooted: \<open>stable_state p \<longleftrightarrow> stable_state q\<close>
+ shows
+ \<open>(p \<equiv>cs q) = (p \<equiv>scs q)\<close>
+proof rule
+ assume \<open>p \<equiv>cs q\<close>
+ hence \<open>p \<sqsubseteq>cs q\<close> \<open>q \<sqsubseteq>cs p\<close> by auto
+ thus \<open>p \<equiv>scs q\<close>
+ using stability_rooted divergence_free_coupledsims_coincidence_1[OF non_divergent_system]
+ by blast
+next
+ assume \<open>p \<equiv>scs q\<close>
+ thus \<open>p \<equiv>cs q\<close>
+ using stability_rooted divergence_free_coupledsims_coincidence_2[OF non_divergent_system]
+ s_coupledsim_eq_parts by blast
+qed
+
+end \<comment>\<open>context @{locale lts_tau}\<close>
+
+text \<open>The following example shows that a system might be related by s-coupled-simulation without
+ being connected by coupled-simulation.\<close>
+
+datatype ex_state = a0 | a1 | a2 | a3 | b0 | b1 | b2
+
+locale ex_lts = lts_tau trans \<tau>
+ for trans :: \<open>ex_state \<Rightarrow> nat \<Rightarrow> ex_state \<Rightarrow> bool\<close> ("_ \<longmapsto>_ _" [70, 70, 70] 80) and \<tau> +
+ assumes
+ sys:
+ \<open>trans = (\<lambda> p act q .
+ 1 = act \<and> (p = a0 \<and> q = a1
+ \<or> p = a0 \<and> q = a2
+ \<or> p = a2 \<and> q = a3
+ \<or> p = b0 \<and> q = b1
+ \<or> p = b1 \<and> q = b2) \<or>
+ 0 = act \<and> (p = a1 \<and> q = a1))\<close>
+ \<open>\<tau> = 0\<close>
+begin
+
+lemma no_root_coupled_sim:
+ fixes R1 R2
+ assumes
+ coupled:
+ \<open>coupled_simulation_san12 R1 R2\<close> and
+ root:
+ \<open>R1 a0 b0\<close> \<open>R2 a0 b0\<close>
+ shows
+ False
+proof -
+ have
+ R1sim:
+ \<open>weak_simulation R1\<close> and
+ R1coupling:
+ \<open>\<forall>p q. R1 p q \<longrightarrow> (\<exists>q'. q \<longmapsto>* tau q' \<and> R2 p q')\<close> and
+ R2sim:
+ \<open>weak_simulation (\<lambda>p q. R2 q p)\<close>
+ using coupled unfolding coupled_simulation_san12_def by auto
+ hence R1sim_rf:
+ \<open>\<And> p q. R1 p q \<Longrightarrow>
+ (\<forall>p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists>q'. R1 p' q' \<and> (\<not> tau a \<longrightarrow> q \<Rightarrow>a q') \<and>
+ (tau a \<longrightarrow> q \<longmapsto>* tau q')))\<close>
+ unfolding weak_simulation_def by blast
+ have \<open>a0 \<longmapsto>1 a1\<close> using sys by auto
+ hence \<open>\<exists>q'. R1 a1 q' \<and> b0 \<Rightarrow>1 q'\<close>
+ using R1sim_rf[OF root(1), rule_format, of 1 a1] tau_def
+ by (auto simp add: sys)
+ then obtain q' where q': \<open>R1 a1 q'\<close> \<open>b0 \<Rightarrow>1 q'\<close> by blast
+ have b0_quasi_stable: \<open>\<forall> q' . b0 \<longmapsto>*tau q' \<longrightarrow> b0 = q'\<close>
+ using steps_no_step[of b0 tau] tau_def by (auto simp add: sys)
+ have b0_only_b1: \<open>\<forall> q' . b0 \<longmapsto>1 q' \<longrightarrow> q' = b1\<close> by (auto simp add: sys)
+ have b1_quasi_stable: \<open>\<forall> q' . b1 \<longmapsto>*tau q' \<longrightarrow> b1 = q'\<close>
+ using steps_no_step[of b1 tau] tau_def by (auto simp add: sys)
+ have \<open>\<forall> q' . b0 \<Rightarrow>1 q' \<longrightarrow> q' = b1\<close>
+ using b0_quasi_stable b0_only_b1 b1_quasi_stable by auto
+ hence \<open>q' = b1\<close> using q'(2) by blast
+ hence \<open>R1 a1 b1\<close> using q'(1) by simp
+ hence \<open>R2 a1 b1\<close>
+ using b1_quasi_stable R1coupling by auto
+ have b1_b2: \<open>b1 \<longmapsto>1 b2\<close>
+ by (auto simp add: sys)
+ hence a1_sim: \<open>\<exists> q' . R2 q' b2 \<and> a1 \<Rightarrow>1 q'\<close>
+ using `R2 a1 b1` R2sim b1_b2
+ unfolding weak_simulation_def tau_def by (auto simp add: sys)
+ have a1_quasi_stable: \<open>\<forall> q' . a1 \<longmapsto>*tau q' \<longrightarrow> a1 = q'\<close>
+ using steps_loop[of a1] by (auto simp add: sys)
+ hence a1_stuck: \<open>\<forall> q' . \<not> a1 \<Rightarrow>1 q'\<close>
+ by (auto simp add: sys)
+ show ?thesis using a1_sim a1_stuck by blast
+qed
+
+lemma root_s_coupled_sim:
+ defines
+ \<open>R1 \<equiv> \<lambda> a b .
+ a = a0 \<and> b = b0 \<or>
+ a = a1 \<and> b = b1 \<or>
+ a = a2 \<and> b = b1 \<or>
+ a = a3 \<and> b = b2\<close>
+ and
+ \<open>R2 \<equiv> \<lambda> a b .
+ a = a0 \<and> b = b0 \<or>
+ a = a2 \<and> b = b1 \<or>
+ a = a3 \<and> b = b2\<close>
+ shows
+ coupled:
+ \<open>s_coupled_simulation_san12 R1 R2\<close>
+ unfolding s_coupled_simulation_san12_def
+proof safe
+ show \<open>weak_simulation R1\<close>
+ unfolding weak_simulation_def proof (clarify)
+ fix p q p' a
+ show \<open>R1 p q \<Longrightarrow> p \<longmapsto>a p' \<Longrightarrow> \<exists>q'. R1 p' q' \<and> (q \<Rightarrow>^a q')\<close>
+ using step_tau_refl unfolding sys assms tau_def using sys(2) tau_def by (cases p, auto)
+ qed
+next
+ show \<open>weak_simulation (\<lambda>p q. R2 q p)\<close>
+ unfolding weak_simulation_def proof (clarify)
+ fix p q p' a
+ show \<open>R2 q p \<Longrightarrow> p \<longmapsto>a p' \<Longrightarrow> \<exists>q'. R2 q' p' \<and> (q \<Rightarrow>^a q')\<close>
+ using steps.refl[of _ tau] tau_def unfolding assms sys
+ using sys(2) tau_def by (cases p, auto)
+ qed
+next
+ fix p q
+ assume \<open>R1 p q\<close> \<open>stable_state p\<close>
+ thus \<open>R2 p q\<close> unfolding assms sys using sys(2) tau_def by auto
+next
+ fix p q
+ assume \<open>R2 p q\<close> \<open>stable_state q\<close>
+ thus \<open>R1 p q\<close> unfolding assms sys using tau_def by auto
+qed
+
+end \<comment>\<open>@{locale ex_lts}// example lts\<close>
+
+end
+
diff --git a/thys/Coupledsim_Contrasim/Coupledsim_Fixpoint_Algo_Delay.thy b/thys/Coupledsim_Contrasim/Coupledsim_Fixpoint_Algo_Delay.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Coupledsim_Fixpoint_Algo_Delay.thy
@@ -0,0 +1,128 @@
+section \<open>Fixed Point Algorithm for Coupled Similarity\<close>
+
+subsection \<open>The Algorithm\<close>
+
+theory Coupledsim_Fixpoint_Algo_Delay
+imports
+ Coupled_Simulation
+ "HOL-Library.While_Combinator"
+ "HOL-Library.Finite_Lattice"
+begin
+
+context lts_tau
+begin
+
+definition fp_step ::
+ \<open>'s rel \<Rightarrow> 's rel\<close>
+where
+ \<open>fp_step R1 \<equiv> { (p,q)\<in>R1.
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (tau a \<longrightarrow> (p',q)\<in>R1) \<and>
+ (\<not>tau a \<longrightarrow> (\<exists> q'. ((p',q')\<in>R1) \<and> (q =\<rhd>a q')))) \<and>
+ (\<exists> q'. q \<longmapsto>*tau q' \<and> ((q',p)\<in>R1)) }\<close>
+
+definition fp_compute_cs :: \<open>'s rel\<close>
+where \<open>fp_compute_cs \<equiv> while (\<lambda>R. fp_step R \<noteq> R) fp_step top\<close>
+
+subsection \<open>Correctness\<close>
+
+lemma mono_fp_step:
+ \<open>mono fp_step\<close>
+proof (rule, safe)
+ fix x y::\<open>'s rel\<close> and p q
+ assume
+ \<open>x \<subseteq> y\<close>
+ \<open>(p, q) \<in> fp_step x\<close>
+ thus \<open>(p, q) \<in> fp_step y\<close>
+ unfolding fp_step_def
+ by (auto, blast)
+qed
+
+lemma fp_fp_step:
+ assumes
+ \<open>R = fp_step R\<close>
+ shows
+ \<open>coupled_delay_simulation (\<lambda> p q. (p, q) \<in> R)\<close>
+ using assms unfolding fp_step_def coupled_delay_simulation_def delay_simulation_def
+ by (auto, blast, fastforce+)
+
+lemma gfp_fp_step_subset_gcs:
+ shows \<open>(gfp fp_step) \<subseteq> { (p,q) . greatest_coupled_simulation p q }\<close>
+ unfolding gcs_eq_coupled_sim_by[symmetric]
+proof clarify
+ fix a b
+ assume
+ \<open>(a, b) \<in> gfp fp_step\<close>
+ thus \<open>a \<sqsubseteq>cs b\<close>
+ unfolding coupled_sim_by_eq_coupled_delay_simulation
+ using fp_fp_step mono_fp_step gfp_unfold
+ by metis
+qed
+
+lemma fp_fp_step_gcs:
+ assumes
+ \<open>R = { (p,q) . greatest_coupled_simulation p q }\<close>
+ shows
+ \<open>fp_step R = R\<close>
+ unfolding assms
+proof safe
+ fix p q
+ assume
+ \<open>(p, q) \<in> fp_step {(x, y). greatest_coupled_simulation x y}\<close>
+ hence
+ \<open>(\<forall>p' a. p \<longmapsto>a p' \<longrightarrow>
+ (tau a \<longrightarrow> greatest_coupled_simulation p' q) \<and>
+ (\<not>tau a \<longrightarrow> (\<exists>q'. greatest_coupled_simulation p' q' \<and> q =\<rhd>a q'))) \<and>
+ (\<exists>q'. q \<longmapsto>* tau q' \<and> greatest_coupled_simulation q' p)\<close>
+ unfolding fp_step_def by auto
+ hence \<open>(\<forall>p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists>q'. greatest_coupled_simulation p' q' \<and> q \<Rightarrow>^a q')) \<and>
+ (\<exists>q'. q \<longmapsto>* tau q' \<and> greatest_coupled_simulation q' p)\<close>
+ unfolding fp_step_def using weak_step_delay_implies_weak_tau steps.refl by blast
+ hence \<open>(\<forall>p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists>q'. greatest_coupled_simulation p' q' \<and> q \<Rightarrow>^^a q')) \<and>
+ (\<exists>q'. q \<longmapsto>* tau q' \<and> greatest_coupled_simulation q' p)\<close>
+ using weak_step_tau2_def by simp
+ thus \<open>greatest_coupled_simulation p q\<close>
+ using lts_tau.gcs by metis
+next
+ fix p q
+ assume asm:
+ \<open>greatest_coupled_simulation p q\<close>
+ then have \<open>(p, q) \<in> {(x, y). greatest_coupled_simulation x y}\<close> by blast
+ moreover from asm have \<open>\<exists> R. R p q \<and> coupled_delay_simulation R\<close>
+ unfolding gcs_eq_coupled_sim_by[symmetric] coupled_sim_by_eq_coupled_delay_simulation.
+ then obtain R where \<open>R p q\<close> \<open>coupled_delay_simulation R\<close> by blast
+ moreover then have \<open>\<forall> p' a. p \<longmapsto>a p' \<and> \<not>tau a \<longrightarrow>
+ (\<exists> q'. (greatest_coupled_simulation p' q') \<and> (q =\<rhd>a q'))\<close>
+ using coupled_delay_simulation_def delay_simulation_def
+ by (metis coupled_similarity_implies_gcs coupled_simulation_weak_simulation
+ delay_simulation_implies_weak_simulation)
+ moreover from asm have \<open>\<forall> p' a. p \<longmapsto>a p' \<and> tau a \<longrightarrow> greatest_coupled_simulation p' q\<close>
+ unfolding gcs_eq_coupled_sim_by[symmetric] coupled_sim_by_eq_coupled_delay_simulation
+ by (metis coupled_delay_simulation_def delay_simulation_def)
+ moreover have \<open>(\<exists> q'. q \<longmapsto>*tau q' \<and> (greatest_coupled_simulation q' p))\<close>
+ using asm gcs_is_coupled_simulation coupled_simulation_implies_coupling by blast
+ ultimately show \<open>(p, q) \<in> fp_step {(x, y). greatest_coupled_simulation x y}\<close>
+ unfolding fp_step_def by blast
+qed
+
+lemma gfp_fp_step_gcs: \<open>gfp fp_step = { (p,q) . greatest_coupled_simulation p q }\<close>
+ using fp_fp_step_gcs gfp_fp_step_subset_gcs
+ by (simp add: equalityI gfp_upperbound)
+
+end
+
+context lts_tau_finite
+begin
+lemma gfp_fp_step_while:
+ shows
+ \<open>gfp fp_step = fp_compute_cs\<close>
+ unfolding fp_compute_cs_def
+ using gfp_while_lattice[OF mono_fp_step] finite_state_rel Finite_Set.finite_set by blast
+
+theorem coupled_sim_fp_step_while:
+ shows \<open>fp_compute_cs = { (p,q) . greatest_coupled_simulation p q }\<close>
+ using gfp_fp_step_while gfp_fp_step_gcs by blast
+
+end
+
+end
diff --git a/thys/Coupledsim_Contrasim/Coupledsim_Game_Delay.thy b/thys/Coupledsim_Contrasim/Coupledsim_Game_Delay.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Coupledsim_Game_Delay.thy
@@ -0,0 +1,412 @@
+section \<open>Game for Coupled Similarity with Delay Formulation\<close>
+
+theory Coupledsim_Game_Delay
+imports
+ Coupled_Simulation
+ Simple_Game
+begin
+
+subsection \<open>The Coupled Simulation Preorder Game Using Delay Steps\<close>
+
+datatype ('s, 'a) cs_game_node =
+ AttackerNode 's 's |
+ DefenderStepNode 'a 's 's |
+ DefenderCouplingNode 's 's
+
+fun (in lts_tau) cs_game_moves ::
+ \<open>('s, 'a) cs_game_node \<Rightarrow> ('s, 'a) cs_game_node \<Rightarrow> bool\<close> where
+ simulation_visible_challenge:
+ \<open>cs_game_moves (AttackerNode p q) (DefenderStepNode a p1 q0) =
+ (\<not>tau a \<and> p \<longmapsto>a p1 \<and> q = q0)\<close> |
+ simulation_internal_attacker_move:
+ \<open>cs_game_moves (AttackerNode p q) (AttackerNode p1 q0) =
+ (\<exists>a. tau a \<and> p \<longmapsto>a p1 \<and> q = q0)\<close> |
+ simulation_answer:
+ \<open>cs_game_moves (DefenderStepNode a p1 q0) (AttackerNode p11 q1) =
+ (q0 =\<rhd>a q1 \<and> p1 = p11)\<close> |
+ coupling_challenge:
+ \<open>cs_game_moves (AttackerNode p q) (DefenderCouplingNode p0 q0) =
+ (p = p0 \<and> q = q0)\<close> |
+ coupling_answer:
+ \<open>cs_game_moves (DefenderCouplingNode p0 q0) (AttackerNode q1 p00) =
+ (p0 = p00 \<and> q0 \<longmapsto>* tau q1)\<close> |
+ cs_game_moves_no_step:
+ \<open>cs_game_moves _ _ = False\<close>
+
+fun cs_game_defender_node :: \<open>('s, 'a) cs_game_node \<Rightarrow> bool\<close> where
+ \<open>cs_game_defender_node (AttackerNode _ _) = False\<close> |
+ \<open>cs_game_defender_node (DefenderStepNode _ _ _) = True\<close> |
+ \<open>cs_game_defender_node (DefenderCouplingNode _ _) = True\<close>
+
+locale cs_game =
+ lts_tau trans \<tau> +
+ simple_game cs_game_moves cs_game_defender_node
+for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<longmapsto>_ _" [70, 70, 70] 80) and
+ \<tau> :: \<open>'a\<close>
+begin
+
+subsection \<open>Coupled Simulation Implies Winning Strategy\<close>
+
+fun strategy_from_coupleddsim :: \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> ('s, 'a) cs_game_node strategy\<close> where
+ \<open>strategy_from_coupleddsim R ((DefenderStepNode a p1 q0)#play) =
+ (AttackerNode p1 (SOME q1 . R p1 q1 \<and> q0 =\<rhd>a q1))\<close> |
+ \<open>strategy_from_coupleddsim R ((DefenderCouplingNode p0 q0)#play) =
+ (AttackerNode (SOME q1 . R q1 p0 \<and> q0 \<longmapsto>* tau q1) p0)\<close> |
+ \<open>strategy_from_coupleddsim _ _ = undefined\<close>
+
+lemma defender_preceded_by_attacker:
+ assumes
+ \<open>n0 # play \<in> plays (AttackerNode p0 q0)\<close>
+ \<open>cs_game_defender_node n0\<close>
+ shows
+ \<open>\<exists> p q . hd play = AttackerNode p q \<and> cs_game_moves (AttackerNode p q) n0\<close>
+ \<open>play \<noteq> []\<close>
+proof -
+ have n0_not_init: \<open>n0 \<noteq> (AttackerNode p0 q0)\<close> using assms(2) by auto
+ hence \<open>cs_game_moves (hd play) n0\<close> using assms(1)
+ by (metis list.sel(1) list.sel(3) plays.cases)
+ thus \<open>\<exists>p q. hd play = AttackerNode p q \<and> cs_game_moves (AttackerNode p q) n0\<close> using assms(2)
+ by (metis cs_game_defender_node.elims(2,3) local.cs_game_moves_no_step(1,2,3,6))
+ show \<open>play \<noteq> []\<close> using n0_not_init assms(1) plays.cases by auto
+qed
+
+lemma defender_only_challenged_by_visible_actions:
+ assumes
+ \<open>(DefenderStepNode a p q) # play \<in> plays (AttackerNode p0 q0)\<close>
+ shows
+ \<open>\<not>tau a\<close>
+ using assms defender_preceded_by_attacker
+ by fastforce
+
+lemma strategy_from_coupleddsim_retains_coupledsim:
+ assumes
+ \<open>R p0 q0\<close>
+ \<open>coupled_delay_simulation R\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ \<open>play \<in> plays_for_0strategy (strategy_from_coupleddsim R) initial\<close>
+ shows
+ \<open>hd play = AttackerNode p q \<Longrightarrow> R p q\<close>
+ \<open>length play > 1 \<Longrightarrow> hd (tl play) = AttackerNode p q \<Longrightarrow> R p q\<close>
+ using assms(4)
+proof (induct arbitrary: p q rule: plays_for_0strategy.induct[OF assms(4)])
+ case 1
+ fix p q
+ assume \<open>hd [initial] = AttackerNode p q\<close>
+ hence \<open>p = p0\<close> \<open>q = q0\<close> using assms(3) by auto
+ thus \<open>R p q\<close> using assms(1) by simp
+next
+ case 1
+ fix p q
+ assume \<open>1 < length [initial]\<close>
+ hence False by auto
+ thus \<open>R p q\<close> ..
+next
+ case (2 n0 play)
+ hence n0play_is_play: \<open>n0 # play \<in> plays initial\<close> using strategy0_plays_subset by blast
+ fix p q
+ assume subassms:
+ \<open>hd (strategy_from_coupleddsim R (n0 # play) # n0 # play) = AttackerNode p q\<close>
+ \<open>strategy_from_coupleddsim R (n0 # play) # n0 # play
+ \<in> plays_for_0strategy (strategy_from_coupleddsim R) initial\<close>
+ then obtain pi qi where
+ piqi_def: \<open>hd (play) = AttackerNode pi qi\<close>
+ \<open>cs_game_moves (AttackerNode pi qi) n0\<close> \<open>play \<noteq> []\<close>
+ using defender_preceded_by_attacker n0play_is_play `cs_game_defender_node n0` assms(3) by blast
+ hence \<open>R pi qi\<close> using 2(1,3) by simp
+ have \<open>(\<exists> a . n0 = (DefenderStepNode a p qi) \<and> \<not> tau a \<and> pi \<longmapsto>a p)
+ \<or> (n0 = (DefenderCouplingNode pi qi))\<close>
+ using piqi_def(2) 2(4,5) subassms(1)
+ using cs_game_defender_node.elims(2) cs_game_moves.simps(1,3)
+ cs_game_moves.simps(4) list.sel(1)
+ by metis
+ thus \<open>R p q\<close>
+ proof safe
+ fix a
+ assume n0_def: \<open>n0 = DefenderStepNode a p qi\<close> \<open>\<not> tau a\<close> \<open>pi \<longmapsto>a p\<close>
+ have \<open>strategy_from_coupleddsim R (n0 # play) =
+ (AttackerNode p (SOME q1 . R p q1 \<and> qi =\<rhd>a q1))\<close>
+ unfolding n0_def(1) by auto
+ with subassms(1) have q_def: \<open>q = (SOME q1. R p q1 \<and> qi =\<rhd>a q1)\<close> by auto
+ have \<open>\<exists> qii . R p qii \<and> qi =\<rhd>a qii\<close>
+ using n0_def(2,3) `R pi qi` `coupled_delay_simulation R`
+ unfolding coupled_delay_simulation_def delay_simulation_def by blast
+ from someI_ex[OF this] show \<open>R p q\<close> unfolding q_def by blast
+ next
+ assume n0_def: \<open>n0 = DefenderCouplingNode pi qi\<close>
+ have \<open>strategy_from_coupleddsim R (n0 # play) =
+ (AttackerNode (SOME q1 . R q1 pi \<and> qi \<longmapsto>* tau q1) pi)\<close>
+ unfolding n0_def(1) by auto
+ with subassms(1) have qp_def:
+ \<open>p = (SOME q1 . R q1 pi \<and> qi \<longmapsto>* tau q1)\<close> \<open>q = pi\<close> by auto
+ have \<open>\<exists> q1 . R q1 pi \<and> qi \<longmapsto>* tau q1\<close>
+ using n0_def `R pi qi` `coupled_delay_simulation R`
+ unfolding coupled_delay_simulation_def by blast
+ from someI_ex[OF this] show \<open>R p q\<close> unfolding qp_def by blast
+ qed
+next
+ case (2 n0 play)
+ fix p q
+ assume \<open>hd (tl (strategy_from_coupleddsim R (n0 # play) # n0 # play)) = AttackerNode p q\<close>
+ hence False using 2(4) by auto
+ thus \<open>R p q\<close> ..
+next
+ case (3 n1 play n1')
+ fix p q
+ assume \<open>hd (n1' # n1 # play) = AttackerNode p q\<close>
+ then obtain p1 a where n1_spec: \<open>n1 = AttackerNode p1 q\<close> \<open>p1 \<longmapsto>a p\<close> \<open>tau a\<close>
+ using 3 list.sel(1)
+ by (metis cs_game_defender_node.elims(3) simulation_internal_attacker_move)
+ then have \<open>R p1 q\<close> using 3 by auto
+ thus \<open>R p q\<close>
+ using n1_spec(2,3) \<open>coupled_delay_simulation R\<close>
+ unfolding coupled_delay_simulation_def delay_simulation_def by auto
+next
+ case (3 n1 play n1')
+ fix p q
+ assume \<open>hd (tl (n1' # n1 # play)) = AttackerNode p q\<close>
+ thus \<open>R p q\<close> using 3(1,2) by auto
+qed
+
+lemma strategy_from_coupleddsim_sound:
+ assumes
+ \<open>R p0 q0\<close>
+ \<open>coupled_delay_simulation R\<close>
+ \<open>initial = AttackerNode p0 q0\<close>
+ shows
+ \<open>sound_0strategy (strategy_from_coupleddsim R) initial\<close>
+ unfolding sound_0strategy_def
+proof clarify
+ fix n0 play
+ assume subassms:
+ \<open>n0 # play \<in> plays_for_0strategy(strategy_from_coupleddsim R) initial\<close>
+ \<open>cs_game_defender_node n0\<close>
+ then obtain pi qi where
+ piqi_def: \<open>hd (play) = AttackerNode pi qi\<close>
+ \<open>cs_game_moves (AttackerNode pi qi) n0\<close> \<open>play \<noteq> []\<close>
+ using defender_preceded_by_attacker `cs_game_defender_node n0` assms(3)
+ strategy0_plays_subset by blast
+ hence \<open>R pi qi\<close>
+ using strategy_from_coupleddsim_retains_coupledsim[OF assms] list.sel subassms by auto
+ have \<open>(\<exists> a p . n0 = (DefenderStepNode a p qi) \<and> pi \<longmapsto>a p)
+ \<or> (n0 = (DefenderCouplingNode pi qi))\<close>
+ by (metis cs_game_defender_node.elims(2)
+ coupling_challenge simulation_visible_challenge piqi_def(2) subassms(2))
+ thus \<open>cs_game_moves n0 (strategy_from_coupleddsim R (n0 # play))\<close>
+ proof safe
+ fix a p
+ assume dsn:
+ \<open>pi \<longmapsto>a p\<close>
+ \<open>n0 = DefenderStepNode a p qi\<close>
+ hence qi_spec:
+ \<open>(strategy_from_coupleddsim R (n0 # play)) =
+ AttackerNode p (SOME q1 . R p q1 \<and> qi =\<rhd>a q1)\<close>
+ by simp
+ then obtain qii where qii_spec:
+ \<open>AttackerNode p (SOME q1 . R p q1 \<and> qi =\<rhd>a q1) = AttackerNode p qii\<close> by blast
+ have \<open>\<exists> qii . R p qii \<and> qi =\<rhd>a qii\<close>
+ using dsn `R pi qi` `coupled_delay_simulation R` steps.refl
+ unfolding coupled_delay_simulation_def delay_simulation_def by blast
+ from someI_ex[OF this] have \<open>R p qii \<and> qi =\<rhd>a qii\<close> using qii_spec by blast
+ thus \<open>cs_game_moves (DefenderStepNode a p qi)
+ (strategy_from_coupleddsim R (DefenderStepNode a p qi # play))\<close>
+ using qi_spec qii_spec unfolding dsn(2) by auto
+ next \<comment>\<open>coupling quite analogous.\<close>
+ assume dcn:
+ \<open>n0 = DefenderCouplingNode pi qi\<close>
+ hence qi_spec:
+ \<open>(strategy_from_coupleddsim R (n0 # play)) =
+ AttackerNode (SOME q1 . R q1 pi \<and> qi \<longmapsto>* tau q1) pi\<close>
+ by simp
+ then obtain qii where qii_spec:
+ \<open>AttackerNode (SOME q1 . R q1 pi \<and> qi \<longmapsto>* tau q1) pi = AttackerNode qii pi\<close> by blast
+ have \<open>\<exists> qii . R qii pi \<and> qi \<longmapsto>* tau qii\<close>
+ using dcn `R pi qi` `coupled_delay_simulation R`
+ unfolding coupled_delay_simulation_def by blast
+ from someI_ex[OF this] have \<open>R qii pi \<and> qi \<longmapsto>* tau qii\<close> using qii_spec by blast
+ thus \<open>cs_game_moves (DefenderCouplingNode pi qi)
+ (strategy_from_coupleddsim R (DefenderCouplingNode pi qi # play))\<close>
+ using qi_spec qii_spec unfolding dcn by auto
+ qed
+qed
+
+lemma coupleddsim_implies_winning_strategy:
+ assumes
+ \<open>R p q\<close>
+ \<open>coupled_delay_simulation R\<close>
+ \<open>initial = AttackerNode p q\<close>
+ shows
+ \<open>player0_winning_strategy (strategy_from_coupleddsim R) initial\<close>
+ unfolding player0_winning_strategy_def
+proof (clarify)
+ fix play
+ assume subassms:
+ \<open>play \<in> plays_for_0strategy (strategy_from_coupleddsim R) initial\<close>
+ \<open>player1_wins_immediately play\<close>
+ show \<open>False\<close> using subassms
+ proof (induct rule: simple_game.plays_for_0strategy.induct[OF subassms(1)])
+ case 1
+ then show ?case unfolding player1_wins_immediately_def using assms(3) by auto
+ next
+ case (2 n0 play)
+ hence \<open>\<not> cs_game_defender_node (strategy_from_coupleddsim R (n0 # play))\<close>
+ using cs_game_moves_no_step cs_game_defender_node.elims(2) by metis
+ hence \<open>\<not> player1_wins_immediately (strategy_from_coupleddsim R (n0 # play) # n0 # play)\<close>
+ unfolding player1_wins_immediately_def by auto
+ thus ?case using 2(6) by auto
+ next
+ case (3 n1 play n1')
+ then obtain p q where n1_def: \<open>n1 = AttackerNode p q\<close>
+ using cs_game_defender_node.elims(3) by blast
+ hence \<open>R p q\<close>
+ using strategy_from_coupleddsim_retains_coupledsim[OF assms, of \<open>n1 # play\<close>] 3(1)
+ by auto
+ have \<open>(\<exists> p1 a . n1' = (DefenderStepNode a p1 q) \<and> (p \<longmapsto>a p1))
+ \<or> n1' = (DefenderCouplingNode p q)\<close>
+ using n1_def `cs_game_moves n1 n1'` coupling_challenge cs_game_moves_no_step(5)
+ simulation_visible_challenge "3.prems"(2) cs_game_defender_node.elims(1) list.sel(1)
+ unfolding player1_wins_immediately_def
+ by metis
+ then show ?case
+ proof
+ assume \<open>(\<exists> p1 a . n1' = (DefenderStepNode a p1 q) \<and> (p \<longmapsto>a p1))\<close>
+ then obtain p1 a where
+ n1'_def: \<open>n1' = (DefenderStepNode a p1 q)\<close> \<open>p \<longmapsto>a p1\<close>
+ by blast
+ hence \<open>\<exists> q1 . q =\<rhd>a q1\<close>
+ using `R p q` `coupled_delay_simulation R`
+ unfolding coupled_delay_simulation_def delay_simulation_def by blast
+ hence \<open>\<exists> q1 . cs_game_moves (DefenderStepNode a p1 q) (AttackerNode p1 q1)\<close>
+ by auto
+ with `player1_wins_immediately (n1' # n1 # play)` show False
+ unfolding player1_wins_immediately_def n1'_def
+ by (metis list.sel(1))
+ next
+ assume n1'_def: \<open>n1' = DefenderCouplingNode p q\<close>
+ have \<open>\<exists> q1 . q \<longmapsto>*tau q1\<close>
+ using `coupled_delay_simulation R` `R p q`
+ unfolding coupled_delay_simulation_def by blast
+ hence \<open>\<exists> q1 . cs_game_moves (DefenderCouplingNode p q) (AttackerNode q1 p)\<close>
+ by auto
+ with `player1_wins_immediately (n1' # n1 # play)` show False
+ unfolding player1_wins_immediately_def n1'_def
+ by (metis list.sel(1))
+ qed
+ qed
+qed
+
+subsection \<open>Winning Strategy Induces Coupled Simulation\<close>
+
+lemma winning_strategy_implies_coupleddsim:
+ assumes
+ \<open>player0_winning_strategy f initial\<close>
+ \<open>sound_0strategy f initial\<close>
+ defines
+ \<open>R == \<lambda> p q . (\<exists> play \<in> plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ shows
+ \<open>coupled_delay_simulation R\<close>
+ unfolding coupled_delay_simulation_def delay_simulation_def
+proof safe
+ fix p q p' a
+ assume challenge:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ \<open>tau a \<close>
+ hence game_move: \<open>cs_game_moves (AttackerNode p q) (AttackerNode p' q)\<close> by auto
+ have \<open>(\<exists> play \<in> plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ using challenge(1) assms by blast
+ then obtain play where
+ play_spec: \<open>AttackerNode p q # play \<in> plays_for_0strategy f initial\<close>
+ by (metis list.sel(1) simple_game.plays.cases strategy0_plays_subset)
+ hence interplay:
+ \<open>(AttackerNode p' q) # AttackerNode p q # play \<in> plays_for_0strategy f initial\<close>
+ using game_move by (simp add: simple_game.plays_for_0strategy.p1move)
+ then show \<open>R p' q\<close>
+ unfolding R_def list.sel by force
+next
+ fix p q p' a
+ assume challenge:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ \<open>\<not> tau a \<close>
+ hence game_move: \<open>cs_game_moves (AttackerNode p q) (DefenderStepNode a p' q)\<close> by auto
+ have \<open>(\<exists> play \<in> plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ using challenge(1) assms by blast
+ then obtain play where
+ play_spec: \<open>AttackerNode p q # play \<in> plays_for_0strategy f initial\<close>
+ by (metis list.sel(1) simple_game.plays.cases strategy0_plays_subset)
+ hence interplay:
+ \<open>(DefenderStepNode a p' q) # AttackerNode p q # play \<in> plays_for_0strategy f initial\<close>
+ using game_move by (simp add: simple_game.plays_for_0strategy.p1move)
+ hence \<open>\<not> player1_wins_immediately ((DefenderStepNode a p' q) # AttackerNode p q # play)\<close>
+ using assms(1) unfolding player0_winning_strategy_def by blast
+ then obtain n1 where n1_def:
+ \<open>n1 = f (DefenderStepNode a p' q # AttackerNode p q # play)\<close>
+ \<open>cs_game_moves (DefenderStepNode a p' q) n1\<close>
+ using interplay assms(2) unfolding player0_winning_strategy_def sound_0strategy_def by simp
+ obtain q' where q'_spec:
+ \<open>(AttackerNode p' q') = n1\<close> \<open>q =\<rhd>a q'\<close>
+ using n1_def(2) by (cases n1, auto)
+ hence \<open>(AttackerNode p' q') # (DefenderStepNode a p' q) # AttackerNode p q # play
+ \<in> plays_for_0strategy f initial\<close>
+ using interplay n1_def by (simp add: simple_game.plays_for_0strategy.p0move)
+ hence \<open>R p' q'\<close> unfolding R_def by (meson list.sel(1))
+ thus \<open>\<exists>q'. R p' q' \<and> q =\<rhd>a q'\<close> using q'_spec(2) by blast
+next
+ fix p q
+ assume challenge:
+ \<open>R p q\<close>
+ hence game_move: \<open>cs_game_moves (AttackerNode p q) (DefenderCouplingNode p q)\<close> by auto
+ have \<open>(\<exists> play \<in> plays_for_0strategy f initial . hd play = AttackerNode p q)\<close>
+ using challenge assms by blast
+ then obtain play where
+ play_spec: \<open>AttackerNode p q # play \<in> plays_for_0strategy f initial\<close>
+ by (metis list.sel(1) simple_game.plays.cases strategy0_plays_subset)
+ hence interplay: \<open>(DefenderCouplingNode p q) # AttackerNode p q # play
+ \<in> plays_for_0strategy f initial\<close>
+ using game_move by (simp add: simple_game.plays_for_0strategy.p1move)
+ hence \<open>\<not> player1_wins_immediately ((DefenderCouplingNode p q) # AttackerNode p q # play)\<close>
+ using assms(1) unfolding player0_winning_strategy_def by blast
+ then obtain n1 where n1_def:
+ \<open>n1 = f (DefenderCouplingNode p q # AttackerNode p q # play)\<close>
+ \<open>cs_game_moves (DefenderCouplingNode p q) n1\<close>
+ using interplay assms(2)
+ unfolding player0_winning_strategy_def sound_0strategy_def by simp
+ obtain q' where q'_spec:
+ \<open>(AttackerNode q' p) = n1\<close> \<open>q \<longmapsto>* tau q'\<close>
+ using n1_def(2) by (cases n1, auto)
+ hence \<open>(AttackerNode q' p) # (DefenderCouplingNode p q) # AttackerNode p q # play
+ \<in> plays_for_0strategy f initial\<close>
+ using interplay n1_def by (simp add: simple_game.plays_for_0strategy.p0move)
+ hence \<open>R q' p\<close> unfolding R_def by (meson list.sel(1))
+ thus \<open>\<exists>q'. q \<longmapsto>* tau q' \<and> R q' p\<close> using q'_spec(2) by blast
+qed
+
+theorem winning_strategy_iff_coupledsim:
+ assumes
+ \<open>initial = AttackerNode p q\<close>
+ shows
+ \<open>(\<exists> f . player0_winning_strategy f initial \<and> sound_0strategy f initial)
+ = p \<sqsubseteq>cs q\<close>
+proof (rule)
+ assume
+ \<open>(\<exists>f. player0_winning_strategy f initial \<and> sound_0strategy f initial)\<close>
+ then obtain f where
+ \<open>coupled_delay_simulation (\<lambda>p q. \<exists>play\<in>plays_for_0strategy f initial. hd play = AttackerNode p q)\<close>
+ using winning_strategy_implies_coupleddsim by blast
+ moreover have \<open>(\<lambda>p q. \<exists>play\<in>plays_for_0strategy f initial. hd play = AttackerNode p q) p q\<close>
+ using assms plays_for_0strategy.init by force
+ ultimately show \<open>p \<sqsubseteq>cs q\<close>
+ unfolding coupled_sim_by_eq_coupled_delay_simulation
+ by (metis (mono_tags, lifting))
+next
+ assume
+ \<open>p \<sqsubseteq>cs q\<close>
+ thus \<open>(\<exists>f. player0_winning_strategy f initial \<and> sound_0strategy f initial)\<close>
+ unfolding coupled_sim_by_eq_coupled_delay_simulation
+ using coupleddsim_implies_winning_strategy[OF _ _ assms]
+ strategy_from_coupleddsim_sound[OF _ _ assms] by blast
+qed
+
+end
+end
diff --git a/thys/Coupledsim_Contrasim/HM_Logic_Infinitary.thy b/thys/Coupledsim_Contrasim/HM_Logic_Infinitary.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/HM_Logic_Infinitary.thy
@@ -0,0 +1,195 @@
+section \<open>Infinitary Hennessy--Milner Logic\<close>
+
+theory HM_Logic_Infinitary
+ imports
+ Weak_Relations
+begin
+
+datatype ('a,'x)HML_formula =
+ HML_true
+| HML_conj \<open>'x set\<close> \<open>'x \<Rightarrow> ('a,'x)HML_formula\<close> (\<open>AND _ _\<close>)
+| HML_neg \<open>('a,'x)HML_formula\<close> (\<open>~_\<close> [20] 60)
+| HML_poss \<open>'a\<close> \<open>('a,'x)HML_formula\<close> (\<open>\<langle>_\<rangle>_\<close> [60] 60)
+
+\<comment>\<open>The HML formulation is derived from that by Max Pohlmann @{cite pohlmann2021reactivebisim}.\<close>
+
+subsection \<open>Satisfaction Relation\<close>
+
+context lts_tau
+begin
+
+function satisfies :: \<open>'s \<Rightarrow> ('a, 's) HML_formula \<Rightarrow> bool\<close>
+ (\<open>_ \<Turnstile> _\<close> [50, 50] 50)
+ where
+ \<open>(p \<Turnstile> HML_true) = True\<close>
+ | \<open>(p \<Turnstile> HML_conj I F) = (\<forall> i \<in> I. p \<Turnstile> (F i))\<close>
+ | \<open>(p \<Turnstile> HML_neg \<phi>) = (\<not> p \<Turnstile> \<phi>)\<close>
+ | \<open>(p \<Turnstile> HML_poss \<alpha> \<phi>) =
+ (\<exists> p'. ((tau \<alpha> \<and> p \<longmapsto>* tau p') \<or> (\<not> tau \<alpha> \<and> p \<longmapsto>\<alpha> p')) \<and> p' \<Turnstile> \<phi>)\<close>
+ using HML_formula.exhaust by (auto, blast)
+
+inductive_set HML_wf_rel :: \<open>('s \<times> ('a, 's) HML_formula) rel\<close>
+ where
+ \<open>\<phi> = F i \<and> i \<in> I \<Longrightarrow> ((p, \<phi>), (p, HML_conj I F)) \<in> HML_wf_rel\<close>
+ | \<open>((p, \<phi>), (p, HML_neg \<phi>)) \<in> HML_wf_rel\<close>
+ | \<open>((p, \<phi>), (p', HML_poss \<alpha> \<phi>)) \<in> HML_wf_rel\<close>
+
+lemma HML_wf_rel_is_wf: \<open>wf HML_wf_rel\<close>
+ unfolding wf_def
+proof (safe)
+ fix P::\<open>'s \<times> ('a, 's) HML_formula \<Rightarrow> bool\<close> and t::\<open>'s \<times> ('a, 's) HML_formula\<close>
+ obtain p \<phi> where \<open>t = (p, \<phi>)\<close> by force
+ assume \<open>\<forall>x. (\<forall>y. (y, x) \<in> HML_wf_rel \<longrightarrow> P y) \<longrightarrow> P x\<close>
+ hence \<open>P (p, \<phi>)\<close>
+ proof (induct \<phi> arbitrary: p)
+ case HML_true
+ then show ?case
+ by (metis HML_formula.distinct(1,3,5) HML_wf_rel.cases old.prod.exhaust)
+ next
+ case (HML_conj I F)
+ thus ?case
+ by (smt (verit) HML_formula.distinct(7,9) HML_formula.inject(1) HML_wf_rel.cases
+ case_prodD case_prodE' lts_tau.HML_wf_rel_def mem_Collect_eq range_eqI)
+ next
+ case (HML_neg \<phi>)
+ thus ?case
+ by (metis HML_formula.distinct(11,7) HML_formula.inject(2) HML_wf_rel.cases surj_pair)
+ next
+ case (HML_poss a \<phi>)
+ thus ?case
+ by (smt (verit, del_insts) HML_formula.distinct(3,5,9,11) HML_formula.inject(3)
+ HML_wf_rel.cases case_prodD case_prodE' HML_wf_rel_def mem_Collect_eq)
+ qed
+ thus \<open>P t\<close> using \<open>t = (p, \<phi>)\<close> by simp
+qed
+
+termination satisfies using HML_wf_rel_is_wf
+ by (standard, (simp add: HML_wf_rel.intros)+)
+
+inductive_set HML_direct_subformulas :: \<open>(('a, 's) HML_formula) rel\<close>
+ where
+ \<open>\<phi> = F i \<and> i \<in> I \<Longrightarrow> (\<phi>, HML_conj I F) \<in> HML_direct_subformulas\<close>
+ | \<open>(\<phi>, HML_neg \<phi>) \<in> HML_direct_subformulas\<close>
+ | \<open>(\<phi>, HML_poss \<alpha> \<phi>) \<in> HML_direct_subformulas\<close>
+
+lemma HML_direct_subformulas_wf: \<open>wf HML_direct_subformulas\<close>
+ unfolding wf_def
+proof (safe)
+ fix P x
+ assume \<open>\<forall>x. (\<forall>y. (y, x) \<in> HML_direct_subformulas \<longrightarrow> P y) \<longrightarrow> P x\<close>
+ thus \<open>P x\<close>
+ proof induct
+ case HML_true
+ then show ?case using HML_direct_subformulas.simps by blast
+ next
+ case (HML_conj I F)
+ then show ?case
+ by (metis HML_direct_subformulas.cases HML_formula.distinct(7,9)
+ HML_formula.inject(1) range_eqI)
+ next
+ case (HML_neg \<phi>)
+ then show ?case
+ by (metis HML_direct_subformulas.simps HML_formula.distinct(11,7) HML_formula.inject(2))
+ next
+ case (HML_poss a \<phi>)
+ then show ?case
+ by (metis HML_direct_subformulas.simps HML_formula.distinct(11,9) HML_formula.inject(3))
+ qed
+qed
+
+definition HML_subformulas where \<open>HML_subformulas \<equiv> (HML_direct_subformulas)\<^sup>+\<close>
+
+lemma HML_subformulas_wf: \<open>wf HML_subformulas\<close>
+ using HML_direct_subformulas_wf HML_subformulas_def wf_trancl
+ by fastforce
+
+lemma conj_only_depends_on_indexset:
+ assumes \<open>\<forall>i\<in>I. f1 i = f2 i\<close>
+ shows \<open>(p \<Turnstile> HML_conj I f1) = (p \<Turnstile> HML_conj I f2)\<close>
+ using assms by auto
+
+subsection \<open>Distinguishing Formulas\<close>
+
+definition HML_equivalent :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close>
+ where \<open>HML_equivalent p q
+ \<equiv> (\<forall> \<phi>::('a, 's) HML_formula. (p \<Turnstile> \<phi>) \<longleftrightarrow> (q \<Turnstile> \<phi>))\<close>
+
+fun distinguishes :: \<open>('a,'s) HML_formula \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow> bool\<close>
+ where
+ \<open>distinguishes \<phi> p q = (p \<Turnstile> \<phi> \<and> \<not> q \<Turnstile> \<phi>)\<close>
+
+fun distinguishes_from_set :: \<open>('a,'s) HML_formula \<Rightarrow> 's \<Rightarrow> 's set \<Rightarrow> bool\<close>
+ where
+ \<open>distinguishes_from_set \<phi> p Q = (p \<Turnstile> \<phi> \<and> (\<forall>q. q \<in> Q \<longrightarrow> \<not> q \<Turnstile> \<phi>))\<close>
+
+lemma distinguishing_formula:
+ assumes \<open>\<not> HML_equivalent p q\<close>
+ shows \<open>\<exists> \<phi>. p \<Turnstile> \<phi> \<and> \<not> q \<Turnstile> \<phi>\<close>
+ using assms satisfies.simps(3) unfolding HML_equivalent_def
+ by blast
+
+lemma HML_equivalent_symm:
+ assumes \<open>HML_equivalent p q\<close>
+ shows \<open>HML_equivalent q p\<close>
+ using HML_equivalent_def assms by presburger
+
+subsection \<open>Weak-NOR Hennessy--Milner Logic\<close>
+
+definition HML_weaknor ::
+ \<open>'x set \<Rightarrow> ('x \<Rightarrow> ('a,'x)HML_formula) \<Rightarrow> ('a,'x)HML_formula\<close>
+ where \<open>HML_weaknor I F = HML_poss \<tau> (HML_conj I (\<lambda>f. HML_neg (F f)))\<close>
+
+definition HML_weaknot ::
+ \<open>('a,'x)HML_formula \<Rightarrow> ('a,'x)HML_formula\<close>
+ where \<open>HML_weaknot \<phi> = HML_weaknor {undefined} (\<lambda>i. \<phi>)\<close>
+
+inductive_set HML_weak_formulas :: \<open>('a,'x)HML_formula set\<close> where
+ Base: \<open>HML_true \<in> HML_weak_formulas\<close> |
+ Obs: \<open>\<phi> \<in> HML_weak_formulas \<Longrightarrow> (\<langle>\<tau>\<rangle>\<langle>a\<rangle>\<phi>) \<in> HML_weak_formulas\<close> |
+ Conj: \<open>(\<And>i. i \<in> I \<Longrightarrow> F i \<in> HML_weak_formulas) \<Longrightarrow> HML_weaknor I F \<in> HML_weak_formulas\<close>
+
+lemma weak_backwards_truth:
+ assumes
+ \<open>\<phi> \<in> HML_weak_formulas\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>p' \<Turnstile> \<phi>\<close>
+ shows
+ \<open>p \<Turnstile> \<phi>\<close>
+ using assms
+proof cases
+ case Base
+ then show ?thesis by force
+next
+ case (Obs \<phi> a)
+ then show ?thesis
+ using assms(2,3) satisfies.simps(4) steps_concat tau_tau by blast
+next
+ case (Conj I F)
+ then show ?thesis
+ unfolding HML_weaknor_def tau_def
+ using tau_tau assms steps_concat
+ by force
+qed
+
+lemma tau_a_obs_implies_delay_step:
+ assumes \<open>p \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>\<phi>\<close>
+ shows \<open>\<exists>p'. p =\<rhd>a p' \<and> p' \<Turnstile> \<phi>\<close>
+proof -
+ obtain p'' where \<open>p \<Rightarrow>^\<tau> p'' \<and> p'' \<Turnstile> \<langle>a\<rangle>\<phi>\<close> using assms by auto
+ thus ?thesis using satisfies.simps(4) steps_concat tau_tau by blast
+qed
+
+lemma delay_step_implies_tau_a_obs:
+ assumes
+ \<open>p =\<rhd>a p'\<close>
+ \<open>p' \<Turnstile> \<phi>\<close>
+ shows \<open>p \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>\<phi>\<close>
+proof -
+ obtain p'' where \<open>p \<Rightarrow>^\<tau> p''\<close> and \<open>p'' \<Rightarrow>^a p'\<close>
+ using assms steps.refl tau_tau by blast
+ thus ?thesis
+ by (metis assms(1,2) lts_tau.satisfies.simps(4) lts_tau.tau_tau)
+qed
+
+end
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/README.md b/thys/Coupledsim_Contrasim/README.md
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/README.md
@@ -0,0 +1,30 @@
+# Coupled Similarity and Contrasimilarity, and How to Compute Them
+
+*Coupled similarity* and *contrasimilarity* are nice semantic equivalences for systems with internal behavior.
+This repository contains an [Isabelle2](https://isabelle.in.tum.de/index.html) formalization for the two with a focus
+on game characterizations. The theory accompanies the publications [“Computing Coupled Similarity”](https://doi.org/10.1007/978-3-030-17462-0_14)
+(Bisping & Nestmann, TACAS 2019) and [“A Game Characterization for Contrasimilarity”](https://doi.org/10.4204/EPTCS.339.5)
+(Bisping & Montanari, EXPRESS/SOS 2021).
+
+- Document: <https://luisamontanari.github.io/ContrasimGame/Unsorted/Coupledsim_Contrasim/document.pdf>
+- Browsable theory: <https://luisamontanari.github.io/ContrasimGame/Unsorted/Coupledsim_Contrasim/index.html>
+
+## Authors
+
+- [Benjamin Bisping](https://github.com/benkeks) | <https://bbisping.de>
+- [Luisa Montanari](https://github.com/luisamontanari)
+
+## Abstract
+
+We survey and extend characterizations of *coupled similarity* and *contrasimilarity* and prove properties relevant
+for algorithms computing their simulation preorders and equivalences.
+
+Coupled similarity and contrasimilarity are two weak forms of bisimilarity for systems with internal behavior.
+They have outstanding applications in contexts where internal choices must transparently be
+distributed in time or space, for example, in process calculi encodings or in action refinements.
+
+Our key contribution is to characterize the coupled simulation and contrasimulation preorders by *reachability games*.
+We also show how preexisting definitions coincide and that they can be reformulated using *coupled delay simulations*.
+We moreover verify a polynomial-time coinductive fixed-point algorithm computing the coupled simulation preorder.
+Through reduction proofs, we establish that deciding coupled similarity is at least as complex as computing weak similarity;
+and that contrasimilarity checking is at least as hard as trace inclusion checking.
diff --git a/thys/Coupledsim_Contrasim/ROOT b/thys/Coupledsim_Contrasim/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/ROOT
@@ -0,0 +1,23 @@
+chapter AFP
+
+session "Coupledsim_Contrasim" = "HOL-Library" +
+options [ timeout = 600 ]
+theories
+ Transition_Systems
+ Weak_Transition_Systems
+ Simple_Game
+ Strong_Relations
+ Weak_Relations
+ Contrasimulation
+ Coupled_Simulation
+ Coupledsim_Game_Delay
+ Coupledsim_Fixpoint_Algo_Delay
+ Contrasim_Word_Game
+ Contrasim_Set_Game
+ HM_Logic_Infinitary
+ Weak_HML_Contrasimulation
+ Tau_Sinks
+document_files
+ "root.tex"
+ "root.bib"
+ "splncs04.bst"
diff --git a/thys/Coupledsim_Contrasim/Simple_Game.thy b/thys/Coupledsim_Contrasim/Simple_Game.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Simple_Game.thy
@@ -0,0 +1,128 @@
+subsection \<open>Simple Games\<close>
+
+theory Simple_Game
+imports
+ Main
+begin
+
+text \<open>Simple games are games where player0 wins all infinite plays.\<close>
+locale simple_game =
+fixes
+ game_move :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<longmapsto>\<heartsuit> _" [70, 70] 80) and
+ player0_position :: \<open>'s \<Rightarrow> bool\<close>
+begin
+
+abbreviation player1_position :: \<open>'s \<Rightarrow> bool\<close>
+ where \<open>player1_position s \<equiv> \<not> player0_position s\<close>
+
+\<comment>\<open>Plays (to be precise: play prefixes) are lists.
+ We model them with the most recent move at the beginning.
+ (For our purpose it's enough to consider finite plays.)\<close>
+type_synonym ('s2) play = \<open>'s2 list\<close>
+type_synonym ('s2) strategy = \<open>'s2 play \<Rightarrow> 's2\<close>
+type_synonym ('s2) posstrategy = \<open>'s2 \<Rightarrow> 's2\<close>
+
+definition strategy_from_positional :: \<open>'s posstrategy \<Rightarrow> 's strategy\<close> where
+ \<open>strategy_from_positional pf = (\<lambda> play. pf (hd play))\<close>
+
+inductive_set plays :: \<open>'s \<Rightarrow> 's play set\<close>
+ for initial :: 's where
+ \<open>[initial] \<in> plays initial\<close> |
+ \<open>p#play \<in> plays initial \<Longrightarrow> p \<longmapsto>\<heartsuit> p' \<Longrightarrow> p'#p#play \<in> plays initial\<close>
+
+definition play_continuation :: \<open>'s play \<Rightarrow> 's play \<Rightarrow> bool\<close>
+ where \<open>play_continuation p1 p2 \<equiv> (drop (length p2 - length p1) p2) = p1\<close>
+
+\<comment>\<open>Plays for a given player 0 strategy\<close>
+inductive_set plays_for_0strategy :: \<open>'s strategy \<Rightarrow> 's \<Rightarrow> 's play set\<close>
+ for f initial where
+ init: \<open>[initial] \<in> plays_for_0strategy f initial\<close> |
+ p0move:
+ \<open>n0#play \<in> plays_for_0strategy f initial \<Longrightarrow> player0_position n0 \<Longrightarrow> n0 \<longmapsto>\<heartsuit> f (n0#play)
+ \<Longrightarrow> (f (n0#play))#n0#play \<in> plays_for_0strategy f initial\<close> |
+ p1move:
+ \<open>n1#play \<in> plays_for_0strategy f initial \<Longrightarrow> player1_position n1 \<Longrightarrow> n1 \<longmapsto>\<heartsuit> n1'
+ \<Longrightarrow> n1'#n1#play \<in> plays_for_0strategy f initial\<close>
+
+lemma strategy0_step:
+ assumes
+ \<open>n0 # n1 # rest \<in> plays_for_0strategy f initial\<close>
+ \<open>player0_position n1\<close>
+ shows
+ \<open>f (n1 # rest) = n0\<close>
+ using assms
+ by (induct rule: plays_for_0strategy.cases, auto)
+
+\<comment>\<open>Plays for a given player 1 strategy\<close>
+inductive_set plays_for_1strategy :: \<open>'s strategy \<Rightarrow> 's \<Rightarrow> 's play set\<close>
+ for f initial where
+ init: \<open>[initial] \<in> plays_for_1strategy f initial\<close> |
+ p0move:
+ \<open>n0#play \<in> plays_for_1strategy f initial \<Longrightarrow> player0_position n0 \<Longrightarrow> n0 \<longmapsto>\<heartsuit> n0'
+ \<Longrightarrow> n0'#n0#play \<in> plays_for_1strategy f initial\<close> |
+ p1move:
+ \<open>n1#play \<in> plays_for_1strategy f initial \<Longrightarrow> player1_position n1 \<Longrightarrow> n1 \<longmapsto>\<heartsuit> f (n1#play)
+ \<Longrightarrow> (f (n1#play))#n1#play \<in> plays_for_1strategy f initial\<close>
+
+definition positional_strategy :: \<open>'s strategy \<Rightarrow> bool\<close> where
+ \<open>positional_strategy f \<equiv> \<forall>r1 r2 n. f (n # r1) = f (n # r2)\<close>
+
+text \<open>A strategy is sound if it only decides on enabled transitions.\<close>
+definition sound_0strategy :: \<open>'s strategy \<Rightarrow> 's \<Rightarrow> bool\<close> where
+ \<open>sound_0strategy f initial \<equiv>
+ \<forall> n0 play .
+ n0#play \<in> plays_for_0strategy f initial \<and>
+ player0_position n0 \<longrightarrow> n0 \<longmapsto>\<heartsuit> f (n0#play)\<close>
+
+definition sound_1strategy :: \<open>'s strategy \<Rightarrow> 's \<Rightarrow> bool\<close> where
+ \<open>sound_1strategy f initial \<equiv>
+ \<forall> n1 play .
+ n1#play \<in> plays_for_1strategy f initial \<and>
+ player1_position n1 \<longrightarrow> n1 \<longmapsto>\<heartsuit> f (n1#play)\<close>
+
+lemma strategy0_plays_subset:
+ assumes \<open>play \<in> plays_for_0strategy f initial\<close>
+ shows \<open>play \<in> plays initial\<close>
+ using assms by (induct rule: plays_for_0strategy.induct, auto simp add: plays.intros)
+lemma strategy1_plays_subset:
+ assumes \<open>play \<in> plays_for_1strategy f initial\<close>
+ shows \<open>play \<in> plays initial\<close>
+ using assms by (induct rule: plays_for_1strategy.induct, auto simp add: plays.intros)
+
+lemma no_empty_plays:
+ assumes \<open>[] \<in> plays initial\<close>
+ shows \<open>False\<close>
+ using assms plays.cases by blast
+
+text \<open>Player1 wins a play if the play has reached a deadlock where it's player0's turn\<close>
+
+definition player1_wins_immediately :: \<open>'s play \<Rightarrow> bool\<close> where
+ \<open>player1_wins_immediately play \<equiv> player0_position (hd play) \<and> (\<nexists> p' . (hd play) \<longmapsto>\<heartsuit> p')\<close>
+
+definition player0_winning_strategy :: \<open>'s strategy \<Rightarrow> 's \<Rightarrow> bool\<close> where
+ \<open>player0_winning_strategy f initial \<equiv> (\<forall> play \<in> plays_for_0strategy f initial.
+ \<not> player1_wins_immediately play)\<close>
+
+definition player0_wins :: \<open>'s \<Rightarrow> bool\<close> where
+ \<open>player0_wins s \<equiv> (\<exists> f . player0_winning_strategy f s \<and> sound_0strategy f s)\<close>
+
+lemma stuck_player0_win:
+ assumes \<open>player1_position initial\<close> \<open>(\<nexists> p' . initial \<longmapsto>\<heartsuit> p')\<close>
+ shows \<open>player0_wins initial\<close>
+proof -
+ have \<open>\<And>pl. pl \<in> plays initial \<Longrightarrow> pl = [initial]\<close>
+ proof -
+ fix pl
+ assume \<open>pl \<in> plays initial\<close>
+ thus \<open>pl = [initial]\<close> using assms(2) by (induct, auto)
+ qed
+ thus ?thesis using assms(1)
+ by (metis list.sel(1) player0_winning_strategy_def player0_wins_def player1_wins_immediately_def
+ sound_0strategy_def strategy0_plays_subset)
+qed
+
+definition player0_wins_immediately :: \<open>'s play \<Rightarrow> bool\<close> where
+ \<open>player0_wins_immediately play \<equiv> player1_position (hd play) \<and> (\<nexists> p' . (hd play) \<longmapsto>\<heartsuit> p')\<close>
+
+end
+end
diff --git a/thys/Coupledsim_Contrasim/Strong_Relations.thy b/thys/Coupledsim_Contrasim/Strong_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Strong_Relations.thy
@@ -0,0 +1,39 @@
+section \<open>Notions of Equivalence\<close>
+
+subsection \<open>Strong Simulation and Bisimulation\<close>
+
+theory Strong_Relations
+ imports Transition_Systems
+begin
+
+context lts
+begin
+
+definition simulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>simulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists> q'. R p' q' \<and> (q \<longmapsto>a q')))\<close>
+
+definition bisimulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>bisimulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists> q'. R p' q' \<and> (q \<longmapsto>a q'))) \<and>
+ (\<forall> q' a. q \<longmapsto>a q' \<longrightarrow>
+ (\<exists> p'. R p' q' \<and> (p \<longmapsto>a p')))\<close>
+
+lemma bisim_ruleformat:
+ assumes \<open>bisimulation R\<close>
+ and \<open>R p q\<close>
+ shows
+ \<open>p \<longmapsto>a p' \<Longrightarrow> (\<exists> q'. R p' q' \<and> (q \<longmapsto>a q'))\<close>
+ \<open>q \<longmapsto>a q' \<Longrightarrow> (\<exists> p'. R p' q' \<and> (p \<longmapsto>a p'))\<close>
+ using assms unfolding bisimulation_def by auto
+
+end \<comment>\<open>context lts\<close>
+
+end
+
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/Tau_Sinks.thy b/thys/Coupledsim_Contrasim/Tau_Sinks.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Tau_Sinks.thy
@@ -0,0 +1,620 @@
+section \<open>Reductions and \<open>\<tau>\<close>-sinks\<close>
+
+text \<open>
+ Checking trace inclusion can be reduced to contrasimulation checking,
+ as can weak simulation checking to coupled simulation checking.
+ The trick is to add a \<open>\<tau>\<close>-sink to the transition system, that is, a state that is reachable
+ by \<open>\<tau>\<close>-steps from every other state, and cannot be left.
+ An illustration of such an extension is given in Figure~\ref{fig:sink-illustration}.
+ Intuitively, the extension means that the model is allowed to just stop progressing at any point.
+
+ We here prove that, on systems with a \<open>\<tau>\<close>-sink, weak similarity equals coupled similarity and
+ weak trace inclusion equals contrasimilarity.
+ We also prove that adding a \<open>\<tau>\<close>-sink to a system does not change weak similarity nor weak trace
+ inclusion relationships within the system.
+ As adding the \<open>\<tau>\<close>-sink only has negligible effect on the system sizes, these facts establish the
+ reducibility relationships.
+\<close>
+
+text_raw \<open>
+ \begin{figure}
+ \centering
+ \begin{tikzpicture}[scale=1, auto]
+
+ \node (p0) [circle, draw=black] at (0,0) {};
+ \node (p1) [circle, draw=black, below right= 1cm of p0] {};
+ \node (p2) [circle, draw=black, below left= 1.5cm and 2mm of p1] {};
+ \node (p3) [circle, draw=black, above left= 1cm of p2] {};
+ %\node (p5) [circle, draw=black, below left= 5mm and 8mm of p0] {};
+
+ \node (bot) [circle, draw= red, right= 2cm of p1] {\Large$\color{red}{\bot}$};
+
+ \path[->]
+ (p0) edge[swap, bend left = 15] node {} (p1)
+ (p0) edge[swap, bend right = 15] node {} (p3)
+ (p1) edge[bend left = 15] node {} (p2)
+ (p2) edge[loop below] node {} (p2)
+ (p3) edge[bend left = 15] node {} (p1)
+ (p3) edge[bend right = 15] node {} (p2)
+ (p1) edge[bend left = 15] node {} (p3)
+ ;
+
+ %Contrasim_ undirected
+ \path[->, draw=red, every node/.style={color=red}]
+ (p0) edge[bend left = 25] node {$\tau$} (bot)
+ (p1) edge[bend left = 10] node {$\tau$} (bot)
+ (p2) edge[swap,bend right = 25] node {$\tau$} (bot)
+ (p3) edge[bend right = 0, out = -35, in=-168] node {$\tau$} (bot)
+ (bot) edge[loop below] node {$\tau$} (bot)
+ ;
+ ;
+ \end{tikzpicture}
+ \caption{Example of a $\tau$-sink extension with the original transition system in black and
+ the extension in red.}
+ \label{fig:sink-illustration}
+ \end{figure}
+\<close>
+
+theory Tau_Sinks
+imports
+ Coupled_Simulation
+begin
+
+subsection \<open>\<open>\<tau>\<close>-Sink Properties\<close>
+
+context lts_tau
+begin
+
+definition tau_sink ::
+ \<open>'s \<Rightarrow> bool\<close>
+where
+ \<open>tau_sink p \<equiv>
+ (\<forall>a p'. p \<longmapsto>a p' \<longrightarrow> a = \<tau> \<and> p = p') \<and>
+ (\<forall>p0. p0 \<longmapsto>\<tau> p)\<close>
+
+text \<open>The tau sink is a supremum for the weak transition relation.\<close>
+
+lemma tau_sink_maximal:
+ assumes \<open>tau_sink sink\<close>
+ shows
+ \<open>tau_max sink\<close>
+ \<open>(p \<longmapsto>* tau sink)\<close>
+ using assms steps_loop step_weak_step_tau tau_tau unfolding tau_sink_def by metis+
+
+lemma sink_has_no_word_transitions:
+ assumes
+ \<open>tau_sink sink\<close>
+ \<open>A \<noteq> []\<close>
+ \<open>\<forall> a \<in> set(A). a \<noteq> \<tau>\<close>
+ shows \<open>\<nexists>s'. sink \<Rightarrow>$A s'\<close>
+proof -
+ obtain a where \<open>\<exists>B. A = a#B\<close> using assms(2) list.exhaust_sel by auto
+ hence \<open>\<nexists>s' . sink \<Rightarrow>^a s'\<close>
+ by (metis assms(1,3) list.set_intros(1) lts_tau.tau_def steps_loop tau_sink_def)
+ thus ?thesis using \<open>\<exists>B. A = a#B\<close> by fastforce
+qed
+
+subsection \<open>Contrasimulation Equals Weak Simulation on \<open>\<tau>\<close>-Sink Systems\<close>
+
+lemma sink_coupled_simulates_all_states:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ shows
+ \<open>sink \<sqsubseteq>cs p\<close>
+ by (simp add: assms coupledsim_refl coupledsim_step)
+
+theorem coupledsim_weaksim_equiv_on_sink_expansion:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ shows
+ \<open>p \<sqsubseteq>ws q \<longleftrightarrow> p \<sqsubseteq>cs q\<close>
+ using assms
+ using coupled_simulation_weak_simulation weak_sim_tau_step weaksim_greatest by auto
+
+subsection \<open>Contrasimulation Equals Weak Trace Inclusion on \<open>\<tau>\<close>-Sink Systems\<close>
+
+lemma sink_contrasimulates_all_states:
+fixes A :: " 'a list"
+ assumes
+ \<open>tau_sink sink\<close>
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ shows
+ \<open>\<forall> p. sink \<sqsubseteq>c p\<close>
+proof (cases A)
+ case Nil
+ hence empty_word: \<open>sink \<Rightarrow>$A sink\<close> by (simp add: steps.refl)
+ have \<open>\<forall>p. p \<Rightarrow>$A sink\<close> using assms(2) Nil by auto
+ have \<open>sink \<sqsubseteq>c sink\<close> using contrasim_tau_step empty_word Nil by auto
+ show ?thesis using assms(2) contrasim_tau_step by auto
+next
+ case Cons
+ hence \<open>\<nexists>s'. (\<forall> a \<in> set(A). a \<noteq> \<tau>) \<and> sink \<Rightarrow>$A s'\<close>
+ using assms(1) sink_has_no_word_transitions by fastforce
+ show ?thesis using assms(2) contrasim_tau_step by auto
+qed
+
+lemma sink_trace_includes_all_states:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ shows
+ \<open>sink \<sqsubseteq>T p\<close>
+ by (metis assms contrasim_tau_step lts_tau.contrasim_implies_trace_incl)
+
+lemma trace_incl_with_sink_is_contrasim:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ \<open>\<And> p . R sink p\<close>
+ \<open>trace_inclusion R\<close>
+ shows
+ \<open>contrasimulation R\<close>
+ unfolding contrasimulation_def
+proof clarify
+ fix p q p' A
+ assume \<open>R p q\<close> \<open>p \<Rightarrow>$A p'\<close> \<open>\<forall> a \<in> set(A). a \<noteq> \<tau>\<close>
+ hence \<open>\<exists>q'. q \<Rightarrow>$A q'\<close>
+ using assms(3) unfolding trace_inclusion_def by blast
+ hence \<open>q \<Rightarrow>$A sink\<close>
+ using assms(1) tau_tau word_tau_concat by blast
+ thus \<open>\<exists>q'. q \<Rightarrow>$ A q' \<and> R q' p'\<close>
+ using assms(2) by auto
+qed
+
+theorem contrasim_trace_incl_equiv_on_sink_expansion_R:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ \<open>\<And> p . R sink p\<close>
+ shows
+ \<open>contrasimulation R = trace_inclusion R\<close>
+proof
+ assume \<open>contrasimulation R\<close>
+ thus \<open>trace_inclusion R\<close> by (simp add: contrasim_implies_trace_incl)
+next
+ assume \<open>trace_inclusion R\<close>
+ thus \<open>contrasimulation R\<close> by (meson assms lts_tau.trace_incl_with_sink_is_contrasim)
+qed
+
+theorem contrasim_trace_incl_equiv_on_sink_expansion:
+ assumes
+ \<open>\<And> p . (p \<longmapsto>* tau sink)\<close>
+ shows
+ \<open>p \<sqsubseteq>T q \<longleftrightarrow> p \<sqsubseteq>c q\<close>
+ using assms weak_trace_inlcusion_greatest
+ contrasim_tau_step contrasim_trace_incl_equiv_on_sink_expansion_R contrasim_implies_trace_incl
+ by (metis (no_types, lifting))
+
+end
+
+subsection \<open>Weak Simulation Invariant under \<open>\<tau>\<close>-Sink Extension\<close>
+
+lemma simulation_tau_sink_1:
+ fixes
+ step sink R \<tau>
+ defines
+ \<open>step2 \<equiv> \<lambda> p1 a p2 . (p1 \<noteq> sink \<and> a = \<tau> \<and> p2 = sink) \<or> step p1 a p2\<close>
+ assumes
+ \<open>\<And> a p . \<not> step sink a p\<close>
+ \<open>lts_tau.weak_simulation step \<tau> R\<close>
+ shows
+ \<open>lts_tau.weak_simulation step2 \<tau> (\<lambda> p q. p = sink \<or> R p q)\<close>
+proof -
+ let ?tau = \<open>(lts_tau.tau \<tau>)\<close>
+ let ?tauEx = \<open>\<tau>\<close>
+ show ?thesis unfolding lts_tau.weak_simulation_def
+ proof safe
+ fix p q p' a
+ assume \<open>step2 sink a p'\<close>
+ hence \<open>p' = sink\<close> \<open>a = \<tau>\<close>
+ using assms(2) unfolding step2_def by auto
+ thus \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> lts.steps step2 q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. lts.steps step2 q ?tau pq1 \<and> step2 pq1 a pq2
+ \<and> lts.steps step2 pq2 ?tau q'))\<close>
+ using lts_tau.step_tau_refl[of \<tau> step2 q] by auto
+ next
+ fix p q p' a
+ assume \<open>step2 p a p'\<close> \<open>R p q\<close>
+ have step_impl_step2: \<open>\<And> p1 a p2 . step p1 a p2 \<Longrightarrow> step2 p1 a p2\<close>
+ unfolding step2_def by blast
+ have \<open>(p \<noteq> sink \<and> a = ?tauEx \<and> p' = sink) \<or> step p a p'\<close>
+ using `step2 p a p'` unfolding step2_def .
+ thus \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> lts.steps step2 q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. lts.steps step2 q ?tau pq1 \<and> step2 pq1 a pq2
+ \<and> lts.steps step2 pq2 ?tau q'))\<close>
+ proof safe
+ show \<open>\<exists>q'. (sink = sink \<or> R sink q') \<and>
+ (?tau ?tauEx \<longrightarrow> lts.steps step2 q ?tau q') \<and>
+ (\<not> ?tau ?tauEx \<longrightarrow> (\<exists>pq1 pq2. lts.steps step2 q ?tau pq1
+ \<and> step2 pq1 ?tauEx pq2 \<and> lts.steps step2 pq2 ?tau q'))\<close>
+ using lts.steps.refl[of step2 q ?tau] assms(1) by (meson lts_tau.tau_tau)
+ next
+ assume \<open>step p a p'\<close>
+ then obtain q' where q'_def:
+ \<open>R p' q' \<and>
+ (?tau a \<longrightarrow> lts.steps step q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. lts.steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> lts.steps step pq2 ?tau q'))\<close>
+ using assms(3) `R p q` unfolding lts_tau.weak_simulation_def by blast
+ hence \<open>(p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> lts.steps step2 q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. lts.steps step2 q ?tau pq1 \<and> step2 pq1 a pq2
+ \<and> lts.steps step2 pq2 ?tau q'))\<close>
+ using lts_impl_steps[of step _ _ _ step2] step_impl_step2 by blast
+ thus \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> lts.steps step2 q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. lts.steps step2 q ?tau pq1 \<and> step2 pq1 a pq2
+ \<and> lts.steps step2 pq2 ?tau q'))\<close>
+ by blast
+ qed
+ qed
+qed
+
+lemma simulation_tau_sink_2:
+ fixes
+ step sink R \<tau>
+ defines
+ \<open>step2 \<equiv> \<lambda> p1 a p2 . (p1 \<noteq> sink \<and> a = \<tau> \<and> p2 = sink) \<or> step p1 a p2\<close>
+ assumes
+ \<open>\<And> a p . \<not> step sink a p \<and> \<not> step p a sink\<close>
+ \<open>lts_tau.weak_simulation step2 \<tau> (\<lambda> p q. p = sink \<or> R p q)\<close>
+ \<open>\<And> p' q' q . (p' = sink \<or> R p' q')
+ \<and> lts.steps step2 q (lts_tau.tau \<tau>) q' \<longrightarrow> (p' = sink \<or> R p' q)\<close>
+ shows
+ \<open>lts_tau.weak_simulation step \<tau> (\<lambda> p q. p = sink \<or> R p q)\<close>
+proof -
+ let ?tau = \<open>(lts_tau.tau \<tau>)\<close>
+ let ?tauEx = \<open>\<tau>\<close>
+ let ?steps = \<open>lts.steps\<close>
+ show ?thesis
+ unfolding lts_tau.weak_simulation_def
+ proof safe
+ fix p q p' a
+ assume
+ \<open>step sink a p'\<close>
+ hence False using assms(2) by blast
+ thus \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> ?steps step q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q'))\<close> ..
+ next
+ fix p q p' a
+ assume \<open>R p q\<close> \<open>step p a p'\<close>
+ hence not_sink: \<open>p \<noteq> sink\<close> \<open>p' \<noteq> sink\<close>
+ using assms(2)[of a p] assms(2)[of a p'] by auto
+ have \<open>step2 p a p'\<close> using `step p a p'` unfolding step2_def by blast
+ then obtain q' where q'_def:
+ \<open>p' = sink \<or> R p' q'\<close>
+ \<open>?tau a \<longrightarrow> ?steps step2 q ?tau q'\<close>
+ \<open>\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step2 q ?tau pq1 \<and> step2 pq1 a pq2
+ \<and> ?steps step2 pq2 ?tau q')\<close>
+ using assms(3) `R p q` unfolding lts_tau.weak_simulation_def by blast
+ hence outer_goal_a: \<open>R p' q'\<close> using not_sink by blast
+ show \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and>
+ (?tau a \<longrightarrow> ?steps step q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q'))\<close>
+ proof (cases \<open>q' = sink\<close>)
+ assume \<open>q' = sink\<close>
+ then obtain q'' where q''_def:
+ \<open>?tau a \<longrightarrow> (?steps step q ?tau q'' \<and> ?steps step2 q'' ?tau q')\<close>
+ \<open>\<not> ?tau a \<longrightarrow> (\<exists>pq1. ?steps step2 q ?tau pq1 \<and> step pq1 a q''
+ \<and> ?steps step2 q'' ?tau q')\<close>
+ using q'_def(2,3) assms(1) step2_def lts_tau.step_tau_refl[of \<tau>]
+ lts_tau.tau_tau[of \<tau>] by metis
+ hence \<open>q'' = sink \<longrightarrow> q = sink\<close>
+ using assms(2) unfolding step2_def by (metis lts.steps.cases)
+ have \<open>?steps step2 q'' ?tau q'\<close> using q''_def by auto
+ hence \<open>p' = sink \<or> R p' q''\<close> using q'_def(1) assms(4)[of p' q' q''] by blast
+ moreover have \<open>\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q'')\<close>
+ proof
+ assume \<open>\<not> ?tau a\<close>
+ hence \<open>q \<noteq> sink\<close> using q'_def by (metis assms(2) lts.steps_left step2_def)
+ hence \<open>q'' \<noteq> sink\<close> using `q'' = sink \<longrightarrow> q = sink` by simp
+ obtain pq1 where pq1_def:
+ \<open>?steps step2 q ?tau pq1\<close> \<open>step pq1 a q''\<close> \<open>?steps step2 q'' ?tau q'\<close>
+ using q''_def(2) `\<not> ?tau a` by blast
+ hence \<open>pq1 \<noteq> sink\<close> using `q'' \<noteq> sink` assms(2) by blast
+ hence \<open>?steps step q ?tau pq1\<close> using `q \<noteq> sink` `?steps step2 q ?tau pq1`
+ proof (induct rule: lts.steps.induct[OF `?steps step2 q ?tau pq1`])
+ case (1 p af)
+ then show ?case using lts.steps.refl[of step p af] by blast
+ next
+ case (2 p af q1 a q)
+ hence \<open>q1 \<noteq> sink\<close> \<open>step q1 a q\<close> using assms(2) unfolding step2_def by auto
+ moreover hence \<open>?steps step p af q1\<close> using 2 by blast
+ ultimately show ?case using 2(4) by (meson lts.step)
+ qed
+ thus
+ \<open>\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2 \<and> ?steps step pq2 ?tau q''\<close>
+ using pq1_def(2) lts.steps.refl[of step q'' ?tau] by blast
+ qed
+ ultimately show \<open>\<exists>q''. (p' = sink \<or> R p' q'') \<and>
+ (?tau a \<longrightarrow> ?steps step q ?tau q'') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q''))\<close>
+ using q''_def(1) q'_def(1) by auto
+ next
+ assume not_sink_q': \<open>q' \<noteq> sink\<close>
+ have outer_goal_b: \<open>?tau a \<longrightarrow> ?steps step q ?tau q'\<close>
+ using q'_def(2) not_sink_q' unfolding step2_def
+ proof (safe)
+ assume i:
+ \<open>q' \<noteq> sink\<close> \<open>?tau a\<close>
+ \<open>?steps (\<lambda>p1 a p2. p1 \<noteq> sink \<and> a = ?tauEx \<and> p2 = sink \<or> step p1 a p2) q ?tau q'\<close>
+ thus \<open>?steps step q ?tau q'\<close>
+ proof (induct rule: lts.steps.induct[OF i(3)])
+ case (1 p af)
+ then show ?case using lts.steps.refl[of _ p af] by auto
+ next
+ case (2 p af q1 a q)
+ hence \<open>step q1 a q\<close> by blast
+ moreover have \<open>?steps step p af q1\<close> using 2 assms(2) by blast
+ ultimately show ?case using `af a` lts.step[of step p af q1 a q] by blast
+ qed
+ qed
+ have outer_goal_c:
+ \<open>\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q')\<close>
+ using q'_def(3)
+ proof safe
+ fix pq1 pq2
+ assume subassms:
+ \<open>\<not> ?tau a\<close>
+ \<open>?steps step2 q ?tau pq1\<close>
+ \<open>step2 pq1 a pq2\<close>
+ \<open>?steps step2 pq2 ?tau q'\<close>
+ have \<open>pq2 \<noteq> sink\<close>
+ using subassms(4) assms(2) not_sink_q' lts.steps_loop
+ unfolding step2_def by (metis (mono_tags, lifting))
+ have goal_c: \<open>?steps step pq2 ?tau q'\<close>
+ using subassms(4) not_sink_q' unfolding step2_def
+ proof (induct rule:lts.steps.induct[OF subassms(4)])
+ case (1 p af) show ?case using lts.steps.refl by assumption
+ next
+ case (2 p af q1 a q)
+ hence \<open>step q1 a q\<close> unfolding step2_def by simp
+ moreover hence \<open>q1 \<noteq> sink\<close> using assms(2) by blast
+ ultimately have \<open>?steps step p af q1\<close> using 2 unfolding step2_def by auto
+ thus ?case using `step q1 a q` 2(4) lts.step[of step p af q1 a q] by blast
+ qed
+ have goal_b: \<open>step pq1 a pq2\<close>
+ using `pq2 \<noteq> sink` subassms(3) unfolding step2_def by blast
+ hence \<open>pq1 \<noteq> sink\<close> using assms(2) by blast
+ hence goal_a: \<open>?steps step q ?tau pq1\<close>
+ using subassms(4) unfolding step2_def
+ proof (induct rule:lts.steps.induct[OF subassms(2)])
+ case (1 p af) show ?case using lts.steps.refl by assumption
+ next
+ case (2 p af q1 a q)
+ hence \<open>step q1 a q\<close> unfolding step2_def by simp
+ moreover hence \<open>q1 \<noteq> sink\<close> using assms(2) by blast
+ ultimately have \<open>?steps step p af q1\<close> using 2 unfolding step2_def by auto
+ thus ?case using `step q1 a q` 2(4) lts.step[of step p af q1 a q] by blast
+ qed
+ thus
+ \<open>\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2 \<and> ?steps step pq2 ?tau q'\<close>
+ using goal_b goal_c by auto
+ qed
+ thus \<open>\<exists>q'. (p' = sink \<or> R p' q') \<and> (?tau a \<longrightarrow> ?steps step q ?tau q') \<and>
+ (\<not> ?tau a \<longrightarrow> (\<exists>pq1 pq2. ?steps step q ?tau pq1 \<and> step pq1 a pq2
+ \<and> ?steps step pq2 ?tau q'))\<close>
+ using outer_goal_a outer_goal_b by auto
+ qed
+ qed
+qed
+
+lemma simulation_sink_invariant:
+ fixes
+ step sink R \<tau>
+ defines
+ \<open>step2 \<equiv> \<lambda> p1 a p2 . (p1 \<noteq> sink \<and> a = \<tau> \<and> p2 = sink) \<or> step p1 a p2\<close>
+ assumes
+ \<open>\<And> a p . \<not> step sink a p \<and> \<not> step p a sink\<close>
+ shows \<open>lts_tau.weakly_simulated_by step2 \<tau> p q = lts_tau.weakly_simulated_by step \<tau> p q\<close>
+proof (rule)
+ have sink_sim_min: \<open>lts_tau.weak_simulation step2 \<tau> (\<lambda> p q. p = sink)\<close>
+ unfolding lts_tau.weak_simulation_def step2_def using assms(2)
+ by (meson lts.steps.simps)
+ define R where \<open>R \<equiv> lts_tau.weakly_simulated_by step2 \<tau>\<close>
+ have weak_sim_R: \<open>lts_tau.weak_simulation step2 \<tau> R\<close>
+ using lts_tau.weaksim_greatest[of step2 \<tau>] unfolding R_def by blast
+ have R_contains_inv_tau_closure:
+ \<open>R = (\<lambda>p1 q1. R p1 q1 \<or> lts.steps step2 q1 (lts_tau.tau \<tau>) p1)\<close>
+ unfolding R_def using lts_tau.weak_sim_tau_step by fastforce
+ assume Rpq: \<open>R p q\<close>
+ have \<open>\<And> p' q' q . R p' q' \<and> lts.steps step2 q (lts_tau.tau \<tau>) q' \<longrightarrow> R p' q\<close>
+ using R_contains_inv_tau_closure lts_tau.weak_sim_trans[of step2 \<open>\<tau>\<close> _ _ _] R_def assms(2)
+ by meson
+ hence closed_R:
+ \<open>\<And> p' q' q . (p' = sink \<or> R p' q') \<and> lts.steps step2 q (lts_tau.tau \<tau>) q'
+ \<longrightarrow> (p' = sink \<or> R p' q)\<close>
+ using weak_sim_R sink_sim_min lts_tau.weak_sim_union_cl by blast
+ have \<open>lts_tau.weak_simulation step2 \<tau> (\<lambda>p q. p = sink \<or> R p q)\<close>
+ using weak_sim_R sink_sim_min lts_tau.weak_sim_union_cl[of step2 \<tau>] by blast
+ hence \<open>lts_tau.weak_simulation step \<tau> (\<lambda>p q. p = sink \<or> R p q)\<close>
+ using simulation_tau_sink_2[of step sink \<tau> R] assms(2) closed_R
+ unfolding step2_def by blast
+ thus \<open>\<exists>R. lts_tau.weak_simulation step \<tau> R \<and> R p q\<close>
+ using Rpq weak_sim_R by blast
+next
+ show \<open>\<exists>R. lts_tau.weak_simulation step \<tau> R \<and> R p q \<Longrightarrow>
+ \<exists>R. lts_tau.weak_simulation step2 \<tau> R \<and> R p q\<close>
+ proof clarify
+ fix R
+ assume
+ \<open>lts_tau.weak_simulation step \<tau> R\<close>
+ \<open>R p q\<close>
+ hence \<open>lts_tau.weak_simulation
+ (\<lambda>p1 a p2. p1 \<noteq> sink \<and> a = \<tau> \<and> p2 = sink \<or> step p1 a p2) \<tau> (\<lambda>p q. p = sink \<or> R p q)\<close>
+ using simulation_tau_sink_1[of step sink \<tau> R] assms(2) unfolding step2_def by auto
+ thus \<open>\<exists>R. lts_tau.weak_simulation step2 \<tau> R \<and> R p q\<close>
+ using `R p q` unfolding step2_def by blast
+ qed
+qed
+
+subsection \<open>Trace Inclusion Invariant under \<open>\<tau>\<close>-Sink Extension\<close>
+
+lemma trace_inclusion_sink_invariant:
+ fixes
+ step sink R \<tau>
+ defines
+ \<open>step2 \<equiv> \<lambda> p1 a p2 . (p1 \<noteq> sink \<and> a = \<tau> \<and> p2 = sink) \<or> step p1 a p2\<close>
+ assumes
+ \<open>\<And> a p . \<not> step sink a p \<and> \<not> step p a sink\<close>
+ shows
+ \<open>lts_tau.weakly_trace_included_by step2 \<tau> p q
+ = lts_tau.weakly_trace_included_by step \<tau> p q\<close>
+proof -
+ let ?tau = \<open>(lts_tau.tau \<tau>)\<close>
+ let ?weak_step = \<open>lts_tau.weak_step_tau step \<tau>\<close>
+ let ?weak_step2 = \<open>lts_tau.weak_step_tau step2 \<tau>\<close>
+ let ?weak_seq = \<open>lts_tau.weak_step_seq step \<tau>\<close>
+ let ?weak_seq2 = \<open>lts_tau.weak_step_seq step2 \<tau>\<close>
+ {
+ fix A
+ have \<open>\<forall>p p'. (\<forall> a \<in> set(A). a \<noteq> \<tau>)
+ \<and> ?weak_seq2 p A p'
+ \<longrightarrow> (\<exists>p''. ?weak_seq p A p''
+ \<and> ?weak_step2 p'' \<tau> p')\<close>
+ proof(clarify, induct A rule: rev_induct)
+ case Nil
+ hence \<open>?weak_step p \<tau> p\<close>
+ using lts_tau.step_tau_refl by fastforce
+ thus ?case
+ by (metis Nil.prems(2) lts_tau.tau_tau lts_tau.weak_step_seq.simps(1))
+ next
+ case (snoc a A)
+ hence not_in_set: \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close> by force
+ then obtain p01 where
+ \<open>?weak_seq2 p A p01\<close> and
+ p01_def2: \<open>?weak_step2 p01 a p'\<close>
+ using snoc by (metis lts_tau.rev_seq_split)
+ then obtain p02 where p02_def:
+ \<open>?weak_seq p A p02\<close>
+ \<open>?weak_step2 p02 \<tau> p01\<close>
+ using snoc.hyps[of p p01] snoc.prems(1) not_in_set by auto
+ hence \<open>?weak_step2 p02 a p'\<close>
+ using p01_def2 lts_tau.step_tau_concat lts_tau.tau_tau
+ by (smt (verit, del_insts))
+ then obtain p03 p04 where
+ tau1: \<open>?weak_step2 p02 \<tau> p03\<close> and
+ a_step2: \<open>step2 p03 a p04\<close> and
+ tau2: \<open>?weak_step2 p04 \<tau> p'\<close>
+ using snoc.prems(1) lts_tau.tau_def
+ by (metis last_in_set snoc_eq_iff_butlast)
+ hence \<open>p04 \<noteq> sink\<close> using assms snoc.prems(1) by force
+ hence a_step: \<open>step p03 a p04\<close> using a_step2 assms by auto
+ have notsinkp03: \<open>p03 \<noteq> sink\<close> using a_step2 assms snoc.prems(1) by force
+ have \<open>lts.steps step2 p02 ?tau p03\<close> using tau1 by (simp add: lts_tau.tau_tau)
+ hence \<open>lts.steps step p02 ?tau p03\<close> using notsinkp03
+ proof (induct rule: lts.steps.induct[OF `lts.steps step2 p02 ?tau p03`])
+ case (1 p A)
+ thus ?case by (simp add: lts.refl)
+ next
+ case (2 p A q1 a q)
+ hence \<open>q1 \<noteq> sink\<close> using assms(2) step2_def by blast
+ thus ?case using 2 lts.step step2_def by metis
+ qed
+ hence \<open>?weak_step p02 \<tau> p03\<close> by (simp add: lts_tau.tau_tau)
+ hence \<open>?weak_step p02 a p04\<close> using a_step
+ by (metis lts.step lts_tau.step_tau_refl lts_tau.tau_tau)
+ hence \<open>?weak_seq p (A@[a]) p04\<close>
+ using lts_tau.rev_seq_step_concat p02_def(1) by fastforce
+ thus ?case using tau2 by auto
+ qed
+ }
+ hence step2_to_step: \<open>\<forall>A p p'. (\<forall> a \<in> set(A). a \<noteq> \<tau>)
+ \<and> ?weak_seq2 p A p'
+ \<longrightarrow> (\<exists>p''. ?weak_seq p A p'')\<close>
+ by fastforce
+
+ have step_to_step2: \<open>\<forall>A p p'. (\<forall> a \<in> set(A). a \<noteq> \<tau>)
+ \<and> ?weak_seq p A p'
+ \<longrightarrow> ?weak_seq2 p A p'\<close>
+ proof
+ fix A
+ show \<open>\<forall>p p'. (\<forall> a \<in> set(A). a \<noteq> \<tau>)
+ \<and> ?weak_seq p A p'
+ \<longrightarrow> ?weak_seq2 p A p'\<close>
+ proof(clarify, induct A rule: list.induct)
+ case Nil
+ assume \<open>?weak_seq p [] p'\<close>
+ hence tau_step: \<open>?weak_step p \<tau> p'\<close>
+ by (simp add: lts_tau.weak_step_seq.simps(1) lts_tau.tau_tau)
+ hence \<open>?weak_step2 p \<tau> p'\<close>
+ using lts_impl_steps step2_def lts_tau.tau_tau by force
+ thus ?case by (simp add: lts_tau.weak_step_seq.simps(1) lts_tau.tau_tau)
+ next
+ case (Cons x xs)
+ then obtain p1 where p1_def: \<open>?weak_step p x p1\<close>
+ \<open>?weak_seq p1 xs p'\<close>
+ by (metis (mono_tags, lifting) lts_tau.weak_step_seq.simps(2))
+ hence IH: \<open>?weak_seq2 p1 xs p'\<close> using Cons by auto
+ then obtain p01 p02 where \<open>?weak_step p \<tau> p01\<close> and
+ strong: \<open>step p01 x p02\<close> and
+ p02_weak: \<open>?weak_step p02 \<tau> p1\<close>
+ using Cons.prems(1) p1_def lts_tau.tau_def by (metis list.set_intros(1))
+ hence tau1: \<open>?weak_step2 p \<tau> p01\<close>
+ using lts_impl_steps step2_def
+ by (smt (verit, best))
+ have \<open>?weak_step2 p02 \<tau> p1\<close>
+ using p02_weak lts_impl_steps step2_def by (smt (verit, best))
+ hence \<open>?weak_step2 p x p1\<close>
+ using tau1 strong step2_def Cons.prems(1) lts_tau.tau_def
+ by (metis list.set_intros(1))
+ thus \<open>?weak_seq2 p (x#xs) p'\<close>
+ using IH lts_tau.weak_step_seq_def[of step2 \<tau>] by auto
+ qed
+ qed
+ show ?thesis
+ proof (rule)
+ assume \<open>\<exists>R. lts_tau.trace_inclusion step2 \<tau> R \<and> R p q\<close>
+ then obtain R where weak_sim_R: \<open>lts_tau.trace_inclusion step2 \<tau> R\<close>
+ and Rpq: \<open>R p q\<close>
+ by blast
+ have \<open>lts_tau.trace_inclusion step \<tau> R\<close>
+ unfolding lts_tau.trace_inclusion_def
+ proof clarify
+ fix p q p' A
+ assume subassms:
+ \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ \<open>R p q\<close>
+ \<open>?weak_seq p A p'\<close>
+ hence \<open>(\<forall>a\<in>set A. a \<noteq> \<tau>) \<and>
+ ?weak_seq2 p A p' \<longrightarrow>
+ (\<exists>q'. ?weak_seq2 q A q')\<close>
+ using weak_sim_R
+ unfolding lts_tau.trace_inclusion_def by simp
+ hence \<open>(\<forall>a\<in>set A. a \<noteq> \<tau>) \<and>
+ ?weak_seq p A p' \<longrightarrow>
+ (\<exists>q'. ?weak_seq q A q')\<close>
+ using step2_to_step step_to_step2
+ by auto
+ thus "\<exists>q'. ?weak_seq q A q'"
+ by (simp add: subassms)
+ qed
+ thus \<open>\<exists>R. lts_tau.trace_inclusion step \<tau> R \<and> R p q\<close>
+ using Rpq by auto
+ next
+ assume \<open>\<exists>R. lts_tau.trace_inclusion step \<tau> R \<and> R p q\<close>
+ then obtain R where weak_sim_R: \<open>lts_tau.trace_inclusion step \<tau> R\<close>
+ and Rpq: \<open>R p q\<close>
+ by blast
+ have \<open>lts_tau.trace_inclusion step2 \<tau> R\<close>
+ unfolding lts_tau.trace_inclusion_def
+ proof clarify
+ fix p q p' A
+ assume subassms:
+ \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ \<open>R p q\<close>
+ \<open>?weak_seq2 p A p'\<close>
+ thus \<open>\<exists>q'. ?weak_seq2 q A q'\<close>
+ using step2_to_step step_to_step2
+ by (metis (full_types) lts_tau.trace_inclusion_def weak_sim_R)
+ qed
+ thus \<open>\<exists>R. lts_tau.trace_inclusion step2 \<tau> R \<and> R p q\<close> using Rpq by auto
+ qed
+qed
+
+end
diff --git a/thys/Coupledsim_Contrasim/Transition_Systems.thy b/thys/Coupledsim_Contrasim/Transition_Systems.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Transition_Systems.thy
@@ -0,0 +1,146 @@
+section \<open>Preliminaries\<close>
+
+subsection \<open>Labeled Transition Systems\<close>
+
+theory Transition_Systems
+ imports Main
+begin
+
+locale lts =
+fixes
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<longmapsto>_ _" [70, 70, 70] 80)
+
+begin
+
+abbreviation step_pred :: \<open>'s \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> 's \<Rightarrow> bool\<close>
+ where
+ \<open>step_pred p af q \<equiv> \<exists> a. af a \<and> trans p a q\<close>
+
+inductive steps :: \<open>'s \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ \<longmapsto>* _ _" [70, 70, 70] 80)
+where
+ refl: \<open>p \<longmapsto>* A p\<close> | step: \<open>p \<longmapsto>* A q1 \<Longrightarrow> q1 \<longmapsto>a q \<Longrightarrow> A a \<Longrightarrow> (p \<longmapsto>* A q)\<close>
+
+lemma steps_one_step:
+ assumes
+ \<open>p \<longmapsto>a p'\<close>
+ \<open>A a\<close>
+ shows
+ \<open>p \<longmapsto>* A p'\<close> using steps.step[of p A p a p'] steps.refl[of p A] assms .
+
+lemma steps_concat:
+ assumes
+ \<open>p' \<longmapsto>* A p''\<close>
+ \<open>p \<longmapsto>* A p'\<close>
+ shows
+ \<open>p \<longmapsto>* A p''\<close> using assms
+proof (induct arbitrary: p)
+ case (refl p'' A p')
+ then show ?case by auto
+next
+ case (step p' A p'' a pp p)
+ hence \<open>p \<longmapsto>* A p''\<close> by simp
+ show ?case using steps.step[OF `p \<longmapsto>* A p''` step(3,4)] .
+qed
+
+lemma steps_left:
+ assumes
+ \<open>p \<noteq> p'\<close>
+ \<open>p \<longmapsto>* A p'\<close>
+ shows
+ \<open>\<exists>p'' a . p \<longmapsto>a p'' \<and> A a \<and> p'' \<longmapsto>* A p'\<close>
+ using assms(1)
+ by (induct rule:steps.induct[OF assms(2)], blast, metis refl steps_concat steps_one_step)
+
+lemma steps_no_step:
+ assumes
+ \<open>\<And> a p' . p \<longmapsto>a p' \<Longrightarrow> \<not>A a\<close>
+ \<open>p \<noteq> p''\<close>
+ \<open>p \<longmapsto>* A p''\<close>
+ shows
+ \<open>False\<close>
+ using steps_left[OF assms(2,3)] assms(1) by blast
+
+lemma steps_no_step_pos:
+ assumes
+ \<open>\<And> a p' . p \<longmapsto>a p' \<Longrightarrow> \<not>A a\<close>
+ \<open>p \<longmapsto>* A p'\<close>
+ shows
+ \<open>p = p'\<close>
+ using assms steps_no_step by blast
+
+lemma steps_loop:
+ assumes
+ \<open>\<And> a p' . p \<longmapsto>a p' \<Longrightarrow> p = p'\<close>
+ \<open>p \<noteq> p''\<close>
+ \<open>p \<longmapsto>* A p''\<close>
+ shows
+ \<open>False\<close>
+ using assms(3,1,2) by (induct, auto)
+
+corollary steps_transp:
+ \<open>transp (\<lambda> p p'. p \<longmapsto>* A p')\<close>
+ using steps_concat unfolding transp_def by blast
+
+lemma steps_spec:
+ assumes
+ \<open>p \<longmapsto>* A' p'\<close>
+ \<open>\<And> a . A' a \<Longrightarrow> A a\<close>
+ shows
+ \<open>p \<longmapsto>* A p'\<close> using assms(1,2)
+proof induct
+ case (refl p)
+ show ?case using steps.refl .
+next
+ case (step p A' pp a pp')
+ hence \<open>p \<longmapsto>* A pp\<close> by simp
+ then show ?case using step(3,4,5) steps.step by auto
+qed
+
+interpretation preorder \<open>(\<lambda> p p'. p \<longmapsto>* A p')\<close> \<open>\<lambda> p p'. p \<longmapsto>* A p' \<and> \<not>(p' \<longmapsto>* A p)\<close>
+ by (standard, simp, simp add: steps.refl, metis steps_concat)
+
+text\<open>If one can reach only a finite portion of the graph following @{text \<open>\<longmapsto>* A\<close>},
+ and all cycles are loops, then there must be nodes which are maximal wrt. \<open>\<longmapsto>* A\<close>.\<close>
+lemma step_max_deadlock:
+ fixes A q
+ assumes
+ antiysmm: \<open>\<And> r1 r2. r1 \<longmapsto>* A r2 \<and> r2 \<longmapsto>* A r1 \<Longrightarrow> r1 = r2\<close> and
+ finite: \<open>finite {q'. q \<longmapsto>* A q'}\<close> and
+ no_max: \<open>\<forall> q'. q \<longmapsto>* A q' \<longrightarrow> (\<exists>q''. q' \<longmapsto>* A q'' \<and> q' \<noteq> q'')\<close>
+ shows
+ False
+proof -
+ interpret order \<open>(\<lambda> p p'. p \<longmapsto>* A p')\<close> \<open>\<lambda> p p'. p \<longmapsto>* A p' \<and> \<not>(p' \<longmapsto>* A p)\<close>
+ by (standard, simp add: assms(1))
+ show ?thesis using assms order_trans order_refl finite_has_maximal2 mem_Collect_eq
+ by metis
+qed
+
+end \<comment>\<open>end of lts\<close>
+
+lemma lts_impl_steps2:
+ assumes
+ \<open>lts.steps step1 p1 ap p2\<close>
+ \<open>\<And> p1 a p2 . step1 p1 a p2 \<and> P p1 a p2 \<Longrightarrow> step2 p1 a p2\<close>
+ \<open>\<And> p1 a p2 . P p1 a p2\<close>
+ shows
+ \<open>lts.steps step2 p1 ap p2\<close>
+proof (induct rule: lts.steps.induct[OF assms(1)])
+ case (1 p af)
+ show ?case using lts.steps.refl[of step2 p af] by blast
+next
+ case (2 p af q1 a q)
+ hence \<open>step2 q1 a q\<close> using assms(2,3) by blast
+ thus ?case using lts.step[OF 2(2) _ 2(4)] by blast
+qed
+
+lemma lts_impl_steps:
+ assumes
+ \<open>lts.steps step1 p1 ap p2\<close>
+ \<open>\<And> p1 a p2 . step1 p1 a p2 \<Longrightarrow> step2 p1 a p2\<close>
+ shows
+ \<open>lts.steps step2 p1 ap p2\<close>
+ using assms lts_impl_steps2[OF assms] by auto
+
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/Weak_HML_Contrasimulation.thy b/thys/Coupledsim_Contrasim/Weak_HML_Contrasimulation.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Weak_HML_Contrasimulation.thy
@@ -0,0 +1,439 @@
+section \<open>Weak HML and the Contrasimulation Set Game\<close>
+
+theory Weak_HML_Contrasimulation
+ imports
+ Contrasim_Set_Game
+ HM_Logic_Infinitary
+begin
+
+subsection \<open> Distinguishing Formulas at Winning Attacker Positions\<close>
+
+locale c_game_with_attacker_strategy =
+ c_set_game trans \<tau>
+for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> and
+ \<tau> :: \<open>'a\<close> +
+fixes
+ strat :: \<open>('s, 'a) c_set_game_node posstrategy\<close> and
+ attacker_winning_region :: \<open>('s, 'a) c_set_game_node set\<close> and
+ attacker_order
+defines
+ \<open>attacker_order \<equiv> {(g', g). c_set_game_moves g g' \<and>
+ g \<in> attacker_winning_region \<and> g' \<in> attacker_winning_region \<and>
+ (player1_position g \<longrightarrow> g' = strat g)}\<^sup>+\<close>
+assumes
+ finite_win:
+ \<open>wf attacker_order\<close> and
+ strat_stays_winning:
+ \<open>g \<in> attacker_winning_region \<Longrightarrow> player1_position g \<Longrightarrow>
+ strat g \<in> attacker_winning_region \<and> c_set_game_moves g (strat g)\<close> and
+ defender_keeps_losing:
+ \<open>g \<in> attacker_winning_region \<Longrightarrow> c_set_game_defender_node g \<Longrightarrow> c_set_game_moves g g'
+ \<Longrightarrow> g' \<in> attacker_winning_region\<close>
+begin
+
+text \<open>This construction of attacker formulas from a game only works if \<open>strat\<close> is a well-founded
+ attacker strategy. (If it's winning and sound, the constructed formula should be distinguishing.)\<close>
+
+function attack_formula :: \<open>('s, 'a) c_set_game_node \<Rightarrow> ('a,'s) HML_formula\<close> where
+ \<open>attack_formula (AttackerNode p Q) =
+ (if (AttackerNode p Q) \<in> attacker_winning_region
+ then attack_formula (strat (AttackerNode p Q))
+ else HML_true)\<close>
+| \<open>attack_formula (DefenderSimNode a p Q) =
+ (if (DefenderSimNode a p Q) \<in> attacker_winning_region
+ then \<langle>\<tau>\<rangle>\<langle>a\<rangle>(attack_formula (AttackerNode p (dsuccs a Q)))
+ else HML_true)\<close>
+| \<open>attack_formula (DefenderSwapNode p Q) =
+ (if Q = {} \<or> DefenderSwapNode p Q \<notin> attacker_winning_region
+ then HML_true
+ else (HML_weaknor (weak_tau_succs Q)
+ (\<lambda>q. if q \<in> (weak_tau_succs Q)
+ then (attack_formula (AttackerNode q {p}))
+ else HML_true )))\<close>
+ using c_set_game_defender_node.cases
+ by (auto, blast)
+
+termination attack_formula
+ using finite_win
+proof (standard, safe)
+ fix p Q
+ assume \<open>AttackerNode p Q \<in> attacker_winning_region\<close>
+ thus \<open>(strat (AttackerNode p Q), AttackerNode p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def
+ using strat_stays_winning
+ by auto
+next
+ fix a p Q
+ assume attacker_wins: \<open>DefenderSimNode a p Q \<in> attacker_winning_region\<close>
+ hence \<open>AttackerNode p (dsuccs a Q) \<in> attacker_winning_region\<close>
+ using defender_keeps_losing simulation_answer by force
+ with attacker_wins show
+ \<open>(AttackerNode p (dsuccs a Q), DefenderSimNode a p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def
+ by (simp add: r_into_trancl')
+next
+ fix p Q q' q
+ assume case_assms:
+ \<open>q' \<in> weak_tau_succs Q\<close>
+ \<open>(AttackerNode q' {p}, DefenderSwapNode p Q) \<notin> attacker_order\<close>
+ \<open>DefenderSwapNode p Q \<in> attacker_winning_region\<close>
+ \<open>q \<in> Q\<close>
+ hence \<open>AttackerNode q' {p} \<notin> attacker_winning_region\<close>
+ unfolding attacker_order_def by auto
+ moreover from case_assms have \<open>AttackerNode q' {p} \<in> attacker_winning_region\<close>
+ using swap_answer defender_keeps_losing by force
+ ultimately show \<open>q \<in> {}\<close> by blast
+qed
+
+lemma attacker_defender_switch:
+ assumes
+ \<open>(AttackerNode p Q) \<in> attacker_winning_region\<close>
+ shows
+ \<open>(\<exists>a p'. (strat (AttackerNode p Q)) = (DefenderSimNode a p' Q) \<and> p =\<rhd>a p' \<and> \<not>tau a)
+ \<or>(\<exists>p'. (strat (AttackerNode p Q)) = (DefenderSwapNode p' Q) \<and> p \<longmapsto>* tau p' )\<close>
+ using strat_stays_winning[OF assms] by (cases \<open>strat (AttackerNode p Q)\<close>, auto)
+
+lemma attack_options:
+ assumes
+ \<open>(AttackerNode p Q) \<in> attacker_winning_region\<close>
+ shows
+ \<open>(\<exists>a p'. p =\<rhd>a p' \<and> \<not>tau a \<and> strat (AttackerNode p Q) = (DefenderSimNode a p' Q) \<and>
+ attack_formula (AttackerNode p Q)
+ = \<langle>\<tau>\<rangle>\<langle>a\<rangle>(attack_formula (AttackerNode p' (dsuccs a Q))))
+ \<or> (\<exists>p'. p \<longmapsto>* tau p' \<and> strat (AttackerNode p Q) = (DefenderSwapNode p' Q) \<and>
+ attack_formula (AttackerNode p Q) =
+ (HML_weaknor (weak_tau_succs Q) (\<lambda>q.
+ if q \<in> (weak_tau_succs Q)
+ then (attack_formula (AttackerNode q {p'}))
+ else HML_true )))
+ \<or> (Q = {} \<and> attack_formula (AttackerNode p Q) = HML_true)\<close>
+proof -
+ from assms have
+ \<open>attack_formula (AttackerNode p Q) = attack_formula (strat (AttackerNode p Q))\<close>
+ by simp
+ moreover from attacker_defender_switch assms have
+ \<open>(\<exists>a p'. (strat (AttackerNode p Q)) = (DefenderSimNode a p' Q) \<and> p =\<rhd>a p' \<and> \<not>tau a)
+ \<or> (\<exists>p'. (strat (AttackerNode p Q)) = (DefenderSwapNode p' Q) \<and> p \<longmapsto>* tau p')\<close>
+ by blast
+ ultimately have
+ \<open> (\<exists>a p'. (strat (AttackerNode p Q)) = (DefenderSimNode a p' Q) \<and>
+ (attack_formula (AttackerNode p Q))
+ = attack_formula (DefenderSimNode a p' Q) \<and> p =\<rhd>a p' \<and> \<not>tau a)
+ \<or> (\<exists>p'. (strat (AttackerNode p Q)) = (DefenderSwapNode p' Q) \<and>
+ (attack_formula (AttackerNode p Q))
+ = attack_formula (DefenderSwapNode p' Q) \<and> p \<longmapsto>* tau p')\<close>
+ by metis
+ moreover from assms have \<open>strat (AttackerNode p Q) \<in> attacker_winning_region\<close>
+ by (simp add: strat_stays_winning)
+ ultimately show ?thesis using assms empty_iff
+ by fastforce
+qed
+
+lemma distinction_soundness:
+ fixes p Q p0 Q0
+ defines
+ \<open>pQ == AttackerNode p Q\<close>
+ defines
+ \<open>\<phi> == attack_formula pQ\<close>
+ assumes
+ \<open>pQ \<in> attacker_winning_region\<close>
+ shows
+ \<open>p \<Turnstile> \<phi> \<and> (\<forall>q\<in>Q. \<not> q \<Turnstile> \<phi>)\<close>
+ using finite_win assms
+proof (induct arbitrary: p Q \<phi>)
+ case (less p Q)
+ from attack_options[OF this(2)] show ?case
+ proof
+ assume \<open>\<exists>a p'. p =\<rhd> a p' \<and> \<not> tau a \<and>
+ strat (AttackerNode p Q) = DefenderSimNode a p' Q \<and>
+ attack_formula (AttackerNode p Q) = \<langle>\<tau>\<rangle>\<langle>a\<rangle>attack_formula (AttackerNode p' (dsuccs a Q))\<close>
+ then obtain a p' where case_assms:
+ \<open>p =\<rhd> a p' \<and> \<not> tau a\<close>
+ \<open>strat (AttackerNode p Q) = DefenderSimNode a p' Q\<close>
+ \<open>attack_formula (AttackerNode p Q)
+ = \<langle>\<tau>\<rangle>\<langle>a\<rangle>attack_formula (AttackerNode p' (dsuccs a Q))\<close> by blast
+ hence moves:
+ \<open>c_set_game_moves (AttackerNode p Q) (DefenderSimNode a p' Q)\<close>
+ \<open>c_set_game_moves (DefenderSimNode a p' Q) (AttackerNode p' (dsuccs a Q))\<close> by auto
+ with case_assms less(2) defender_keeps_losing strat_stays_winning have all_winning:
+ \<open>(AttackerNode p' (dsuccs a Q)) \<in> attacker_winning_region\<close>
+ \<open>(DefenderSimNode a p' Q) \<in> attacker_winning_region\<close>
+ by (metis c_set_game_defender_node.simps(2), force)
+ with case_assms moves less(2) have
+ \<open>(AttackerNode p' (dsuccs a Q), DefenderSimNode a p' Q) \<in> attacker_order\<close>
+ \<open>(DefenderSimNode a p' Q, AttackerNode p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def by (simp add: r_into_trancl')+
+ hence \<open>(AttackerNode p' (dsuccs a Q), AttackerNode p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def by auto
+ with less.hyps all_winning(1) have
+ \<open>p' \<Turnstile> attack_formula (AttackerNode p' (dsuccs a Q)) \<and>
+ (\<forall>q\<in>(dsuccs a Q). \<not> q \<Turnstile> attack_formula (AttackerNode p' (dsuccs a Q)))\<close>
+ by blast
+ with case_assms have
+ \<open>p \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>attack_formula (AttackerNode p' (dsuccs a Q))\<close>
+ \<open>\<forall>q\<in>Q. \<not>q \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>attack_formula (AttackerNode p' (dsuccs a Q))\<close>
+ unfolding dsuccs_def by (auto, blast+)
+ thus ?case unfolding case_assms by blast
+ next
+ assume \<open>(\<exists>p'. p \<longmapsto>* tau p' \<and> strat (AttackerNode p Q) = DefenderSwapNode p' Q \<and>
+ attack_formula (AttackerNode p Q)
+ = HML_weaknor (weak_tau_succs Q) (\<lambda>q.
+ if q \<in> (weak_tau_succs Q)
+ then attack_formula (AttackerNode q {p'})
+ else HML_true)) \<or>
+ Q = {} \<and> attack_formula (AttackerNode p Q) = HML_true\<close>
+ thus ?case
+ proof
+ assume \<open>\<exists>p'. p \<longmapsto>* tau p' \<and> strat (AttackerNode p Q) = DefenderSwapNode p' Q \<and>
+ attack_formula (AttackerNode p Q)
+ = HML_weaknor (weak_tau_succs Q) (\<lambda>q.
+ if q \<in> (weak_tau_succs Q)
+ then attack_formula (AttackerNode q {p'})
+ else HML_true)\<close>
+ then obtain p' where case_assms:
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>strat (AttackerNode p Q) = DefenderSwapNode p' Q\<close>
+ \<open>attack_formula (AttackerNode p Q)
+ = HML_weaknor (weak_tau_succs Q) (\<lambda>q.
+ if q \<in> (weak_tau_succs Q)
+ then attack_formula (AttackerNode q {p'})
+ else HML_true)\<close>
+ by blast
+ from case_assms have moves:
+ \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p' Q)\<close>
+ \<open>\<forall>q'\<in>(weak_tau_succs Q).
+ c_set_game_moves (DefenderSwapNode p' Q) (AttackerNode q' {p'})\<close>
+ by auto
+ with case_assms less(2) defender_keeps_losing strat_stays_winning
+ have all_winning:
+ \<open>(DefenderSwapNode p' Q) \<in> attacker_winning_region\<close>
+ \<open>\<forall>q'\<in>(weak_tau_succs Q). (AttackerNode q' {p'}) \<in> attacker_winning_region\<close>
+ by (metis, metis c_set_game_defender_node.simps(1,3))
+ with case_assms moves less(2) have
+ \<open>\<forall>q'\<in> weak_tau_succs Q. (AttackerNode q' {p'}, DefenderSwapNode p' Q) \<in> attacker_order\<close>
+ \<open>(DefenderSwapNode p' Q, AttackerNode p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def by (simp add: r_into_trancl')+
+ hence \<open>\<forall>q'\<in> weak_tau_succs Q. (AttackerNode q' {p'}, AttackerNode p Q) \<in> attacker_order\<close>
+ unfolding attacker_order_def by auto
+ with less.hyps all_winning have
+ \<open>\<forall>q'\<in> weak_tau_succs Q.
+ q' \<Turnstile> attack_formula (AttackerNode q' {p'}) \<and>
+ \<not> p' \<Turnstile> attack_formula (AttackerNode q' {p'})\<close>
+ by blast
+ with case_assms have
+ \<open>p' \<Turnstile> HML_conj (weak_tau_succs Q)
+ (\<lambda>q'. HML_neg (attack_formula (AttackerNode q' {p'})))\<close>
+ \<open>\<forall>q'\<in> weak_tau_succs Q.
+ \<not> q' \<Turnstile> HML_conj (weak_tau_succs Q)
+ (\<lambda>qq'. HML_neg (attack_formula (AttackerNode qq' {p'})))\<close>
+ by (simp, fastforce)
+ with case_assms have
+ \<open>p \<Turnstile> HML_weaknor (weak_tau_succs Q)
+ (\<lambda>q. if q \<in> (weak_tau_succs Q)
+ then attack_formula (AttackerNode q {p'})
+ else HML_true)\<close>
+ \<open>\<forall>q\<in>Q. \<not>q \<Turnstile> HML_weaknor (weak_tau_succs Q)
+ (\<lambda>q. if q \<in> (weak_tau_succs Q)
+ then attack_formula (AttackerNode q {p'})
+ else HML_true)\<close>
+ unfolding weak_tau_succs_def HML_weaknor_def
+ using conj_only_depends_on_indexset by (auto, force, fastforce)
+ thus ?case unfolding case_assms by blast
+ next
+ assume \<open>Q = {} \<and> attack_formula (AttackerNode p Q) = HML_true\<close>
+ thus ?case by auto
+ qed
+ qed
+qed
+
+lemma distinction_in_language:
+ fixes p Q
+ defines
+ \<open>pQ == AttackerNode p Q\<close>
+ defines
+ \<open>\<phi> == attack_formula pQ\<close>
+ assumes
+ \<open>pQ \<in> attacker_winning_region\<close>
+ shows
+ \<open>\<phi> \<in> HML_weak_formulas\<close>
+ using assms(2,3) unfolding assms(1)
+proof (induct arbitrary: \<phi> rule: attack_formula.induct)
+ case (1 p Q)
+ then show ?case using strat_stays_winning by auto
+next
+ case (2 a p Q)
+ then show ?case
+ by (simp add: HML_weak_formulas.Base HML_weak_formulas.Obs)
+next
+ case (3 p Q)
+ hence \<open>\<forall>q' \<in> weak_tau_succs Q. attack_formula (AttackerNode q' {p}) \<in> HML_weak_formulas\<close>
+ using weak_tau_succs_def HML_weak_formulas.Base by fastforce
+ then show ?case
+ using HML_weak_formulas.Base \<open>DefenderSwapNode p Q \<in> attacker_winning_region\<close>
+ by (auto simp add: HML_weak_formulas.Conj)
+qed
+
+end
+
+subsection \<open>Attacker Wins on Pairs with Distinguishing Formulas\<close>
+
+locale c_game_with_attacker_formula =
+ c_set_game trans \<tau>
+for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> and
+ \<tau> :: \<open>'a\<close>
+begin
+
+inductive_set attacker_winning_region :: \<open>('s, 'a) c_set_game_node set\<close> where
+ Base: \<open>DefenderSwapNode _ {} \<in> attacker_winning_region\<close> |
+ Atk: \<open>(c_set_game_moves (AttackerNode p Q) g' \<and> g' \<in> attacker_winning_region)
+ \<Longrightarrow> (AttackerNode p Q) \<in> attacker_winning_region\<close> |
+ Def: \<open>c_set_game_defender_node g \<Longrightarrow>
+ (\<And>g'. c_set_game_moves g g' \<Longrightarrow> g' \<in> attacker_winning_region)
+ \<Longrightarrow> g \<in> attacker_winning_region\<close>
+
+lemma attacker_wins_if_defender_set_empty:
+ assumes
+ \<open>Q = {}\<close>
+ shows
+ \<open>AttackerNode p Q \<in> attacker_winning_region\<close>
+proof -
+ have atk_move: \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p Q)\<close>
+ by (simp add: steps.refl)
+ have \<open>DefenderSwapNode p Q \<in> attacker_winning_region\<close>
+ using assms attacker_winning_region.Base by simp
+ thus ?thesis using atk_move attacker_winning_region.Atk by blast
+qed
+
+lemma attacker_wr_propagation:
+ assumes
+ \<open>AttackerNode p' (dsuccs a Q) \<in> attacker_winning_region\<close>
+ \<open>p =\<rhd>a p'\<close>
+ \<open>\<not>tau a\<close>
+ shows
+ \<open>AttackerNode p Q \<in> attacker_winning_region\<close>
+proof -
+ have AtkToSim: \<open>c_set_game_moves (AttackerNode p Q) (DefenderSimNode a p' Q)\<close>
+ using assms(2, 3) by simp
+ have \<open>\<forall>g. c_set_game_moves
+ (DefenderSimNode a p' Q) g
+ \<longrightarrow> (g = AttackerNode p' (dsuccs a Q))\<close>
+ by (simp add: csg_move_defsimnode_to_atknode)
+ hence \<open>(DefenderSimNode a p' Q) \<in> attacker_winning_region\<close>
+ using assms(1) attacker_winning_region.Def
+ by (metis c_set_game_defender_node.simps(2))
+ thus ?thesis using AtkToSim attacker_winning_region.Atk by blast
+qed
+
+lemma distinction_completeness:
+ assumes
+ \<open>\<phi> \<in> HML_weak_formulas\<close>
+ \<open>distinguishes_from_set \<phi> p Q\<close>
+ shows
+ \<open>(AttackerNode p Q) \<in> attacker_winning_region\<close>
+proof (cases \<open>Q = {}\<close>)
+ case True
+ then show ?thesis using attacker_wins_if_defender_set_empty by auto
+next
+ case False
+ then show ?thesis using assms
+ proof (induct arbitrary: p Q rule: HML_weak_formulas.induct[OF assms(1)])
+ case Base: 1
+ have \<open>\<forall>q. q \<Turnstile> HML_true\<close> by simp
+ hence \<open>False\<close>
+ using Base.prems(1, 3) by simp
+ then show ?case by auto
+ next
+ case Obs: (2 \<phi> a)
+ then obtain p' where p'_def: \<open>p =\<rhd>a p' \<and> p' \<Turnstile> \<phi> \<close>
+ using tau_a_obs_implies_delay_step[of p a \<phi>] by auto
+ have \<open>\<forall>q. q \<in> Q \<longrightarrow> \<not> q \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>\<phi>\<close> using Obs by auto
+ hence \<open>\<forall>q. q \<in> Q \<longrightarrow> (\<forall>q'. \<not>q =\<rhd>a q' \<or> \<not>q' \<Turnstile> \<phi>)\<close>
+ using delay_step_implies_tau_a_obs by blast
+ hence \<open>\<forall>q'. q' \<in> dsuccs a Q \<longrightarrow> \<not> q' \<Turnstile> \<phi>\<close>
+ unfolding dsuccs_def by blast
+ hence phi_distinguishing: \<open>distinguishes_from_set \<phi> p' (dsuccs a Q)\<close>
+ using p'_def by simp
+ thus ?case
+ proof (cases \<open>dsuccs a Q = {}\<close>)
+ case dsuccs_empty: True
+ then show ?thesis
+ proof (cases \<open>tau a\<close>)
+ case True
+ hence \<open>{q1. \<exists>q\<in> Q. q \<longmapsto>* tau q1} = {}\<close> using dsuccs_def dsuccs_empty by auto
+ hence \<open>Q = {}\<close> using steps.refl by blast
+ then show ?thesis using attacker_wins_if_defender_set_empty by auto
+ next
+ case False
+ hence \<open>AttackerNode p' (dsuccs a Q) \<in> attacker_winning_region\<close>
+ using attacker_wins_if_defender_set_empty dsuccs_empty by auto
+ thus ?thesis using attacker_wr_propagation False p'_def by blast
+ qed
+ next
+ case False
+ hence wr_pred_atk_node:
+ \<open>AttackerNode p' (dsuccs a Q) \<in> attacker_winning_region\<close>
+ using Obs.hyps phi_distinguishing
+ by auto
+ thus ?thesis
+ proof(cases \<open>tau a\<close>)
+ case True
+ hence \<open>\<forall>p. (p \<Turnstile> \<langle>\<tau>\<rangle>\<langle>a\<rangle>\<phi>) = (p \<Turnstile> \<phi>)\<close>
+ using delay_step_implies_tau_a_obs p'_def satisfies.simps(4) tau_tau
+ Obs.hyps(1) weak_backwards_truth
+ by (meson lts.refl)
+ hence \<open>distinguishes_from_set \<phi> p Q\<close> using Obs.prems by auto
+ thus ?thesis using Obs.hyps Obs.prems by blast
+ next
+ case False
+ then show ?thesis
+ using wr_pred_atk_node attacker_wr_propagation p'_def
+ by blast
+ qed
+ qed
+ next
+ case Conj: (3 I F)
+ then obtain p' where \<open>p \<Rightarrow>^\<tau> p'\<close> and p_sat: \<open>p' \<Turnstile> HML_conj I (\<lambda>f. HML_neg (F f))\<close>
+ unfolding HML_weaknor_def by auto
+ have \<open>\<And>q . q \<in> Q \<Longrightarrow> \<not>q \<Turnstile> HML_poss \<tau> (HML_conj I (\<lambda>f. HML_neg (F f)))\<close>
+ by (metis Conj.prems(3) HML_weaknor_def distinguishes_from_set.elims(2))
+ hence \<open>\<And>q q'. q \<in> Q \<Longrightarrow> \<not>q \<Rightarrow>^\<tau> q' \<or> \<not>q' \<Turnstile> HML_conj I (\<lambda>f. HML_neg (F f))\<close>
+ using satisfies.simps(4) tau_tau by blast
+ hence \<open>\<And>q'. \<not>q' \<in> (weak_tau_succs Q) \<or> \<not>q' \<Turnstile> HML_conj I (\<lambda>f. HML_neg (F f))\<close>
+ using weak_tau_succs_def by auto
+ hence Ex: \<open>\<And>q'. q' \<in> (weak_tau_succs Q) \<Longrightarrow> (\<exists>i. i \<in> I \<and> q' \<Turnstile> (F i))\<close>
+ by auto
+ have atk_move: \<open>c_set_game_moves (AttackerNode p Q) (DefenderSwapNode p' Q)\<close>
+ using \<open>p \<Rightarrow>^\<tau> p'\<close> by auto
+ have Ex_i:
+ \<open>\<forall>q1 P1. c_set_game_moves (DefenderSwapNode p' Q) (AttackerNode q1 P1) \<longrightarrow>
+ (\<exists>i. i \<in> I \<and> q1 \<Turnstile> (F i)) \<and> P1 = {p'}\<close>
+ using Ex by auto
+ hence \<open>\<forall>q1 P1.
+ c_set_game_moves (DefenderSwapNode p' Q) (AttackerNode q1 P1)
+ \<longrightarrow> (\<exists>i. i \<in> I \<and> q1 \<Turnstile> (F i) \<and> (\<forall>p'. p' \<in> P1 \<longrightarrow> \<not> p' \<Turnstile> (F i)))\<close>
+ using p_sat by auto
+ hence \<open>\<forall>q1 P1.
+ c_set_game_moves (DefenderSwapNode p' Q) (AttackerNode q1 P1)
+ \<longrightarrow> (\<exists>i. i \<in> I \<and> distinguishes_from_set (F i) q1 P1)\<close>
+ unfolding distinguishes_from_set.simps using p_sat by blast
+ hence all_atk_succs_in_wr:
+ \<open>\<forall>q1 P1. c_set_game_moves (DefenderSwapNode p' Q) (AttackerNode q1 P1)
+ \<longrightarrow> (AttackerNode q1 P1 \<in> attacker_winning_region)\<close>
+ using Conj.hyps Ex_i by blast
+ hence \<open>\<forall>g. c_set_game_moves (DefenderSwapNode p' Q) g
+ \<longrightarrow> (\<exists> q1 P1. g = (AttackerNode q1 P1))\<close>
+ using csg_move_defswapnode_to_atknode by blast
+ hence \<open>\<forall>g. c_set_game_moves (DefenderSwapNode p' Q) g
+ \<longrightarrow> g \<in> attacker_winning_region\<close>
+ using all_atk_succs_in_wr by auto
+ hence \<open>DefenderSwapNode p' Q \<in> attacker_winning_region\<close>
+ using attacker_winning_region.Def
+ by (meson c_set_game_defender_node.simps(3))
+ then show ?case using atk_move attacker_winning_region.Atk by blast
+ qed
+qed
+
+end
+end
diff --git a/thys/Coupledsim_Contrasim/Weak_Relations.thy b/thys/Coupledsim_Contrasim/Weak_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Weak_Relations.thy
@@ -0,0 +1,532 @@
+
+subsection \<open>Weak Simulation\<close>
+
+theory Weak_Relations
+imports
+ Weak_Transition_Systems
+ Strong_Relations
+begin
+
+context lts_tau
+begin
+
+definition weak_simulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>weak_simulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists> q'. R p' q'
+ \<and> (q \<Rightarrow>^a q')))\<close>
+
+text \<open>Note: Isabelle won't finish the proofs needed for the introduction of the following
+ coinductive predicate if it unfolds the abbreviation of @{text \<open>\<Rightarrow>^\<close>}. Therefore we use
+ @{text \<open>\<Rightarrow>^^\<close>} as a barrier. There is no mathematical purpose in this.\<close>
+
+definition weak_step_tau2 :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ \<Rightarrow>^^ _ _" [70, 70, 70] 80)
+where [simp]:
+ \<open>(p \<Rightarrow>^^ a q) \<equiv> p \<Rightarrow>^a q\<close>
+
+coinductive greatest_weak_simulation ::
+ \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close>
+where
+ \<open>(\<forall> p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists> q'. greatest_weak_simulation p' q' \<and> (q \<Rightarrow>^^ a q')))
+ \<Longrightarrow> greatest_weak_simulation p q\<close>
+
+lemma weak_sim_ruleformat:
+assumes \<open>weak_simulation R\<close>
+ and \<open>R p q\<close>
+shows
+ \<open>p \<longmapsto>a p' \<Longrightarrow> \<not>tau a \<Longrightarrow> (\<exists> q'. R p' q' \<and> (q \<Rightarrow>a q'))\<close>
+ \<open>p \<longmapsto>a p' \<Longrightarrow> tau a \<Longrightarrow> (\<exists> q'. R p' q' \<and> (q \<longmapsto>* tau q'))\<close>
+ using assms unfolding weak_simulation_def by (blast+)
+
+abbreviation weakly_simulated_by :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<sqsubseteq>ws _" [60, 60] 65)
+ where \<open>weakly_simulated_by p q \<equiv> \<exists> R . weak_simulation R \<and> R p q\<close>
+
+lemma weaksim_greatest:
+ shows \<open>weak_simulation (\<lambda> p q . p \<sqsubseteq>ws q)\<close>
+ unfolding weak_simulation_def
+ by (metis (no_types, lifting))
+
+
+lemma gws_is_weak_simulation:
+ shows \<open>weak_simulation greatest_weak_simulation\<close>
+ unfolding weak_simulation_def
+proof safe
+ fix p q p' a
+ assume ih:
+ \<open>greatest_weak_simulation p q\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ hence \<open>(\<forall>x xa. p \<longmapsto>x xa \<longrightarrow> (\<exists>q'. q \<Rightarrow>^^ x q' \<and> greatest_weak_simulation xa q'))\<close>
+ by (meson greatest_weak_simulation.simps)
+ then obtain q' where \<open>q \<Rightarrow>^^ a q' \<and> greatest_weak_simulation p' q'\<close> using ih by blast
+ thus \<open>\<exists>q'. greatest_weak_simulation p' q' \<and> q \<Rightarrow>^a q'\<close>
+ unfolding weak_step_tau2_def by blast
+qed
+
+lemma weakly_sim_by_implies_gws:
+ assumes \<open>p \<sqsubseteq>ws q\<close>
+ shows \<open>greatest_weak_simulation p q\<close>
+ using assms
+proof coinduct
+ case (greatest_weak_simulation p q)
+ then obtain R where \<open>weak_simulation R\<close> \<open>R p q\<close>
+ unfolding weak_simulation_def by blast
+ with weak_sim_ruleformat[OF this] show ?case
+ unfolding weak_step_tau2_def
+ by metis
+qed
+
+lemma gws_eq_weakly_sim_by:
+ shows \<open>p \<sqsubseteq>ws q = greatest_weak_simulation p q\<close>
+ using weakly_sim_by_implies_gws gws_is_weak_simulation by blast
+
+lemma steps_retain_weak_sim:
+assumes
+ \<open>weak_simulation R\<close>
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>*A p'\<close>
+ \<open>\<And> a . tau a \<Longrightarrow> A a\<close>
+shows \<open>\<exists>q'. R p' q' \<and> q \<longmapsto>*A q'\<close>
+ using assms(3,2,4) proof (induct)
+ case (refl p' A)
+ hence \<open>R p' q \<and> q \<longmapsto>* A q\<close> using assms(2) by (simp add: steps.refl)
+ then show ?case by blast
+next
+ case (step p A p' a p'')
+ then obtain q' where q': \<open>R p' q'\<close> \<open>q \<longmapsto>* A q'\<close> by blast
+ obtain q'' where q'':
+ \<open>R p'' q''\<close> \<open>(\<not> tau a \<longrightarrow> q' \<Rightarrow>a q'') \<and> (tau a \<longrightarrow> q' \<longmapsto>* tau q'')\<close>
+ using `weak_simulation R` q'(1) step(3) unfolding weak_simulation_def by blast
+ have \<open>q' \<longmapsto>* A q''\<close>
+ using q''(2) steps_spec[of q'] step(4) step(6) weak_steps[of q' a q''] by blast
+ hence \<open>q \<longmapsto>* A q''\<close> using steps_concat[OF _ q'(2)] by blast
+ thus ?case using q''(1) by blast
+qed
+
+lemma weak_sim_weak_premise:
+ \<open>weak_simulation R =
+ (\<forall> p q . R p q \<longrightarrow>
+ (\<forall> p' a. p \<Rightarrow>^a p' \<longrightarrow> (\<exists> q'. R p' q' \<and> q \<Rightarrow>^a q')))\<close>
+proof
+ assume \<open>\<forall> p q . R p q \<longrightarrow> (\<forall>p' a. p \<Rightarrow>^a p' \<longrightarrow> (\<exists>q'. R p' q' \<and> q \<Rightarrow>^a q'))\<close>
+ thus \<open>weak_simulation R\<close>
+ unfolding weak_simulation_def using step_weak_step_tau by simp
+next
+ assume ws: \<open>weak_simulation R\<close>
+ show \<open>\<forall>p q. R p q \<longrightarrow> (\<forall>p' a. p \<Rightarrow>^a p' \<longrightarrow> (\<exists>q'. R p' q' \<and> q \<Rightarrow>^a q'))\<close>
+ proof safe
+ fix p q p' a pq1 pq2
+ assume case_assms:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ then obtain q' where q'_def: \<open>q \<longmapsto>* tau q'\<close> \<open>R pq1 q'\<close>
+ using steps_retain_weak_sim[OF ws] by blast
+ then moreover obtain q'' where q''_def: \<open>R pq2 q''\<close> \<open>q' \<Rightarrow>^a q''\<close>
+ using ws case_assms(3) unfolding weak_simulation_def by blast
+ then moreover obtain q''' where q''_def: \<open>R p' q'''\<close> \<open>q'' \<longmapsto>* tau q'''\<close>
+ using case_assms(4) steps_retain_weak_sim[OF ws] by blast
+ ultimately show \<open>\<exists> q'''. R p' q''' \<and> q \<Rightarrow>^a q'''\<close> using weak_step_extend by blast
+ next
+ fix p q p' a
+ assume
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>\<nexists>q'. R p' q' \<and> q \<Rightarrow>^a q'\<close>
+ \<open>tau a\<close>
+ thus \<open>False\<close>
+ using steps_retain_weak_sim[OF ws] by blast
+ next
+ \<comment>\<open>case identical to first case\<close>
+ fix p q p' a pq1 pq2
+ assume case_assms:
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ then obtain q' where q'_def: \<open>q \<longmapsto>* tau q'\<close> \<open>R pq1 q'\<close>
+ using steps_retain_weak_sim[OF ws] by blast
+ then moreover obtain q'' where q''_def: \<open>R pq2 q''\<close> \<open>q' \<Rightarrow>^a q''\<close>
+ using ws case_assms(3) unfolding weak_simulation_def by blast
+ then moreover obtain q''' where q''_def: \<open>R p' q'''\<close> \<open>q'' \<longmapsto>* tau q'''\<close>
+ using case_assms(4) steps_retain_weak_sim[OF ws] by blast
+ ultimately show \<open>\<exists> q'''. R p' q''' \<and> q \<Rightarrow>^a q'''\<close> using weak_step_extend by blast
+ qed
+qed
+
+lemma weak_sim_enabled_subs:
+ assumes
+ \<open>p \<sqsubseteq>ws q\<close>
+ \<open>weak_enabled p a\<close>
+ \<open>\<not> tau a\<close>
+ shows \<open>weak_enabled q a\<close>
+proof -
+ obtain p' where p'_spec: \<open>p \<Rightarrow>a p'\<close>
+ using \<open>weak_enabled p a\<close> weak_enabled_step by blast
+ obtain R where \<open>R p q\<close> \<open>weak_simulation R\<close> using assms(1) by blast
+ then obtain q' where \<open>q \<Rightarrow>^a q'\<close>
+ unfolding weak_sim_weak_premise using weak_step_impl_weak_tau[OF p'_spec] by blast
+ thus ?thesis using weak_enabled_step assms(3) by blast
+qed
+
+lemma weak_sim_union_cl:
+ assumes
+ \<open>weak_simulation RA\<close>
+ \<open>weak_simulation RB\<close>
+ shows
+ \<open>weak_simulation (\<lambda> p q. RA p q \<or> RB p q)\<close>
+ using assms unfolding weak_simulation_def by blast
+
+lemma weak_sim_remove_dead_state:
+ assumes
+ \<open>weak_simulation R\<close>
+ \<open>\<And> a p . \<not> d \<longmapsto>a p \<and> \<not> p \<longmapsto>a d\<close>
+ shows
+ \<open>weak_simulation (\<lambda> p q . R p q \<and> q \<noteq> d)\<close>
+ unfolding weak_simulation_def
+proof safe
+ fix p q p' a
+ assume
+ \<open>R p q\<close>
+ \<open>q \<noteq> d\<close>
+ \<open>p \<longmapsto>a p'\<close>
+ then obtain q' where \<open>R p' q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using assms(1) unfolding weak_simulation_def by blast
+ moreover hence \<open>q' \<noteq> d\<close>
+ using assms(2) `q \<noteq> d`
+ by (metis steps.simps)
+ ultimately show \<open>\<exists>q'. (R p' q' \<and> q' \<noteq> d) \<and> q \<Rightarrow>^a q'\<close> by blast
+qed
+
+lemma weak_sim_tau_step:
+ \<open>weak_simulation (\<lambda> p1 q1 . q1 \<longmapsto>* tau p1)\<close>
+ unfolding weak_simulation_def
+ using lts.steps.simps by metis
+
+lemma weak_sim_trans_constructive:
+ fixes R1 R2
+ defines
+ \<open>R \<equiv> \<lambda> p q . \<exists> pq . (R1 p pq \<and> R2 pq q) \<or> (R2 p pq \<and> R1 pq q)\<close>
+ assumes
+ R1_def: \<open>weak_simulation R1\<close> \<open>R1 p pq\<close> and
+ R2_def: \<open>weak_simulation R2\<close> \<open>R2 pq q\<close>
+ shows
+ \<open>R p q\<close> \<open>weak_simulation R\<close>
+proof-
+ show \<open>R p q\<close> unfolding R_def using R1_def(2) R2_def(2) by blast
+next
+ show \<open>weak_simulation R\<close>
+ unfolding weak_sim_weak_premise R_def
+ proof (safe)
+ fix p q pq p' a pq1 pq2
+ assume
+ \<open>R1 p pq\<close>
+ \<open>R2 pq q\<close>
+ \<open>\<not> tau a\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ thus \<open>\<exists>q'. (\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q') \<and> q \<Rightarrow>^a q'\<close>
+ using R1_def(1) R2_def(1) unfolding weak_sim_weak_premise by blast
+ next
+ fix p q pq p' a
+ assume
+ \<open>R1 p pq\<close>
+ \<open>R2 pq q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>\<nexists>q'.(\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q')\<and> q \<Rightarrow>^a q'\<close>
+ \<open>tau a\<close>
+ thus \<open>False\<close>
+ using R1_def(1) R2_def(1) unfolding weak_sim_weak_premise by blast
+ next
+ fix p q pq p' a pq1 pq2
+ assume
+ \<open>R1 p pq\<close>
+ \<open>R2 pq q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ then obtain pq' q' where \<open>R1 p' pq'\<close> \<open>pq \<Rightarrow>^a pq'\<close> \<open>R2 pq' q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using R1_def(1) R2_def(1) assms(3) unfolding weak_sim_weak_premise by blast
+ thus \<open>\<exists>q'. (\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q') \<and> q \<Rightarrow>^a q'\<close>
+ by blast
+ next
+ fix p q pq p' a pq1 pq2
+ assume sa:
+ \<open>R2 p pq\<close>
+ \<open>R1 pq q\<close>
+ \<open>\<not> tau a\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ then obtain pq' q' where \<open>R2 p' pq'\<close> \<open>pq \<Rightarrow>^a pq'\<close> \<open>R1 pq' q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using R2_def(1) R1_def(1) unfolding weak_sim_weak_premise by blast
+ thus \<open>\<exists>q'. (\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q') \<and> q \<Rightarrow>^a q'\<close>
+ by blast
+ next
+ fix p q pq p' a
+ assume
+ \<open>R2 p pq\<close>
+ \<open>R1 pq q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>\<nexists>q'.(\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q')\<and> q \<Rightarrow>^a q'\<close>
+ \<open>tau a\<close>
+ thus \<open>False\<close>
+ using R1_def(1) R2_def(1) weak_step_tau_tau[OF `p \<longmapsto>* tau p'` tau_tau]
+ unfolding weak_sim_weak_premise by (metis (no_types, lifting))
+ next
+ fix p q pq p' a pq1 pq2
+ assume sa:
+ \<open>R2 p pq\<close>
+ \<open>R1 pq q\<close>
+ \<open>p \<longmapsto>* tau p'\<close>
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p'\<close>
+ then obtain pq' where \<open>R2 p' pq'\<close> \<open>pq \<Rightarrow>^a pq'\<close>
+ using R1_def(1) R2_def(1) weak_step_impl_weak_tau[of p a p']
+ unfolding weak_sim_weak_premise by blast
+ moreover then obtain q' where \<open>R1 pq' q'\<close> \<open>q \<Rightarrow>^a q'\<close>
+ using R1_def(1) sa(2) unfolding weak_sim_weak_premise by blast
+ ultimately show \<open>\<exists>q'. (\<exists>pq. R1 p' pq \<and> R2 pq q' \<or> R2 p' pq \<and> R1 pq q') \<and> q \<Rightarrow>^a q'\<close>
+ by blast
+ qed
+qed
+
+lemma weak_sim_trans:
+ assumes
+ \<open>p \<sqsubseteq>ws pq\<close>
+ \<open>pq \<sqsubseteq>ws q\<close>
+ shows
+ \<open>p \<sqsubseteq>ws q\<close>
+ using assms(1,2)
+proof -
+ obtain R1 R2 where \<open>weak_simulation R1\<close> \<open>R1 p pq\<close> \<open>weak_simulation R2\<close> \<open>R2 pq q\<close>
+ using assms(1,2) by blast
+ thus ?thesis
+ using weak_sim_trans_constructive tau_tau
+ by blast
+qed
+
+lemma weak_sim_word_impl:
+ fixes
+ p q p' A
+ assumes
+ \<open>weak_simulation R\<close> \<open>R p q\<close> \<open>p \<Rightarrow>$ A p'\<close>
+ shows
+ \<open>\<exists>q'. R p' q' \<and> q \<Rightarrow>$ A q'\<close>
+using assms(2,3) proof (induct A arbitrary: p q)
+ case Nil
+ then show ?case
+ using assms(1) steps_retain_weak_sim by auto
+next
+ case (Cons a A)
+ then obtain p'' where p''_spec: \<open>p \<Rightarrow>^a p''\<close> \<open>p'' \<Rightarrow>$ A p'\<close> by auto
+ with Cons(2) assms(1) obtain q'' where q''_spec: \<open>q \<Rightarrow>^a q''\<close> \<open>R p'' q''\<close>
+ unfolding weak_sim_weak_premise by blast
+ then show ?case using Cons(1) p''_spec(2)
+ using weak_step_seq.simps(2) by blast
+qed
+
+lemma weak_sim_word_impl_contra:
+ assumes
+ \<open>\<forall> p q . R p q \<longrightarrow>
+ (\<forall> p' A. p \<Rightarrow>$A p' \<longrightarrow> (\<exists> q'. R p' q' \<and> q \<Rightarrow>$A q'))\<close>
+ shows
+ \<open>weak_simulation R\<close>
+proof -
+ from assms have
+ \<open>\<forall> p q p' A . R p q \<longrightarrow> p \<Rightarrow>$A p' \<longrightarrow> (\<exists> q'. R p' q' \<and> q \<Rightarrow>$A q')\<close> by blast
+ hence \<open>\<forall> p q p' a . R p q \<longrightarrow> p \<Rightarrow>$[a] p' \<longrightarrow> (\<exists> q'. R p' q' \<and> q \<Rightarrow>$[a] q')\<close> by blast
+ thus ?thesis unfolding weak_single_step weak_sim_weak_premise by blast
+qed
+
+lemma weak_sim_word:
+ \<open>weak_simulation R =
+ (\<forall> p q . R p q \<longrightarrow>
+ (\<forall> p' A. p \<Rightarrow>$A p' \<longrightarrow> (\<exists> q'. R p' q' \<and> q \<Rightarrow>$A q')))\<close>
+ using weak_sim_word_impl weak_sim_word_impl_contra by blast
+
+subsection \<open>Weak Bisimulation\<close>
+
+definition weak_bisimulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>weak_bisimulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists> q'. R p' q'
+ \<and> (q \<Rightarrow>^a q'))) \<and>
+ (\<forall> q' a. q \<longmapsto>a q' \<longrightarrow> (\<exists> p'. R p' q'
+ \<and> ( p \<Rightarrow>^a p')))\<close>
+
+lemma weak_bisim_ruleformat:
+assumes \<open>weak_bisimulation R\<close>
+ and \<open>R p q\<close>
+shows
+ \<open>p \<longmapsto>a p' \<Longrightarrow> \<not>tau a \<Longrightarrow> (\<exists> q'. R p' q' \<and> (q \<Rightarrow>a q'))\<close>
+ \<open>p \<longmapsto>a p' \<Longrightarrow> tau a \<Longrightarrow> (\<exists> q'. R p' q' \<and> (q \<longmapsto>* tau q'))\<close>
+ \<open>q \<longmapsto>a q' \<Longrightarrow> \<not>tau a \<Longrightarrow> (\<exists> p'. R p' q' \<and> (p \<Rightarrow>a p'))\<close>
+ \<open>q \<longmapsto>a q' \<Longrightarrow> tau a \<Longrightarrow> (\<exists> p'. R p' q' \<and> (p \<longmapsto>* tau p'))\<close>
+ using assms unfolding weak_bisimulation_def by (blast+)
+
+definition tau_weak_bisimulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>tau_weak_bisimulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (\<exists> q'. R p' q' \<and> (q \<Rightarrow>a q'))) \<and>
+ (\<forall> q' a. q \<longmapsto>a q' \<longrightarrow>
+ (\<exists> p'. R p' q' \<and> (p \<Rightarrow>a p')))\<close>
+
+lemma weak_bisim_implies_tau_weak_bisim:
+ assumes
+ \<open>tau_weak_bisimulation R\<close>
+ shows
+ \<open>weak_bisimulation R\<close>
+unfolding weak_bisimulation_def proof (safe)
+ fix p q p' a
+ assume \<open>R p q\<close> \<open>p \<longmapsto>a p'\<close>
+ thus \<open>\<exists>q'. R p' q' \<and> (q \<Rightarrow>^a q')\<close>
+ using assms weak_steps[of q a _ tau] unfolding tau_weak_bisimulation_def by blast
+next
+ fix p q q' a
+ assume \<open>R p q\<close> \<open>q \<longmapsto>a q'\<close>
+ thus \<open>\<exists>p'. R p' q' \<and> (p \<Rightarrow>^a p')\<close>
+ using assms weak_steps[of p a _ tau] unfolding tau_weak_bisimulation_def by blast
+qed
+
+lemma weak_bisim_invert:
+ assumes
+ \<open>weak_bisimulation R\<close>
+ shows
+ \<open>weak_bisimulation (\<lambda> p q. R q p)\<close>
+using assms unfolding weak_bisimulation_def by auto
+
+lemma bisim_weak_bisim:
+ assumes \<open>bisimulation R\<close>
+ shows \<open>weak_bisimulation R\<close>
+ unfolding weak_bisimulation_def
+proof (clarify, rule)
+ fix p q
+ assume R: \<open>R p q\<close>
+ show \<open>\<forall>p' a. p \<longmapsto>a p' \<longrightarrow> (\<exists>q'. R p' q' \<and> (q \<Rightarrow>^a q'))\<close>
+ proof (clarify)
+ fix p' a
+ assume p'a: \<open>p \<longmapsto>a p'\<close>
+ have
+ \<open>\<not> tau a \<longrightarrow> (\<exists>q'. R p' q' \<and> q \<Rightarrow>a q')\<close>
+ \<open>(tau a \<longrightarrow> (\<exists>q'. R p' q' \<and> q \<longmapsto>* tau q'))\<close>
+ using bisim_ruleformat(1)[OF assms R p'a] step_weak_step step_weak_step_tau by auto
+ thus \<open>\<exists>q'. R p' q' \<and> (q \<Rightarrow>^a q')\<close> by blast
+ qed
+next
+ fix p q
+ assume R: \<open>R p q\<close>
+ have \<open>\<forall>q' a. q \<longmapsto>a q' \<longrightarrow> (\<not> tau a \<longrightarrow> (\<exists>p'. R p' q' \<and> p \<Rightarrow>a p'))
+ \<and> (tau a \<longrightarrow> (\<exists>p'. R p' q' \<and> p \<longmapsto>* tau p'))\<close>
+ proof (clarify)
+ fix q' a
+ assume q'a: \<open>q \<longmapsto>a q'\<close>
+ show
+ \<open>(\<not> tau a \<longrightarrow> (\<exists>p'. R p' q' \<and> p \<Rightarrow>a p')) \<and>
+ (tau a \<longrightarrow> (\<exists>p'. R p' q' \<and> p \<longmapsto>* tau p'))\<close>
+ using bisim_ruleformat(2)[OF assms R q'a] step_weak_step
+ step_weak_step_tau steps_one_step by auto
+ qed
+ thus \<open>\<forall>q' a. q \<longmapsto>a q' \<longrightarrow> (\<exists>p'. R p' q' \<and> (p \<Rightarrow>^a p'))\<close> by blast
+qed
+
+lemma weak_bisim_weak_sim:
+ shows \<open>weak_bisimulation R = (weak_simulation R \<and> weak_simulation (\<lambda> p q . R q p))\<close>
+unfolding weak_bisimulation_def weak_simulation_def by auto
+
+lemma steps_retain_weak_bisim:
+ assumes
+ \<open>weak_bisimulation R\<close>
+ \<open>R p q\<close>
+ \<open>p \<longmapsto>*A p'\<close>
+ \<open>\<And> a . tau a \<Longrightarrow> A a\<close>
+ shows \<open>\<exists>q'. R p' q' \<and> q \<longmapsto>*A q'\<close>
+ using assms weak_bisim_weak_sim steps_retain_weak_sim
+ by auto
+
+lemma weak_bisim_union:
+ assumes
+ \<open>weak_bisimulation R1\<close>
+ \<open>weak_bisimulation R2\<close>
+ shows
+ \<open>weak_bisimulation (\<lambda> p q . R1 p q \<or> R2 p q)\<close>
+ using assms unfolding weak_bisimulation_def by blast
+
+lemma weak_bisim_taufree_strong:
+ assumes
+ \<open>weak_bisimulation R\<close>
+ \<open>\<And> p q a. p \<longmapsto> a q \<Longrightarrow> \<not> tau a\<close>
+ shows
+ \<open>bisimulation R\<close>
+ using assms strong_weak_transition_system
+ unfolding weak_bisimulation_def bisimulation_def
+ by auto
+
+subsection \<open>Trace Inclusion\<close>
+
+definition trace_inclusion ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>trace_inclusion R \<equiv> \<forall> p q p' A . (\<forall> a \<in> set(A). a \<noteq> \<tau>)
+ \<and> R p q \<and> p \<Rightarrow>$ A p' \<longrightarrow> (\<exists> q'. q \<Rightarrow>$ A q')\<close>
+
+abbreviation weakly_trace_included_by :: \<open>'s \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<sqsubseteq>T _" [60, 60] 65)
+ where \<open>weakly_trace_included_by p q \<equiv> \<exists> R . trace_inclusion R \<and> R p q\<close>
+
+lemma weak_trace_inlcusion_greatest:
+ shows \<open>trace_inclusion (\<lambda> p q . p \<sqsubseteq>T q)\<close>
+ unfolding trace_inclusion_def
+ by blast
+
+subsection \<open>Delay Simulation\<close>
+
+definition delay_simulation ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+where
+ \<open>delay_simulation R \<equiv> \<forall> p q. R p q \<longrightarrow>
+ (\<forall> p' a. p \<longmapsto>a p' \<longrightarrow>
+ (tau a \<longrightarrow> R p' q) \<and>
+ (\<not>tau a \<longrightarrow> (\<exists> q'. R p' q'\<and> (q =\<rhd>a q'))))\<close>
+
+lemma delay_simulation_implies_weak_simulation:
+ assumes
+ \<open>delay_simulation R\<close>
+ shows
+ \<open>weak_simulation R\<close>
+ using assms weak_step_delay_implies_weak_tau steps.refl
+ unfolding delay_simulation_def weak_simulation_def by blast
+
+subsection \<open>Coupled Equivalences\<close>
+
+abbreviation coupling ::
+ \<open>('s \<Rightarrow> 's \<Rightarrow> bool) \<Rightarrow> bool\<close>
+ where \<open>coupling R \<equiv> \<forall> p q . R p q \<longrightarrow> (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p)\<close>
+
+lemma coupling_tau_max_symm:
+ assumes
+ \<open>R p q \<longrightarrow> (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p)\<close>
+ \<open>tau_max q\<close>
+ \<open>R p q\<close>
+ shows
+ \<open>R q p\<close>
+ using assms steps_no_step_pos[of q tau] by blast
+
+corollary coupling_stability_symm:
+ assumes
+ \<open>R p q \<longrightarrow> (\<exists> q'. q \<longmapsto>*tau q' \<and> R q' p)\<close>
+ \<open>stable_state q\<close>
+ \<open>R p q\<close>
+ shows
+ \<open>R q p\<close>
+ using coupling_tau_max_symm stable_tauclosure_only_loop assms by metis
+
+end \<comment>\<open>context @{locale lts_tau}\<close>
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/Weak_Transition_Systems.thy b/thys/Coupledsim_Contrasim/Weak_Transition_Systems.thy
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/Weak_Transition_Systems.thy
@@ -0,0 +1,532 @@
+subsection \<open>Transition Systems with Silent Steps\<close>
+
+theory Weak_Transition_Systems
+ imports Transition_Systems
+begin
+
+locale lts_tau = lts trans for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> ("_ \<longmapsto>_ _" [70, 70, 70] 80) + fixes
+ \<tau> :: \<open>'a\<close> begin
+
+definition tau :: \<open>'a \<Rightarrow> bool\<close> where \<open>tau a \<equiv> (a = \<tau>)\<close>
+
+lemma tau_tau[simp]: \<open>tau \<tau>\<close> unfolding tau_def by simp
+
+abbreviation weak_step :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ \<Rightarrow>_ _" [70, 70, 70] 80)
+where
+ \<open>(p \<Rightarrow>a q) \<equiv> (\<exists> pq1 pq2.
+ p \<longmapsto>* tau pq1 \<and>
+ pq1 \<longmapsto>a pq2 \<and>
+ pq2 \<longmapsto>* tau q)\<close>
+
+lemma step_weak_step:
+ assumes \<open>p \<longmapsto>a p'\<close>
+ shows \<open>p \<Rightarrow>a p'\<close>
+ using assms steps.refl by auto
+
+abbreviation weak_step_tau :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ \<Rightarrow>^_ _" [70, 70, 70] 80)
+where
+ \<open>(p \<Rightarrow>^a q) \<equiv>
+ (tau a \<longrightarrow> p \<longmapsto>* tau q) \<and>
+ (\<not>tau a \<longrightarrow> p \<Rightarrow>a q)\<close>
+
+abbreviation weak_step_delay :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ =\<rhd> _ _" [70, 70, 70] 80)
+where
+ \<open>(p =\<rhd>a q) \<equiv>
+ (tau a \<longrightarrow> p \<longmapsto>* tau q) \<and>
+ (\<not>tau a \<longrightarrow> (\<exists> pq.
+ p \<longmapsto>* tau pq \<and>
+ pq \<longmapsto>a q))\<close>
+
+lemma weak_step_delay_implies_weak_tau:
+ assumes \<open>p =\<rhd>a p'\<close>
+ shows \<open>p \<Rightarrow>^a p'\<close>
+ using assms steps.refl[of p' tau] by blast
+
+lemma weak_step_delay_left:
+ assumes
+ \<open>\<not> p0 \<longmapsto>a p1\<close>
+ \<open>p0 =\<rhd>a p1\<close>
+ \<open>\<not>tau a\<close>
+ shows
+ \<open>\<exists> p0' t. tau t \<and> p0 \<longmapsto>t p0' \<and> p0' =\<rhd>a p1\<close>
+ using assms steps_left by metis
+
+primrec weak_step_seq :: \<open>'s \<Rightarrow> 'a list \<Rightarrow> 's \<Rightarrow> bool\<close>
+ ("_ \<Rightarrow>$ _ _" [70, 70, 70] 80)
+ where
+ \<open>weak_step_seq p0 [] p1 = p0 \<longmapsto>* tau p1\<close>
+ | \<open>weak_step_seq p0 (a#A) p1 = (\<exists> p01 . p0 \<Rightarrow>^a p01 \<and> weak_step_seq p01 A p1)\<close>
+
+lemma step_weak_step_tau:
+ assumes \<open>p \<longmapsto>a p'\<close>
+ shows \<open>p \<Rightarrow>^a p'\<close>
+ using step_weak_step[OF assms] steps_one_step[OF assms]
+ by blast
+
+lemma step_tau_refl:
+ shows \<open>p \<Rightarrow>^\<tau> p\<close>
+ using steps.refl[of p tau]
+ by simp
+
+lemma weak_step_tau_weak_step[simp]:
+ assumes \<open>p \<Rightarrow>^a p'\<close> \<open>\<not> tau a\<close>
+ shows \<open>p \<Rightarrow>a p'\<close>
+ using assms by auto
+
+lemma weak_steps:
+ assumes
+ \<open>p \<Rightarrow>a p'\<close>
+ \<open>\<And> a . tau a \<Longrightarrow> A a\<close>
+ \<open>A a\<close>
+ shows
+ \<open>p \<longmapsto>* A p'\<close>
+proof -
+ obtain pp pp' where pp:
+ \<open>p \<longmapsto>* tau pp\<close> \<open>pp \<longmapsto>a pp'\<close> \<open>pp' \<longmapsto>* tau p'\<close>
+ using assms(1) by blast
+ then have cascade:
+ \<open>p \<longmapsto>* A pp\<close> \<open>pp \<longmapsto>* A pp'\<close> \<open>pp' \<longmapsto>* A p'\<close>
+ using steps_one_step steps_spec assms(2,3) by auto
+ have \<open>p \<longmapsto>* A pp'\<close> using steps_concat[OF cascade(2) cascade(1)] .
+ show ?thesis using steps_concat[OF cascade(3) `p \<longmapsto>* A pp'`] .
+qed
+
+lemma weak_step_impl_weak_tau:
+ assumes
+ \<open>p \<Rightarrow>a p'\<close>
+ shows
+ \<open>p \<Rightarrow>^a p'\<close>
+ using assms weak_steps[OF assms, of tau] by auto
+
+lemma weak_impl_strong_step:
+ assumes
+ \<open>p \<Rightarrow>a p''\<close>
+ shows
+ \<open>(\<exists> a' p' . tau a' \<and> p \<longmapsto>a' p') \<or> (\<exists> p' . p \<longmapsto>a p')\<close>
+proof -
+ from assms obtain pq1 pq2 where pq12:
+ \<open>p \<longmapsto>* tau pq1\<close>
+ \<open>pq1 \<longmapsto>a pq2\<close>
+ \<open>pq2 \<longmapsto>* tau p''\<close> by blast
+ show ?thesis
+ proof (cases \<open>p = pq1\<close>)
+ case True
+ then show ?thesis using pq12 by blast
+ next
+ case False
+ then show ?thesis using pq12 steps_left[of p pq1 tau] by blast
+ qed
+qed
+
+lemma weak_step_extend:
+ assumes
+ \<open>p1 \<longmapsto>* tau p2\<close>
+ \<open>p2 \<Rightarrow>^a p3\<close>
+ \<open>p3 \<longmapsto>* tau p4\<close>
+ shows
+ \<open>p1 \<Rightarrow>^a p4\<close>
+ using assms steps_concat by blast
+
+lemma weak_step_tau_tau:
+ assumes
+ \<open>p1 \<longmapsto>* tau p2\<close>
+ \<open>tau a\<close>
+ shows
+ \<open>p1 \<Rightarrow>^a p2\<close>
+ using assms by blast
+
+lemma weak_single_step[iff]:
+ \<open>p \<Rightarrow>$ [a] p' \<longleftrightarrow> p \<Rightarrow>^a p'\<close>
+ using steps.refl[of p' tau]
+ by (meson steps_concat weak_step_seq.simps(1) weak_step_seq.simps(2))
+
+abbreviation weak_enabled :: \<open>'s \<Rightarrow> 'a \<Rightarrow> bool\<close> where
+ \<open>weak_enabled p a \<equiv>
+ \<exists> pq1 pq2. p \<longmapsto>* tau pq1 \<and> pq1 \<longmapsto>a pq2\<close>
+
+lemma weak_enabled_step:
+ shows \<open>weak_enabled p a = (\<exists> p'. p \<Rightarrow>a p')\<close>
+ using step_weak_step steps_concat by blast
+
+lemma step_tau_concat:
+ assumes
+ \<open>q \<Rightarrow>^a q'\<close>
+ \<open>q' \<Rightarrow>^\<tau> q1\<close>
+ shows \<open>q \<Rightarrow>^a q1\<close>
+proof -
+ show ?thesis using assms steps_concat tau_tau by blast
+qed
+
+lemma tau_step_concat:
+ assumes
+ \<open>q \<Rightarrow>^\<tau> q'\<close>
+ \<open>q' \<Rightarrow>^a q1\<close>
+ shows \<open>q \<Rightarrow>^a q1\<close>
+proof -
+ show ?thesis using assms steps_concat tau_tau by blast
+qed
+
+
+lemma tau_word_concat:
+ assumes
+ \<open>q \<Rightarrow>^\<tau> q'\<close>
+ \<open>q' \<Rightarrow>$A q1\<close>
+ shows \<open>q \<Rightarrow>$A q1\<close>
+ using assms
+proof (cases A)
+ case Nil
+ hence \<open>q' \<Rightarrow>^\<tau> q1\<close> using assms by auto
+ thus ?thesis using Nil assms steps_concat tau_tau weak_step_seq.simps by blast
+next
+ case (Cons a A)
+ then obtain q'' where \<open>q' \<Rightarrow>^a q''\<close> and A_step: \<open>q'' \<Rightarrow>$A q1 \<close> using assms by auto
+ hence \<open>q \<Rightarrow>^a q''\<close> using tau_step_concat[OF assms(1)] by auto
+ then show ?thesis using Cons A_step \<open>q \<Rightarrow>^a q''\<close> by auto
+qed
+
+lemma strong_weak_transition_system:
+ assumes
+ \<open>\<And> p q a. p \<longmapsto> a q \<Longrightarrow> \<not> tau a\<close>
+ \<open>\<not> tau a\<close>
+ shows
+ \<open>p \<Rightarrow>^a p' = p \<longmapsto> a p'\<close>
+proof
+ assume \<open>p \<Rightarrow>^a p'\<close>
+ then obtain p0 p1 where \<open>p \<longmapsto>* tau p0\<close> \<open>p0 \<longmapsto>a p1\<close> \<open>p1 \<longmapsto>* tau p'\<close> using assms by blast
+ then have \<open>p = p0\<close> \<open>p1 = p'\<close> using assms(1) steps_no_step by blast+
+ with \<open>p0 \<longmapsto>a p1\<close> show \<open>p \<longmapsto>a p'\<close> by blast
+next
+ assume \<open>p \<longmapsto>a p'\<close>
+ thus \<open>p \<Rightarrow>^a p'\<close> using step_weak_step_tau by blast
+qed
+
+lemma rev_seq_split :
+ assumes \<open>q \<Rightarrow>$ (xs @ [x]) q1\<close>
+ shows \<open>\<exists>q'. q \<Rightarrow>$xs q' \<and> q' \<Rightarrow>^x q1\<close>
+ using assms
+proof (induct xs arbitrary: q)
+ case Nil
+ hence \<open>q \<Rightarrow>$ [x] q1\<close> by auto
+ hence x_succ: \<open>q \<Rightarrow>^x q1\<close> by blast
+ have \<open>q \<Rightarrow>$[] q\<close> by (simp add: steps.refl)
+ then show ?case using x_succ by auto
+next
+ case (Cons a xs)
+ then obtain q' where q'_def: \<open>q \<Rightarrow>^a q' \<and> q' \<Rightarrow>$(xs@[x]) q1\<close> by auto
+ then obtain q'' where \<open>q' \<Rightarrow>$ xs q'' \<and> q'' \<Rightarrow>^x q1\<close> using Cons.hyps[of \<open>q'\<close>] by auto
+ then show ?case using q'_def by auto
+qed
+
+lemma rev_seq_concat:
+ assumes
+ \<open>q \<Rightarrow>$as q'\<close>
+ \<open>q'\<Rightarrow>$A q1\<close>
+ shows \<open>q \<Rightarrow>$(as@A) q1\<close>
+ using assms
+proof (induct as arbitrary: A q' rule: rev_induct)
+ case Nil
+ hence \<open>q \<Rightarrow>^\<tau> q'\<close> by auto
+ hence \<open>q \<Rightarrow>^\<tau> q' \<and> q' \<Rightarrow>$A q1\<close> using Nil.prems(2) by blast
+ hence \<open>q \<Rightarrow>$A q1\<close> using tau_word_concat by auto
+ then show ?case by simp
+next
+ case (snoc x xs)
+ hence \<open>\<exists>q''. q \<Rightarrow>$xs q'' \<and> q'' \<Rightarrow>^x q'\<close> using rev_seq_split by simp
+ then obtain q'' where q_def: \<open>q \<Rightarrow>$xs q''\<close> \<open>q'' \<Rightarrow>^x q'\<close> by auto
+ from snoc.prems(2) have \<open>q' \<Rightarrow>$A q1\<close> by blast
+ hence \<open>q'' \<Rightarrow>$(x#A) q1\<close> using q_def by auto
+ hence \<open>q'' \<Rightarrow>$([x]@A) q1\<close> by auto
+ then show ?case using snoc.hyps[of \<open>q''\<close> \<open>[x]@A\<close>] q_def by auto
+qed
+
+lemma rev_seq_step_concat :
+ assumes
+ \<open>q \<Rightarrow>$as q'\<close>
+ \<open>q'\<Rightarrow>^a q1\<close>
+ shows \<open>q \<Rightarrow>$(as@[a]) q1\<close>
+proof -
+ from assms(2) have \<open>q'\<Rightarrow>$[a] q1\<close> by blast
+ thus ?thesis using rev_seq_concat assms(1) by auto
+qed
+
+lemma rev_seq_dstep_concat :
+ assumes
+ \<open>q \<Rightarrow>$as q'\<close>
+ \<open>q'=\<rhd>a q1\<close>
+ shows \<open>q \<Rightarrow>$(as@[a]) q1\<close>
+proof -
+ from assms(2) have \<open>q' \<Rightarrow>^a q1\<close> using steps.refl by auto
+ thus ?thesis using assms rev_seq_step_concat by auto
+qed
+
+lemma word_tau_concat:
+ assumes
+ \<open>q \<Rightarrow>$A q'\<close>
+ \<open>q' \<Rightarrow>^\<tau> q1\<close>
+ shows \<open>q \<Rightarrow>$A q1\<close>
+proof -
+ from assms(2) have \<open>q' \<Rightarrow>$[] q1\<close>
+ using tau_tau weak_step_seq.simps(1) by blast
+ thus ?thesis using assms(1) rev_seq_concat
+ by (metis append.right_neutral)
+qed
+
+lemma list_rev_split :
+ assumes \<open>A \<noteq> []\<close>
+ shows \<open>\<exists>as a. A = as@[a]\<close>
+proof -
+ show ?thesis using assms rev_exhaust by blast
+qed
+
+primrec taufree :: \<open>'a list \<Rightarrow> 'a list\<close>
+ where
+ \<open>taufree [] = []\<close>
+ | \<open>taufree (a#A) = (if tau a then taufree A else a#(taufree A))\<close>
+
+lemma weak_step_over_tau :
+ assumes
+ \<open>p \<Rightarrow>$A p'\<close>
+ shows \<open>p \<Rightarrow>$(taufree A) p'\<close> using assms
+proof (induct A arbitrary: p)
+ case Nil
+ thus ?case by auto
+next
+ case (Cons a as)
+ then obtain p0 where \<open>p \<Rightarrow>^a p0\<close> \<open>p0\<Rightarrow>$as p'\<close> by auto
+ then show ?case
+ proof (cases \<open>tau a\<close>)
+ case True
+ hence \<open>p \<Rightarrow>$as p'\<close> using tau_word_concat \<open>p \<Rightarrow>^a p0\<close> \<open>p0 \<Rightarrow>$ as p'\<close> tau_tau by blast
+ hence \<open>p \<Rightarrow>$ (taufree as) p'\<close> using Cons by auto
+ thus \<open>p \<Rightarrow>$ (taufree (a#as)) p'\<close> using True by auto
+ next
+ case False
+ hence rec: \<open>taufree (a#as) = a#(taufree as)\<close> by auto
+ hence \<open>p0 \<Rightarrow>$ (taufree as) p'\<close> using \<open>p0\<Rightarrow>$as p'\<close> Cons by auto
+ hence \<open>p \<Rightarrow>$(a#(taufree as)) p'\<close> using \<open>p \<Rightarrow>^a p0\<close> by auto
+ then show ?thesis using rec by auto
+ qed
+qed
+
+lemma app_tau_taufree_list :
+ assumes
+ \<open>\<forall>a \<in> set A. \<not>tau a\<close>
+ \<open>b = \<tau>\<close>
+ shows \<open>A = taufree (A@[b])\<close> using assms(1)
+proof (induct A)
+ case Nil
+ then show ?case using assms by simp
+next
+ case (Cons x xs)
+ have \<open>\<forall>a\<in>set xs. \<not> tau a\<close> \<open>\<not>tau x\<close> using assms(1) butlast_snoc Cons by auto
+ hence last: \<open>xs = taufree (xs @ [b])\<close> using Cons by auto
+ have \<open>taufree (x#xs@[b]) = x#taufree (xs @ [b])\<close> using \<open>\<not>tau x\<close> by auto
+ hence \<open>x # xs = x# taufree (xs@ [b])\<close> using last by auto
+ then show ?case using Cons.prems last by auto
+qed
+
+lemma word_steps_ignore_tau_addition:
+ assumes
+ \<open>\<forall>a\<in>set A. a \<noteq> \<tau>\<close>
+ \<open>p \<Rightarrow>$ A p'\<close>
+ \<open>filter (\<lambda>a. a \<noteq> \<tau>) A' = A\<close>
+ shows
+ \<open>p \<Rightarrow>$ A' p'\<close>
+ using assms
+proof (induct A' arbitrary: p A)
+ case Nil': Nil
+ then show ?case by simp
+next
+ case Cons': (Cons a' A' p)
+ show ?case proof (cases \<open>a' = \<tau>\<close>)
+ case True
+ with Cons'.prems have \<open>filter (\<lambda>a. a \<noteq> \<tau>) A' = A\<close> by simp
+ with Cons' have \<open>p \<Rightarrow>$ A' p'\<close> by blast
+ with True show ?thesis using steps.refl by fastforce
+ next
+ case False
+ with Cons'.prems obtain A'' where
+ A''_spec: \<open>A = a'#A''\<close> \<open>filter (\<lambda>a. a \<noteq> \<tau>) A' = A''\<close> \<open>\<forall>a\<in>set A''. a \<noteq> \<tau> \<close> by auto
+ with Cons'.prems obtain p0 where
+ p0_spec: \<open>p \<Rightarrow>^a' p0\<close> \<open>p0 \<Rightarrow>$ A'' p'\<close> by auto
+ with Cons'.hyps A''_spec(2,3) have \<open>p0 \<Rightarrow>$ A' p'\<close> by blast
+ with p0_spec show ?thesis by auto
+ qed
+qed
+
+lemma word_steps_ignore_tau_removal:
+ assumes
+ \<open>p \<Rightarrow>$ A p'\<close>
+ shows
+ \<open>p \<Rightarrow>$ (filter (\<lambda>a. a \<noteq> \<tau>) A) p'\<close>
+ using assms
+proof (induct A arbitrary: p)
+ case Nil
+ then show ?case by simp
+next
+ case (Cons a A)
+ show ?case proof (cases \<open>a = \<tau>\<close>)
+ case True
+ with Cons show ?thesis using tau_word_concat by auto
+ next
+ case False
+ with Cons.prems obtain p0 where p0_spec: \<open>p \<Rightarrow>^a p0\<close> \<open>p0 \<Rightarrow>$ A p'\<close> by auto
+ with Cons.hyps have \<open>p0 \<Rightarrow>$ (filter (\<lambda>a. a \<noteq> \<tau>) A) p'\<close> by blast
+ with \<open>p \<Rightarrow>^a p0\<close> False show ?thesis by auto
+ qed
+qed
+
+definition weak_tau_succs :: "'s set \<Rightarrow> 's set" where
+ \<open>weak_tau_succs Q = {q1. \<exists>q\<in> Q. q \<Rightarrow>^\<tau> q1}\<close>
+
+definition dsuccs :: "'a \<Rightarrow> 's set \<Rightarrow> 's set" where
+ \<open>dsuccs a Q = {q1. \<exists>q\<in> Q. q =\<rhd>a q1}\<close>
+
+definition word_reachable_via_delay :: "'a list \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow> bool" where
+ \<open>word_reachable_via_delay A p p0 p1 = (\<exists>p00. p \<Rightarrow>$(butlast A) p00 \<and> p00 =\<rhd>(last A) p0 \<and> p0 \<Rightarrow>^\<tau> p1)\<close>
+
+primrec dsuccs_seq_rec :: "'a list \<Rightarrow> 's set \<Rightarrow> 's set" where
+ \<open>dsuccs_seq_rec [] Q = Q\<close> |
+ \<open>dsuccs_seq_rec (a#as) Q = dsuccs a (dsuccs_seq_rec as Q)\<close>
+
+lemma in_dsuccs_implies_word_reachable:
+ assumes
+ \<open>q' \<in> dsuccs_seq_rec (rev A) {q}\<close>
+ shows
+ \<open>q \<Rightarrow>$A q'\<close>
+ using assms
+proof (induct arbitrary: q' rule: rev_induct)
+ case Nil
+ hence \<open>q' = q\<close> by auto
+ hence \<open>q \<Rightarrow>^\<tau> q'\<close> by (simp add: steps.refl)
+ thus \<open>q \<Rightarrow>$[] q'\<close> by simp
+next
+ case (snoc a as)
+ hence \<open>q' \<in> dsuccs_seq_rec (a#(rev as)) {q}\<close> by simp
+ hence \<open>q' \<in> dsuccs a (dsuccs_seq_rec (rev as) {q})\<close> by simp
+ then obtain q0 where \<open>q0 \<in> dsuccs_seq_rec (rev as) {q}\<close>
+ and \<open>q0 =\<rhd>a q'\<close> using dsuccs_def by auto
+ hence \<open>q \<Rightarrow>$as q0\<close> using snoc.hyps by auto
+ thus \<open>q \<Rightarrow>$(as @ [a]) q'\<close>
+ using \<open>q0 =\<rhd>a q'\<close> steps.refl rev_seq_step_concat by blast
+qed
+
+lemma word_reachable_implies_in_dsuccs :
+ assumes
+ \<open>q \<Rightarrow>$A q'\<close>
+ shows \<open>q' \<in> weak_tau_succs (dsuccs_seq_rec (rev A) {q})\<close> using assms
+proof (induct A arbitrary: q' rule: rev_induct)
+ case Nil
+ hence \<open>q \<Rightarrow>^\<tau> q'\<close> using tau_tau weak_step_seq.simps(1) by blast
+ hence \<open>q' \<in> weak_tau_succs {q}\<close> using weak_tau_succs_def by auto
+ thus ?case using dsuccs_seq_rec.simps(1) by auto
+next
+ case (snoc a as)
+ then obtain q1 where \<open>q \<Rightarrow>$as q1\<close> and \<open>q1 \<Rightarrow>^a q'\<close> using rev_seq_split by blast
+ hence in_succs: \<open>q1 \<in> weak_tau_succs (dsuccs_seq_rec (rev as) {q})\<close> using snoc.hyps by auto
+ then obtain q0 where q0_def: \<open>q0 \<in> dsuccs_seq_rec (rev as) {q}\<close> \<open>q0 \<Rightarrow>^\<tau> q1\<close>
+ using weak_tau_succs_def[of\<open>dsuccs_seq_rec (rev as) {q}\<close>] by auto
+ hence \<open>q0 \<Rightarrow>^a q'\<close> using \<open>q1 \<Rightarrow>^a q'\<close> steps_concat tau_tau by blast
+ then obtain q2 where \<open>q0 =\<rhd>a q2\<close> \<open>q2 \<Rightarrow>^\<tau> q'\<close> using steps.refl by auto
+ hence \<open>\<exists>q0 \<in> dsuccs_seq_rec (rev as) {q}. q0 =\<rhd>a q2\<close> using q0_def by auto
+ hence \<open>q2 \<in> dsuccs a (dsuccs_seq_rec (rev as) {q})\<close> using dsuccs_def by auto
+ hence \<open>q2 \<in> dsuccs_seq_rec (a#(rev as)) {q}\<close> by auto
+ hence \<open>q2 \<in> dsuccs_seq_rec (rev (as@[a])) {q}\<close> by auto
+ hence \<open>\<exists>q2 \<in> dsuccs_seq_rec (rev (as@[a])) {q}. q2 \<Rightarrow>^\<tau> q'\<close> using \<open>q2 \<Rightarrow>^\<tau> q'\<close> by auto
+ thus ?case using weak_tau_succs_def[of \<open>dsuccs_seq_rec (rev (as@[a])) {q}\<close>] by auto
+qed
+
+lemma simp_dsuccs_seq_rev:
+ assumes
+ \<open>Q = dsuccs_seq_rec (rev A) {q0}\<close>
+ shows
+ \<open>dsuccs a Q = dsuccs_seq_rec (rev (A@[a])) {q0}\<close>
+proof -
+ show ?thesis by (simp add: assms)
+qed
+
+abbreviation tau_max :: \<open>'s \<Rightarrow> bool\<close> where
+ \<open>tau_max p \<equiv> (\<forall>p'. p \<longmapsto>* tau p' \<longrightarrow> p = p')\<close>
+
+lemma tau_max_deadlock:
+ fixes q
+ assumes
+ \<open>\<And> r1 r2. r1 \<longmapsto>* tau r2 \<and> r2 \<longmapsto>* tau r1 \<Longrightarrow> r1 = r2\<close> \<comment>\<open>contracted cycles (anti-symmetry)\<close>
+ \<open>finite {q'. q \<longmapsto>* tau q'}\<close>
+ shows
+ \<open>\<exists> q' . q \<longmapsto>* tau q' \<and> tau_max q'\<close>
+ using step_max_deadlock assms by blast
+
+abbreviation stable_state :: \<open>'s \<Rightarrow> bool\<close> where
+ \<open>stable_state p \<equiv> \<nexists> p' . step_pred p tau p'\<close>
+
+lemma stable_tauclosure_only_loop:
+ assumes
+ \<open>stable_state p\<close>
+ shows
+ \<open>tau_max p\<close>
+ using assms steps_left by blast
+
+coinductive divergent_state :: \<open>'s \<Rightarrow> bool\<close> where
+ omega: \<open>divergent_state p' \<Longrightarrow> tau t \<Longrightarrow> p \<longmapsto>t p'\<Longrightarrow> divergent_state p\<close>
+
+lemma ex_divergent:
+ assumes \<open>p \<longmapsto>a p\<close> \<open>tau a\<close>
+ shows \<open>divergent_state p\<close>
+ using assms
+proof (coinduct)
+ case (divergent_state p)
+ then show ?case using assms by auto
+qed
+
+lemma ex_not_divergent:
+ assumes \<open>\<forall>a q. p \<longmapsto>a q \<longrightarrow> \<not> tau a\<close> \<open>divergent_state p\<close>
+ shows \<open>False\<close> using assms(2)
+proof (cases rule:divergent_state.cases)
+ case (omega p' t)
+ thus ?thesis using assms(1) by auto
+qed
+
+lemma perpetual_instability_divergence:
+ assumes
+ \<open>\<forall> p' . p \<longmapsto>* tau p' \<longrightarrow> \<not> stable_state p'\<close>
+ shows
+ \<open>divergent_state p\<close>
+ using assms
+proof (coinduct rule: divergent_state.coinduct)
+ case (divergent_state p)
+ then obtain t p' where \<open>tau t\<close> \<open>p \<longmapsto>t p'\<close> using steps.refl by blast
+ then moreover have \<open>\<forall>p''. p' \<longmapsto>* tau p'' \<longrightarrow> \<not> stable_state p''\<close>
+ using divergent_state step_weak_step_tau steps_concat by blast
+ ultimately show ?case by blast
+qed
+
+corollary non_divergence_implies_eventual_stability:
+ assumes
+ \<open>\<not> divergent_state p\<close>
+ shows
+ \<open>\<exists> p' . p \<longmapsto>* tau p' \<and> stable_state p'\<close>
+ using assms perpetual_instability_divergence by blast
+
+end \<comment>\<open>context @{locale lts_tau}\<close>
+
+subsection \<open>Finite Transition Systems with Silent Steps\<close>
+
+locale lts_tau_finite = lts_tau trans \<tau> for
+ trans :: \<open>'s \<Rightarrow> 'a \<Rightarrow> 's \<Rightarrow> bool\<close> and
+ \<tau> :: \<open>'a\<close> +
+assumes
+ finite_state_set: \<open>finite (top::'s set)\<close>
+begin
+
+lemma finite_state_rel: \<open>finite (top::('s rel))\<close>
+ using finite_state_set
+ by (simp add: finite_prod)
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Coupledsim_Contrasim/document/root.bib b/thys/Coupledsim_Contrasim/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/document/root.bib
@@ -0,0 +1,750 @@
+% Encoding: UTF-8
+
+@InProceedings{hhk1995simulations,
+ author = {Monika Rauch Henzinger and Thomas A. Henzinger and Peter W. Kopke},
+ title = {Computing Simulations on Finite and Infinite Graphs},
+ booktitle = {36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin},
+ year = {1995},
+ pages = {453--462},
+ doi = {10.1109/SFCS.1995.492576},
+}
+
+@InProceedings{bell2013certifiably,
+ author = {Bell, Christian J.},
+ title = {Certifiably sound parallelizing transformations},
+ booktitle = {International Conference on Certified Programs and Proofs},
+ year = {2013},
+ pages = {227--242},
+ organization = {Springer},
+}
+
+@Article{brr2016,
+ author = {Boulgakov, Alexandre and Gibson-Robinson, Thomas and Roscoe, A.~W.},
+ title = {Computing maximal weak and other bisimulations},
+ journal = {Formal Aspects of Computing},
+ year = {2016},
+ volume = {28},
+ number = {3},
+ pages = {381--407},
+ issn = {1433-299X},
+ abstract = {We present and compare several algorithms for computing the maximal strong bisimulation, the maximal divergence-respecting delay bisimulation, and the maximal divergence-respecting weak bisimulation of a generalised labelled transition system. These bisimulation relations preserve CSP semantics, as well as the operational semantics of programs in other languages with operational semantics described by such GLTSs and relying only on observational equivalence. They can therefore be used to combat the space explosion problem faced in explicit model checking for such languages. We concentrate on algorithms which work efficiently when implemented rather than on ones which have low asymptotic growth.},
+ doi = {10.1007/s00165-016-0366-2},
+ file = {:algorithms/brr2016_computing-maximal-weak-and-other-bisimulations.pdf:PDF},
+ timestamp = {2017.06.17},
+}
+
+@Article{ch1993,
+ Title = {Testing equivalence as a bisimulation equivalence},
+ Author = {Cleaveland, Rance and Hennessy, Matthew},
+ Journal = {Formal Aspects of Computing},
+ Year = {1993},
+ Number = {1},
+ Pages = {1--20},
+ Volume = {5},
+ Publisher = {Springer}
+}
+
+@Article{dpp2004,
+ author = {Agostino Dovier and Carla Piazza and Alberto Policriti},
+ title = {An efficient algorithm for computing bisimulation equivalence},
+ journal = {Theoretical Computer Science},
+ year = {2004},
+ volume = {311},
+ number = {1},
+ pages = {221--256},
+ issn = {0304-3975},
+ doi = {10.1016/S0304-3975(03)00361-X},
+ file = {:algorithms/dpp2004_efficient-algorithm-bisimulation.pdf:PDF},
+ keywords = {Bisimulation},
+ owner = {ben},
+ timestamp = {2017.06.19},
+}
+
+@InCollection{glabbeek2017,
+author="van Glabbeek, Rob",
+editor={Gibson-Robinson, Thomas
+and Hopcroft, Philippa
+and Lazi{\'{c}}, Ranko},
+title={A Branching Time Model of {CSP}},
+ bookTitle="Concurrency, Security, and Puzzles: Essays Dedicated to Andrew William Roscoe on the Occasion of His 60th Birthday",
+year="2017",
+publisher="Springer International Publishing",
+address="Cham",
+pages={272--293},
+isbn="978-3-319-51046-0",
+doi={10.1007/978-3-319-51046-0\_14}
+}
+
+
+
+@Article{nestmann1996decoding,
+ author = {Nestmann, Uwe and Pierce, Benjamin C.},
+ title = {Decoding choice encodings},
+ journal = {Information and Computation},
+ year = {2000},
+ volume = {163},
+ number = {1},
+ pages = {1--59},
+ publisher = {Elsevier},
+ doi = {10.1006/inco.2000.2868},
+}
+
+@InProceedings{parrow1992,
+ Title = {Multiway synchronization verified with coupled simulation},
+ Author = {Parrow, Joachim and Sj{\"o}din, Peter},
+ Booktitle = {CONCUR '92: Third International Conference on Concurrency Theory Stony Brook, NY, USA, August 24--27, 1992 Proceedings},
+ Year = {1992},
+ Editor = {Cleaveland, W.R.},
+ Pages = {518--533},
+ Publisher = {Springer Berlin Heidelberg},
+
+ Doi = {10.1007/BFb0084813},
+ File = {:parrow1992_coupled-simulation.pdf:PDF},
+ ISBN = {978-3-540-47293-3},
+ Owner = {ben},
+ Timestamp = {2017.06.19}
+}
+
+@InProceedings{ps1994,
+ Title = {The complete axiomatization of {Cs}-congruence},
+ Author = {Parrow, Joachim and Sj{\"o}din, Peter},
+ Booktitle = {STACS 94: 11th Annual Symposium on Theoretical Aspects of Computer Science Caen, France, February 24--26, 1994 Proceedings},
+ Year = {1994},
+ Editor = {Enjalbert, Patrice and Mayr, Ernst W. and Wagner, Klaus W.},
+ Pages = {555--568},
+ Publisher = {Springer Berlin Heidelberg},
+
+ Doi = {10.1007/3-540-57785-8\_171},
+ File = {:ps1994_complete-axiomatization-of-cs.pdf:PDF},
+ ISBN = {978-3-540-48332-8},
+ Owner = {ben},
+ Timestamp = {2017.06.19}
+}
+
+@Book{sangiorgi2012,
+ Title = {Introduction to Bisimulation and Coinduction},
+ Author = {Sangiorgi, Davide},
+ Publisher = {Cambridge University Press},
+ Year = {2012},
+
+ Address = {New York, NY, USA},
+
+ ISBN = {1107003636, 9781107003637}
+}
+
+@Article{vm2001impossible,
+ Title = {Impossible futures and determinism},
+ Author = {Voorhoeve, Marc and Mauw, Sjouke},
+ Journal = {Information Processing Letters},
+ Year = {2001},
+ Number = {1},
+ Pages = {51--58},
+ Volume = {80},
+ doi = {10.1016/S0020-0190(01)00217-4},
+ File = {:vm2000_impossible-futures-and-determinism.pdf:PDF},
+ Publisher = {Elsevier}
+}
+
+@InProceedings{km2002,
+ author = {Ku{\v{c}}era, Anton{\'i}n and Mayr, Richard},
+ title = {Why Is Simulation Harder than Bisimulation?},
+ booktitle = {CONCUR 2002 --- Concurrency Theory: 13th International Conference Brno, Czech Republic, August 20--23, 2002 Proceedings},
+ year = {2002},
+ editor = {Brim, Lubo{\v{s}} and K{\v{r}}et{\'i}nsk{\'y}, Mojm{\'i}r and Ku{\v{c}}era, Anton{\'i}n and Jan{\v{c}}ar, Petr},
+ pages = {594--609},
+ publisher = {Springer Berlin Heidelberg},
+ abstract = {Why is deciding simulation preorder (and simulation equivalence) computationally harder than deciding bisimulation equivalence on almost all known classes of processes? We try to answer this question by describing two general methods that can be used to construct direct one-to-one polynomial-time reductions from bisimulation equivalence to simulation preorder (and simulation equivalence). These methods can be applied to many classes of finitely generated transition systems, provided that they satisfy certain abstractly formulated conditions. Roughly speaking, our first method works for all classes of systems that can test for `non-enabledness' of actions, while our second method works for all classes of systems that are closed under synchronization.},
+ doi = {10.1007/3-540-45694-5\_39},
+ file = {:km2002_why-is-simulation-harder-than-bisimulation.pdf:PDF},
+ isbn = {978-3-540-45694-0},
+}
+
+@InProceedings{gs2013simulations,
+ author = {Gor{\'i}n, Daniel and Schr{\"o}der, Lutz},
+ title = {Simulations and bisimulations for coalgebraic modal logics},
+ booktitle = {International Conference on Algebra and Coalgebra in Computer Science},
+ year = {2013},
+ pages = {253--266},
+ organization = {Springer},
+ file = {:gs2013_simulations_bisimulations_coalgebraic_modal_logics.pdf:PDF},
+}
+
+@InProceedings{gp15,
+ author = {Kirstin Peters and Rob J. van Glabbeek},
+ title = {Analysing and Comparing Encodability Criteria},
+ booktitle = {Proceedings of the Combined 22th International Workshop on Expressiveness in Concurrency and 12th Workshop on Structural Operational Semantics, and 12th Workshop on Structural Operational Semantics, {EXPRESS/SOS}},
+ year = {2015},
+ pages = {46--60},
+ bibsource = {dblp computer science bibliography, http://dblp.org},
+ biburl = {http://dblp.uni-trier.de/rec/bib/journals/corr/PetersG15},
+ doi = {10.4204/EPTCS.190.4},
+ timestamp = {Wed, 03 May 2017 14:47:58 +0200},
+}
+
+@TechReport{vm2000impossibleReport,
+ author = {Voorhoeve, Marc and Mauw, Sjouke},
+ title = {Impossible futures and determinism},
+ institution = {Technische Universiteit Eindhoven},
+ year = {2000},
+ type = {Computing science reports},
+ number = {Vol. 0014},
+ address = {Eindhoven},
+ file = {:vm2000_impossible-futures-and-determinism.pdf:PDF},
+ journal = {Computing science reports},
+ volume = {0014},
+}
+
+@Article{ks2006,
+ author = {Ku{\v{c}}era, Anton{\'\i}n and Schnoebelen, Philippe},
+ title = {A general approach to comparing infinite-state systems with their finite-state specifications},
+ journal = {Theoretical Computer Science},
+ year = {2006},
+ volume = {358},
+ number = {2-3},
+ pages = {315--333},
+ publisher = {Elsevier},
+}
+
+@InProceedings{whhsb2006sigref,
+ author = {Wimmer, Ralf and Herbstritt, Marc and Hermanns, Holger and Strampp, Kelley and Becker, Bernd},
+ title = {Sigref: {A} Symbolic Bisimulation Tool Box},
+ booktitle = {Automated Technology for Verification and Analysis: 4th International Symposium, ATVA 2006, Beijing, China, October 23-26, 2006. Proceedings},
+ year = {2006},
+ editor = {Graf, Susanne and Zhang, Wenhui},
+ pages = {477--492},
+ publisher = {Springer Berlin Heidelberg},
+ abstract = {We present a uniform signature-based approach to compute the most popular bisimulations. Our approach is implemented symbolically using BDDs, which enables the handling of very large transition systems. Signatures for the bisimulations are built up from a few generic building blocks, which naturally correspond to efficient BDD operations. Thus, the definition of an appropriate signature is the key for a rapid development of algorithms for other types of bisimulation.},
+ doi = {10.1007/11901914\_35},
+ isbn = {978-3-540-47238-4},
+}
+
+@Article{Fournet2005,
+ author = {Fournet, C{\'e}dric and Gonthier, Georges},
+ title = {A hierarchy of equivalences for asynchronous calculi},
+ journal = {The Journal of Logic and Algebraic Programming},
+ year = {2005},
+ volume = {63},
+ number = {1},
+ pages = {131--173},
+ publisher = {Elsevier},
+}
+
+@InProceedings{gp2008,
+ author = {van Glabbeek, Rob J. and Ploeger, Bas},
+ title = {Correcting a space-efficient simulation algorithm},
+ booktitle = {International Conference on Computer Aided Verification},
+ year = {2008},
+ pages = {517--529},
+ organization = {Springer},
+ file = {:algorithms/gb2008_correcting-gpp2003.pdf:PDF},
+}
+
+@Article{gpp2003,
+ author = {Gentilini, Raffaella and Piazza, Carla and Policriti, Alberto},
+ title = {From bisimulation to simulation: Coarsest partition problems},
+ journal = {Journal of Automated Reasoning},
+ year = {2003},
+ volume = {31},
+ number = {1},
+ pages = {73--103},
+ file = {:algorithms/gpp2003_from-bisim-to-sim-coarsest-partition-problems.pdf:PDF},
+ publisher = {Springer},
+}
+
+@InProceedings{glabbeek1993ltbt,
+ author = {Rob J. van Glabbeek},
+ title = {The linear time--branching time spectrum {II}},
+ booktitle = {International Conference on Concurrency Theory},
+ year = {1993},
+ pages = {66--81},
+ organization = {Springer},
+}
+
+@Article{nc1994bisimulationGamesLogic,
+ author = {Nielsen, Mogens and Clausen, Christian},
+ title = {Bisimulation, games, and logic},
+ journal = {Results and trends in theoretical computer science},
+ year = {1994},
+ pages = {289--306},
+ publisher = {Springer},
+}
+
+@TechReport{stirling1993modal,
+ author = {Stirling, Colin},
+ title = {Modal and temporal logics for processes},
+ institution = {Department of Computer Science, University of Edinburgh},
+ year = {1993},
+ organization = {Citeseer},
+}
+
+@Article{kripke1963semanticalModal,
+ author = {Kripke, Saul A.},
+ title = {{Semantical Analysis of Modal Logic I Normal Modal Propositional Calculi}},
+ journal = {Mathematical Logic Quarterly},
+ year = {1963},
+ volume = {9},
+ number = {5-6},
+ pages = {67--96},
+ file = {:bib/kripke1963semanticalModal.pdf:PDF},
+}
+
+@Article{hennessy1985hml,
+ author = {Hennessy, Matthew and Milner, Robin},
+ title = {Algebraic laws for nondeterminism and concurrency},
+ journal = {Journal of the ACM (JACM)},
+ year = {1985},
+ volume = {32},
+ number = {1},
+ pages = {137--161},
+ publisher = {ACM},
+}
+
+@InCollection{graedel2007finite,
+ author = {Erich Gr{\"a}del},
+ title = {Finite Model Theory and Descriptive Complexity},
+ booktitle = {Finite Model Theory and Its Applications},
+ publisher = {Springer Berlin Heidelberg},
+ year = {2007},
+ editor = {Gr{\"a}del, E. and Kolaitis, P.G. and Libkin, L. and Marx, M. and Spencer, J. and Vardi, M.Y. and Venema, Y. and Weinstein, S.},
+ series = {Texts in Theoretical Computer Science. An EATCS Series},
+ pages = {125--230},
+ isbn = {9783540688044},
+ lccn = {2007923182},
+}
+
+@InCollection{sepLogicGames,
+ author = {Hodges, Wilfrid},
+ title = {Logic and Games},
+ booktitle = {The Stanford Encyclopedia of Philosophy},
+ publisher = {Metaphysics Research Lab, Stanford University},
+ year = {2013},
+ editor = {Edward N. Zalta},
+ edition = {Spring 2013},
+ howpublished = {\url{https://plato.stanford.edu/archives/spr2013/entries/logic-games/}},
+}
+
+@Unpublished{kreutzer2016,
+ author = {Stephan Kreutzer},
+ title = {Logic, Games, Automata},
+ note = {Lecture notes},
+ year = {2016},
+}
+
+@InProceedings{ehstz2013quotients,
+ author = {Eisentraut, Christian and Hermanns, Holger and Schuster, Johann and Turrini, Andrea and Zhang, Lijun},
+ title = {The Quest for Minimal Quotients for Probabilistic Automata},
+ booktitle = {Tools and Algorithms for the Construction and Analysis of Systems},
+ year = {2013},
+ editor = {Piterman, Nir and Smolka, Scott A.},
+ pages = {16--31},
+ address = {Berlin, Heidelberg},
+ publisher = {Springer},
+ abstract = {One of the prevailing ideas in applied concurrency theory and verification is the concept of automata minimization with respect to strong or weak bisimilarity. The minimal automata can be seen as canonical representations of the behaviour modulo the bisimilarity considered. Together with congruence results wrt. process algebraic operators, this can be exploited to alleviate the notorious state space explosion problem. In this paper, we aim at identifying minimal automata and canonical representations for concurrent probabilistic models. We present minimality and canonicity results for probabilistic automata wrt. strong and weak bisimilarity, together with polynomial time minimization algorithms.},
+ isbn = {978-3-642-36742-7},
+}
+
+@PhdThesis{wimmer2011dissertation,
+ author = {Ralf Wimmer},
+ title = {{S}ymbolische {M}ethoden f{\"u}r die probabilistische {V}erifikation -- {Z}ustandsraumreduktion und {G}egenbeispiele},
+ school = {Albert-Ludwigs-Universit{\"a}t Freiburg},
+ year = {2011},
+ type = {Dissertation},
+ address = {Freiburg im Breisgau, Germany},
+ month = jan,
+ abstract = {Discrete- and continuous-time Markov chains as well as interactive
+ Markov chains are widely used model classes for the analysis of
+ stochastic systems. A fundamental problem thereby is the number of
+ states, which in general grows exponentially in the size of the
+ corresponding high-level model.\par
+ In this work we develop two methods to cope with this problem. The
+ first one consists of the computation of a system with a minimal
+ number of states and the same observable behavior as the original
+ system. This allows us to carry out any analysis with well-known
+ algorithms on the minimal system. Depending on the definition of
+ observability we obtain different minimal systems. Our algorithm is
+ able to handle a large number system types and minimization criteria
+ which are considered practically relevant in the literature. Our
+ method works with symbolic data structures and dedicated operations
+ thereon whose runtime only depends on the size of the representation
+ instead of the size of the represented system. The size of the
+ symbolic representation of many real-world systems, however, is
+ smaller by orders of magnitudes than the system itself. Experimental
+ results prove the efficiency of our algorithm.\par
+ The other method to handle large state spaces is to develop algorithms
+ which are directly applicable to large systems. For the refutation of
+ safety properties in digital circuits a method called Bounded Model
+ Checking has been developed, which is nowadays successfully applied
+ also in industry. We show how Bounded Model Checking can be adapted to
+ compute counterexamples for discrete-time Markov chains if a given
+ safety property is violated. By a number of optimization technique we
+ can reduce not only the runtime but also the size of the
+ counterexamples. The result is a method which is able to handle
+ significantly larger systems than the previously available algorithms.},
+ abstract_de = {Markow-Ketten mit diskreter und kontinuierlicher Zeit sowie interaktive Markow-Ketten sind weitverbreitete Modellklassen zur Analyse von stochastischen Systemen. Ein grundlegendes Problem bei ihrer Analyse ist die Anzahl der Zust{\"a}nde. Diese w{\"a}chst n{\"a}mlich im Allgemeinen exponentiell in der Gr{\"o}{\ss}e des zugeh{\"o}rigen Highlevel-Modells.\par Wir entwickeln in dieser Arbeit zwei Methoden, mit denen dieses Problem gel{\"o}st werden kann. Die erste besteht darin, zu jedem System dasjenige zu berechnen, das aus einer minimalen Anzahl von Zust{\"a}nden besteht und das dasselbe beobachtbare Verhalten wie das urspr{\"u}ngliche System aufweist. Danach kann die Analyse mit bekannten Algorithmen auf dem minimierten System durchgef{\"u}hrt werden. Abh{\"a}ngig von der Definition, welches Verhalten des Systems beobachtbar ist, erhalten wir verschiedene minimale Systeme. Unser Algorithmus ist in der Lage, eine ganze Reihe von Minimierungskriterien, die in der Literatur von Bedeutung sind, und Systemtypen zu ber{\"u}cksichtigen. Er arbeitet mit symbolischen Datenstrukturen und darauf angepassten Operationen, deren Laufzeit nur von der Gr{\"o}{\ss}e der Darstellung abh{\"a}ngt. F{\"u}r viele praktisch relevante Systeme ist diese um Gr{\"o}{\ss}enordnungen kleiner als die Gr{\"o}{\ss}e des dargestellten Systems. Experimentelle Ergebnisse belegen die Effzienz unseres Verfahrens.\par Die andere Methode, mit gro{\ss}en Zustandsr{\"a}umen umzugehen, ist, symbolische Algorithmen zur Analyse zu entwickeln, die direkt auf gro{\ss}e Systemen anwendbar sind. F{\"u}r die Fehlersuche in Schaltkreisen wird eine Methode namens Bounded Model Checking verwendet, die inzwischen auch industriell sehr erfolgreich eingesetzt wird. Wir zeigen, wie Bounded Model Checking zur Berechnung von Gegenbeispielen f{\"u}r Markow-Ketten eingesetzt werden kann, wenn diese eine vorgegebene Sicherheitseigenschaft verletzen. Durch eine Reihe von Optimierungen gelingt es uns, sowohl die Laufzeit zu reduzieren als auch die Gr{\"o}{\ss}e der Gegenbeispiele zu verringern. Das Resultat ist ein Verfahren, das deutlich gr{\"o}{\ss}ere Systeme als die bisher verf{\"u}gbaren expliziten Methoden handhaben kann.},
+}
+
+@Article{tarjan72stronglyconnected,
+ author = {Robert Tarjan},
+ title = {Depth-First Search and Linear Graph Algorithms},
+ journal = {SIAM Journal on Computing},
+ year = {1972},
+ volume = {1},
+ number = {2},
+ pages = {146-160},
+ doi = {10.1137/0201010},
+}
+
+@Article{rt2008generalizingPT,
+ author = {Francesco Ranzato and Francesco Tapparo},
+ title = {Generalizing the {Paige--Tarjan} algorithm by abstract interpretation},
+ journal = {Information and Computation},
+ year = {2008},
+ volume = {206},
+ number = {5},
+ pages = {620--651},
+ issn = {0890-5401},
+ note = {Special Issue: The 17th International Conference on Concurrency Theory (CONCUR 2006)},
+ doi = {https://doi.org/10.1016/j.ic.2008.01.001},
+}
+
+@Article{gjkw2017branching,
+ author = {Groote, Jan Friso and Jansen, David N. and Keiren, Jeroen J. A. and Wijs, Anton J.},
+ title = {An {$\bigo(m \log n)$} Algorithm for Computing Stuttering Equivalence and Branching Bisimulation},
+ journal = {ACM Transactions on Computational Logic (TOCL)},
+ year = {2017},
+ volume = {18},
+ number = {2},
+ pages = {13:1--13:34},
+ issn = {1529-3785},
+ acmid = {3060140},
+ address = {New York, NY, USA},
+ articleno = {13},
+ doi = {10.1145/3060140},
+ issue_date = {June 2017},
+ keywords = {Branching bisimulation, algorithm},
+ numpages = {34},
+ publisher = {ACM},
+}
+
+@InProceedings{li2009weakbisim,
+ author = {Li, Weisong},
+ title = {Algorithms for computing weak bisimulation equivalence},
+ booktitle = {Theoretical Aspects of Software Engineering, 2009. TASE 2009. Third IEEE International Symposium on},
+ year = {2009},
+ pages = {241--248},
+ organization = {IEEE},
+}
+
+@Book{milner1989comcon,
+ title = {Communication and Concurrency},
+ publisher = {Prentice-Hall, Inc.},
+ year = {1989},
+ author = {Milner, Robin},
+ address = {Upper Saddle River, NJ, USA},
+ isbn = {0131149849},
+}
+
+@InProceedings{ph2015encodingCspCcs,
+ author = {Meike Hatzel and Christoph Wagner and Kirstin Peters and Uwe Nestmann},
+ title = {Encoding {CSP} into {CCS}},
+ booktitle = {Proceedings of the Combined 22th International Workshop on Expressiveness in Concurrency and 12th Workshop on Structural Operational Semantics, and 12th Workshop on Structural Operational Semantics, {EXPRESS/SOS}},
+ year = {2015},
+ pages = {61--75},
+ bibsource = {dblp computer science bibliography, https://dblp.org},
+ biburl = {https://dblp.org/rec/bib/journals/corr/HatzelWPN15a},
+ doi = {10.4204/EPTCS.190.5},
+ timestamp = {Wed, 03 May 2017 14:47:57 +0200},
+}
+
+@InProceedings{glabbeek1990ltbt1,
+ author = {Rob J. van Glabbeek},
+ title = {The linear time--branching time spectrum},
+ booktitle = {International Conference on Concurrency Theory},
+ year = {1990},
+ pages = {278--297},
+ organization = {Springer},
+}
+
+@InCollection{ais2011algoBisim,
+ pages = {100--172},
+ title = {The algorithmics of bisimilarity},
+ publisher = {Cambridge University Press},
+ year = {2011},
+ author = {Aceto, Luca and Ingolfsdottir, Anna and Srba, Jiri},
+ editor = {Sangiorgi, Davide and Rutten, JanEditors},
+ series = {Cambridge Tracts in Theoretical Computer Science},
+ booktitle = {Advanced Topics in Bisimulation and Coinduction},
+ collection = {Cambridge Tracts in Theoretical Computer Science},
+ doi = {10.1017/CBO9780511792588.004},
+ place = {Cambridge},
+}
+
+@Article{rt2010efficientSimulation,
+ author = {Ranzato, Francesco and Tapparo, Francesco},
+ title = {An efficient simulation algorithm based on abstract interpretation},
+ journal = {Information and Computation},
+ year = {2010},
+ volume = {208},
+ number = {1},
+ pages = {1--22},
+ publisher = {Elsevier},
+}
+
+@Article{carbone2015flink,
+ author = {Carbone, Paris and Katsifodimos, Asterios and Ewen, Stephan and Markl, Volker and Haridi, Seif and Tzoumas, Kostas},
+ title = {Apache {F}link: Stream and batch processing in a single engine},
+ journal = {Bulletin of the IEEE Computer Society Technical Committee on Data Engineering},
+ year = {2015},
+ volume = {36},
+ number = {4},
+ publisher = {IEEE Computer Society},
+}
+
+@Article{kalavri2018scatter-gather,
+ author = {Kalavri, Vasiliki and Vlassov, Vladimir and Haridi, Seif},
+ title = {High-Level Programming Abstractions for Distributed Graph Processing},
+ journal = {IEEE Transactions on Knowledge and Data Engineering},
+ year = {2018},
+ volume = {30},
+ number = {2},
+ pages = {305--324},
+ publisher = {IEEE},
+}
+
+@Article{bo2003distBranchingSigref,
+ author = {Blom, Stefan and Orzan, Simona},
+ title = {Distributed branching bisimulation reduction of state spaces},
+ journal = {Electronic Notes in Theoretical Computer Science},
+ year = {2003},
+ volume = {89},
+ number = {1},
+ pages = {99--113},
+ publisher = {Elsevier},
+}
+
+@InProceedings{luo2013bisimMapReduce,
+ author = {Luo, Yongming and de Lange, Yannick and Fletcher, George HL and De Bra, Paul and Hidders, Jan and Wu, Yuqing},
+ title = {Bisimulation reduction of big graphs on {MapReduce}},
+ booktitle = {British National Conference on Databases},
+ year = {2013},
+ pages = {189--203},
+ organization = {Springer},
+}
+
+@InProceedings{rensink2000actionContraction,
+ author = {Rensink, Arend},
+ title = {Action Contraction},
+ booktitle = {Proceedings of the 11th International Conference on Concurrency Theory},
+ series = {CONCUR '00},
+ year = {2000},
+ isbn = {3-540-67897-2},
+ pages = {290--304},
+ numpages = {15},
+ acmid = {701635},
+ doi = {10.1007/3-540-44618-4\_22},
+ publisher = {Springer},
+ address = {Berlin, Heidelberg},
+}
+
+@InCollection{pitts2011howesMehtod,
+ author = {Pitts, Andrew},
+ title = {Howe's method for higher-order languages},
+ booktitle = {Advanced Topics in Bisimulation and Coinduction},
+ publisher = {Cambridge University Press},
+ year = {2011},
+ editor = {Sangiorgi, Davide and Rutten, Jan},
+ pages = {197--232},
+ doi = {10.1017/CBO9780511792588.006},
+ place = {Cambridge},
+}
+
+@Article{gw1996branchingBisim,
+ author = {van Glabbeek, Rob J. and Weijland, W. Peter},
+ title = {Branching time and abstraction in bisimulation semantics},
+ journal = {Journal of the ACM (JACM)},
+ year = {1996},
+ volume = {43},
+ number = {3},
+ pages = {555--600},
+ publisher = {ACM},
+}
+
+@InProceedings{dw2003csZrefinement,
+ author = {Derrick, John and Wehrheim, Heike},
+ title = {Using coupled simulations in non-atomic refinement},
+ booktitle = {International Conference of B and Z Users},
+ year = {2003},
+ pages = {127--147},
+ address = {Berlin, Heidelberg},
+ organization = {Springer},
+}
+
+@Book{nnh2015popa,
+ title = {Principles of program analysis},
+ publisher = {Springer},
+ year = {2015},
+ author = {Nielson, Flemming and Nielson, Hanne R. and Hankin, Chris},
+}
+
+@InProceedings{gpp2003bdd,
+ author = {Gentilini, Raffaella and Piazza, Carla and Policriti, Alberto},
+ title = {Computing strongly connected components in a linear number of symbolic steps.},
+ booktitle = {SODA},
+ year = {2003},
+ volume = {3},
+ pages = {573--582},
+}
+
+@Misc{garavel2017vlts,
+ author = {Garavel, Hubert},
+ title = {The {VLTS} Benchmark Suite},
+ year = {2017},
+ note = {Jointly created by CWI/SEN2 and INRIA/VASY as a CADP resource.},
+ doi = {10.18709/perscido.2017.11.ds100},
+}
+
+@Article{paigetarjan1987partitionrefinement,
+ author = {Paige, Robert and Tarjan, Robert E.},
+ title = {Three partition refinement algorithms},
+ journal = {SIAM Journal on Computing},
+ year = {1987},
+ volume = {16},
+ number = {6},
+ pages = {973--989},
+ __markedentry = {[ben:]},
+ publisher = {SIAM},
+}
+
+@Article{bulychev2011gameSimulation,
+ author = {Bulychev, Peter E.},
+ title = {Game-theoretic simulation checking tool},
+ journal = {Programming and Computer Software},
+ year = {2011},
+ volume = {37},
+ number = {4},
+ pages = {200},
+ __markedentry = {[ben:6]},
+ publisher = {Springer},
+}
+
+@Article{schulte2015deutsch,
+ author = {Schulte, Christiane},
+ title = {Der deutsch-deutsche {S}ch{\"a}ferhund -- {E}in {B}eitrag zur {G}ewaltgeschichte des {J}ahrhunderts der {E}xtreme},
+ journal = {Totalitarismus und Demokratie},
+ year = {2015},
+ volume = {12},
+ number = {2},
+ pages = {319--334},
+ publisher = {Vandenhoeck \& Ruprecht GmbH \& Co. KG G{\"o}ttingen},
+}
+
+@InProceedings{kant2015ltsmin,
+ author = {Kant, Gijs and Laarman, Alfons and Meijer, Jeroen and van de Pol, Jaco and Blom, Stefan and van Dijk, Tom},
+ title = {{LTSmin}: {H}igh-performance language-independent model checking},
+ booktitle = {International Conference on Tools and Algorithms for the Construction and Analysis of Systems},
+ year = {2015},
+ pages = {692--707},
+ organization = {Springer},
+}
+
+@InProceedings{grabr2014fdr,
+ author = {Gibson-Robinson, Thomas and Armstrong, Philip and Boulgakov, Alexandre and Roscoe, A.~W.},
+ title = {{FDR3}: {A} Modern Refinement Checker for {CSP}},
+ booktitle = {Tools and Algorithms for the Construction and Analysis of Systems},
+ year = {2014},
+ editor = {{\'A}brah{\'a}m, Erika and Havelund, Klaus},
+ pages = {187--201},
+ publisher = {Springer Berlin Heidelberg},
+ abstract = {FDR3 is a complete rewrite of the CSP refinement checker FDR2, incorporating a significant number of enhancements. In this paper we describe the operation of FDR3 at a high level and then give a detailed description of several of its more important innovations. This includes the new multi-core refinement-checking algorithm that is able to achieve a near linear speed up as the number of cores increase. Further, we describe the new algorithm that FDR3 uses to construct its internal representation of CSP processes---this algorithm is more efficient than FDR2's, and is able to compile a large class of CSP processes to more efficient internal representations. We also present experimental results that compare FDR3 to related tools, which show it is unique (as far as we know) in being able to scale beyond the bounds of main memory.},
+ isbn = {978-3-642-54862-8},
+}
+
+@Article{garavel2013cadp,
+ author = {Garavel, Hubert and Lang, Fr{\'e}d{\'e}ric and Mateescu, Radu and Serwe, Wendelin},
+ title = {{CADP 2011}: {A} toolbox for the construction and analysis of distributed processes},
+ journal = {International Journal on Software Tools for Technology Transfer},
+ year = {2013},
+ volume = {15},
+ number = {2},
+ pages = {89--107},
+ publisher = {Springer Berlin Heidelberg},
+}
+
+@MastersThesis{bisping2018coupledsim,
+author = {Bisping, Benjamin},
+title = {Computing Coupled Similarity},
+school = {Tech\-ni\-sche Uni\-ver\-si\-t\"at Berlin},
+year = {2018},
+url = {https://coupledsim.bbisping.de/bisping_computingCoupledSimilarity_thesis.pdf}
+}
+
+
+@InProceedings{bn2019coupledsimTacas,
+ author = {Bisping, Benjamin and Nestmann, Uwe},
+ title = {Computing coupled similarity},
+ booktitle = {Proceedings of {TACAS}},
+ series = {LNCS},
+ publisher = {Springer},
+ doi = {10.1007/978-3-030-17462-0\_14},
+ pages = {244--261},
+ year = 2019,
+}
+
+@incollection{bm2021contrasimilarity,
+ author= {Bisping, Benjamin and Montanari, Luisa},
+ year= {2021},
+ title= {A Game Characterization for Contrasimilarity},
+ editor= {Dardha, Ornela and Castiglioni, Valentina},
+ booktitle= {{Proceedings Combined 28th International Workshop on} Expressiveness in Concurrency {and 18th Workshop on} Structural Operational Semantics},
+ series= {Electronic Proceedings in Theoretical Computer Science},
+ volume= {339},
+ publisher= {Open Publishing Association},
+ pages= {27--42},
+ doi= {10.4204/EPTCS.339.5}
+}
+
+@article{Encodability_Process_Calculi-AFP,
+ author = {Kirstin Peters and Rob J. van Glabbeek},
+ title = {Analysing and Comparing Encodability Criteria for Process Calculi},
+ journal = {Archive of Formal Proofs},
+ month = aug,
+ year = 2015,
+ note = {\url{http://isa-afp.org/entries/Encodability_Process_Calculi.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}
+
+@article{bnp2020coupledsim32,
+ author = {Benjamin Bisping and
+ Uwe Nestmann and
+ Kirstin Peters},
+ title = {Coupled similarity: the first 32 years},
+ journal = {Acta Informatica},
+ volume = {57},
+ number = {3--5},
+ pages = {439--463},
+ year = {2020},
+ doi = {10.1007/s00236-019-00356-4},
+}
+
+@misc{bj2023ltbtsSilentSteps,
+ title={Linear-Time--Branching-Time Spectroscopy Accounting for Silent Steps},
+ author={Benjamin Bisping and David N. Jansen},
+ year={2023},
+ eprint={2305.17671},
+ archivePrefix={arXiv},
+ primaryClass={cs.LO},
+ doi={s10.48550/arXiv.2305.17671}
+}
+
+
+@MastersThesis{pohlmann2021reactivebisim,
+author = {Pohlmann, Maximilian},
+title = {Reducing Reactive to Strong Bisimilarity},
+school = {Tech\-ni\-sche Uni\-ver\-si\-t\"at Berlin},
+year = {2021},
+type={Bachelor's Thesis},
+url = {https://maxpohlmann.github.io/Reducing-Reactive-to-Strong-Bisimilarity/}
+}
+
+@Comment{jabref-meta: databaseType:bibtex;}
diff --git a/thys/Coupledsim_Contrasim/document/root.tex b/thys/Coupledsim_Contrasim/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/document/root.tex
@@ -0,0 +1,193 @@
+\documentclass[10pt,a4paper]{article}
+\usepackage[english]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage{url}
+\usepackage{csquotes}
+\usepackage{amsmath}
+\usepackage{amssymb}
+\usepackage{isabelle,isabellesym}
+
+\usepackage{color}
+
+\usepackage[top=3cm,bottom=4.5cm]{geometry}
+
+%tikz libs
+\usepackage{graphicx}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes.geometric, arrows, arrows.meta}
+\usetikzlibrary{calc,decorations.pathmorphing,shapes}
+
+\definecolor{keyword}{RGB}{0,153,102}
+\definecolor{command}{RGB}{0,102,153}
+\isabellestyle{tt}
+\renewcommand{\isacommand}[1]{\textcolor{command}{\textbf{#1}}}
+\renewcommand{\isakeyword}[1]{\textcolor{keyword}{\textbf{#1}}}
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in isabelle-similar-similar type-writer
+\urlstyle{rm}
+\isabellestyle{tt}
+
+\title{ \textbf{Coupled Similarity and Contrasimilarity,} \\ \Large and How to Compute Them }
+\author{ Benjamin Bisping%
+ \footnote{TU Berlin, Germany,
+ \url{https://bbisping.de}, \texttt{benjamin.bisping@tu-berlin.de}.}%
+ \qquad Luisa Montanari%
+ }
+\date{\today}
+
+\begin{document}
+
+\maketitle
+
+\begin{abstract}
+\noindent
+This theory surveys and extends characterizations of \emph{coupled similarity} and \emph{contrasimilarity},
+and proves properties relevant for algorithms computing their simulation preorders and equivalences.
+
+Coupled similarity and contrasimilarity are two weak forms of bisimilarity for systems with
+internal behavior.
+They have outstanding applications in contexts where internal choices must transparently be
+distributed in time or space, for example, in process calculi encodings or in action refinements.
+
+Our key contribution is to characterize the coupled simulation and contrasimulation preorders by \emph{reachability games}.
+We also show how preexisting definitions coincide and that they can be reformulated using \emph{coupled delay simulations}.
+We moreover verify a polynomial-time coinductive fixed-point algorithm computing the coupled simulation preorder.
+Through reduction proofs, we establish that deciding coupled similarity is at least as complex
+as computing weak similarity; and that contrasimilarity checking is at least as hard as trace inclusion
+checking.
+\end{abstract}
+
+\tableofcontents
+
+\section{Introduction}
+
+Coupled similarity and contrasimilarity are among the weakest abstractions of bisimilarity for systems
+with silent steps presented in van Glabbeek's \emph{linear-time--branching-time spectrum} of behavioral
+equivalences~\cite{glabbeek1993ltbt}.
+In particular, they are \emph{weaker than weak bisimilarity} in that they impose a weaker form of
+symmetry on the bisimulation link between compared states; coupled similarity implies
+contrasimilarity. They are weak bisimilarities, however, in the sense
+that, on systems with no internal behavior, they coincide with strong bisimilarity.
+
+\subsection{This Theory}
+
+This theory contains the Isabelle/HOL formalization for two related lines of publication, which present
+the first algorithms to check coupled similarity and contrasimilarity for pairs of states:
+
+\begin{itemize}
+ \item \emph{Computing coupled similarity:} Bisping and Nestmann's TACAS 2019 paper~%
+ \cite{bn2019coupledsimTacas} and Bisping's master thesis~\cite{bisping2018coupledsim}
+ establish the first decision procedures for coupled similarity checking.
+ This is done through a game-based approach.
+ Also, the work introduces the idea that $\tau$-sinks can be used to reduce from weak simulation
+ preorder to coupled simulation preorder.
+ \item \emph{Game characterization of contrasimilarity:} Bisping and Montanari's
+ EXPRESS/SOS 2021 paper~\cite{bm2021contrasimilarity} and Montanari's bachelor thesis provide
+ the first game characterization of contrasimilarity.
+ The present Isabelle theory extends this work by also showing a reduction from weak trace preorder to
+ contrasimulation preorder and by linking the game to a modal characterization of contrasimilarity.
+\end{itemize}
+
+\begin{figure}[t]
+ \begin{centering}
+
+\pgfdeclarelayer{background}
+\pgfsetlayers{background,main}
+
+\begin{tikzpicture}[->,auto,node distance=1.5cm]
+
+\node (SB){strong bisimulation};
+\node (SS) [below right of=SB, node distance=3.2cm] {strong simulation};
+\node (WB) [below left of=SB, node distance=2.1cm] {weak bisimulation};
+\node (CS) [below left of=WB, node distance=2.1cm] {\textbf{coupled simulation}};
+\node (WS) [below right of=CS, node distance=3.2cm] {weak simulation};
+\node (C) [below left of=CS, node distance=2.1cm] {\textbf{contrasimulation}};
+\node (IF) [below of=C] {impossible futures};
+\node (WT) [below right of=IF, node distance=2.1cm] {weak traces};
+
+\path
+(SB) edge (WB)
+(SB) edge[line width=1.2pt] (SS)
+(SS) edge (WS)
+(WB) edge (CS)
+(CS) edge (C)
+(CS) edge[line width=1.2pt] (WS)
+(C) edge[line width=1.2pt] (IF)
+(IF) edge[line width=1.2pt] (WT)
+(WS) edge[line width=1.2pt] (WT);
+
+\begin{pgfonlayer}{background}
+ \draw[blue,thick,dotted,-] (CS.south west)++(-.5,.5)
+ node[label={[font=\itshape, xshift=1.0cm, yshift=0.3cm]cubic}]
+ [label={[font=\itshape,xshift=-.5cm, yshift=-1.2cm]PSPACE}] {}
+ -- ++(3.8,-3.8);
+ \draw[blue,thick,dotted,-] (WB.south west)++(-.5,.5)
+ node[label={[font=\itshape,xshift=1.0cm, yshift=0.3cm]subcubic}] {}
+ -- ++(2.1,-2.1) -- ++(3.8,3.8);
+\end{pgfonlayer}
+
+\end{tikzpicture}
+\par\end{centering}
+\caption{Hierarchy of weak behavioral preorders/equivalences. Arrows denote implication of preordering.
+Thinner arrows collapse into bi-implication for systems without internal steps.
+Blue parts indicate a slope of decision problem complexities.
+\label{fig:equivalences}}
+\end{figure}
+
+\noindent
+Combined, the results establish a slope of complexity between weak bisimilarity, coupled similarity,
+and contrasimilarity with the equivalence problems becoming harder for coarser equivalences.
+See Figure~\ref{fig:equivalences} for a graphical representation.
+
+\subsection{Coupled Similarity vs.\ Weak Bisimilarity vs.\ Contrasimilarity in a Nutshell}
+
+In coupled simulation semantics, the CCS process $\tau \ldotp a + \tau \ldotp\!(\tau \ldotp b + \tau \ldotp c)$
+with gradual internal choice equals $\tau \ldotp a + \tau \ldotp b + \tau \ldotp c$, whcih has just
+one internal choice point.
+In weak bisimulation semantics, this equality does not hold as the intermediate choice point
+$\tau \ldotp b + \tau \ldotp c$ of the first process does not match symmetrically to any state of
+the second process.
+
+The equality also holds in contrasimulation semantics. Contrasimulation moreover blurs the lines
+between non-determinism of visble behavior and internal non-deterministic choice by considering
+$a \ldotp b + a \ldotp c$ to be indistinguishable from $a \ldotp\!(\tau \ldotp b + \tau \ldotp c)$.
+This equality does not hold under coupled similarity. Therefore, contrasimilarity is strictly coarser
+than coupled similarity.
+
+For a more detailed exposition about the nuances of coupled similarity and contrasimilarity we refer
+to our publications \cite{bn2019coupledsimTacas,bnp2020coupledsim32,bm2021contrasimilarity}.
+
+\subsection{Modal Intuition}
+
+The modal characterization of contrasimilarity at the end of this theory gives a nice intuition
+for why contrasimilarity is a sensible weakening for bisimilarity. We show that the following
+Hennessy--Milner logic (with $\langle \varepsilon \rangle$ denoting places of possible internal
+behavior) characterizes contrasimilarity.
+\[
+ \varphi ::= \quad \langle \varepsilon \rangle \langle a\rangle \varphi
+ \quad \mid \quad \langle \varepsilon \rangle \bigwedge_{i \in I} \neg \varphi_i
+ \qquad \text{(with $a \neq \tau$).}
+\]
+It is a ``nice'' abstraction of strong bisimilarity, since it can be obtained from the following
+complete fragment of Hennessy--Milner logic by inserting places for unobservable behavior in front of
+each constructor.
+\[
+ \varphi ::= \quad \langle a \rangle \varphi
+ \quad \mid \quad \bigwedge_{i \in I} \neg \varphi_i .
+\]
+This modal formulation is important for a unified algorithmic treatment of weak behavioral equivalences
+in~\cite{bj2023ltbtsSilentSteps}.
+
+% include generated text of all theories
+\input{session}
+
+\phantomsection
+\addcontentsline{toc}{section}{References}
+\bibliographystyle{splncs04}
+\bibliography{root}
+
+\end{document}
diff --git a/thys/Coupledsim_Contrasim/document/splncs04.bst b/thys/Coupledsim_Contrasim/document/splncs04.bst
new file mode 100644
--- /dev/null
+++ b/thys/Coupledsim_Contrasim/document/splncs04.bst
@@ -0,0 +1,1548 @@
+%% BibTeX bibliography style `splncs03'
+%%
+%% BibTeX bibliography style for use with numbered references in
+%% Springer Verlag's "Lecture Notes in Computer Science" series.
+%% (See Springer's documentation for llncs.cls for
+%% more details of the suggested reference format.) Note that this
+%% file will not work for author-year style citations.
+%%
+%% Use \documentclass{llncs} and \bibliographystyle{splncs03}, and cite
+%% a reference with (e.g.) \cite{smith77} to get a "[1]" in the text.
+%%
+%% This file comes to you courtesy of Maurizio "Titto" Patrignani of
+%% Dipartimento di Informatica e Automazione Universita' Roma Tre
+%%
+%% ================================================================================================
+%% This was file `titto-lncs-02.bst' produced on Wed Apr 1, 2009
+%% Edited by hand by titto based on `titto-lncs-01.bst' (see below)
+%%
+%% CHANGES (with respect to titto-lncs-01.bst):
+%% - Removed the call to \urlprefix (thus no "URL" string is added to the output)
+%% ================================================================================================
+%% This was file `titto-lncs-01.bst' produced on Fri Aug 22, 2008
+%% Edited by hand by titto based on `titto.bst' (see below)
+%%
+%% CHANGES (with respect to titto.bst):
+%% - Removed the "capitalize" command for editors string "(eds.)" and "(ed.)"
+%% - Introduced the functions titto.bbl.pages and titto.bbl.page for journal pages (without "pp.")
+%% - Added a new.sentence command to separate with a dot booktitle and series in the inproceedings
+%% - Commented all new.block commands before urls and notes (to separate them with a comma)
+%% - Introduced the functions titto.bbl.volume for handling journal volumes (without "vol." label)
+%% - Used for editors the same name conventions used for authors (see function format.in.ed.booktitle)
+%% - Removed a \newblock to avoid long spaces between title and "In: ..."
+%% - Added function titto.space.prefix to add a space instead of "~" after the (removed) "vol." label
+%% - Added doi
+%% ================================================================================================
+%% This was file `titto.bst',
+%% generated with the docstrip utility.
+%%
+%% The original source files were:
+%%
+%% merlin.mbs (with options: `vonx,nm-rvvc,yr-par,jttl-rm,volp-com,jwdpg,jwdvol,numser,ser-vol,jnm-x,btit-rm,bt-rm,edparxc,bkedcap,au-col,in-col,fin-bare,pp,ed,abr,mth-bare,xedn,jabr,and-com,and-com-ed,xand,url,url-blk,em-x,nfss,')
+%% ----------------------------------------
+%% *** Tentative .bst file for Springer LNCS ***
+%%
+%% Copyright 1994-2007 Patrick W Daly
+ % ===============================================================
+ % IMPORTANT NOTICE:
+ % This bibliographic style (bst) file has been generated from one or
+ % more master bibliographic style (mbs) files, listed above.
+ %
+ % This generated file can be redistributed and/or modified under the terms
+ % of the LaTeX Project Public License Distributed from CTAN
+ % archives in directory macros/latex/base/lppl.txt; either
+ % version 1 of the License, or any later version.
+ % ===============================================================
+ % Name and version information of the main mbs file:
+ % \ProvidesFile{merlin.mbs}[2007/04/24 4.20 (PWD, AO, DPC)]
+ % For use with BibTeX version 0.99a or later
+ %-------------------------------------------------------------------
+ % This bibliography style file is intended for texts in ENGLISH
+ % This is a numerical citation style, and as such is standard LaTeX.
+ % It requires no extra package to interface to the main text.
+ % The form of the \bibitem entries is
+ % \bibitem{key}...
+ % Usage of \cite is as follows:
+ % \cite{key} ==>> [#]
+ % \cite[chap. 2]{key} ==>> [#, chap. 2]
+ % where # is a number determined by the ordering in the reference list.
+ % The order in the reference list is alphabetical by authors.
+ %---------------------------------------------------------------------
+
+ENTRY
+ { address
+ author
+ booktitle
+ chapter
+ doi
+ edition
+ editor
+ eid
+ howpublished
+ institution
+ journal
+ key
+ month
+ note
+ number
+ organization
+ pages
+ publisher
+ school
+ series
+ title
+ type
+ url
+ volume
+ year
+ }
+ {}
+ { label }
+INTEGERS { output.state before.all mid.sentence after.sentence after.block }
+FUNCTION {init.state.consts}
+{ #0 'before.all :=
+ #1 'mid.sentence :=
+ #2 'after.sentence :=
+ #3 'after.block :=
+}
+STRINGS { s t}
+FUNCTION {output.nonnull}
+{ 's :=
+ output.state mid.sentence =
+ { ", " * write$ }
+ { output.state after.block =
+ { add.period$ write$
+% newline$
+% "\newblock " write$ % removed for titto-lncs-01
+ " " write$ % to avoid long spaces between title and "In: ..."
+ }
+ { output.state before.all =
+ 'write$
+ { add.period$ " " * write$ }
+ if$
+ }
+ if$
+ mid.sentence 'output.state :=
+ }
+ if$
+ s
+}
+FUNCTION {output}
+{ duplicate$ empty$
+ 'pop$
+ 'output.nonnull
+ if$
+}
+FUNCTION {output.check}
+{ 't :=
+ duplicate$ empty$
+ { pop$ "empty " t * " in " * cite$ * warning$ }
+ 'output.nonnull
+ if$
+}
+FUNCTION {fin.entry}
+{ duplicate$ empty$
+ 'pop$
+ 'write$
+ if$
+ newline$
+}
+
+FUNCTION {new.block}
+{ output.state before.all =
+ 'skip$
+ { after.block 'output.state := }
+ if$
+}
+FUNCTION {new.sentence}
+{ output.state after.block =
+ 'skip$
+ { output.state before.all =
+ 'skip$
+ { after.sentence 'output.state := }
+ if$
+ }
+ if$
+}
+FUNCTION {add.blank}
+{ " " * before.all 'output.state :=
+}
+
+
+FUNCTION {add.colon}
+{ duplicate$ empty$
+ 'skip$
+ { ":" * add.blank }
+ if$
+}
+
+FUNCTION {date.block}
+{
+ new.block
+}
+
+FUNCTION {not}
+{ { #0 }
+ { #1 }
+ if$
+}
+FUNCTION {and}
+{ 'skip$
+ { pop$ #0 }
+ if$
+}
+FUNCTION {or}
+{ { pop$ #1 }
+ 'skip$
+ if$
+}
+STRINGS {z}
+FUNCTION {remove.dots}
+{ 'z :=
+ ""
+ { z empty$ not }
+ { z #1 #1 substring$
+ z #2 global.max$ substring$ 'z :=
+ duplicate$ "." = 'pop$
+ { * }
+ if$
+ }
+ while$
+}
+FUNCTION {new.block.checka}
+{ empty$
+ 'skip$
+ 'new.block
+ if$
+}
+FUNCTION {new.block.checkb}
+{ empty$
+ swap$ empty$
+ and
+ 'skip$
+ 'new.block
+ if$
+}
+FUNCTION {new.sentence.checka}
+{ empty$
+ 'skip$
+ 'new.sentence
+ if$
+}
+FUNCTION {new.sentence.checkb}
+{ empty$
+ swap$ empty$
+ and
+ 'skip$
+ 'new.sentence
+ if$
+}
+FUNCTION {field.or.null}
+{ duplicate$ empty$
+ { pop$ "" }
+ 'skip$
+ if$
+}
+FUNCTION {emphasize}
+{ skip$ }
+
+FUNCTION {embolden}
+{ duplicate$ empty$
+{ pop$ "" }
+{ "\textbf{" swap$ * "}" * }
+if$
+}
+FUNCTION {tie.or.space.prefix}
+{ duplicate$ text.length$ #5 <
+ { "~" }
+ { " " }
+ if$
+ swap$
+}
+FUNCTION {titto.space.prefix} % always introduce a space
+{ duplicate$ text.length$ #3 <
+ { " " }
+ { " " }
+ if$
+ swap$
+}
+
+
+FUNCTION {capitalize}
+{ "u" change.case$ "t" change.case$ }
+
+FUNCTION {space.word}
+{ " " swap$ * " " * }
+ % Here are the language-specific definitions for explicit words.
+ % Each function has a name bbl.xxx where xxx is the English word.
+ % The language selected here is ENGLISH
+FUNCTION {bbl.and}
+{ "and"}
+
+FUNCTION {bbl.etal}
+{ "et~al." }
+
+FUNCTION {bbl.editors}
+{ "eds." }
+
+FUNCTION {bbl.editor}
+{ "ed." }
+
+FUNCTION {bbl.edby}
+{ "edited by" }
+
+FUNCTION {bbl.edition}
+{ "edn." }
+
+FUNCTION {bbl.volume}
+{ "vol." }
+
+FUNCTION {titto.bbl.volume} % for handling journals
+{ "" }
+
+FUNCTION {bbl.of}
+{ "of" }
+
+FUNCTION {bbl.number}
+{ "no." }
+
+FUNCTION {bbl.nr}
+{ "no." }
+
+FUNCTION {bbl.in}
+{ "in" }
+
+FUNCTION {bbl.pages}
+{ "pp." }
+
+FUNCTION {bbl.page}
+{ "p." }
+
+FUNCTION {titto.bbl.pages} % for journals
+{ "" }
+
+FUNCTION {titto.bbl.page} % for journals
+{ "" }
+
+FUNCTION {bbl.chapter}
+{ "chap." }
+
+FUNCTION {bbl.techrep}
+{ "Tech. Rep." }
+
+FUNCTION {bbl.mthesis}
+{ "Master's thesis" }
+
+FUNCTION {bbl.phdthesis}
+{ "Ph.D. thesis" }
+
+MACRO {jan} {"Jan."}
+
+MACRO {feb} {"Feb."}
+
+MACRO {mar} {"Mar."}
+
+MACRO {apr} {"Apr."}
+
+MACRO {may} {"May"}
+
+MACRO {jun} {"Jun."}
+
+MACRO {jul} {"Jul."}
+
+MACRO {aug} {"Aug."}
+
+MACRO {sep} {"Sep."}
+
+MACRO {oct} {"Oct."}
+
+MACRO {nov} {"Nov."}
+
+MACRO {dec} {"Dec."}
+
+MACRO {acmcs} {"ACM Comput. Surv."}
+
+MACRO {acta} {"Acta Inf."}
+
+MACRO {cacm} {"Commun. ACM"}
+
+MACRO {ibmjrd} {"IBM J. Res. Dev."}
+
+MACRO {ibmsj} {"IBM Syst.~J."}
+
+MACRO {ieeese} {"IEEE Trans. Software Eng."}
+
+MACRO {ieeetc} {"IEEE Trans. Comput."}
+
+MACRO {ieeetcad}
+ {"IEEE Trans. Comput. Aid. Des."}
+
+MACRO {ipl} {"Inf. Process. Lett."}
+
+MACRO {jacm} {"J.~ACM"}
+
+MACRO {jcss} {"J.~Comput. Syst. Sci."}
+
+MACRO {scp} {"Sci. Comput. Program."}
+
+MACRO {sicomp} {"SIAM J. Comput."}
+
+MACRO {tocs} {"ACM Trans. Comput. Syst."}
+
+MACRO {tods} {"ACM Trans. Database Syst."}
+
+MACRO {tog} {"ACM Trans. Graphic."}
+
+MACRO {toms} {"ACM Trans. Math. Software"}
+
+MACRO {toois} {"ACM Trans. Office Inf. Syst."}
+
+MACRO {toplas} {"ACM Trans. Progr. Lang. Syst."}
+
+MACRO {tcs} {"Theor. Comput. Sci."}
+
+FUNCTION {bibinfo.check}
+{ swap$
+ duplicate$ missing$
+ {
+ pop$ pop$
+ ""
+ }
+ { duplicate$ empty$
+ {
+ swap$ pop$
+ }
+ { swap$
+ pop$
+ }
+ if$
+ }
+ if$
+}
+FUNCTION {bibinfo.warn}
+{ swap$
+ duplicate$ missing$
+ {
+ swap$ "missing " swap$ * " in " * cite$ * warning$ pop$
+ ""
+ }
+ { duplicate$ empty$
+ {
+ swap$ "empty " swap$ * " in " * cite$ * warning$
+ }
+ { swap$
+ pop$
+ }
+ if$
+ }
+ if$
+}
+FUNCTION {format.url}
+{ url empty$
+ { "" }
+% { "\urlprefix\url{" url * "}" * }
+ { "\url{" url * "}" * } % changed in titto-lncs-02.bst
+ if$
+}
+
+FUNCTION {format.doi} % added in splncs04.bst
+{ doi empty$
+ { "" }
+ { after.block 'output.state :=
+ "\doi{" doi * "}" * }
+ if$
+}
+
+INTEGERS { nameptr namesleft numnames }
+
+
+STRINGS { bibinfo}
+
+FUNCTION {format.names}
+{ 'bibinfo :=
+ duplicate$ empty$ 'skip$ {
+ 's :=
+ "" 't :=
+ #1 'nameptr :=
+ s num.names$ 'numnames :=
+ numnames 'namesleft :=
+ { namesleft #0 > }
+ { s nameptr
+ "{vv~}{ll}{, jj}{, f{.}.}"
+ format.name$
+ bibinfo bibinfo.check
+ 't :=
+ nameptr #1 >
+ {
+ namesleft #1 >
+ { ", " * t * }
+ {
+ s nameptr "{ll}" format.name$ duplicate$ "others" =
+ { 't := }
+ { pop$ }
+ if$
+ "," *
+ t "others" =
+ {
+ " " * bbl.etal *
+ }
+ { " " * t * }
+ if$
+ }
+ if$
+ }
+ 't
+ if$
+ nameptr #1 + 'nameptr :=
+ namesleft #1 - 'namesleft :=
+ }
+ while$
+ } if$
+}
+FUNCTION {format.names.ed}
+{
+ 'bibinfo :=
+ duplicate$ empty$ 'skip$ {
+ 's :=
+ "" 't :=
+ #1 'nameptr :=
+ s num.names$ 'numnames :=
+ numnames 'namesleft :=
+ { namesleft #0 > }
+ { s nameptr
+ "{f{.}.~}{vv~}{ll}{ jj}"
+ format.name$
+ bibinfo bibinfo.check
+ 't :=
+ nameptr #1 >
+ {
+ namesleft #1 >
+ { ", " * t * }
+ {
+ s nameptr "{ll}" format.name$ duplicate$ "others" =
+ { 't := }
+ { pop$ }
+ if$
+ "," *
+ t "others" =
+ {
+
+ " " * bbl.etal *
+ }
+ { " " * t * }
+ if$
+ }
+ if$
+ }
+ 't
+ if$
+ nameptr #1 + 'nameptr :=
+ namesleft #1 - 'namesleft :=
+ }
+ while$
+ } if$
+}
+FUNCTION {format.authors}
+{ author "author" format.names
+}
+FUNCTION {get.bbl.editor}
+{ editor num.names$ #1 > 'bbl.editors 'bbl.editor if$ }
+
+FUNCTION {format.editors}
+{ editor "editor" format.names duplicate$ empty$ 'skip$
+ {
+ " " *
+ get.bbl.editor
+% capitalize
+ "(" swap$ * ")" *
+ *
+ }
+ if$
+}
+FUNCTION {format.note}
+{
+ note empty$
+ { "" }
+ { note #1 #1 substring$
+ duplicate$ "{" =
+ 'skip$
+ { output.state mid.sentence =
+ { "l" }
+ { "u" }
+ if$
+ change.case$
+ }
+ if$
+ note #2 global.max$ substring$ * "note" bibinfo.check
+ }
+ if$
+}
+
+FUNCTION {format.title}
+{ title
+ duplicate$ empty$ 'skip$
+ { "t" change.case$ }
+ if$
+ "title" bibinfo.check
+}
+FUNCTION {output.bibitem}
+{ newline$
+ "\bibitem{" write$
+ cite$ write$
+ "}" write$
+ newline$
+ ""
+ before.all 'output.state :=
+}
+
+FUNCTION {n.dashify}
+{
+ 't :=
+ ""
+ { t empty$ not }
+ { t #1 #1 substring$ "-" =
+ { t #1 #2 substring$ "--" = not
+ { "--" *
+ t #2 global.max$ substring$ 't :=
+ }
+ { { t #1 #1 substring$ "-" = }
+ { "-" *
+ t #2 global.max$ substring$ 't :=
+ }
+ while$
+ }
+ if$
+ }
+ { t #1 #1 substring$ *
+ t #2 global.max$ substring$ 't :=
+ }
+ if$
+ }
+ while$
+}
+
+FUNCTION {word.in}
+{ bbl.in capitalize
+ ":" *
+ " " * }
+
+FUNCTION {format.date}
+{
+ month "month" bibinfo.check
+ duplicate$ empty$
+ year "year" bibinfo.check duplicate$ empty$
+ { swap$ 'skip$
+ { "there's a month but no year in " cite$ * warning$ }
+ if$
+ *
+ }
+ { swap$ 'skip$
+ {
+ swap$
+ " " * swap$
+ }
+ if$
+ *
+ remove.dots
+ }
+ if$
+ duplicate$ empty$
+ 'skip$
+ {
+ before.all 'output.state :=
+ " (" swap$ * ")" *
+ }
+ if$
+}
+FUNCTION {format.btitle}
+{ title "title" bibinfo.check
+ duplicate$ empty$ 'skip$
+ {
+ }
+ if$
+}
+FUNCTION {either.or.check}
+{ empty$
+ 'pop$
+ { "can't use both " swap$ * " fields in " * cite$ * warning$ }
+ if$
+}
+FUNCTION {format.bvolume}
+{ volume empty$
+ { "" }
+ { bbl.volume volume tie.or.space.prefix
+ "volume" bibinfo.check * *
+ series "series" bibinfo.check
+ duplicate$ empty$ 'pop$
+ { emphasize ", " * swap$ * }
+ if$
+ "volume and number" number either.or.check
+ }
+ if$
+}
+FUNCTION {format.number.series}
+{ volume empty$
+ { number empty$
+ { series field.or.null }
+ { output.state mid.sentence =
+ { bbl.number }
+ { bbl.number capitalize }
+ if$
+ number tie.or.space.prefix "number" bibinfo.check * *
+ series empty$
+ { "there's a number but no series in " cite$ * warning$ }
+ { bbl.in space.word *
+ series "series" bibinfo.check *
+ }
+ if$
+ }
+ if$
+ }
+ { "" }
+ if$
+}
+
+FUNCTION {format.edition}
+{ edition duplicate$ empty$ 'skip$
+ {
+ output.state mid.sentence =
+ { "l" }
+ { "t" }
+ if$ change.case$
+ "edition" bibinfo.check
+ " " * bbl.edition *
+ }
+ if$
+}
+INTEGERS { multiresult }
+FUNCTION {multi.page.check}
+{ 't :=
+ #0 'multiresult :=
+ { multiresult not
+ t empty$ not
+ and
+ }
+ { t #1 #1 substring$
+ duplicate$ "-" =
+ swap$ duplicate$ "," =
+ swap$ "+" =
+ or or
+ { #1 'multiresult := }
+ { t #2 global.max$ substring$ 't := }
+ if$
+ }
+ while$
+ multiresult
+}
+FUNCTION {format.pages}
+{ pages duplicate$ empty$ 'skip$
+ { duplicate$ multi.page.check
+ {
+ bbl.pages swap$
+ n.dashify
+ }
+ {
+ bbl.page swap$
+ }
+ if$
+ tie.or.space.prefix
+ "pages" bibinfo.check
+ * *
+ }
+ if$
+}
+FUNCTION {format.journal.pages}
+{ pages duplicate$ empty$ 'pop$
+ { swap$ duplicate$ empty$
+ { pop$ pop$ format.pages }
+ {
+ ", " *
+ swap$
+ n.dashify
+ pages multi.page.check
+ 'titto.bbl.pages
+ 'titto.bbl.page
+ if$
+ swap$ tie.or.space.prefix
+ "pages" bibinfo.check
+ * *
+ *
+ }
+ if$
+ }
+ if$
+}
+FUNCTION {format.journal.eid}
+{ eid "eid" bibinfo.check
+ duplicate$ empty$ 'pop$
+ { swap$ duplicate$ empty$ 'skip$
+ {
+ ", " *
+ }
+ if$
+ swap$ *
+ }
+ if$
+}
+FUNCTION {format.vol.num.pages} % this function is used only for journal entries
+{ volume field.or.null embolden
+ duplicate$ empty$ 'skip$
+ {
+% bbl.volume swap$ tie.or.space.prefix
+ titto.bbl.volume swap$ titto.space.prefix
+% rationale for the change above: for journals you don't want "vol." label
+% hence it does not make sense to attach the journal number to the label when
+% it is short
+ "volume" bibinfo.check
+ * *
+ }
+ if$
+ number "number" bibinfo.check duplicate$ empty$ 'skip$
+ {
+ swap$ duplicate$ empty$
+ { "there's a number but no volume in " cite$ * warning$ }
+ 'skip$
+ if$
+ swap$
+ "(" swap$ * ")" *
+ }
+ if$ *
+ eid empty$
+ { format.journal.pages }
+ { format.journal.eid }
+ if$
+}
+
+FUNCTION {format.chapter.pages}
+{ chapter empty$
+ 'format.pages
+ { type empty$
+ { bbl.chapter }
+ { type "l" change.case$
+ "type" bibinfo.check
+ }
+ if$
+ chapter tie.or.space.prefix
+ "chapter" bibinfo.check
+ * *
+ pages empty$
+ 'skip$
+ { ", " * format.pages * }
+ if$
+ }
+ if$
+}
+
+FUNCTION {format.booktitle}
+{
+ booktitle "booktitle" bibinfo.check
+}
+FUNCTION {format.in.ed.booktitle}
+{ format.booktitle duplicate$ empty$ 'skip$
+ {
+% editor "editor" format.names.ed duplicate$ empty$ 'pop$ % changed by titto
+ editor "editor" format.names duplicate$ empty$ 'pop$
+ {
+ " " *
+ get.bbl.editor
+% capitalize
+ "(" swap$ * ") " *
+ * swap$
+ * }
+ if$
+ word.in swap$ *
+ }
+ if$
+}
+FUNCTION {empty.misc.check}
+{ author empty$ title empty$ howpublished empty$
+ month empty$ year empty$ note empty$
+ and and and and and
+ key empty$ not and
+ { "all relevant fields are empty in " cite$ * warning$ }
+ 'skip$
+ if$
+}
+FUNCTION {format.thesis.type}
+{ type duplicate$ empty$
+ 'pop$
+ { swap$ pop$
+ "t" change.case$ "type" bibinfo.check
+ }
+ if$
+}
+FUNCTION {format.tr.number}
+{ number "number" bibinfo.check
+ type duplicate$ empty$
+ { pop$ bbl.techrep }
+ 'skip$
+ if$
+ "type" bibinfo.check
+ swap$ duplicate$ empty$
+ { pop$ "t" change.case$ }
+ { tie.or.space.prefix * * }
+ if$
+}
+FUNCTION {format.article.crossref}
+{
+ key duplicate$ empty$
+ { pop$
+ journal duplicate$ empty$
+ { "need key or journal for " cite$ * " to crossref " * crossref * warning$ }
+ { "journal" bibinfo.check emphasize word.in swap$ * }
+ if$
+ }
+ { word.in swap$ * " " *}
+ if$
+ " \cite{" * crossref * "}" *
+}
+FUNCTION {format.crossref.editor}
+{ editor #1 "{vv~}{ll}" format.name$
+ "editor" bibinfo.check
+ editor num.names$ duplicate$
+ #2 >
+ { pop$
+ "editor" bibinfo.check
+ " " * bbl.etal
+ *
+ }
+ { #2 <
+ 'skip$
+ { editor #2 "{ff }{vv }{ll}{ jj}" format.name$ "others" =
+ {
+ "editor" bibinfo.check
+ " " * bbl.etal
+ *
+ }
+ {
+ bbl.and space.word
+ * editor #2 "{vv~}{ll}" format.name$
+ "editor" bibinfo.check
+ *
+ }
+ if$
+ }
+ if$
+ }
+ if$
+}
+FUNCTION {format.book.crossref}
+{ volume duplicate$ empty$
+ { "empty volume in " cite$ * "'s crossref of " * crossref * warning$
+ pop$ word.in
+ }
+ { bbl.volume
+ capitalize
+ swap$ tie.or.space.prefix "volume" bibinfo.check * * bbl.of space.word *
+ }
+ if$
+ editor empty$
+ editor field.or.null author field.or.null =
+ or
+ { key empty$
+ { series empty$
+ { "need editor, key, or series for " cite$ * " to crossref " *
+ crossref * warning$
+ "" *
+ }
+ { series emphasize * }
+ if$
+ }
+ { key * }
+ if$
+ }
+ { format.crossref.editor * }
+ if$
+ " \cite{" * crossref * "}" *
+}
+FUNCTION {format.incoll.inproc.crossref}
+{
+ editor empty$
+ editor field.or.null author field.or.null =
+ or
+ { key empty$
+ { format.booktitle duplicate$ empty$
+ { "need editor, key, or booktitle for " cite$ * " to crossref " *
+ crossref * warning$
+ }
+ { word.in swap$ * }
+ if$
+ }
+ { word.in key * " " *}
+ if$
+ }
+ { word.in format.crossref.editor * " " *}
+ if$
+ " \cite{" * crossref * "}" *
+}
+FUNCTION {format.org.or.pub}
+{ 't :=
+ ""
+ address empty$ t empty$ and
+ 'skip$
+ {
+ t empty$
+ { address "address" bibinfo.check *
+ }
+ { t *
+ address empty$
+ 'skip$
+ { ", " * address "address" bibinfo.check * }
+ if$
+ }
+ if$
+ }
+ if$
+}
+FUNCTION {format.publisher.address}
+{ publisher "publisher" bibinfo.warn format.org.or.pub
+}
+
+FUNCTION {format.organization.address}
+{ organization "organization" bibinfo.check format.org.or.pub
+}
+
+FUNCTION {article}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.title "title" output.check
+ new.block
+ crossref missing$
+ {
+ journal
+ "journal" bibinfo.check
+ "journal" output.check
+ add.blank
+ format.vol.num.pages output
+ format.date "year" output.check
+ }
+ { format.article.crossref output.nonnull
+ format.pages output
+ }
+ if$
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+FUNCTION {book}
+{ output.bibitem
+ author empty$
+ { format.editors "author and editor" output.check
+ add.colon
+ }
+ { format.authors output.nonnull
+ add.colon
+ crossref missing$
+ { "author and editor" editor either.or.check }
+ 'skip$
+ if$
+ }
+ if$
+ new.block
+ format.btitle "title" output.check
+ crossref missing$
+ { format.bvolume output
+ new.block
+ new.sentence
+ format.number.series output
+ format.publisher.address output
+ }
+ {
+ new.block
+ format.book.crossref output.nonnull
+ }
+ if$
+ format.edition output
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+FUNCTION {booklet}
+{ output.bibitem
+ format.authors output
+ add.colon
+ new.block
+ format.title "title" output.check
+ new.block
+ howpublished "howpublished" bibinfo.check output
+ address "address" bibinfo.check output
+ format.date output
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {inbook}
+{ output.bibitem
+ author empty$
+ { format.editors "author and editor" output.check
+ add.colon
+ }
+ { format.authors output.nonnull
+ add.colon
+ crossref missing$
+ { "author and editor" editor either.or.check }
+ 'skip$
+ if$
+ }
+ if$
+ new.block
+ format.btitle "title" output.check
+ crossref missing$
+ {
+ format.bvolume output
+ format.chapter.pages "chapter and pages" output.check
+ new.block
+ new.sentence
+ format.number.series output
+ format.publisher.address output
+ }
+ {
+ format.chapter.pages "chapter and pages" output.check
+ new.block
+ format.book.crossref output.nonnull
+ }
+ if$
+ format.edition output
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {incollection}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.title "title" output.check
+ new.block
+ crossref missing$
+ { format.in.ed.booktitle "booktitle" output.check
+ format.bvolume output
+ format.chapter.pages output
+ new.sentence
+ format.number.series output
+ format.publisher.address output
+ format.edition output
+ format.date "year" output.check
+ }
+ { format.incoll.inproc.crossref output.nonnull
+ format.chapter.pages output
+ }
+ if$
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+FUNCTION {inproceedings}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.title "title" output.check
+ new.block
+ crossref missing$
+ { format.in.ed.booktitle "booktitle" output.check
+ new.sentence % added by titto
+ format.bvolume output
+ format.pages output
+ new.sentence
+ format.number.series output
+ publisher empty$
+ { format.organization.address output }
+ { organization "organization" bibinfo.check output
+ format.publisher.address output
+ }
+ if$
+ format.date "year" output.check
+ }
+ { format.incoll.inproc.crossref output.nonnull
+ format.pages output
+ }
+ if$
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+FUNCTION {conference} { inproceedings }
+FUNCTION {manual}
+{ output.bibitem
+ author empty$
+ { organization "organization" bibinfo.check
+ duplicate$ empty$ 'pop$
+ { output
+ address "address" bibinfo.check output
+ }
+ if$
+ }
+ { format.authors output.nonnull }
+ if$
+ add.colon
+ new.block
+ format.btitle "title" output.check
+ author empty$
+ { organization empty$
+ {
+ address new.block.checka
+ address "address" bibinfo.check output
+ }
+ 'skip$
+ if$
+ }
+ {
+ organization address new.block.checkb
+ organization "organization" bibinfo.check output
+ address "address" bibinfo.check output
+ }
+ if$
+ format.edition output
+ format.date output
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {mastersthesis}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.btitle
+ "title" output.check
+ new.block
+ bbl.mthesis format.thesis.type output.nonnull
+ school "school" bibinfo.warn output
+ address "address" bibinfo.check output
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {misc}
+{ output.bibitem
+ format.authors output
+ add.colon
+ title howpublished new.block.checkb
+ format.title output
+ howpublished new.block.checka
+ howpublished "howpublished" bibinfo.check output
+ format.date output
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+ empty.misc.check
+}
+FUNCTION {phdthesis}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.btitle
+ "title" output.check
+ new.block
+ bbl.phdthesis format.thesis.type output.nonnull
+ school "school" bibinfo.warn output
+ address "address" bibinfo.check output
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {proceedings}
+{ output.bibitem
+ editor empty$
+ { organization "organization" bibinfo.check output
+ }
+ { format.editors output.nonnull }
+ if$
+ add.colon
+ new.block
+ format.btitle "title" output.check
+ format.bvolume output
+ editor empty$
+ { publisher empty$
+ { format.number.series output }
+ {
+ new.sentence
+ format.number.series output
+ format.publisher.address output
+ }
+ if$
+ }
+ { publisher empty$
+ {
+ new.sentence
+ format.number.series output
+ format.organization.address output }
+ {
+ new.sentence
+ format.number.series output
+ organization "organization" bibinfo.check output
+ format.publisher.address output
+ }
+ if$
+ }
+ if$
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {techreport}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.title
+ "title" output.check
+ new.block
+ format.tr.number output.nonnull
+ institution "institution" bibinfo.warn output
+ address "address" bibinfo.check output
+ format.date "year" output.check
+% new.block
+ format.doi output
+ format.url output
+% new.block
+ format.note output
+ fin.entry
+}
+
+FUNCTION {unpublished}
+{ output.bibitem
+ format.authors "author" output.check
+ add.colon
+ new.block
+ format.title "title" output.check
+ format.date output
+% new.block
+ format.url output
+% new.block
+ format.note "note" output.check
+ fin.entry
+}
+
+FUNCTION {default.type} { misc }
+READ
+FUNCTION {sortify}
+{ purify$
+ "l" change.case$
+}
+INTEGERS { len }
+FUNCTION {chop.word}
+{ 's :=
+ 'len :=
+ s #1 len substring$ =
+ { s len #1 + global.max$ substring$ }
+ 's
+ if$
+}
+FUNCTION {sort.format.names}
+{ 's :=
+ #1 'nameptr :=
+ ""
+ s num.names$ 'numnames :=
+ numnames 'namesleft :=
+ { namesleft #0 > }
+ { s nameptr
+ "{ll{ }}{ ff{ }}{ jj{ }}"
+ format.name$ 't :=
+ nameptr #1 >
+ {
+ " " *
+ namesleft #1 = t "others" = and
+ { "zzzzz" * }
+ { t sortify * }
+ if$
+ }
+ { t sortify * }
+ if$
+ nameptr #1 + 'nameptr :=
+ namesleft #1 - 'namesleft :=
+ }
+ while$
+}
+
+FUNCTION {sort.format.title}
+{ 't :=
+ "A " #2
+ "An " #3
+ "The " #4 t chop.word
+ chop.word
+ chop.word
+ sortify
+ #1 global.max$ substring$
+}
+FUNCTION {author.sort}
+{ author empty$
+ { key empty$
+ { "to sort, need author or key in " cite$ * warning$
+ ""
+ }
+ { key sortify }
+ if$
+ }
+ { author sort.format.names }
+ if$
+}
+FUNCTION {author.editor.sort}
+{ author empty$
+ { editor empty$
+ { key empty$
+ { "to sort, need author, editor, or key in " cite$ * warning$
+ ""
+ }
+ { key sortify }
+ if$
+ }
+ { editor sort.format.names }
+ if$
+ }
+ { author sort.format.names }
+ if$
+}
+FUNCTION {author.organization.sort}
+{ author empty$
+ { organization empty$
+ { key empty$
+ { "to sort, need author, organization, or key in " cite$ * warning$
+ ""
+ }
+ { key sortify }
+ if$
+ }
+ { "The " #4 organization chop.word sortify }
+ if$
+ }
+ { author sort.format.names }
+ if$
+}
+FUNCTION {editor.organization.sort}
+{ editor empty$
+ { organization empty$
+ { key empty$
+ { "to sort, need editor, organization, or key in " cite$ * warning$
+ ""
+ }
+ { key sortify }
+ if$
+ }
+ { "The " #4 organization chop.word sortify }
+ if$
+ }
+ { editor sort.format.names }
+ if$
+}
+FUNCTION {presort}
+{ type$ "book" =
+ type$ "inbook" =
+ or
+ 'author.editor.sort
+ { type$ "proceedings" =
+ 'editor.organization.sort
+ { type$ "manual" =
+ 'author.organization.sort
+ 'author.sort
+ if$
+ }
+ if$
+ }
+ if$
+ " "
+ *
+ year field.or.null sortify
+ *
+ " "
+ *
+ title field.or.null
+ sort.format.title
+ *
+ #1 entry.max$ substring$
+ 'sort.key$ :=
+}
+ITERATE {presort}
+SORT
+STRINGS { longest.label }
+INTEGERS { number.label longest.label.width }
+FUNCTION {initialize.longest.label}
+{ "" 'longest.label :=
+ #1 'number.label :=
+ #0 'longest.label.width :=
+}
+FUNCTION {longest.label.pass}
+{ number.label int.to.str$ 'label :=
+ number.label #1 + 'number.label :=
+ label width$ longest.label.width >
+ { label 'longest.label :=
+ label width$ 'longest.label.width :=
+ }
+ 'skip$
+ if$
+}
+EXECUTE {initialize.longest.label}
+ITERATE {longest.label.pass}
+FUNCTION {begin.bib}
+{ preamble$ empty$
+ 'skip$
+ { preamble$ write$ newline$ }
+ if$
+ "\begin{thebibliography}{" longest.label * "}" *
+ write$ newline$
+ "\providecommand{\url}[1]{\texttt{#1}}"
+ write$ newline$
+ "\providecommand{\urlprefix}{URL }"
+ write$ newline$
+ "\providecommand{\doi}[1]{https://doi.org/#1}"
+ write$ newline$
+}
+EXECUTE {begin.bib}
+EXECUTE {init.state.consts}
+ITERATE {call.type$}
+FUNCTION {end.bib}
+{ newline$
+ "\end{thebibliography}" write$ newline$
+}
+EXECUTE {end.bib}
+%% End of customized bst file
+%%
+%% End of file `titto.bst'.
diff --git a/thys/IO_Language_Conformance/Input_Output_Language_Conformance.thy b/thys/IO_Language_Conformance/Input_Output_Language_Conformance.thy
new file mode 100644
--- /dev/null
+++ b/thys/IO_Language_Conformance/Input_Output_Language_Conformance.thy
@@ -0,0 +1,3368 @@
+theory Input_Output_Language_Conformance
+ imports "HOL-Library.Sublist"
+begin
+
+
+section \<open>Preliminaries\<close>
+
+type_synonym ('a) alphabet = "'a set"
+type_synonym ('x,'y) word = "('x \<times> 'y) list"
+type_synonym ('x,'y) language = "('x,'y) word set"
+type_synonym ('y) output_relation = "('y set \<times> 'y set) set"
+
+
+
+fun is_language :: "'x alphabet \<Rightarrow> 'y alphabet \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "is_language X Y L = (
+ \<comment> \<open>nonempty\<close>
+ (L \<noteq> {}) \<and>
+ (\<forall> \<pi> \<in> L .
+ \<comment> \<open>over X and Y\<close>
+ (\<forall> xy \<in> set \<pi> . fst xy \<in> X \<and> snd xy \<in> Y) \<and>
+ \<comment> \<open>prefix closed\<close>
+ (\<forall> \<pi>' . prefix \<pi>' \<pi> \<longrightarrow> \<pi>' \<in> L)))"
+
+lemma language_contains_nil :
+ assumes "is_language X Y L"
+shows "[] \<in> L"
+ using assms by auto
+
+lemma language_intersection_is_language :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "is_language X Y (L1 \<inter> L2)"
+ using assms
+ using language_contains_nil[OF assms(1)] language_contains_nil[OF assms(2)]
+ unfolding is_language.simps
+ by (metis IntD1 IntD2 IntI disjoint_iff)
+
+
+
+fun language_for_state :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> ('x,'y) language" where
+ "language_for_state L \<pi> = {\<tau> . \<pi>@\<tau> \<in> L}"
+
+notation language_for_state ("\<L>[_,_]")
+
+lemma language_for_state_is_language :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> L"
+shows "is_language X Y \<L>[L,\<pi>]"
+proof -
+ have "\<And> \<tau> . \<tau> \<in> \<L>[L,\<pi>] \<Longrightarrow> (\<forall> xy \<in> set \<tau> . fst xy \<in> X \<and> snd xy \<in> Y) \<and> (\<forall> \<tau>' . prefix \<tau>' \<tau> \<longrightarrow> \<tau>' \<in> \<L>[L,\<pi>])"
+ proof -
+ fix \<tau> assume "\<tau> \<in> \<L>[L,\<pi>]"
+ then have "\<pi>@\<tau> \<in> L" by auto
+ then have "\<And> xy . xy \<in> set (\<pi>@\<tau>) \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y"
+ and "\<And> \<pi>' . prefix \<pi>' (\<pi>@\<tau>) \<Longrightarrow> \<pi>' \<in> L"
+ using assms(1) by auto
+
+ have "\<And> xy . xy \<in> set \<tau> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y"
+ using \<open>\<And> xy . xy \<in> set (\<pi>@\<tau>) \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y\<close> by auto
+ moreover have "\<And> \<tau>' . prefix \<tau>' \<tau> \<Longrightarrow> \<tau>' \<in> \<L>[L,\<pi>]"
+ by (simp add: \<open>\<And>\<pi>'. prefix \<pi>' (\<pi> @ \<tau>) \<Longrightarrow> \<pi>' \<in> L\<close>)
+ ultimately show "(\<forall> xy \<in> set \<tau> . fst xy \<in> X \<and> snd xy \<in> Y) \<and> (\<forall> \<tau>' . prefix \<tau>' \<tau> \<longrightarrow> \<tau>' \<in> \<L>[L,\<pi>])"
+ by simp
+ qed
+ moreover have "\<L>[L,\<pi>] \<noteq> {}"
+ using assms(2)
+ by (metis (no_types, lifting) append.right_neutral empty_Collect_eq language_for_state.simps)
+ ultimately show ?thesis
+ by simp
+qed
+
+
+lemma language_of_state_empty_iff :
+ assumes "is_language X Y L"
+shows "(\<L>[L,\<pi>] = {}) \<longleftrightarrow> (\<pi> \<notin> L)"
+ using assms unfolding is_language.simps language_for_state.simps
+ by (metis Collect_empty_eq append.right_neutral prefixI)
+
+
+
+fun are_equivalent_for_language :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> ('x,'y) word \<Rightarrow> bool" where
+ "are_equivalent_for_language L \<alpha> \<beta> = (\<L>[L,\<alpha>] = \<L>[L,\<beta>])"
+
+
+abbreviation(input) "input_projection \<pi> \<equiv> map fst \<pi>"
+abbreviation(input) "output_projection \<pi> \<equiv> map snd \<pi>"
+notation input_projection ("[_]\<^sub>I")
+notation output_projection ("[_]\<^sub>O")
+
+
+fun is_executable :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> 'x list \<Rightarrow> bool" where
+ "is_executable L \<pi> xs = (\<exists> \<tau> \<in> \<L>[L,\<pi>] . [\<tau>]\<^sub>I = xs)"
+
+fun executable_sequences :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> 'x list set" where
+ "executable_sequences L \<pi> = {xs . is_executable L \<pi> xs}"
+
+fun executable_inputs :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> 'x set" where
+ "executable_inputs L \<pi> = {x . is_executable L \<pi> [x]}"
+
+notation executable_inputs ("exec[_,_]")
+
+
+lemma executable_sequences_alt_def : "executable_sequences L \<pi> = {xs . \<exists> ys . length ys = length xs \<and> zip xs ys \<in> \<L>[L,\<pi>]}"
+proof -
+ have *:"\<And> A xs . (\<exists>\<tau>\<in>A. map fst \<tau> = xs) = (\<exists>ys. length ys = length xs \<and> zip xs ys \<in> A)"
+ by (metis length_map map_fst_zip zip_map_fst_snd)
+
+ show ?thesis
+ unfolding executable_sequences.simps is_executable.simps
+ unfolding *
+ by simp
+qed
+
+lemma executable_inputs_alt_def : "executable_inputs L \<pi> = {x . \<exists> y . [(x,y)] \<in> \<L>[L,\<pi>]}"
+proof -
+ have *:"\<And> A xs . (\<exists>\<tau>\<in>A. map fst \<tau> = xs) = (\<exists>ys. length ys = length xs \<and> zip xs ys \<in> A)"
+ by (metis length_map map_fst_zip zip_map_fst_snd)
+
+ have **: "\<And> A x . (\<exists>ys. length ys = length [x] \<and> zip [x] ys \<in> A) = (\<exists> y . [(x,y)] \<in> A)"
+ by (metis length_Suc_conv length_map zip_Cons_Cons zip_Nil)
+
+ show ?thesis
+ unfolding executable_inputs.simps is_executable.simps
+ unfolding *
+ unfolding **
+ by fastforce
+qed
+
+lemma executable_inputs_in_alphabet :
+ assumes "is_language X Y L"
+ and "x \<in> exec[L,\<pi>]"
+shows "x \<in> X"
+ using assms unfolding executable_inputs_alt_def by auto
+
+
+fun output_sequences :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> 'x list \<Rightarrow> 'y list set" where
+ "output_sequences L \<pi> xs = output_projection ` {\<tau> \<in> \<L>[L,\<pi>] . [\<tau>]\<^sub>I = xs}"
+
+lemma prefix_closure_no_member :
+ assumes "is_language X Y L"
+ and "\<pi> \<notin> L"
+shows "\<pi>@\<tau> \<notin> L"
+ by (meson assms(1) assms(2) is_language.elims(2) prefixI)
+
+
+lemma output_sequences_empty_iff :
+ assumes "is_language X Y L"
+shows "(output_sequences L \<pi> xs = {}) = ((\<pi> \<notin> L) \<or> (\<not> is_executable L \<pi> xs))"
+ unfolding output_sequences.simps is_executable.simps language_for_state.simps
+ using Collect_empty_eq assms image_empty mem_Collect_eq prefix_closure_no_member by auto
+
+
+
+fun outputs :: "('x,'y) language \<Rightarrow> ('x,'y) word \<Rightarrow> 'x \<Rightarrow> 'y set" where
+ "outputs L \<pi> x = {y . [(x,y)] \<in> \<L>[L,\<pi>]}"
+
+notation outputs ("out[_,_,_]")
+
+lemma outputs_in_alphabet :
+ assumes "is_language X Y L"
+shows "out[L,\<pi>,x] \<subseteq> Y"
+ using assms by auto
+
+lemma outputs_executable : "(out[L,\<pi>,x] = {}) \<longleftrightarrow> (x \<notin> exec[L,\<pi>])"
+ by auto
+
+
+
+fun is_completely_specified_for :: "'x set \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "is_completely_specified_for X L = (\<forall> \<pi> \<in> L . \<forall> x \<in> X . out[L,\<pi>,x] \<noteq> {})"
+
+
+lemma prefix_executable :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> L"
+ and "i < length \<pi>"
+shows "fst (\<pi> ! i) \<in> exec[L,take i \<pi>]"
+proof -
+ define \<pi>' where "\<pi>' = take i \<pi>"
+ moreover define \<pi>'' where "\<pi>'' = drop (Suc i) \<pi>"
+ moreover define xy where "xy = \<pi> ! i"
+ ultimately have "\<pi> = \<pi>'@[xy]@\<pi>''"
+ by (simp add: Cons_nth_drop_Suc assms(3))
+ then have "\<pi>'@[xy] \<in> L"
+ using assms(1,2) by auto
+ then show ?thesis
+ unfolding \<pi>'_def xy_def
+ unfolding executable_inputs_alt_def language_for_state.simps
+ by (metis (mono_tags, lifting) CollectI eq_fst_iff)
+qed
+
+
+section \<open>Conformance Relations\<close>
+
+definition language_equivalence :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "language_equivalence L1 L2 = (L1 = L2)"
+
+definition language_inclusion :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "language_inclusion L1 L2 = (L1 \<subseteq> L2)"
+
+abbreviation(input) "reduction L1 L2 \<equiv> language_inclusion L1 L2"
+
+definition quasi_equivalence :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "quasi_equivalence L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> exec[L2,\<pi>] . out[L1,\<pi>,x] = out[L2,\<pi>,x])"
+
+definition quasi_reduction :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "quasi_reduction L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> exec[L2,\<pi>] . (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]))"
+
+definition strong_reduction :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "strong_reduction L1 L2 = (quasi_reduction L1 L2 \<and> (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x . out[L2,\<pi>,x] = {} \<longrightarrow> out[L1,\<pi>,x] = {}))"
+
+definition semi_equivalence :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "semi_equivalence L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> exec[L2,\<pi>] .
+ (out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]) \<and>
+ (\<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))"
+
+definition semi_reduction :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "semi_reduction L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> exec[L2,\<pi>] .
+ (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]) \<and>
+ (\<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))"
+
+definition strong_semi_equivalence :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "strong_semi_equivalence L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x .
+ (x \<in> exec[L2,\<pi>] \<longrightarrow> ((out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]) \<and> (\<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))) \<and>
+ (x \<notin> exec[L2,\<pi>] \<longrightarrow> out[L1,\<pi>,x] = {}))"
+
+definition strong_semi_reduction :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "strong_semi_reduction L1 L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x .
+ (x \<in> exec[L2,\<pi>] \<longrightarrow> (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x] \<and> (\<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))) \<and>
+ (x \<notin> exec[L2,\<pi>] \<longrightarrow> out[L1,\<pi>,x] = {}))"
+
+
+
+section \<open>Unifying Characterisations\<close>
+
+
+subsection \<open>$\preceq$ Conformance\<close>
+
+fun type_1_conforms :: "('x,'y) language \<Rightarrow> 'x alphabet \<Rightarrow> 'y output_relation \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "type_1_conforms L1 X H L2 = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> H)"
+
+notation type_1_conforms ("_ \<preceq>[_,_] _")
+
+fun equiv :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "equiv Y = {(A,A) | A . A \<subseteq> Y}"
+
+fun red :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "red Y = {(A,B) | A B . A \<subseteq> B \<and> B \<subseteq> Y}"
+
+fun quasieq :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "quasieq Y = {(A,A) | A . A \<subseteq> Y} \<union> {(A,{}) | A . A \<subseteq> Y}"
+
+fun quasired :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "quasired Y = {(A,B) | A B . A \<noteq> {} \<and> A \<subseteq> B \<and> B \<subseteq> Y} \<union> {(C,{}) | C . C \<subseteq> Y}"
+
+fun strongred :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "strongred Y = {(A,B) | A B . A \<noteq> {} \<and> A \<subseteq> B \<and> B \<subseteq> Y} \<union> {({},{})}"
+
+
+
+lemma red_type_1 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "reduction L1 L2 \<longleftrightarrow> (L1 \<preceq>[X,red Y] L2)"
+unfolding language_inclusion_def proof
+ show "L1 \<subseteq> L2 \<Longrightarrow> L1 \<preceq>[X,red Y] L2"
+ using outputs_in_alphabet[OF assms(2)]
+ unfolding type_1_conforms.simps red.simps
+ by auto
+
+ show "L1 \<preceq>[X,red Y] L2 \<Longrightarrow> L1 \<subseteq> L2"
+ proof
+ fix \<pi> assume "\<pi> \<in> L1" and "L1 \<preceq>[X,red Y] L2"
+
+ then show "\<pi> \<in> L2" proof (induction \<pi> rule: rev_induct)
+ case Nil
+ then show ?case using assms(2) by auto
+ next
+ case (snoc xy \<pi>)
+ then have "\<pi> \<in> L1" and "\<pi> \<in> L1 \<inter> L2"
+ using assms(1) by auto
+
+ obtain x y where "xy = (x,y)"
+ by fastforce
+ then have "y \<in> out[L1,\<pi>,x]"
+ using snoc.prems(1)
+ by simp
+ moreover have "x \<in> X" and "y \<in> Y"
+ using snoc.prems(1) assms(1) unfolding \<open>xy = (x,y)\<close> by auto
+ ultimately have "y \<in> out[L2,\<pi>,x]"
+ using snoc.prems(2) \<open>\<pi> \<in> L1 \<inter> L2\<close>
+ unfolding type_1_conforms.simps
+ by fastforce
+ then show ?case
+ using \<open>xy = (x, y)\<close> by auto
+ qed
+ qed
+qed
+
+
+lemma equiv_by_reduction : "(L1 \<preceq>[X,equiv Y] L2) \<longleftrightarrow> ((L1 \<preceq>[X,red Y] L2) \<and> (L2 \<preceq>[X,red Y] L1))"
+ by fastforce
+
+lemma equiv_type_1 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(L1 = L2) \<longleftrightarrow> (L1 \<preceq>[X,equiv Y] L2)"
+ unfolding equiv_by_reduction
+ unfolding red_type_1[OF assms(1,2), symmetric]
+ unfolding red_type_1[OF assms(2,1), symmetric]
+ unfolding language_inclusion_def
+ by blast
+
+
+lemma quasired_type_1 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "quasi_reduction L1 L2 \<longleftrightarrow> (L1 \<preceq>[X,quasired Y] L2)"
+proof
+ have "\<And> \<pi> x . quasi_reduction L1 L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> quasired Y"
+ proof -
+ fix \<pi> x assume "quasi_reduction L1 L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+
+ show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> quasired Y"
+ proof (cases "x \<in> exec[L2,\<pi>]")
+ case False
+ then show ?thesis
+ by (metis (mono_tags, lifting) CollectI UnCI assms(1) outputs_executable outputs_in_alphabet quasired.elims)
+ next
+ case True
+ then obtain y where "y \<in> out[L2,\<pi>,x]" by auto
+ then have "out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]" and "out[L1,\<pi>,x] \<noteq> {}"
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>x \<in> X\<close> \<open>quasi_reduction L1 L2\<close>
+ unfolding quasi_reduction_def by force+
+ moreover have "out[L2,\<pi>,x] \<subseteq> Y"
+ by (meson assms(2) outputs_in_alphabet)
+ ultimately show ?thesis
+ unfolding quasired.simps by blast
+ qed
+ qed
+ then show "quasi_reduction L1 L2 \<Longrightarrow> (L1 \<preceq>[X,quasired Y] L2)"
+ by auto
+
+
+ have "\<And> \<pi> x . L1 \<preceq>[X,quasired Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]"
+ and "\<And> \<pi> x . L1 \<preceq>[X,quasired Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] \<noteq> {}"
+ proof -
+ fix \<pi> x assume "L1 \<preceq>[X,quasired Y] L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "x \<in> X"
+ using executable_inputs_in_alphabet[OF assms(2)] by auto
+
+ have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close>
+ by (meson outputs_executable)
+ moreover have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> quasired Y"
+ by (meson \<open>L1 \<preceq>[X,quasired Y] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>x \<in> X\<close> type_1_conforms.elims(2))
+ ultimately show "out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]"
+ and "out[L1,\<pi>,x] \<noteq> {}"
+ unfolding quasired.simps
+ by blast+
+ qed
+ then show "L1 \<preceq>[X,quasired Y] L2 \<Longrightarrow> quasi_reduction L1 L2"
+ by (meson quasi_reduction_def)
+qed
+
+
+lemma quasieq_type_1 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "quasi_equivalence L1 L2 \<longleftrightarrow> (L1 \<preceq>[X,quasieq Y] L2)"
+proof
+ have "\<And> \<pi> x . quasi_equivalence L1 L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> quasieq Y"
+ proof -
+ fix \<pi> x assume "quasi_equivalence L1 L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+
+ show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> quasieq Y"
+ proof (cases "x \<in> exec[L2,\<pi>]")
+ case False
+ then show ?thesis
+ by (metis (mono_tags, lifting) CollectI UnCI assms(1) outputs_executable outputs_in_alphabet quasieq.simps)
+ next
+ case True
+ then show ?thesis
+ by (metis (mono_tags, lifting) CollectI UnCI \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>quasi_equivalence L1 L2\<close> assms(1) outputs_in_alphabet quasi_equivalence_def quasieq.simps)
+ qed
+ qed
+ then show "quasi_equivalence L1 L2 \<Longrightarrow> (L1 \<preceq>[X,quasieq Y] L2)"
+ by auto
+
+
+ have "\<And> \<pi> x . L1 \<preceq>[X,quasieq Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ proof -
+ fix \<pi> x assume "L1 \<preceq>[X,quasieq Y] L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "x \<in> X"
+ using executable_inputs_in_alphabet[OF assms(2)] by auto
+
+ have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close>
+ by (meson outputs_executable)
+ moreover have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> quasieq Y"
+ by (meson \<open>L1 \<preceq>[X,quasieq Y] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>x \<in> X\<close> type_1_conforms.elims(2))
+ ultimately show "out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ unfolding quasieq.simps
+ by blast
+ qed
+ then show "L1 \<preceq>[X,quasieq Y] L2 \<Longrightarrow> quasi_equivalence L1 L2"
+ by (meson quasi_equivalence_def)
+qed
+
+
+lemma strongred_type_1 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "strong_reduction L1 L2 \<longleftrightarrow> (L1 \<preceq>[X,strongred Y] L2)"
+proof
+ have "\<And> \<pi> x . strong_reduction L1 L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> strongred Y"
+ proof -
+ fix \<pi> x assume "strong_reduction L1 L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+
+ have "out[L2,\<pi>,x] \<subseteq> Y"
+ using outputs_in_alphabet[OF assms(2)] .
+
+ show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> strongred Y"
+ proof (cases "x \<in> exec[L2,\<pi>]")
+ case False
+ then have "out[L2,\<pi>,x] = {}"
+ using outputs_executable by force
+ then have "out[L1,\<pi>,x] = {}"
+ using \<open>strong_reduction L1 L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close>
+ unfolding strong_reduction_def by blast
+ then show ?thesis
+ using \<open>out[L2,\<pi>,x] = {}\<close> by auto
+ next
+ case True
+ then have "out[L1,\<pi>,x] \<noteq> {}"
+ using \<open>strong_reduction L1 L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close>
+ unfolding strong_reduction_def
+ by (meson quasi_reduction_def)
+ moreover have "out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]"
+ by (meson True \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>strong_reduction L1 L2\<close> quasi_reduction_def strong_reduction_def)
+ ultimately show ?thesis
+ unfolding strongred.simps
+ using outputs_executable outputs_in_alphabet[OF assms(2)]
+ by force
+ qed
+ qed
+ then show "strong_reduction L1 L2 \<Longrightarrow> (L1 \<preceq>[X,strongred Y] L2)"
+ by auto
+
+
+ have "\<And> \<pi> x . L1 \<preceq>[X,strongred Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] \<noteq> {}"
+ and "\<And> \<pi> x . L1 \<preceq>[X,strongred Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]"
+ proof -
+ fix \<pi> x y assume "L1 \<preceq>[X,strongred Y] L2" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "x \<in> X"
+ using executable_inputs_in_alphabet[OF assms(2)] by auto
+
+ have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close>
+ by (meson outputs_executable)
+ moreover have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> strongred Y"
+ by (meson \<open>L1 \<preceq>[X,strongred Y] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>x \<in> X\<close> type_1_conforms.elims(2))
+ ultimately show "out[L1,\<pi>,x] \<noteq> {}" and "out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]"
+ unfolding strongred.simps
+ by blast+
+ qed
+ moreover have "\<And> \<pi> x . L1 \<preceq>[X,strongred Y] L2 \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> out[L2,\<pi>,x] = {} \<Longrightarrow> out[L1,\<pi>,x] = {}"
+ proof -
+ fix \<pi> x assume "L1 \<preceq>[X,strongred Y] L2" and "\<pi> \<in> L1 \<inter> L2" and "out[L2,\<pi>,x] = {}"
+
+ show "out[L1,\<pi>,x] = {}"
+ proof (rule ccontr)
+ assume "out[L1,\<pi>,x] \<noteq> {}"
+ then have "x \<in> X"
+ by (meson assms(1) executable_inputs_in_alphabet outputs_executable)
+ then have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>L1 \<preceq>[X,strongred Y] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>out[L1,\<pi>,x] \<noteq> {}\<close> by fastforce
+ then show False
+ using \<open>out[L2,\<pi>,x] = {}\<close> by simp
+ qed
+ qed
+ ultimately show "L1 \<preceq>[X,strongred Y] L2 \<Longrightarrow> strong_reduction L1 L2"
+ unfolding strong_reduction_def quasi_reduction_def by blast
+qed
+
+
+subsection \<open>$\le$ Conformance\<close>
+
+fun type_2_conforms :: "('x,'y) language \<Rightarrow> 'x alphabet \<Rightarrow> 'y output_relation \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "type_2_conforms L1 X H L2 = (
+ (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> H) \<and>
+ (\<forall> \<pi> \<in> L1 \<inter> L2 . exec[L2,\<pi>] \<noteq> {} \<longrightarrow> (\<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {})))"
+
+notation type_2_conforms ("_ \<le>[_,_] _")
+
+fun semieq :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "semieq Y = {(A,A) | A . A \<subseteq> Y} \<union> {({},A) | A . A \<subseteq> Y} \<union> {(A,{}) | A . A \<subseteq> Y}"
+
+fun semired :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "semired Y = {(A,B) | A B . A \<subseteq> B \<and> B \<subseteq> Y} \<union> {(C,{}) | C . C \<subseteq> Y}"
+
+fun strongsemieq :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "strongsemieq Y = {(A,A) | A . A \<subseteq> Y} \<union> {({},A) | A . A \<subseteq> Y}"
+
+fun strongsemired :: "'y alphabet \<Rightarrow> 'y output_relation" where
+ "strongsemired Y = {(A,B) | A B . A \<subseteq> B \<and> B \<subseteq> Y}"
+
+lemma strongsemieq_alt_def : "strongsemieq Y = semieq Y \<inter> red Y"
+ by auto
+
+lemma strongsemired_alt_def : "strongsemired Y = red Y"
+ by auto
+
+
+lemma semired_type_2 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(semi_reduction L1 L2) \<longleftrightarrow> (L1 \<le>[X, semired Y] L2)"
+proof
+ show "semi_reduction L1 L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ proof -
+ assume "semi_reduction L1 L2"
+ then have p1: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ and p2: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ unfolding semi_reduction_def by blast+
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> semired Y"
+ by (metis (mono_tags, lifting) CollectI UnCI assms(1) assms(2) outputs_executable outputs_in_alphabet p1 semired.simps)
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ using p2 by fastforce
+ ultimately show "L1 \<le>[X, semired Y] L2"
+ by auto
+ qed
+
+ show "L1 \<le>[X,semired Y] L2 \<Longrightarrow> semi_reduction L1 L2"
+ proof -
+ assume "L1 \<le>[X,semired Y] L2"
+ then have p1 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semired Y"
+ and p2 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ by auto
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semired Y"
+ using p1 executable_inputs_in_alphabet[OF assms(2)] by auto
+ moreover have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by auto
+ ultimately show "(out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ unfolding semired.simps by blast
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ using p2 by blast
+ ultimately show ?thesis
+ unfolding semi_reduction_def by blast
+ qed
+qed
+
+
+lemma semieq_type_2 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(semi_equivalence L1 L2) \<longleftrightarrow> (L1 \<le>[X, semieq Y] L2)"
+proof
+ show "semi_equivalence L1 L2 \<Longrightarrow> L1 \<le>[X, semieq Y] L2"
+ proof -
+ assume "semi_equivalence L1 L2"
+ then have p1: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ and p2: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ unfolding semi_equivalence_def by blast+
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> semieq Y"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+ show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> semieq Y"
+ proof (cases "x \<in> exec[L2,\<pi>]")
+ case True
+ then have "out[L2,\<pi>,x] \<noteq> {}" by auto
+ then show ?thesis
+ using p1[OF \<open>\<pi> \<in> L1 \<inter> L2\<close> True]
+ using outputs_in_alphabet[OF assms(2)]
+ unfolding semieq.simps
+ by fastforce
+ next
+ case False
+ then show ?thesis
+ by (metis (mono_tags, lifting) CollectI UnI2 assms(1) outputs_executable outputs_in_alphabet semieq.elims)
+ qed
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ using p2 by fastforce
+ ultimately show "L1 \<le>[X, semieq Y] L2"
+ by auto
+ qed
+
+ show "L1 \<le>[X,semieq Y] L2 \<Longrightarrow> semi_equivalence L1 L2"
+ proof -
+ assume "L1 \<le>[X,semieq Y] L2"
+ then have p1 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semieq Y"
+ and p2 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ by auto
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semieq Y"
+ using p1 executable_inputs_in_alphabet[OF assms(2)] by auto
+ moreover have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by auto
+ ultimately show "out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ unfolding semieq.simps
+ by blast
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ using p2 by blast
+ ultimately show ?thesis
+ unfolding semi_equivalence_def by blast
+ qed
+qed
+
+
+lemma strongsemired_type_2 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(strong_semi_reduction L1 L2) \<longleftrightarrow> (L1 \<le>[X, strongsemired Y] L2)"
+proof
+ show "strong_semi_reduction L1 L2 \<Longrightarrow> L1 \<le>[X, strongsemired Y] L2"
+ proof -
+ assume "strong_semi_reduction L1 L2"
+ then have p1: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ and p2: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ and p3: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<notin> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {}"
+ unfolding strong_semi_reduction_def by blast+
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> strongsemired Y"
+ unfolding strongsemired.simps
+ by (metis (mono_tags, lifting) CollectI assms(2) outputs_executable outputs_in_alphabet p1 p3 set_eq_subset)
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ using p2 by fastforce
+ ultimately show "L1 \<le>[X, strongsemired Y] L2"
+ by auto
+ qed
+
+ show "L1 \<le>[X,strongsemired Y] L2 \<Longrightarrow> strong_semi_reduction L1 L2"
+ proof -
+ assume "L1 \<le>[X,strongsemired Y] L2"
+ then have p1 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> strongsemired Y"
+ and p2 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ by auto
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> (out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semired Y"
+ using p1 executable_inputs_in_alphabet[OF assms(2)] by auto
+ moreover have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by auto
+ ultimately show "(out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ unfolding semired.simps by blast
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ using p2 by blast
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<notin> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {}"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<notin> exec[L2,\<pi>]"
+
+ have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> strongsemired Y"
+ proof (cases "x \<in> exec[L1,\<pi>]")
+ case True
+ then show ?thesis
+ by (meson \<open>\<pi> \<in> L1 \<inter> L2\<close> assms(1) executable_inputs_in_alphabet p1)
+ next
+ case False
+ then show ?thesis
+ using \<open>x \<notin> exec[L2,\<pi>]\<close> by fastforce
+ qed
+ moreover have "out[L2,\<pi>,x] = {}"
+ using \<open>x \<notin> exec[L2,\<pi>]\<close> by auto
+ ultimately show "out[L1,\<pi>,x] = {}"
+ unfolding strongsemired.simps
+ by blast
+ qed
+ ultimately show ?thesis
+ unfolding strong_semi_reduction_def by blast
+ qed
+qed
+
+
+lemma strongsemieq_type_2 :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(strong_semi_equivalence L1 L2) \<longleftrightarrow> (L1 \<le>[X, strongsemieq Y] L2)"
+proof
+ show "strong_semi_equivalence L1 L2 \<Longrightarrow> L1 \<le>[X, strongsemieq Y] L2"
+ proof -
+ assume "strong_semi_equivalence L1 L2"
+ then have p1: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ and p2: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ and p3: "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<notin> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {}"
+ unfolding strong_semi_equivalence_def by blast+
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> strongsemieq Y"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+ show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> strongsemieq Y"
+ proof (cases "x \<in> exec[L2,\<pi>]")
+ case True
+ then have "out[L2,\<pi>,x] \<noteq> {}" by auto
+ then show ?thesis
+ using p1[OF \<open>\<pi> \<in> L1 \<inter> L2\<close> True]
+ using outputs_in_alphabet[OF assms(2)]
+ by fastforce
+ next
+ case False
+ then show ?thesis
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> p3 by fastforce
+ qed
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ using p2 by fastforce
+ ultimately show "L1 \<le>[X, strongsemieq Y] L2"
+ by auto
+ qed
+
+ show "L1 \<le>[X,strongsemieq Y] L2 \<Longrightarrow> strong_semi_equivalence L1 L2"
+ proof -
+ assume "L1 \<le>[X,strongsemieq Y] L2"
+ then have p1 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> strongsemieq Y"
+ and p2 : "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ by auto
+
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> semieq Y"
+ using p1 executable_inputs_in_alphabet[OF assms(2)] by auto
+ moreover have "out[L2,\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by auto
+ ultimately show "out[L1,\<pi>,x] = {} \<or> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ unfolding semieq.simps
+ by blast
+ qed
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> \<exists> x' . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}"
+ using p2 by blast
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<notin> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = {}"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<notin> exec[L2,\<pi>]"
+
+ have "(out[L1,\<pi>,x],out[L2,\<pi>,x]) \<in> strongsemieq Y"
+ proof (cases "x \<in> exec[L1,\<pi>]")
+ case True
+ then show ?thesis
+ by (meson \<open>\<pi> \<in> L1 \<inter> L2\<close> assms(1) executable_inputs_in_alphabet p1)
+ next
+ case False
+ then show ?thesis
+ using \<open>x \<notin> exec[L2,\<pi>]\<close> by fastforce
+ qed
+ moreover have "out[L2,\<pi>,x] = {}"
+ using \<open>x \<notin> exec[L2,\<pi>]\<close> by auto
+ ultimately show "out[L1,\<pi>,x] = {}"
+ unfolding strongsemieq.simps
+ by blast
+ qed
+ ultimately show ?thesis
+ unfolding strong_semi_equivalence_def by blast
+ qed
+qed
+
+
+section \<open>Comparing Conformance Relations\<close>
+
+lemma type_1_subset :
+ assumes "L1 \<preceq>[X,H1] L2"
+ and "H1 \<subseteq> H2"
+shows "L1 \<preceq>[X,H2] L2"
+ using assms by auto
+
+lemma type_1_subsets :
+shows "equiv Y \<subseteq> strongred Y"
+ and "equiv Y \<subseteq> quasieq Y"
+ and "strongred Y \<subseteq> red Y"
+ and "strongred Y \<subseteq> quasired Y"
+ and "quasieq Y \<subseteq> quasired Y"
+ by auto
+
+lemma type_1_implications :
+shows "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<preceq>[X, strongred Y] L2"
+ and "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ and "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<preceq>[X, quasired Y] L2"
+ and "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<preceq>[X, quasieq Y] L2"
+ and "L1 \<preceq>[X, strongred Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ and "L1 \<preceq>[X, strongred Y] L2 \<Longrightarrow> L1 \<preceq>[X, quasired Y] L2"
+ and "L1 \<preceq>[X, quasieq Y] L2 \<Longrightarrow> L1 \<preceq>[X, quasired Y] L2"
+ using type_1_subset[OF _ type_1_subsets(4), of L1 X Y L2]
+ using type_1_subset[OF _ type_1_subsets(5), of L1 X Y L2]
+ by auto
+
+
+lemma type_2_subset :
+ assumes "L1 \<le>[X,H1] L2"
+ and "H1 \<subseteq> H2"
+shows "L1 \<le>[X,H2] L2"
+ using assms by auto
+
+lemma type_2_subsets :
+shows "strongsemieq Y \<subseteq> strongsemired Y"
+ and "strongsemieq Y \<subseteq> semieq Y"
+ and "semieq Y \<subseteq> semired Y"
+ and "strongsemired Y \<subseteq> semired Y"
+ and "strongsemired Y \<subseteq> red Y"
+ by auto
+
+lemma type_2_implications :
+shows "L1 \<le>[X, strongsemieq Y] L2 \<Longrightarrow> L1 \<le>[X, strongsemired Y] L2"
+ and "L1 \<le>[X, strongsemieq Y] L2 \<Longrightarrow> L1 \<le>[X, semieq Y] L2"
+ and "L1 \<le>[X, strongsemieq Y] L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ and "L1 \<le>[X, strongsemired Y] L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ and "L1 \<le>[X, semieq Y] L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ by auto
+
+
+lemma type_1_conformance_to_type_2 :
+ assumes "is_language X Y L2"
+ and "L1 \<preceq>[X,H1] L2"
+ and "H1 \<subseteq> H2"
+ and "\<And> A B . (A,B) \<in> H1 \<Longrightarrow> B \<noteq> {} \<Longrightarrow> A \<inter> B \<noteq> {}"
+shows "L1 \<le>[X,H2] L2"
+proof -
+ have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H2"
+ using assms(2,3) by auto
+ moreover have "\<And> \<pi> . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> \<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ proof -
+ fix \<pi> assume "\<pi> \<in> L1 \<inter> L2" and "exec[L2,\<pi>] \<noteq> {}"
+ then obtain x where "x \<in> exec[L2,\<pi>]"
+ by blast
+ then have "x \<in> X"
+ by (meson assms(1) executable_inputs_in_alphabet)
+ then have "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H1"
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> assms(2) by auto
+ moreover have "out[L2,\<pi>,x] \<noteq> {}"
+ by (meson \<open>x \<in> exec[L2,\<pi>]\<close> outputs_executable)
+ ultimately have "out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ using assms(4) by blast
+ then show "\<exists>x. out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}"
+ by blast
+ qed
+ ultimately show ?thesis
+ by auto
+qed
+
+lemma type_1_and_2_mixed_implications :
+ assumes "is_language X Y L2"
+shows "L1 \<le>[X, strongsemieq Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ and "L1 \<le>[X, strongsemired Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ and "L1 \<preceq>[X, quasieq Y] L2 \<Longrightarrow> L1 \<le>[X, semieq Y] L2"
+ and "L1 \<preceq>[X, quasired Y] L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ and "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<le>[X, strongsemieq Y] L2"
+ and "L1 \<preceq>[X, strongred Y] L2 \<Longrightarrow> L1 \<le>[X, strongsemired Y] L2"
+proof -
+
+ show "L1 \<le>[X, strongsemieq Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ and "L1 \<le>[X, strongsemired Y] L2 \<Longrightarrow> L1 \<preceq>[X, red Y] L2"
+ by auto
+
+ have "\<And> A B . (A,B) \<in> quasieq Y \<Longrightarrow> B \<noteq> {} \<Longrightarrow> A \<inter> B \<noteq> {}"
+ by auto
+ moreover have "quasieq Y \<subseteq> semieq Y"
+ by auto
+ ultimately show "L1 \<preceq>[X, quasieq Y] L2 \<Longrightarrow> L1 \<le>[X, semieq Y] L2"
+ using type_1_conformance_to_type_2[OF assms] by blast
+
+ have "\<And> A B . (A,B) \<in> quasired Y \<Longrightarrow> B \<noteq> {} \<Longrightarrow> A \<inter> B \<noteq> {}"
+ by auto
+ moreover have "quasired Y \<subseteq> semired Y"
+ unfolding quasired.simps semired.simps by blast
+ ultimately show "L1 \<preceq>[X, quasired Y] L2 \<Longrightarrow> L1 \<le>[X, semired Y] L2"
+ using type_1_conformance_to_type_2[OF assms] by blast
+
+ have "\<And> A B . (A,B) \<in> equiv Y \<Longrightarrow> B \<noteq> {} \<Longrightarrow> A \<inter> B \<noteq> {}"
+ by auto
+ moreover have "equiv Y \<subseteq> strongsemieq Y"
+ unfolding equiv.simps strongsemieq.simps by blast
+ ultimately show "L1 \<preceq>[X, equiv Y] L2 \<Longrightarrow> L1 \<le>[X, strongsemieq Y] L2"
+ using type_1_conformance_to_type_2[OF assms] by blast
+
+ have "\<And> A B . (A,B) \<in> strongred Y \<Longrightarrow> B \<noteq> {} \<Longrightarrow> A \<inter> B \<noteq> {}"
+ by auto
+ moreover have "strongred Y \<subseteq> strongsemired Y"
+ unfolding strongred.simps strongsemired.simps by blast
+ ultimately show "L1 \<preceq>[X, strongred Y] L2 \<Longrightarrow> L1 \<le>[X, strongsemired Y] L2"
+ using type_1_conformance_to_type_2[OF assms] by blast
+qed
+
+
+subsection \<open>Completely Specified Languages\<close>
+
+definition partiality_component :: "'y set \<Rightarrow> 'y output_relation" where
+ "partiality_component Y = {(A,{}) | A . A \<subseteq> Y} \<union> {({},A) | A . A \<subseteq> Y}"
+
+abbreviation(input) "\<Pi> Y \<equiv> partiality_component Y"
+
+
+lemma conformance_without_partiality :
+shows "strongsemieq Y - \<Pi> Y = semieq Y - \<Pi> Y"
+ and "semieq Y - \<Pi> Y = equiv Y - \<Pi> Y"
+ and "strongsemired Y - \<Pi> Y = semired Y - \<Pi> Y"
+ and "semired Y - \<Pi> Y = red Y - \<Pi> Y"
+ unfolding partiality_component_def
+ by fastforce+
+
+
+section \<open>Conformance Testing\<close>
+
+type_synonym ('x,'y) state_cover = "('x,'y) language"
+type_synonym ('x,'y) transition_cover = "('x,'y) state_cover \<times> 'x set"
+
+fun is_state_cover :: "('x,'y) language \<Rightarrow> ('x,'y) language \<Rightarrow> ('x,'y) state_cover \<Rightarrow> bool" where
+ "is_state_cover L1 L2 V = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<exists> \<alpha> \<in> V . \<L>[L1,\<pi>] = \<L>[L1,\<alpha>] \<and> \<L>[L2,\<pi>] = \<L>[L2,\<alpha>])"
+
+
+
+lemma state_cover_subset :
+assumes "is_language X Y L1"
+ and "is_language X Y L2"
+ and "is_state_cover L1 L2 V"
+ and "\<pi> \<in> L1 \<inter> L2"
+obtains \<alpha> where "\<alpha> \<in> V"
+ and "\<alpha> \<in> L1 \<inter> L2"
+ and "\<L>[L1,\<pi>] = \<L>[L1,\<alpha>]"
+ and "\<L>[L2,\<pi>] = \<L>[L2,\<alpha>]"
+proof -
+ obtain \<alpha> where "\<alpha> \<in> V"
+ and "\<L>[L1,\<pi>] = \<L>[L1,\<alpha>]"
+ and "\<L>[L2,\<pi>] = \<L>[L2,\<alpha>]"
+ using assms
+ by (meson is_state_cover.elims(2))
+ moreover have "\<L>[L1,\<pi>] \<noteq> {}" and "\<L>[L2,\<pi>] \<noteq> {}"
+ by (metis Collect_empty_eq_bot Int_iff append.right_neutral assms(4) empty_def language_for_state.elims)+
+ ultimately have "\<alpha> \<in> L1 \<inter> L2"
+ using language_of_state_empty_iff[OF assms(1)] language_of_state_empty_iff[OF assms(2)]
+ by blast
+ then show ?thesis using that[OF \<open>\<alpha> \<in> V\<close> _ \<open>\<L>[L1,\<pi>] = \<L>[L1,\<alpha>]\<close> \<open>\<L>[L2,\<pi>] = \<L>[L2,\<alpha>]\<close>]
+ by blast
+qed
+
+
+theorem sufficient_condition_for_type_1_conformance :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+ and "is_state_cover L1 L2 V"
+shows "(L1 \<preceq>[X,H] L2) \<longleftrightarrow> (\<forall> \<pi> \<in> V . \<forall> x \<in> X . \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)"
+proof
+ show "(L1 \<preceq>[X,H] L2) \<Longrightarrow> (\<forall> \<pi> \<in> V . \<forall> x \<in> X . \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)"
+ by auto
+
+ have "(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H) \<Longrightarrow> (\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)"
+ proof -
+ fix \<pi> x assume "(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)"
+ and "\<pi> \<in> L1 \<inter> L2"
+ and "x \<in> X"
+
+ obtain \<alpha> where "\<alpha> \<in> V" and "\<alpha> \<in> L1 \<inter> L2" and "\<L>[L1,\<pi>] = \<L>[L1,\<alpha>]" and "\<L>[L2,\<pi>] = \<L>[L2,\<alpha>]"
+ using state_cover_subset[OF assms \<open>\<pi> \<in> L1 \<inter> L2\<close>] by auto
+ then have "out[L1,\<pi>,x] = out[L1,\<alpha>,x]" and "out[L2,\<pi>,x] = out[L2,\<alpha>,x]"
+ by force+
+ moreover have "(out[L1,\<alpha>,x], out[L2,\<alpha>,x]) \<in> H"
+ using \<open>(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)\<close> \<open>\<alpha> \<in> V\<close> \<open>x \<in> X\<close> \<open>\<alpha> \<in> L1 \<inter> L2\<close>
+ by blast
+ ultimately show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H"
+ by simp
+ qed
+ then show "\<forall>\<pi>\<in>V. \<forall>x\<in>X. \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<Longrightarrow> L1 \<preceq>[X,H] L2"
+ by auto
+qed
+
+theorem sufficient_condition_for_type_2_conformance :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+ and "is_state_cover L1 L2 V"
+shows "(L1 \<le>[X,H] L2) \<longleftrightarrow> (\<forall> \<pi> \<in> V . \<forall> x \<in> X . \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {})))"
+proof
+
+ have "\<And> \<pi> x . (L1 \<le>[X,H] L2) \<Longrightarrow> \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))"
+ proof -
+ fix \<pi> x assume "L1 \<le>[X,H] L2" and "\<pi> \<in> V" and "x \<in> X" and "\<pi> \<in> L1 \<inter> L2"
+
+ have "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H"
+ using \<open>L1 \<le>[X,H] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> \<open>x \<in> X\<close> by force
+ moreover have "out[L2,\<pi>,x] \<noteq> {} \<Longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {})"
+ by (metis (no_types, lifting) \<open>L1 \<le>[X,H] L2\<close> \<open>\<pi> \<in> L1 \<inter> L2\<close> assms(2) empty_iff executable_inputs_in_alphabet inf_bot_right outputs_executable type_2_conforms.elims(2))
+ ultimately show "(out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))"
+ by blast
+ qed
+ then show "(L1 \<le>[X,H] L2) \<Longrightarrow> (\<forall> \<pi> \<in> V . \<forall> x \<in> X . \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {})))"
+ by auto
+
+ have "(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))) \<Longrightarrow> (\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H)"
+ by (meson assms(1) assms(2) assms(3) sufficient_condition_for_type_1_conformance type_1_conforms.elims(2))
+ moreover have "(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))) \<Longrightarrow> (\<And> \<pi> . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> exec[L2,\<pi>] \<noteq> {} \<Longrightarrow> (\<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {}))"
+ proof -
+ fix \<pi> assume "\<pi> \<in> L1 \<inter> L2"
+ and "exec[L2,\<pi>] \<noteq> {}"
+ and *: "(\<And> \<pi> x . \<pi> \<in> V \<Longrightarrow> x \<in> X \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {})))"
+
+ then obtain x where "x \<in> X" and "out[L2,\<pi>,x] \<noteq> {}"
+ by (metis all_not_in_conv assms(2) executable_inputs_in_alphabet outputs_executable)
+
+ moreover obtain \<alpha> where "\<alpha> \<in> V"
+ and "\<alpha> \<in> L1 \<inter> L2"
+ and "\<L>[L1,\<pi>] = \<L>[L1,\<alpha>]"
+ and "\<L>[L2,\<pi>] = \<L>[L2,\<alpha>]"
+ using state_cover_subset[OF assms \<open>\<pi> \<in> L1 \<inter> L2\<close>] by blast
+ ultimately show "(\<exists> x . out[L1,\<pi>,x] \<inter> out[L2,\<pi>,x] \<noteq> {})"
+ using *
+ by (metis outputs.elims)
+ qed
+ ultimately show "(\<forall> \<pi> \<in> V . \<forall> x \<in> X . \<pi> \<in> L1 \<inter> L2 \<longrightarrow> (out[L1,\<pi>,x], out[L2,\<pi>,x]) \<in> H \<and> (out[L2,\<pi>,x] \<noteq> {} \<longrightarrow> (\<exists> x' \<in> X . out[L1,\<pi>,x'] \<inter> out[L2,\<pi>,x'] \<noteq> {}))) \<Longrightarrow> (L1 \<le>[X,H] L2)"
+ by auto
+qed
+
+
+lemma intersections_card_helper :
+ assumes "finite X"
+ and "finite Y"
+shows "card {A \<inter> B | A B . A \<in> X \<and> B \<in> Y} \<le> card X * card Y"
+proof -
+ have "{A \<inter> B | A B . A \<in> X \<and> B \<in> Y} = (\<lambda> (A,B) . A \<inter> B) ` (X \<times> Y)"
+ by auto
+ then have "card {A \<inter> B | A B . A \<in> X \<and> B \<in> Y} \<le> card (X \<times> Y)"
+ by (metis (no_types, lifting) assms(1) assms(2) card_image_le finite_SigmaI)
+ then show ?thesis
+ by (simp add: card_cartesian_product)
+qed
+
+
+lemma prefix_length_take :
+ "(prefix xs ys \<and> length xs \<le> k) \<longleftrightarrow> (prefix xs (take k ys))"
+proof
+ show "prefix xs ys \<and> length xs \<le> k \<Longrightarrow> prefix xs (take k ys)"
+ using prefix_length_prefix take_is_prefix by fastforce
+ show "prefix xs (take k ys) \<Longrightarrow> prefix xs ys \<and> length xs \<le> k"
+ by (metis le_trans length_take min.cobounded2 prefix_length_le prefix_order.order_trans take_is_prefix)
+qed
+
+
+lemma brute_force_state_cover :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+ and "finite {\<L>[L1,\<pi>] | \<pi> . \<pi> \<in> L1}"
+ and "finite {\<L>[L2,\<pi>] | \<pi> . \<pi> \<in> L2}"
+ and "card {\<L>[L1,\<pi>] | \<pi> . \<pi> \<in> L1} \<le> n"
+ and "card {\<L>[L2,\<pi>] | \<pi> . \<pi> \<in> L2} \<le> m"
+ shows "is_state_cover L1 L2 {\<alpha> . length \<alpha> \<le> m * n - 1 \<and> (\<forall> xy \<in> set \<alpha> . fst xy \<in> X \<and> snd xy \<in> Y)}"
+proof (rule ccontr)
+ let ?V = "{\<alpha>. length \<alpha> \<le> m * n - 1 \<and> (\<forall>xy\<in>set \<alpha>. fst xy \<in> X \<and> snd xy \<in> Y)}"
+ assume "\<not> is_state_cover L1 L2 ?V"
+
+
+ (* there is a trace of minimal length that is not covered *)
+
+ define is_covered where "is_covered = (\<lambda> \<pi> . \<exists> \<alpha> \<in> ?V . \<L>[L1,\<pi>] = \<L>[L1,\<alpha>] \<and> \<L>[L2,\<pi>] = \<L>[L2,\<alpha>])"
+ define missing_traces where "missing_traces = {\<tau> . \<tau> \<in> L1 \<inter> L2 \<and> \<not>is_covered \<tau>}"
+ define \<tau> where "\<tau> = arg_min length (\<lambda> \<pi> . \<pi> \<in> missing_traces)"
+
+ have "missing_traces \<noteq> {}"
+ using \<open>\<not> is_state_cover L1 L2 ?V\<close>
+ using is_covered_def missing_traces_def by fastforce
+ then have "\<tau> \<in> missing_traces"
+ "\<And> \<tau>' . \<tau>' \<in> missing_traces \<Longrightarrow> length \<tau> \<le> length \<tau>'"
+ using arg_min_nat_lemma[where P="(\<lambda> \<pi> . \<pi> \<in> missing_traces)" and m=length]
+ unfolding \<tau>_def[symmetric] by blast+
+ then have \<tau>_props: "\<tau> \<in> L1 \<inter> L2"
+ "\<And> \<alpha> . \<alpha> \<in> ?V \<Longrightarrow> \<not>(\<L>[L1,\<tau>] = \<L>[L1,\<alpha>] \<and> \<L>[L2,\<tau>] = \<L>[L2,\<alpha>])"
+ unfolding missing_traces_def is_covered_def by blast+
+
+
+ (* this length is at least m*n, as otherwise it would be contained in the brute force state cover *)
+
+ have "\<And> xy . xy \<in> set \<tau> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y"
+ using \<open>\<tau> \<in> L1 \<inter> L2\<close> assms(1) by auto
+ moreover have "\<tau> \<notin> ?V"
+ using \<tau>_props(2) by blast
+ ultimately have "length \<tau> > m*n-1"
+ by simp
+
+
+ (* at the same time, L1 \<times> L2 has at most m*n 'states' *)
+
+ let ?L12 = "{\<L>[L1,\<pi>] | \<pi> . \<pi> \<in> L1} \<times> {\<L>[L2,\<pi>] | \<pi> . \<pi> \<in> L2}"
+
+ have "finite ?L12"
+ using assms(3,4)
+ by blast
+
+ have "card ?L12 \<le> m*n"
+ using assms(3,4,5,6)
+ by (metis (no_types, lifting) Sigma_cong card_cartesian_product mult.commute mult_le_mono)
+
+
+ (* thus, the m*n many prefixes of \<tau> of length up to m*n-1 may visit at most m*n states *)
+
+ let ?visited_states = "{(\<L>[L1,\<tau>'],\<L>[L2,\<tau>']) | \<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}"
+
+ have "\<And> \<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<Longrightarrow> \<tau>' \<in> L1 \<inter> L2"
+ by (meson \<tau>_props(1) assms(1) assms(2) in_set_prefixes is_language.elims(2) language_intersection_is_language)
+ then have "?visited_states \<subseteq> ?L12"
+ by blast
+ then have "card ?visited_states \<le> m * n"
+ using \<open>finite ?L12\<close> \<open>card ?L12 \<le> m * n\<close>
+ by (meson card_mono dual_order.trans)
+
+
+ (* due to the minimality of \<tau>, all prefixes of it must reach distinct states *)
+
+ have no_index_loop : "\<And> i j . i < j \<Longrightarrow> j \<le> length \<tau> \<Longrightarrow> \<L>[L1, take i \<tau>] \<noteq> \<L>[L1, take j \<tau>] \<or> \<L>[L2, take i \<tau>] \<noteq> \<L>[L2, take j \<tau>]"
+ proof (rule ccontr)
+ fix i j
+ assume "i < j" and "j \<le> length \<tau>" and "\<not> (\<L>[L1,take i \<tau>] \<noteq> \<L>[L1,take j \<tau>] \<or> \<L>[L2,take i \<tau>] \<noteq> \<L>[L2,take j \<tau>])"
+ then have "\<L>[L1,take i \<tau>] = \<L>[L1,take j \<tau>]" and "\<L>[L2,take i \<tau>] = \<L>[L2,take j \<tau>]"
+ by auto
+
+ have "{\<tau>'. \<tau> @ \<tau>' \<in> L1} = {\<tau>'. take j \<tau> @ drop j \<tau> @ \<tau>' \<in> L1}"
+ by (metis append.assoc append_take_drop_id)
+ have "{\<tau>'. \<tau> @ \<tau>' \<in> L2} = {\<tau>'. take j \<tau> @ drop j \<tau> @ \<tau>' \<in> L2}"
+ by (metis append.assoc append_take_drop_id)
+
+ have "\<L>[L1,take i \<tau> @ drop j \<tau>] = \<L>[L1,\<tau>]"
+ using \<open>\<L>[L1,take i \<tau>] = \<L>[L1,take j \<tau>]\<close>
+ unfolding language_for_state.simps
+ unfolding \<open>{\<tau>'. \<tau> @ \<tau>' \<in> L1} = {\<tau>'. take j \<tau> @ drop j \<tau> @ \<tau>' \<in> L1}\<close> append.assoc by blast
+ moreover have "\<L>[L2,take i \<tau> @ drop j \<tau>] = \<L>[L2,\<tau>]"
+ using \<open>\<L>[L2,take i \<tau>] = \<L>[L2,take j \<tau>]\<close>
+ unfolding language_for_state.simps
+ unfolding \<open>{\<tau>'. \<tau> @ \<tau>' \<in> L2} = {\<tau>'. take j \<tau> @ drop j \<tau> @ \<tau>' \<in> L2}\<close> append.assoc by blast
+
+ have "(take i \<tau> @ drop j \<tau>) \<in> missing_traces"
+ proof (rule ccontr)
+ assume "take i \<tau> @ drop j \<tau> \<notin> missing_traces"
+ moreover have "take i \<tau> @ drop j \<tau> \<in> L1 \<inter> L2"
+ by (metis IntD1 IntD2 IntI \<open>\<L>[L1,take i \<tau>] = \<L>[L1,take j \<tau>]\<close> \<open>\<L>[L2,take i \<tau>] = \<L>[L2,take j \<tau>]\<close> \<tau>_props(1) append_take_drop_id language_for_state.elims mem_Collect_eq)
+ ultimately obtain \<alpha> where "length \<alpha> \<le> m * n - 1"
+ "(\<forall>xy\<in>set \<alpha>. fst xy \<in> X \<and> snd xy \<in> Y)"
+ "\<L>[L1,take i \<tau> @ drop j \<tau>] = \<L>[L1,\<alpha>]"
+ "\<L>[L2,take i \<tau> @ drop j \<tau>] = \<L>[L2,\<alpha>]"
+ unfolding missing_traces_def is_covered_def
+ by blast
+ then have "\<tau> \<notin> missing_traces"
+ unfolding missing_traces_def is_covered_def
+ using \<open>\<tau> \<in> L1 \<inter> L2\<close>
+ unfolding \<open>\<L>[L1,take i \<tau> @ drop j \<tau>] = \<L>[L1,\<tau>]\<close>
+ unfolding \<open>\<L>[L2,take i \<tau> @ drop j \<tau>] = \<L>[L2,\<tau>]\<close>
+ by blast
+ then show False
+ using \<open>\<tau> \<in> missing_traces\<close> by simp
+ qed
+ moreover have "length (take i \<tau> @ drop j \<tau>) < length \<tau>"
+ using \<open>i < j\<close> \<open>j \<le> length \<tau>\<close>
+ by (induction \<tau> arbitrary: i j; auto)
+ ultimately show False
+ using \<open>\<And> \<tau>' . \<tau>' \<in> missing_traces \<Longrightarrow> length \<tau> \<le> length \<tau>'\<close>
+ using leD by blast
+ qed
+
+ have no_prefix_loop : "\<And> \<tau>' \<tau>'' . \<tau>' \<in> set (prefixes \<tau>) \<Longrightarrow> \<tau>'' \<in> set (prefixes \<tau>) \<Longrightarrow> \<tau>' \<noteq> \<tau>'' \<Longrightarrow> (\<L>[L1,\<tau>'],\<L>[L2,\<tau>']) \<noteq> (\<L>[L1,\<tau>''],\<L>[L2,\<tau>''])"
+ proof -
+ fix \<tau>' \<tau>'' assume "\<tau>' \<in> set (prefixes \<tau>)" and "\<tau>'' \<in> set (prefixes \<tau>)" and "\<tau>' \<noteq> \<tau>''"
+
+ obtain i where "\<tau>' = take i \<tau>" and "i \<le> length \<tau>"
+ using \<open>\<tau>' \<in> set (prefixes \<tau>)\<close>
+ by (metis append_eq_conv_conj in_set_prefixes linorder_linear prefix_def take_all_iff)
+
+ obtain j where "\<tau>'' = take j \<tau>" and "j \<le> length \<tau>"
+ using \<open>\<tau>'' \<in> set (prefixes \<tau>)\<close>
+ by (metis append_eq_conv_conj in_set_prefixes linorder_linear prefix_def take_all_iff)
+
+ have "i \<noteq> j"
+ using \<open>\<tau>' = take i \<tau>\<close> \<open>\<tau>' \<noteq> \<tau>''\<close> \<open>\<tau>'' = take j \<tau>\<close> by blast
+ then consider (a) "i < j" | (b) "j < i"
+ using nat_neq_iff by blast
+ then show "(\<L>[L1,\<tau>'],\<L>[L2,\<tau>']) \<noteq> (\<L>[L1,\<tau>''],\<L>[L2,\<tau>''])"
+ using no_index_loop
+ using \<open>j \<le> length \<tau>\<close> \<open>i \<le> length \<tau>\<close>
+ unfolding \<open>\<tau>' = take i \<tau>\<close> \<open>\<tau>'' = take j \<tau>\<close>
+ by (cases; blast)
+ qed
+ then have "inj_on (\<lambda> \<tau>' . (\<L>[L1,\<tau>'], \<L>[L2,\<tau>'])) {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}"
+ using inj_onI
+ by (metis (mono_tags, lifting) mem_Collect_eq)
+ then have "card ((\<lambda> \<tau>' . (\<L>[L1,\<tau>'], \<L>[L2,\<tau>'])) ` {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}) = card {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}"
+ using card_image by blast
+ moreover have "?visited_states = (\<lambda> \<tau>' . (\<L>[L1,\<tau>'], \<L>[L2,\<tau>'])) ` {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}"
+ by auto
+ ultimately have "card ?visited_states = card {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1}"
+ by simp
+ moreover have "card {\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1} = m*n"
+ proof -
+ have "{\<tau>' . \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1} = set (prefixes (take (m*n-1) \<tau>))"
+ unfolding in_set_prefixes prefix_length_take
+ by auto
+ moreover have "length (take (m*n-1) \<tau>) = m*n-1"
+ using \<open>length \<tau> > m*n-1\<close> by auto
+ ultimately show ?thesis
+ using length_prefixes distinct_prefixes
+ by (metis \<open>card {(\<L>[L1,\<tau>'], \<L>[L2,\<tau>']) |\<tau>'. \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1} = card {\<tau>' \<in> set (prefixes \<tau>). length \<tau>' \<le> m * n - 1}\<close> \<open>card {(\<L>[L1,\<tau>'], \<L>[L2,\<tau>']) |\<tau>'. \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1} \<le> m * n\<close> distinct_card less_diff_conv not_less_iff_gr_or_eq order_le_less)
+ qed
+
+
+ (* that is, the m*n many prefixes of \<tau> of length up to m*n-1 must visit all m*n states *)
+
+ ultimately have "card ?visited_states = m*n"
+ by simp
+ then have "?visited_states = ?L12"
+ by (metis (no_types, lifting) \<open>card ({\<L>[L1,\<pi>] |\<pi>. \<pi> \<in> L1} \<times> {\<L>[L2,\<pi>] |\<pi>. \<pi> \<in> L2}) \<le> m * n\<close> \<open>finite ({\<L>[L1,\<pi>] |\<pi>. \<pi> \<in> L1} \<times> {\<L>[L2,\<pi>] |\<pi>. \<pi> \<in> L2})\<close> \<open>{(\<L>[L1,\<tau>'], \<L>[L2,\<tau>']) |\<tau>'. \<tau>' \<in> set (prefixes \<tau>) \<and> length \<tau>' \<le> m * n - 1} \<subseteq> {\<L>[L1,\<pi>] |\<pi>. \<pi> \<in> L1} \<times> {\<L>[L2,\<pi>] |\<pi>. \<pi> \<in> L2}\<close> card_seteq)
+
+
+ (* so that the state reached by \<tau> itself must at the same time be visited and not visited *)
+
+ have "(\<L>[L1,\<tau>], \<L>[L2,\<tau>]) \<in> ?L12"
+ using \<open>\<tau> \<in> L1 \<inter> L2\<close>
+ by blast
+ moreover have "(\<L>[L1,\<tau>], \<L>[L2,\<tau>]) \<notin> ?visited_states"
+ proof
+ assume "(\<L>[L1,\<tau>], \<L>[L2,\<tau>]) \<in> ?visited_states"
+ then obtain \<tau>' where "(\<L>[L1,\<tau>], \<L>[L2,\<tau>]) = (\<L>[L1,\<tau>'],\<L>[L2,\<tau>'])"
+ and "\<tau>' \<in> set (prefixes \<tau>)"
+ and "length \<tau>' \<le> m * n - 1"
+ by blast
+
+ then have "\<tau> \<noteq> \<tau>'"
+ using \<open>length \<tau> > m*n-1\<close> by auto
+
+ show False
+ using \<open>(\<L>[L1,\<tau>], \<L>[L2,\<tau>]) = (\<L>[L1,\<tau>'],\<L>[L2,\<tau>'])\<close>
+ using no_prefix_loop[OF _ \<open>\<tau>' \<in> set (prefixes \<tau>)\<close> \<open>\<tau> \<noteq> \<tau>'\<close>]
+ by simp
+ qed
+ ultimately show False
+ unfolding \<open>?visited_states = ?L12\<close>
+ by blast
+qed
+
+
+section \<open>Reductions Between Relations\<close>
+
+subsection \<open>Quasi-Equivalence via Quasi-Reduction and Absences\<close>
+
+fun absence_completion :: "'x alphabet \<Rightarrow> 'y alphabet \<Rightarrow> ('x,'y) language \<Rightarrow> ('x, 'y \<times> bool) language" where
+ "absence_completion X Y L =
+ ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)
+ \<union> {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+
+lemma absence_completion_is_language :
+ assumes "is_language X Y L"
+shows "is_language X (Y \<times> UNIV) (absence_completion X Y L)"
+proof -
+ let ?L = "(absence_completion X Y L)"
+ have "[] \<in> ?L"
+ using language_contains_nil[OF assms] by auto
+
+ have "?L \<noteq> {}"
+ using language_contains_nil[OF assms] by auto
+ moreover have "\<And> \<gamma> xy . \<gamma> \<in> ?L \<Longrightarrow> xy \<in> set \<gamma> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ and "\<And> \<gamma> \<gamma>' . \<gamma> \<in> ?L \<Longrightarrow> prefix \<gamma>' \<gamma> \<Longrightarrow> \<gamma>' \<in> ?L"
+ proof -
+ fix \<gamma> xy \<gamma>' assume "\<gamma> \<in> ?L"
+ then consider (a) "\<gamma> \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)" |
+ (b) "\<gamma> \<in> {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+ unfolding absence_completion.simps by blast
+ then have "(xy \<in> set \<gamma> \<longrightarrow> fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)) \<and> (prefix \<gamma>' \<gamma> \<longrightarrow> \<gamma>' \<in> ?L)"
+ proof cases
+ case a
+ then obtain \<pi> where *:"\<gamma> = map (\<lambda>(x,y) . (x,(y,True))) \<pi>" and "\<pi> \<in> L"
+ by auto
+ then have p1: "\<And> xy . xy \<in> set \<pi> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y"
+ and p2: "\<And> \<pi>' . prefix \<pi>' \<pi> \<Longrightarrow> \<pi>' \<in> L"
+ using assms by auto
+
+ have "xy \<in> set \<gamma> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ proof -
+ assume "xy \<in> set \<gamma>"
+ then have "(fst xy, fst (snd xy)) \<in> set \<pi>" and "snd (snd xy) = True"
+ unfolding * by auto
+ then show "fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ by (metis p1 SigmaI UNIV_I fst_conv prod.collapse snd_conv)
+ qed
+ moreover have "prefix \<gamma>' \<gamma> \<Longrightarrow> \<gamma>' \<in> ?L"
+ proof -
+ assume "prefix \<gamma>' \<gamma>"
+ then obtain i where "\<gamma>' = take i \<gamma>"
+ by (metis append_eq_conv_conj prefix_def)
+ then have "\<gamma>' = map (\<lambda>(x,y) . (x,(y,True))) (take i \<pi>)"
+ unfolding * using take_map by blast
+ moreover have "take i \<pi> \<in> L"
+ using p2 \<open>\<pi> \<in> L\<close> take_is_prefix by blast
+ ultimately have "\<gamma>' \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)"
+ by simp
+ then show "\<gamma>' \<in> ?L"
+ by auto
+ qed
+ ultimately show ?thesis by blast
+ next
+ case b
+ then obtain \<pi> x y \<tau> where *: "\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau>"
+ and "\<pi> \<in> L"
+ and "out[L,\<pi>,x] \<noteq> {}"
+ and "y \<in> Y"
+ and "y \<notin> out[L,\<pi>,x]"
+ and "(\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)"
+ by blast
+ then have p1: "\<And> xy . xy \<in> set \<pi> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> Y"
+ and p2: "\<And> \<pi>' . prefix \<pi>' \<pi> \<Longrightarrow> \<pi>' \<in> L"
+ using assms by auto
+
+ have "x \<in> X"
+ using \<open>out[L,\<pi>,x] \<noteq> {}\<close> assms
+ by (meson executable_inputs_in_alphabet outputs_executable)
+
+ have "xy \<in> set \<gamma> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ proof -
+ assume "xy \<in> set \<gamma>"
+ then consider (b1) "xy \<in> set (map (\<lambda>(x,y) . (x,(y,True))) \<pi>)" |
+ (b2) "xy = (x,(y,False))" |
+ (b3) "xy \<in> set \<tau>"
+ unfolding * by force
+ then show ?thesis proof cases
+ case b1
+ then have "(fst xy, fst (snd xy)) \<in> set \<pi>" and "snd (snd xy) = True"
+ unfolding * by auto
+ then show "fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ by (metis p1 SigmaI UNIV_I fst_conv prod.collapse snd_conv)
+ next
+ case b2
+ then show ?thesis
+ using \<open>x \<in> X\<close> \<open>y \<in> Y\<close> by simp
+ next
+ case b3
+ then show ?thesis
+ using \<open>(\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)\<close> by force
+ qed
+ qed
+ moreover have "prefix \<gamma>' \<gamma> \<Longrightarrow> \<gamma>' \<in> ?L"
+ proof -
+ assume "prefix \<gamma>' \<gamma>"
+ then obtain i where "\<gamma>' = take i \<gamma>"
+ by (metis append_eq_conv_conj prefix_def)
+ then consider (b1) "i \<le> length \<pi>" |
+ (b2) "i > length \<pi>"
+ by linarith
+ then show "\<gamma>' \<in> ?L" proof cases
+ case b1
+ then have "i \<le> length (map (\<lambda>(x, y). (x, y, True)) \<pi>)"
+ by auto
+ then have "\<gamma>' = map (\<lambda>(x,y) . (x,(y,True))) (take i \<pi>)"
+ unfolding * \<open>\<gamma>' = take i \<gamma>\<close>
+ by (simp add: take_map)
+ moreover have "take i \<pi> \<in> L"
+ using p2 \<open>\<pi> \<in> L\<close> take_is_prefix by blast
+ ultimately have "\<gamma>' \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)"
+ by simp
+ then show "\<gamma>' \<in> ?L"
+ by auto
+ next
+ case b2
+ then have "i > length (map (\<lambda>(x, y). (x, y, True)) \<pi>)"
+ by auto
+
+ have "\<And> k xs ys . k > length xs \<Longrightarrow> take k (xs@ys) = xs@(take (k - length xs) ys)"
+ by simp
+ have take_helper: "\<And> k xs y zs . k > length xs \<Longrightarrow> take k (xs@[y]@zs) = xs@[y]@(take (k - length xs - 1) zs)"
+ by (metis One_nat_def Suc_pred \<open>\<And>ys xs k. length xs < k \<Longrightarrow> take k (xs @ ys) = xs @ take (k - length xs) ys\<close> append_Cons append_Nil take_Suc_Cons zero_less_diff)
+
+ have **: "\<gamma>' = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@(take (i - length \<pi> - 1) \<tau>)"
+ unfolding * \<open>\<gamma>' = take i \<gamma>\<close>
+ using take_helper[OF \<open>i > length (map (\<lambda>(x, y). (x, y, True)) \<pi>)\<close>] by simp
+
+ have "(\<forall> (x,(y,a)) \<in> set (take (i - length \<pi> - 1) \<tau>) . x \<in> X \<and> y \<in> Y)"
+ using \<open>(\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)\<close>
+ by (meson in_set_takeD)
+ then show ?thesis
+ unfolding ** absence_completion.simps
+ using \<open>\<pi> \<in> L\<close> \<open>out[L,\<pi>,x] \<noteq> {}\<close> \<open>y \<in> Y\<close> \<open>y \<notin> out[L,\<pi>,x]\<close>
+ by blast
+ qed
+ qed
+ ultimately show ?thesis by simp
+ qed
+ then show "xy \<in> set \<gamma> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> (Y \<times> UNIV)"
+ and "prefix \<gamma>' \<gamma> \<Longrightarrow> \<gamma>' \<in> ?L"
+ by blast+
+ qed
+ ultimately show ?thesis
+ unfolding is_language.simps by blast
+qed
+
+lemma absence_completion_inclusion_R :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> absence_completion X Y L"
+shows "(map (\<lambda>(x,y,a) . (x,y)) \<pi> \<in> L) \<longleftrightarrow> (\<forall> (x,y,a) \<in> set \<pi> . a = True)"
+proof -
+ define L'a where "L'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)"
+ define L'b where "L'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+
+
+ have "\<And> \<pi> xya . \<pi> \<in> L'a \<Longrightarrow> xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True"
+ unfolding L'a_def by auto
+ moreover have "\<And> \<pi> . \<pi> \<in> L'b \<Longrightarrow> \<exists> xya \<in> set \<pi> . snd (snd xya) = False"
+ unfolding L'b_def by auto
+ moreover have "\<pi> \<in> L'a \<union> L'b"
+ using assms(2) unfolding absence_completion.simps L'a_def L'b_def .
+ ultimately have "(\<forall> (x,y,a) \<in> set \<pi> . a = True) = (\<pi> \<in> L'a)"
+ by fastforce
+
+ show ?thesis proof (cases "(\<forall> (x,y,a) \<in> set \<pi> . a = True)")
+ case True
+ then obtain \<tau> where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<tau>"
+ and "\<tau> \<in> L"
+ unfolding \<open>(\<forall> (x,y,a) \<in> set \<pi> . a = True) = (\<pi> \<in> L'a)\<close> L'a_def
+ by blast
+
+ have "map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>"
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<tau>\<close>
+ by (induction \<tau>; auto)
+ show ?thesis
+ using True \<open>\<tau> \<in> L\<close>
+ unfolding \<open>(\<forall> (x,y,a) \<in> set \<pi> . a = True) = (\<pi> \<in> L'a)\<close> L'a_def
+ unfolding \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>\<close>
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<tau>\<close>
+ by blast
+ next
+ case False
+ then have "\<pi> \<in> L'b"
+ using \<open>(\<forall> (x,y,a) \<in> set \<pi> . a = True) = (\<pi> \<in> L'a)\<close> \<open>\<pi> \<in> L'a \<union> L'b\<close> by blast
+ then obtain \<tau> x y \<tau>' where "\<pi> = (map (\<lambda>(x,y) . (x,(y,True))) \<tau>)@[(x,(y,False))]@\<tau>'"
+ and "\<tau> \<in> L"
+ and "out[L,\<tau>,x] \<noteq> {}"
+ and "y \<in> Y"
+ and "y \<notin> out[L,\<tau>,x]"
+ and "(\<forall> (x,(y,a)) \<in> set \<tau>' . x \<in> X \<and> y \<in> Y)"
+ unfolding L'b_def by blast
+ then have "\<tau>@[(x,y)] \<notin> L"
+ by fastforce
+ then have "\<tau>@[(x,y)]@(map (\<lambda>(x, y, a). (x, y)) \<tau>') \<notin> L"
+ using assms(1)
+ by (metis append.assoc prefix_closure_no_member)
+ moreover have "map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>@[(x,y)]@(map (\<lambda>(x, y, a). (x, y)) \<tau>')"
+ unfolding \<open>\<pi> = (map (\<lambda>(x,y) . (x,(y,True))) \<tau>)@[(x,(y,False))]@\<tau>'\<close>
+ by (induction \<tau>; auto)
+ ultimately have "map (\<lambda>(x, y, a). (x, y)) \<pi> \<notin> L"
+ by simp
+ then show ?thesis
+ using False by blast
+ qed
+qed
+
+lemma absence_completion_inclusion_L :
+ "(\<pi> \<in> L) \<longleftrightarrow> (map (\<lambda>(x,y) . (x,y,True)) \<pi> \<in> absence_completion X Y L)"
+proof -
+
+ let ?L = "absence_completion X Y L"
+ define L'a where "L'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)"
+ define L'b where "L'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+ have "?L = L'a \<union> L'b"
+ unfolding L'a_def L'b_def absence_completion.simps by blast
+
+ have "\<And> \<pi> . \<pi> \<in> L'b \<Longrightarrow> \<exists> xya \<in> set \<pi> . snd (snd xya) = False"
+ unfolding L'b_def by auto
+ then have "(map (\<lambda>(x,y) . (x,y,True)) \<pi> \<in> ?L) = (map (\<lambda>(x,y) . (x,y,True)) \<pi> \<in> L'a)"
+ unfolding \<open>?L = L'a \<union> L'b\<close>
+ by fastforce
+
+ have "inj (\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>)"
+ by (simp add: inj_def)
+ then show ?thesis
+ unfolding \<open>(map (\<lambda>(x,y) . (x,y,True)) \<pi> \<in> ?L) = (map (\<lambda>(x,y) . (x,y,True)) \<pi> \<in> L'a)\<close>
+ unfolding L'a_def
+ by (simp add: image_iff inj_def)
+qed
+
+
+fun is_present :: "('x,'y \<times> bool) word \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "is_present \<pi> L = (\<pi> \<in> map (\<lambda>(x, y). (x, y, True)) ` L)"
+
+lemma is_present_rev :
+ assumes "is_present \<pi> L"
+shows "map (\<lambda>(x, y, a). (x, y)) \<pi> \<in> L"
+proof -
+ obtain \<pi>' where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'" and "\<pi>' \<in> L"
+ using assms by auto
+ moreover have "map (\<lambda>(x, y, a). (x, y)) (map (\<lambda>(x, y). (x, y, True)) \<pi>') = \<pi>'"
+ by (induction \<pi>'; auto)
+ ultimately show ?thesis
+ by force
+qed
+
+
+
+lemma absence_completion_out :
+ assumes "is_language X Y L"
+ and "x \<in> X"
+ and "\<pi> \<in> absence_completion X Y L"
+shows "is_present \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {} \<Longrightarrow> out[absence_completion X Y L, \<pi>, x] = {(y,True) | y . y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]} \<union> {(y,False) | y . y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+and "is_present \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = {} \<Longrightarrow> out[absence_completion X Y L, \<pi>, x] = {}"
+and "\<not> is_present \<pi> L \<Longrightarrow> out[absence_completion X Y L, \<pi>, x] = Y \<times> UNIV"
+proof -
+
+ let ?L = "absence_completion X Y L"
+ define L'a where "L'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L)"
+ define L'b where "L'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+ have "?L = L'a \<union> L'b"
+ unfolding L'a_def L'b_def absence_completion.simps by blast
+ then have "out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ unfolding outputs.simps language_for_state.simps by blast
+
+ show "is_present \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {} \<Longrightarrow> out[?L, \<pi>, x] = {(y,True) | y . y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]} \<union> {(y,False) | y . y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ proof -
+ assume "is_present \<pi> L" and "out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}"
+ then have "map (\<lambda>(x, y, a). (x, y)) \<pi> \<in> L"
+ using assms(1) by auto
+
+ have "{y. \<pi> @ [(x, y)] \<in> L'a} = {(y,True) | y . y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ proof
+ show "{y. \<pi> @ [(x, y)] \<in> L'a} \<subseteq> {(y, True) |y. y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ proof
+ fix ya assume "ya \<in> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ then have "\<pi> @ [(x, ya)] \<in> map (\<lambda>(x, y). (x, y, True)) ` L"
+ unfolding L'a_def by blast
+ then obtain \<gamma> where "\<gamma> \<in> L" and "\<pi> @ [(x, ya)] = map (\<lambda>(x, y). (x, y, True)) \<gamma>"
+ by blast
+ then have "length (\<pi> @ [(x, ya)]) = length \<gamma>"
+ by auto
+ then obtain \<gamma>' xy where "\<gamma> = \<gamma>'@[xy]"
+ by (metis add.right_neutral dual_order.strict_iff_not length_append_singleton less_add_Suc2 rev_exhaust take0 take_all_iff)
+ then have "(x,ya) = (\<lambda>(x, y). (x, y, True)) xy"
+ using \<open>\<pi> @ [(x, ya)] = map (\<lambda>(x, y). (x, y, True)) \<gamma>\<close> unfolding \<open>\<gamma> = \<gamma>'@[xy]\<close> by auto
+ then have "ya = (snd xy, True)" and "xy = (x,snd xy)"
+ by (simp add: split_beta)+
+ moreover define y where "y = snd xy"
+ ultimately have "ya = (y, True)" and "xy = (x,y)"
+ by auto
+
+ have "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<gamma>'"
+ using \<open>\<pi> @ [(x, ya)] = map (\<lambda>(x, y). (x, y, True)) \<gamma>\<close> unfolding \<open>\<gamma> = \<gamma>'@[xy]\<close> by auto
+ then have "map (\<lambda>(x, y, a). (x, y)) \<pi> = \<gamma>'"
+ by (induction \<pi> arbitrary: \<gamma>'; auto)
+
+ have "[(x, y)] \<in> {\<tau>. map (\<lambda>(x, y, a). (x, y)) \<pi> @ \<tau> \<in> L}"
+ using \<open>\<gamma> \<in> L\<close>
+ unfolding \<open>\<gamma> = \<gamma>'@[xy]\<close> \<open>ya = (y, True)\<close> \<open>xy = (x,y)\<close>
+ unfolding \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<gamma>'\<close>
+ by auto
+ then show "ya \<in> {(y, True) |y. y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ unfolding \<open>ya = (snd xy, True)\<close> outputs.simps language_for_state.simps
+ unfolding \<open>ya = (y, True)\<close> \<open>xy = (x,y)\<close> \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<gamma>'\<close>
+ by auto
+ qed
+ show "{(y, True) |y. y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]} \<subseteq> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ proof
+ fix ya assume "ya \<in> {(y, True) |y. y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ then obtain y where "ya = (y,True)" and "y \<in> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]"
+ by blast
+ then have "[(x, y)] \<in> {\<tau>. map (\<lambda>(x, y, a). (x, y)) \<pi> @ \<tau> \<in> L}"
+ unfolding outputs.simps language_for_state.simps by auto
+ then have "(map (\<lambda>(x, y, a). (x, y)) \<pi>) @ [(x,y)] \<in> L"
+ by auto
+ moreover have "map (\<lambda>(x, y). (x, y, True)) ((map (\<lambda>(x, y, a). (x, y)) \<pi>) @ [(x,y)]) = \<pi> @ [(x, (y, True))]"
+ using \<open>is_present \<pi> L\<close> unfolding is_present.simps
+ by (induction \<pi> arbitrary: x y; auto)
+ ultimately have "\<pi> @ [(x, (y, True))] \<in> L'a"
+ unfolding L'a_def
+ by force
+ then show "ya \<in> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ unfolding \<open>ya = (y,True)\<close>
+ by blast
+ qed
+ qed
+ moreover have "{y. \<pi> @ [(x, y)] \<in> L'b} = {(y,False) | y . y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ proof
+ show "{y. \<pi> @ [(x, y)] \<in> L'b} \<subseteq> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ proof
+ fix ya assume "ya \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ then have "\<pi> @ [(x,ya)] \<in> L'b"
+ by auto
+ then obtain \<pi>' x' y' \<tau> where "\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>"
+ and "\<pi>' \<in> L"
+ and "out[L,\<pi>',x'] \<noteq> {}"
+ and "y' \<in> Y"
+ and "y' \<notin> out[L,\<pi>',x']"
+ and "(\<forall>(x, y, a)\<in>set \<tau>. x \<in> X \<and> y \<in> Y)"
+ unfolding L'b_def by blast
+
+ obtain \<pi>'' where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>''" and "\<pi>'' \<in> L"
+ using \<open>is_present \<pi> L\<close> by auto
+ then have "\<And> xya . xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True"
+ by (induction \<pi>; auto)
+
+ have "\<tau> = []"
+ proof (rule ccontr)
+ assume "\<tau> \<noteq> []"
+ then obtain \<tau>' xyz where "\<tau> = \<tau>'@[xyz]"
+ by (metis append_butlast_last_id)
+ then have "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>'"
+ using \<open>\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>\<close>
+ by auto
+ then have "(x', y', False) \<in> set \<pi>"
+ by auto
+ then show False
+ using \<open>\<And> xya . xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True\<close> by force
+ qed
+ then have "x' = x" and "ya = (y', False)" and "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'"
+ using \<open>\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>\<close>
+ by auto
+
+ have *: "map (\<lambda>(x, y, a). (x, y)) (map (\<lambda>(x, y). (x, y, True)) \<pi>') = \<pi>'"
+ by (induction \<pi>'; auto)
+
+ have "y' \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]"
+ using \<open>y' \<notin> out[L,\<pi>',x']\<close>
+ unfolding outputs.simps language_for_state.simps
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close> \<open>x' = x\<close>
+ unfolding * .
+ then show "ya \<in> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ using \<open>y' \<in> Y\<close>
+ unfolding \<open>ya = (y', False)\<close> by auto
+ qed
+
+ show "{(y, False) |y. y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]} \<subseteq> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ proof
+ fix ya assume "ya \<in> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]}"
+ then obtain y where "ya = (y,False)"
+ and "y \<in> Y"
+ and "y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]"
+ by blast
+
+ obtain \<pi>' where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'" and "\<pi>' \<in> L"
+ using \<open>is_present \<pi> L\<close> by auto
+ have *: "map (\<lambda>(x, y, a). (x, y)) (map (\<lambda>(x, y). (x, y, True)) \<pi>') = \<pi>'"
+ by (induction \<pi>'; auto)
+ have "out[L,\<pi>',x] \<noteq> {}"
+ using \<open>out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}\<close>
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close> * .
+ have "y \<notin> out[L,\<pi>',x]"
+ using \<open>y \<notin> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]\<close>
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close> * .
+
+ have "\<pi>@[(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x, y, False)]"
+ unfolding \<open>ya = (y,False)\<close> \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close>
+ by auto
+ then show "ya \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ unfolding L'b_def
+ using \<open>\<pi>' \<in> L\<close> \<open>out[L,\<pi>',x] \<noteq> {}\<close> \<open>y \<in> Y\<close> \<open>y \<notin> out[L,\<pi>',x]\<close>
+ by force
+ qed
+ qed
+ ultimately show ?thesis
+ unfolding \<open>out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close>
+ by blast
+ qed
+
+
+ show "is_present \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = {} \<Longrightarrow> out[absence_completion X Y L, \<pi>, x] = {}"
+ proof -
+ assume "is_present \<pi> L" and "out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = {}"
+
+ obtain \<pi>' where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'" and "\<pi>' \<in> L"
+ using \<open>is_present \<pi> L\<close> by auto
+ have *: "map (\<lambda>(x, y, a). (x, y)) (map (\<lambda>(x, y). (x, y, True)) \<pi>') = \<pi>'"
+ by (induction \<pi>'; auto)
+ then have "map (\<lambda>(x, y, a). (x, y)) \<pi> = \<pi>'"
+ using \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close> by blast
+
+ have "{y. \<pi> @ [(x, y)] \<in> L'a} = {}"
+ proof -
+ have "\<nexists> y . \<pi> @ [(x, y)] \<in> L'a"
+ proof
+ assume "\<exists>y. \<pi> @ [(x, y)] \<in> L'a"
+ then obtain ya where "\<pi> @ [(x, ya)] \<in> L'a"
+ by blast
+ then obtain \<pi>'' where "\<pi>'' \<in> L" and "map (\<lambda>(x, y). (x, y, True)) \<pi>'' = \<pi> @ [(x, ya)]"
+ unfolding L'a_def by force
+ then have "(x,ya) = (\<lambda>(x, y). (x, y, True)) (last \<pi>'')"
+ by (metis (mono_tags, lifting) append_is_Nil_conv last_map last_snoc list.map_disc_iff not_Cons_self2)
+ then obtain y where "ya = (y,True)"
+ by (simp add: split_beta)
+
+ have "map (\<lambda>(x, y). (x, y, True)) \<pi>'' = map (\<lambda>(x, y). (x, y, True)) (\<pi>' @ [(x, y)])"
+ using \<open>map (\<lambda>(x, y). (x, y, True)) \<pi>'' = \<pi> @ [(x, ya)]\<close>
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close> \<open>ya = (y,True)\<close> by auto
+ moreover have "inj (\<lambda>(x, y). (x, y, True))"
+ by (simp add: inj_def)
+ ultimately have "\<pi>'' = \<pi>' @ [(x,y)]"
+ using inj_map_eq_map by blast
+
+ show False
+ using \<open>\<pi>'' \<in> L\<close> \<open>out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = {}\<close>
+ unfolding \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<pi>'\<close> \<open>\<pi>'' = \<pi>' @ [(x,y)]\<close>
+ by simp
+ qed
+ then show ?thesis
+ by blast
+ qed
+ moreover have "{y. \<pi> @ [(x, y)] \<in> L'b} = {}"
+ proof -
+ have "\<nexists> y . \<pi> @ [(x, y)] \<in> L'b"
+ proof
+ assume "\<exists>y. \<pi> @ [(x, y)] \<in> L'b"
+ then obtain ya where "\<pi> @ [(x, ya)] \<in> L'b"
+ by blast
+ then obtain \<pi>'' x' y' \<tau> where "\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>'' @ [(x', y', False)] @ \<tau>"
+ and "\<pi>'' \<in> L"
+ and "out[L,\<pi>'',x'] \<noteq> {}"
+ and "y' \<in> Y"
+ and "y' \<notin> out[L,\<pi>'',x']"
+ and "(\<forall>(x, y, a)\<in>set \<tau>. x \<in> X \<and> y \<in> Y)"
+ unfolding L'b_def by blast
+
+ have "\<And> xya . xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True"
+ using \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close>
+ by (induction \<pi>; auto)
+
+ have "\<tau> = []"
+ proof (rule ccontr)
+ assume "\<tau> \<noteq> []"
+ then obtain \<tau>' xyz where "\<tau> = \<tau>'@[xyz]"
+ by (metis append_butlast_last_id)
+ then have "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'' @ [(x', y', False)] @ \<tau>'"
+ using \<open>\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>'' @ [(x', y', False)] @ \<tau>\<close>
+ by auto
+ then have "(x', y', False) \<in> set \<pi>"
+ by auto
+ then show False
+ using \<open>\<And> xya . xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True\<close> by force
+ qed
+ then have "x' = x" and "ya = (y', False)" and "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>''"
+ using \<open>\<pi> @ [(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>'' @ [(x', y', False)] @ \<tau>\<close>
+ by auto
+ moreover have "inj (\<lambda>(x, y). (x, y, True))"
+ by (simp add: inj_def)
+ ultimately have "\<pi>'' = \<pi>'"
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>'\<close>
+ using map_injective by blast
+ then show False
+ using \<open>out[L,\<pi>'',x'] \<noteq> {}\<close> \<open>out[L,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = {}\<close>
+ unfolding \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<pi>'\<close> \<open>x' = x\<close>
+ by blast
+ qed
+ then show ?thesis
+ by blast
+ qed
+ ultimately show ?thesis
+ unfolding \<open>out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close>
+ by blast
+ qed
+
+ show "\<not> is_present \<pi> L \<Longrightarrow> out[absence_completion X Y L,\<pi>,x] = Y \<times> UNIV"
+ proof
+
+ show "out[absence_completion X Y L,\<pi>,x] \<subseteq> Y \<times> UNIV"
+ using absence_completion_is_language[OF assms(1)]
+ by (meson outputs_in_alphabet)
+
+
+
+ assume "\<not> is_present \<pi> L"
+ then have "\<pi> \<notin> L'a"
+ unfolding L'a_def by auto
+ then have "\<pi> \<in> L'b"
+ using \<open>\<pi> \<in> ?L\<close> \<open>?L = L'a \<union> L'b\<close> by blast
+ then obtain \<pi>' x' y' \<tau> where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>"
+ and "\<pi>' \<in> L"
+ and "out[L,\<pi>',x'] \<noteq> {}"
+ and "y' \<in> Y"
+ and "y' \<notin> out[L,\<pi>',x']"
+ and "(\<forall>(x, y, a)\<in>set \<tau>. x \<in> X \<and> y \<in> Y)"
+ unfolding L'b_def by blast
+
+ show "Y \<times> UNIV \<subseteq> out[absence_completion X Y L,\<pi>,x]"
+ proof
+ fix ya assume "ya \<in> Y \<times> (UNIV :: bool set)"
+
+ have "\<pi>@[(x,ya)] = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ (\<tau> @ [(x,ya)])"
+ using \<open>\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>\<close>
+ by auto
+ moreover have \<open>(\<forall>(x, y, a)\<in>set (\<tau> @ [(x,ya)]) . x \<in> X \<and> y \<in> Y)\<close>
+ using \<open>(\<forall>(x, y, a)\<in>set \<tau>. x \<in> X \<and> y \<in> Y)\<close> \<open>x \<in> X\<close> \<open>ya \<in> Y \<times> (UNIV :: bool set)\<close>
+ by auto
+ ultimately have "\<pi>@[(x,ya)] \<in> L'b"
+ unfolding L'b_def
+ using \<open>\<pi>' \<in> L\<close> \<open>out[L,\<pi>',x'] \<noteq> {}\<close> \<open>y' \<in> Y\<close> \<open>y' \<notin> out[L,\<pi>',x']\<close>
+ by blast
+ then show "ya \<in> out[?L,\<pi>,x]"
+ unfolding \<open>out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close>
+ by blast
+ qed
+ qed
+qed
+
+
+
+theorem quasieq_via_quasired :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(L1 \<preceq>[X,quasieq Y] L2) \<longleftrightarrow> ((absence_completion X Y L1) \<preceq>[X, quasired (Y \<times> UNIV)] (absence_completion X Y L2))"
+proof
+
+ define L1' where "L1' = absence_completion X Y L1"
+ define L2' where "L2' = absence_completion X Y L2"
+
+ define L1'a where "L1'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L1)"
+ define L1'b where "L1'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L1 \<and> out[L1,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L1,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+ define L2'a where "L2'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` L2)"
+ define L2'b where "L2'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L2 \<and> out[L2,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L2,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+
+
+
+ have "\<And> \<pi> xya . \<pi> \<in> L1'a \<Longrightarrow> xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True"
+ unfolding L1'a_def by auto
+ moreover have "\<And> \<pi> xya . \<pi> \<in> L2'a \<Longrightarrow> xya \<in> set \<pi> \<Longrightarrow> snd (snd xya) = True"
+ unfolding L2'a_def by auto
+ moreover have "\<And> \<pi> . \<pi> \<in> L1'b \<Longrightarrow> \<exists> xya \<in> set \<pi> . snd (snd xya) = False"
+ unfolding L1'b_def by auto
+ moreover have "\<And> \<pi> . \<pi> \<in> L2'b \<Longrightarrow> \<exists> xya \<in> set \<pi> . snd (snd xya) = False"
+ unfolding L2'b_def by auto
+ ultimately have "L1'a \<inter> L2'b = {}" and "L1'b \<inter> L2'a = {}"
+ by blast+
+ moreover have "L1' = L1'a \<union> L1'b"
+ unfolding L1'_def L1'a_def L1'b_def by auto
+ moreover have "L2' = L2'a \<union> L2'b"
+ unfolding L2'_def L2'a_def L2'b_def by auto
+ ultimately have "L1' \<inter> L2' = (L1'a \<inter> L2'a) \<union> (L1'b \<inter> L2'b)"
+ by blast
+
+ have "inj (\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>)"
+ by (simp add: inj_def)
+ then have "L1'a \<inter> L2'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` (L1 \<inter> L2))"
+ unfolding L1'a_def L2'a_def
+ using image_Int by blast
+
+ have intersection_b: "L1'b \<inter> L2'b = {(map (\<lambda>(x,y) . (x,(y,True))) \<pi>)@[(x,(y,False))]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L1 \<inter> L2 \<and> out[L1,\<pi>,x] \<noteq> {} \<and> out[L2,\<pi>,x] \<noteq> {} \<and> y \<in> Y \<and> y \<notin> out[L1,\<pi>,x] \<and> y \<notin> out[L2,\<pi>,x] \<and> (\<forall> (x,(y,a)) \<in> set \<tau> . x \<in> X \<and> y \<in> Y)}"
+ (is "L1'b \<inter> L2'b = ?L12'b")
+ proof
+ show "?L12'b \<subseteq> L1'b \<inter> L2'b"
+ unfolding L1'b_def L2'b_def by blast
+ show "L1'b \<inter> L2'b \<subseteq> ?L12'b"
+ proof
+ fix \<gamma> assume "\<gamma> \<in> L1'b \<inter> L2'b"
+
+ obtain \<pi>1 x1 y1 \<tau>1 where "\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)@[(x1,(y1,False))]@\<tau>1"
+ and "\<pi>1 \<in> L1"
+ and "out[L1,\<pi>1,x1] \<noteq> {}"
+ and "y1 \<in> Y"
+ and "y1 \<notin> out[L1,\<pi>1,x1]"
+ and "(\<forall> (x,(y,a)) \<in> set \<tau>1 . x \<in> X \<and> y \<in> Y)"
+ using \<open>\<gamma> \<in> L1'b \<inter> L2'b\<close> unfolding L1'b_def by blast
+
+ obtain \<pi>2 x2 y2 \<tau>2 where "\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2"
+ and "\<pi>2 \<in> L2"
+ and "out[L2,\<pi>2,x2] \<noteq> {}"
+ and "y2 \<in> Y"
+ and "y2 \<notin> out[L2,\<pi>2,x2]"
+ and "(\<forall> (x,(y,a)) \<in> set \<tau>2 . x \<in> X \<and> y \<in> Y)"
+ using \<open>\<gamma> \<in> L1'b \<inter> L2'b\<close> unfolding L2'b_def by blast
+
+ have "\<And> i . i < length \<pi>1 \<Longrightarrow> snd (snd (\<gamma> ! i)) = True"
+ proof -
+ fix i assume "i < length \<pi>1"
+ then have "i < length (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)" by auto
+ then have "\<gamma> ! i = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1) ! i"
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)@[(x1,(y1,False))]@\<tau>1\<close>
+ by (simp add: nth_append)
+ also have "\<dots> = (\<lambda>(x,y) . (x,(y,True))) (\<pi>1 ! i)"
+ using \<open>i < length \<pi>1\<close> nth_map by blast
+ finally show "snd (snd (\<gamma> ! i)) = True"
+ by (metis (no_types, lifting) case_prod_conv old.prod.exhaust snd_conv)
+ qed
+ have "\<gamma> ! length \<pi>1 = (x1,(y1,False))"
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)@[(x1,(y1,False))]@\<tau>1\<close>
+ by (metis append_Cons length_map nth_append_length)
+ have "\<And> i . i < length \<pi>2 \<Longrightarrow> snd (snd (\<gamma> ! i)) = True"
+ proof -
+ fix i assume "i < length \<pi>2"
+ then have "i < length (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)" by auto
+ then have "\<gamma> ! i = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2) ! i"
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2\<close>
+ by (simp add: nth_append)
+ also have "\<dots> = (\<lambda>(x,y) . (x,(y,True))) (\<pi>2 ! i)"
+ using \<open>i < length \<pi>2\<close> nth_map by blast
+ finally show "snd (snd (\<gamma> ! i)) = True"
+ by (metis (no_types, lifting) case_prod_conv old.prod.exhaust snd_conv)
+ qed
+ have "\<gamma> ! length \<pi>2 = (x2,(y2,False))"
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2\<close>
+ by (metis append_Cons length_map nth_append_length)
+
+ have "length \<pi>1 = length \<pi>2"
+ by (metis \<open>\<And>i. i < length \<pi>1 \<Longrightarrow> snd (snd (\<gamma> ! i)) = True\<close> \<open>\<And>i. i < length \<pi>2 \<Longrightarrow> snd (snd (\<gamma> ! i)) = True\<close> \<open>\<gamma> ! length \<pi>1 = (x1, y1, False)\<close> \<open>\<gamma> ! length \<pi>2 = (x2, y2, False)\<close> not_less_iff_gr_or_eq snd_conv)
+ then have "\<pi>1 = \<pi>2"
+ using \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)@[(x1,(y1,False))]@\<tau>1\<close> \<open>inj (\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>)\<close>
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2\<close>
+ using map_injective by fastforce
+ then have "[(x1,(y1,False))]@\<tau>1 = [(x2,(y2,False))]@\<tau>2"
+ using \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>1)@[(x1,(y1,False))]@\<tau>1\<close>
+ unfolding \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2\<close>
+ by force
+ then have "x1 = x2" and "y1 = y2" and "\<tau>1 = \<tau>2"
+ by auto
+
+ show "\<gamma> \<in> ?L12'b"
+ using \<open>\<pi>1 \<in> L1\<close> \<open>out[L1,\<pi>1,x1] \<noteq> {}\<close> \<open>y1 \<in> Y\<close> \<open>y1 \<notin> out[L1,\<pi>1,x1]\<close> \<open>(\<forall> (x,(y,a)) \<in> set \<tau>1 . x \<in> X \<and> y \<in> Y)\<close>
+ using \<open>\<pi>2 \<in> L2\<close> \<open>out[L2,\<pi>2,x2] \<noteq> {}\<close> \<open>y2 \<in> Y\<close> \<open>y2 \<notin> out[L2,\<pi>2,x2]\<close> \<open>(\<forall> (x,(y,a)) \<in> set \<tau>2 . x \<in> X \<and> y \<in> Y)\<close>
+ unfolding \<open>\<pi>1 = \<pi>2\<close> \<open>x1 = x2\<close> \<open>y1 = y2\<close> \<open>\<tau>1 = \<tau>2\<close> \<open>\<gamma> = (map (\<lambda>(x,y) . (x,(y,True))) \<pi>2)@[(x2,(y2,False))]@\<tau>2\<close>
+ by blast
+ qed
+ qed
+
+
+ have "is_language X (Y \<times> UNIV) L1'"
+ using absence_completion_is_language[OF assms(1)] unfolding L1'_def .
+ have "is_language X (Y \<times> UNIV) L2'"
+ using absence_completion_is_language[OF assms(2)] unfolding L2'_def .
+
+ have "(L1 \<preceq>[X,quasieq Y] L2) = quasi_equivalence L1 L2"
+ using quasieq_type_1[OF assms] by blast
+
+ have "(L1' \<preceq>[X,quasired (Y \<times> UNIV)] L2') = quasi_reduction L1' L2'"
+ using quasired_type_1[OF \<open>is_language X (Y \<times> UNIV) L1'\<close> \<open>is_language X (Y \<times> UNIV) L2'\<close>] by blast
+
+ have "\<And> \<pi> x . quasi_equivalence L1 L2 \<Longrightarrow> \<pi> \<in> L1' \<inter> L2' \<Longrightarrow> x \<in> exec[L2',\<pi>] \<Longrightarrow> (out[L1',\<pi>,x] \<noteq> {} \<and> out[L1',\<pi>,x] \<subseteq> out[L2',\<pi>,x])"
+ proof -
+ fix \<pi> x assume "quasi_equivalence L1 L2" and "\<pi> \<in> L1' \<inter> L2'" and "x \<in> exec[L2',\<pi>]"
+
+ have "x \<in> X"
+ using \<open>x \<in> exec[L2',\<pi>]\<close> absence_completion_is_language[OF assms(2)]
+ by (metis L2'_def executable_inputs_in_alphabet)
+ have "\<pi> \<in> absence_completion X Y L1" and "\<pi> \<in> absence_completion X Y L2"
+ using \<open>\<pi> \<in> L1' \<inter> L2'\<close> unfolding L1'_def L2'_def by blast+
+
+ consider (a) "\<pi> \<in> L1'a \<inter> L2'a" | (b) "\<pi> \<in> (L1'b \<inter> L2'b) - (L1'a \<inter> L2'a)"
+ using \<open>\<pi> \<in> L1' \<inter> L2'\<close> \<open>L1' \<inter> L2' = (L1'a \<inter> L2'a) \<union> (L1'b \<inter> L2'b)\<close> by blast
+ then show "(out[L1',\<pi>,x] \<noteq> {} \<and> out[L1',\<pi>,x] \<subseteq> out[L2',\<pi>,x])"
+ proof cases
+ case a
+ then obtain \<tau> where "\<tau> \<in> L1 \<inter> L2"
+ and "\<pi> = map (\<lambda>(x,y) . (x,(y,True))) \<tau>"
+ using \<open>L1'a \<inter> L2'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,(y,True))) \<pi>) ` (L1 \<inter> L2))\<close> by blast
+
+ have "map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>"
+ unfolding \<open>\<pi> = map (\<lambda>(x,y) . (x,(y,True))) \<tau>\<close> by (induction \<tau>; auto)
+
+ have "is_present \<pi> L1" and "is_present \<pi> L2"
+ using \<open>\<tau> \<in> L1 \<inter> L2\<close> unfolding \<open>\<pi> = map (\<lambda>(x,y) . (x,(y,True))) \<tau>\<close> by auto
+
+ have "out[L2,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2',\<pi>]\<close>
+ using absence_completion_out(2)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> absence_completion X Y L2\<close> \<open>is_present \<pi> L2\<close>]
+ unfolding L2'_def[symmetric]
+ by (meson outputs_executable)
+ then have "x \<in> exec[L2,map (\<lambda>(x, y, a). (x, y)) \<pi>]"
+ by auto
+ then have "out[L1,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}" and "out[L1,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] = out[L2,map (\<lambda>(x, y, a). (x, y)) \<pi>,x]"
+ using \<open>quasi_equivalence L1 L2\<close> \<open>\<tau> \<in> L1 \<inter> L2\<close>
+ unfolding quasi_equivalence_def \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>\<close> by force+
+
+ have "out[L1',\<pi>,x] = out[L2',\<pi>,x]"
+ unfolding L1'_def L2'_def
+ unfolding absence_completion_out(1)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> absence_completion X Y L2\<close> \<open>is_present \<pi> L2\<close> \<open>out[L2,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}\<close>]
+ unfolding absence_completion_out(1)[OF assms(1) \<open>x \<in> X\<close> \<open>\<pi> \<in> absence_completion X Y L1\<close> \<open>is_present \<pi> L1\<close> \<open>out[L1,map (\<lambda>(x, y, a). (x, y)) \<pi>,x] \<noteq> {}\<close>]
+ using \<open>quasi_equivalence L1 L2\<close> \<open>\<tau> \<in> L1 \<inter> L2\<close> \<open>x \<in> exec[L2,map (\<lambda>(x, y, a). (x, y)) \<pi>]\<close>
+ unfolding quasi_equivalence_def
+ unfolding \<open>map (\<lambda>(x, y, a). (x, y)) \<pi> = \<tau>\<close>
+ by blast
+ then show ?thesis
+ by (metis \<open>x \<in> exec[L2',\<pi>]\<close> dual_order.refl outputs_executable)
+ next
+ case b
+
+ then obtain \<pi>' x' y' \<tau>' where "\<pi> = map (\<lambda>(x, y). (x, y, True)) \<pi>' @ [(x', y', False)] @ \<tau>'"
+ and "\<pi>' \<in> L1 \<inter> L2"
+ and "out[L1,\<pi>',x'] \<noteq> {}"
+ and "out[L2,\<pi>',x'] \<noteq> {}"
+ and "y' \<in> Y"
+ and "y' \<notin> out[L1,\<pi>',x']"
+ and "y' \<notin> out[L2,\<pi>',x']"
+ and "(\<forall>(x, y, a)\<in>set \<tau>'. x \<in> X \<and> y \<in> Y)"
+ unfolding intersection_b
+ by blast
+
+ have "\<not> is_present \<pi> L1"
+ using \<open>L1'a \<equiv> map (\<lambda>(x, y). (x, y, True)) ` L1\<close> \<open>L1'a \<inter> L2'b = {}\<close> b by auto
+
+ have "\<not> is_present \<pi> L2"
+ using \<open>L2'a \<equiv> map (\<lambda>(x, y). (x, y, True)) ` L2\<close> \<open>L1'b \<inter> L2'a = {}\<close> b by auto
+
+ show ?thesis
+ unfolding L1'_def L2'_def
+ unfolding absence_completion_out(3)[OF assms(1) \<open>x \<in> X\<close> \<open>\<pi> \<in> absence_completion X Y L1\<close> \<open>\<not> is_present \<pi> L1\<close>]
+ unfolding absence_completion_out(3)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> absence_completion X Y L2\<close> \<open>\<not> is_present \<pi> L2\<close>]
+ using \<open>y' \<in> Y\<close>
+ by blast
+ qed
+ qed
+ then show "L1 \<preceq>[X,quasieq Y] L2 \<Longrightarrow> (absence_completion X Y L1) \<preceq>[X,quasired (Y \<times> UNIV)] (absence_completion X Y L2)"
+ unfolding L1'_def[symmetric] L2'_def[symmetric]
+ unfolding \<open>(L1' \<preceq>[X,quasired (Y \<times> UNIV)] L2') = quasi_reduction L1' L2'\<close>
+ unfolding \<open>(L1 \<preceq>[X,quasieq Y] L2) = quasi_equivalence L1 L2\<close>
+ unfolding quasi_reduction_def
+ by blast
+
+
+ have "\<And> \<pi> x . quasi_reduction L1' L2' \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> exec[L2,\<pi>] \<Longrightarrow> out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ proof -
+ fix \<pi> x assume "quasi_reduction L1' L2'" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> exec[L2,\<pi>]"
+ then have "x \<in> X"
+ by (meson assms(2) executable_inputs_in_alphabet)
+
+ let ?\<pi> = "map (\<lambda>(x, y). (x, y, True)) \<pi>"
+ have "map (\<lambda>(x, y, a). (x, y)) ?\<pi> = \<pi>"
+ by (induction \<pi>; auto)
+ then have "out[L2,map (\<lambda>(x, y, a). (x, y)) ?\<pi>,x] \<noteq> {}"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by auto
+
+ have "is_present ?\<pi> L1" and "is_present ?\<pi> L2"
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> by auto
+
+ have "?\<pi> \<in> L1'a \<inter> L2'a"
+ using L1'a_def \<open>L2'a \<equiv> map (\<lambda>(x, y). (x, y, True)) ` L2\<close> \<open>is_present (map (\<lambda>(x, y). (x, y, True)) \<pi>) L1\<close> \<open>is_present (map (\<lambda>(x, y). (x, y, True)) \<pi>) L2\<close> by auto
+ then have "?\<pi> \<in> absence_completion X Y L1" and "?\<pi> \<in> absence_completion X Y L2" and "?\<pi> \<in> L1' \<inter> L2'"
+ unfolding L1'_def[symmetric] L2'_def[symmetric]
+ unfolding \<open>L1' = L1'a \<union> L1'b\<close> \<open>L2' = L2'a \<union> L2'b\<close>
+ by blast+
+
+ have "out[L2',?\<pi>,x] = {(y, True) |y. y \<in> out[L2,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L2,\<pi>,x]}"
+ using absence_completion_out(1)[OF assms(2) \<open>x \<in> X\<close> \<open>?\<pi> \<in> absence_completion X Y L2\<close> \<open>is_present ?\<pi> L2\<close> \<open>out[L2,map (\<lambda>(x, y, a). (x, y)) ?\<pi>,x] \<noteq> {}\<close>]
+ unfolding L2'_def[symmetric] \<open>map (\<lambda>(x, y, a). (x, y)) ?\<pi> = \<pi>\<close> .
+ then have "x \<in> exec[L2',?\<pi>]"
+ using \<open>x \<in> exec[L2,\<pi>]\<close> by fastforce
+ then have "out[L1',?\<pi>,x] \<noteq> {}" and "out[L1',?\<pi>,x] \<subseteq> out[L2',?\<pi>,x]"
+ using \<open>quasi_reduction L1' L2'\<close> \<open>?\<pi> \<in> L1' \<inter> L2'\<close>
+ unfolding quasi_reduction_def
+ by blast+
+
+ have "out[L1,\<pi>,x] \<noteq> {}"
+ by (metis L1'_def \<open>is_present (map (\<lambda>(x, y). (x, y, True)) \<pi>) L1\<close> \<open>map (\<lambda>(x, y). (x, y, True)) \<pi> \<in> absence_completion X Y L1\<close> \<open>map (\<lambda>(x, y, a). (x, y)) (map (\<lambda>(x, y). (x, y, True)) \<pi>) = \<pi>\<close> \<open>out[L1',map (\<lambda>(x, y). (x, y, True)) \<pi>,x] \<noteq> {}\<close> \<open>x \<in> X\<close> absence_completion_out(2) assms(1))
+ then have "out[L1',?\<pi>,x] = {(y, True) |y. y \<in> out[L1,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L1,\<pi>,x]}"
+ using absence_completion_out(1)[OF assms(1) \<open>x \<in> X\<close> \<open>?\<pi> \<in> absence_completion X Y L1\<close> \<open>is_present ?\<pi> L1\<close>]
+ unfolding L1'_def[symmetric] \<open>map (\<lambda>(x, y, a). (x, y)) ?\<pi> = \<pi>\<close>
+ by blast
+
+ have "out[L1,\<pi>,x] \<subseteq> Y" and "out[L2,\<pi>,x] \<subseteq> Y"
+ by (meson assms(1,2) outputs_in_alphabet)+
+
+ have "\<And> y . y \<in> out[L1,\<pi>,x] \<Longrightarrow> y \<in> out[L2,\<pi>,x]"
+ proof -
+ fix y assume "y \<in> out[L1,\<pi>,x]"
+ then have "(y, True) \<in> out[L1',?\<pi>,x]"
+ unfolding \<open>out[L1',?\<pi>,x] = {(y, True) |y. y \<in> out[L1,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L1,\<pi>,x]}\<close> by blast
+ then have "(y, True) \<in> out[L2',?\<pi>,x]"
+ using \<open>out[L1',?\<pi>,x] \<subseteq> out[L2',?\<pi>,x]\<close> by blast
+ then show "y \<in> out[L2,\<pi>,x]"
+ unfolding \<open>out[L2',?\<pi>,x] = {(y, True) |y. y \<in> out[L2,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L2,\<pi>,x]}\<close>
+ by fastforce
+ qed
+ moreover have "\<And> y . y \<in> out[L2,\<pi>,x] \<Longrightarrow> y \<in> out[L1,\<pi>,x]"
+ proof -
+ fix y assume "y \<in> out[L2,\<pi>,x]"
+ then have "(y, True) \<in> out[L2',?\<pi>,x]" and "(y, False) \<notin> out[L2',?\<pi>,x]"
+ unfolding \<open>out[L2',?\<pi>,x] = {(y, True) |y. y \<in> out[L2,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L2,\<pi>,x]}\<close> by blast+
+ moreover have "(y, True) \<in> out[L1',?\<pi>,x] \<or> (y, False) \<in> out[L1',?\<pi>,x]"
+ unfolding \<open>out[L1',?\<pi>,x] = {(y, True) |y. y \<in> out[L1,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L1,\<pi>,x]}\<close>
+ using \<open>out[L2,\<pi>,x] \<subseteq> Y\<close> \<open>y \<in> out[L2,\<pi>,x]\<close> by auto
+ ultimately have "(y, True) \<in> out[L1',?\<pi>,x]"
+ using \<open>out[L1',?\<pi>,x] \<subseteq> out[L2',?\<pi>,x]\<close> by blast
+ then show "y \<in> out[L1,\<pi>,x]"
+ unfolding \<open>out[L1',?\<pi>,x] = {(y, True) |y. y \<in> out[L1,\<pi>,x]} \<union> {(y, False) |y. y \<in> Y \<and> y \<notin> out[L1,\<pi>,x]}\<close>
+ by fastforce
+ qed
+ ultimately show "out[L1,\<pi>,x] = out[L2,\<pi>,x]"
+ by blast
+ qed
+ then show "(absence_completion X Y L1) \<preceq>[X,quasired (Y \<times> UNIV)] (absence_completion X Y L2) \<Longrightarrow> L1 \<preceq>[X,quasieq Y] L2"
+ unfolding L1'_def[symmetric] L2'_def[symmetric]
+ unfolding \<open>(L1' \<preceq>[X,quasired (Y \<times> UNIV)] L2') = quasi_reduction L1' L2'\<close>
+ unfolding \<open>(L1 \<preceq>[X,quasieq Y] L2) = quasi_equivalence L1 L2\<close>
+ unfolding quasi_reduction_def quasi_equivalence_def
+ by blast
+qed
+
+
+
+
+subsection \<open>Quasi-Reduction via Reduction and explicit Undefined Behaviour\<close>
+
+fun bottom_completion :: "'x alphabet \<Rightarrow> 'y alphabet \<Rightarrow> ('x,'y) language \<Rightarrow> ('x, 'y option) language" where
+ "bottom_completion X Y L =
+ ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L)
+ \<union> {(map (\<lambda>(x,y) . (x,Some y)) \<pi>)@[(x,y)]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] = {} \<and> x \<in> X \<and> (y = None \<or> y \<in> Some ` Y) \<and> (\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))}"
+
+lemma bottom_completion_is_language :
+ assumes "is_language X Y L"
+shows "is_language X ({None} \<union> Some ` Y) (bottom_completion X Y L)"
+proof -
+ let ?L = "bottom_completion X Y L"
+
+ have "?L \<noteq> {}"
+ using language_contains_nil[OF assms] by auto
+ moreover have "\<And> \<pi> . \<pi> \<in> ?L \<Longrightarrow> (\<forall> xy \<in> set \<pi> . fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y)) \<and> (\<forall> \<pi>' . prefix \<pi>' \<pi> \<longrightarrow> \<pi>' \<in> ?L)"
+ proof -
+ fix \<pi> assume "\<pi> \<in> ?L"
+ then consider (a) "\<pi> \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L)" |
+ (b) "\<pi> \<in> {(map (\<lambda>(x,y) . (x,Some y)) \<pi>)@[(x,y)]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] = {} \<and> x \<in> X \<and> (y = None \<or> y \<in> Some ` Y) \<and> (\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))}"
+ unfolding bottom_completion.simps by blast
+ then show "(\<forall> xy \<in> set \<pi> . fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y)) \<and> (\<forall> \<pi>' . prefix \<pi>' \<pi> \<longrightarrow> \<pi>' \<in> ?L)"
+ proof cases
+ case a
+ then obtain \<pi>' where "\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'" and "\<pi>' \<in> L"
+ by auto
+ then have "(\<forall> xy \<in> set \<pi>' . fst xy \<in> X \<and> snd xy \<in> Y)"
+ and "(\<forall> \<pi>'' . prefix \<pi>'' \<pi>' \<longrightarrow> \<pi>'' \<in> L)"
+ using assms by auto
+
+
+ have "(\<forall> \<pi>' . prefix \<pi>' \<pi> \<longrightarrow> \<pi>' \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L))"
+ using \<open>(\<forall> \<pi>'' . prefix \<pi>'' \<pi>' \<longrightarrow> \<pi>'' \<in> L)\<close> unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close>
+ using prefix_map_rightE by force
+ then have "(\<forall> \<pi>' . prefix \<pi>' \<pi> \<longrightarrow> \<pi>' \<in> ?L)"
+ by auto
+ moreover have "(\<forall> xy \<in> set \<pi> . fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y))"
+ using \<open>(\<forall> xy \<in> set \<pi>' . fst xy \<in> X \<and> snd xy \<in> Y)\<close> unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close>
+ by (induction \<pi>'; auto)
+ ultimately show ?thesis
+ by blast
+ next
+ case b
+ then obtain \<pi>' x y \<tau> where "\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x,y)]@\<tau>"
+ and "\<pi>' \<in> L"
+ and "out[L,\<pi>',x] = {}"
+ and "x \<in> X"
+ and "(y = None \<or> y \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ by blast
+ then have "(\<forall> xy \<in> set \<pi>' . fst xy \<in> X \<and> snd xy \<in> Y)"
+ and "(\<forall> \<pi>'' . prefix \<pi>'' \<pi>' \<longrightarrow> \<pi>'' \<in> L)"
+ using assms by auto
+
+ have "(\<forall> xy \<in> set (map (\<lambda>(x,y) . (x,Some y)) \<pi>') . fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y))"
+ using \<open>(\<forall> xy \<in> set \<pi>' . fst xy \<in> X \<and> snd xy \<in> Y)\<close>
+ by (induction \<pi>'; auto)
+ moreover have "set \<pi> = set (map (\<lambda>(x,y) . (x,Some y)) \<pi>') \<union> {(x,y)} \<union> set \<tau>"
+ unfolding \<open>\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x,y)]@\<tau>\<close>
+ by simp
+ ultimately have "(\<forall> xy \<in> set \<pi> . fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y))"
+ using \<open>x \<in> X\<close> \<open>(y = None \<or> y \<in> Some ` Y)\<close> \<open>(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))\<close>
+ by auto
+ moreover have "\<And> \<pi>'' . prefix \<pi>'' \<pi> \<Longrightarrow> \<pi>'' \<in> ?L"
+ proof -
+ fix \<pi>'' assume "prefix \<pi>'' \<pi>"
+ then obtain i where "\<pi>'' = take i \<pi>"
+ by (metis append_eq_conv_conj prefix_def)
+ then consider (b1) "i \<le> length \<pi>'" |
+ (b2) "i > length \<pi>'"
+ by linarith
+ then show "\<pi>'' \<in> ?L" proof cases
+ case b1
+ then have "i \<le> length (map (\<lambda>(x,y) . (x,Some y)) \<pi>')"
+ by auto
+ then have "\<pi>'' = map (\<lambda>(x,y) . (x,Some y)) (take i \<pi>')"
+ unfolding \<open>\<pi>'' = take i \<pi>\<close>
+ using \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>' @ [(x, y)] @ \<tau>\<close> take_map by fastforce
+ moreover have "take i \<pi>' \<in> L"
+ using \<open>\<pi>' \<in> L\<close> take_is_prefix
+ using \<open>\<forall>\<pi>''. prefix \<pi>'' \<pi>' \<longrightarrow> \<pi>'' \<in> L\<close> by blast
+ ultimately have "\<pi>'' \<in> ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L)"
+ by simp
+ then show "\<pi>'' \<in> ?L"
+ by auto
+ next
+ case b2
+ then have "i > length (map (\<lambda>(x,y) . (x,Some y)) \<pi>')"
+ by auto
+
+ have "\<And> k xs ys . k > length xs \<Longrightarrow> take k (xs@ys) = xs@(take (k - length xs) ys)"
+ by simp
+ have take_helper: "\<And> k xs y zs . k > length xs \<Longrightarrow> take k (xs@[y]@zs) = xs@[y]@(take (k - length xs - 1) zs)"
+ by (metis One_nat_def Suc_pred \<open>\<And>ys xs k. length xs < k \<Longrightarrow> take k (xs @ ys) = xs @ take (k - length xs) ys\<close> append_Cons append_Nil take_Suc_Cons zero_less_diff)
+
+ have **: "\<pi>'' = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x,y)]@(take (i - length \<pi>' - 1) \<tau>)"
+ unfolding \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>' @ [(x, y)] @ \<tau>\<close> \<open>\<pi>'' = take i \<pi>\<close>
+ using take_helper[OF \<open>i > length (map (\<lambda>(x,y) . (x,Some y)) \<pi>')\<close>] by simp
+
+ have "(\<forall> (x,y) \<in> set (take (i - length \<pi>' - 1) \<tau>) . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ using \<open>(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))\<close>
+ by (meson in_set_takeD)
+ then show ?thesis
+ unfolding ** bottom_completion.simps
+ using \<open>\<pi>' \<in> L\<close> \<open>out[L,\<pi>',x] = {}\<close> \<open>x \<in> X\<close> \<open>(y = None \<or> y \<in> Some ` Y)\<close>
+ by blast
+ qed
+ qed
+ ultimately show ?thesis by auto
+ qed
+ qed
+ ultimately show ?thesis
+ unfolding is_language.simps by blast
+qed
+
+
+
+
+fun is_not_undefined :: "('x,'y option) word \<Rightarrow> ('x,'y) language \<Rightarrow> bool" where
+ "is_not_undefined \<pi> L = (\<pi> \<in> map (\<lambda>(x, y). (x, Some y)) ` L)"
+
+lemma bottom_id : "map (\<lambda>(x,y) . (x, the y)) (map (\<lambda>(x, y). (x, Some y)) \<pi>) = \<pi>"
+ by (induction \<pi>; auto)
+
+
+
+fun maximum_prefix_with_property :: "('a list \<Rightarrow> bool) \<Rightarrow> 'a list \<Rightarrow> 'a list" where
+ "maximum_prefix_with_property P xs = (last (filter P (prefixes xs)))"
+
+lemma maximum_prefix_with_property_props :
+ assumes "\<exists> ys \<in> set (prefixes xs) . P ys"
+shows "P (maximum_prefix_with_property P xs)"
+ and "(maximum_prefix_with_property P xs) \<in> set (prefixes xs)"
+ and "\<And> ys . prefix ys xs \<Longrightarrow> P ys \<Longrightarrow> length ys \<le> length (maximum_prefix_with_property P xs)"
+proof -
+
+ have "P (maximum_prefix_with_property P xs) \<and>
+ (maximum_prefix_with_property P xs) \<in> set (prefixes xs) \<and>
+ (\<forall> ys . prefix ys xs \<longrightarrow> P ys \<longrightarrow> length ys \<le> length (maximum_prefix_with_property P xs))"
+ using assms
+ proof (induction xs rule: rev_induct)
+ case Nil
+ then show ?case by auto
+ next
+ case (snoc x xs)
+ have "prefixes (xs @ [x]) = (prefixes xs)@[xs @ [x]]"
+ by simp
+
+ show ?case proof (cases "P (xs@[x])")
+ case True
+ then have "maximum_prefix_with_property P (xs @ [x]) = (xs @ [x])"
+ unfolding maximum_prefix_with_property.simps \<open>prefixes (xs @ [x]) = (prefixes xs)@[xs @ [x]]\<close>
+ by auto
+ show ?thesis
+ using True
+ unfolding \<open>maximum_prefix_with_property P (xs @ [x]) = (xs@[x])\<close>
+ using in_set_prefixes prefix_length_le by blast
+ next
+ case False
+ then have "maximum_prefix_with_property P (xs@[x]) = maximum_prefix_with_property P xs"
+ unfolding maximum_prefix_with_property.simps \<open>prefixes (xs @ [x]) = (prefixes xs)@[xs @ [x]]\<close>
+ by auto
+
+ have "\<exists>a\<in>set (prefixes xs). P a"
+ using snoc.prems False unfolding \<open>prefixes (xs @ [x]) = (prefixes xs)@[xs @ [x]]\<close> by auto
+
+ show ?thesis
+ using snoc.IH[OF \<open>\<exists>a\<in>set (prefixes xs). P a\<close>] False
+ unfolding \<open>maximum_prefix_with_property P (xs@[x]) = maximum_prefix_with_property P xs\<close>
+ unfolding \<open>prefixes (xs @ [x]) = (prefixes xs)@[xs @ [x]]\<close> by auto
+ qed
+ qed
+ then show "P (maximum_prefix_with_property P xs)"
+ and "(maximum_prefix_with_property P xs) \<in> set (prefixes xs)"
+ and "\<And> ys . prefix ys xs \<Longrightarrow> P ys \<Longrightarrow> length ys \<le> length (maximum_prefix_with_property P xs)"
+ by blast+
+qed
+
+
+lemma bottom_completion_out :
+ assumes "is_language X Y L"
+ and "x \<in> X"
+ and "\<pi> \<in> bottom_completion X Y L"
+shows "is_not_undefined \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = Some ` out[L, map (\<lambda>(x,y) . (x, the y)) \<pi>, x]"
+and "is_not_undefined \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] = {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = {None} \<union> Some ` Y"
+and "\<not> is_not_undefined \<pi> L \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = {None} \<union> Some ` Y"
+proof -
+
+ let ?L = "bottom_completion X Y L"
+ define L'a where "L'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L)"
+ define L'b where "L'b = {(map (\<lambda>(x,y) . (x,Some y)) \<pi>)@[(x,y)]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L \<and> out[L,\<pi>,x] = {} \<and> x \<in> X \<and> (y = None \<or> y \<in> Some ` Y) \<and> (\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))}"
+ have "?L = L'a \<union> L'b"
+ unfolding L'a_def L'b_def bottom_completion.simps by blast
+ then have "out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ unfolding outputs.simps language_for_state.simps by blast
+
+ have "is_language X ({None} \<union> Some ` Y) ?L"
+ using bottom_completion_is_language[OF assms(1)] .
+
+ show "is_not_undefined \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = Some ` out[L, map (\<lambda>(x,y) . (x, the y)) \<pi>, x]"
+ and "is_not_undefined \<pi> L \<Longrightarrow> out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] = {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = {None} \<union> Some ` Y"
+ proof -
+ assume "is_not_undefined \<pi> L"
+ then obtain \<pi>' where "\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'" and "\<pi>' \<in> L"
+ by auto
+ then have "map (\<lambda>(x, y). (x, the y)) \<pi> = \<pi>'"
+ using bottom_id by auto
+
+
+ have "{y. \<pi> @ [(x, y)] \<in> L'a} = Some ` out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x]"
+ proof
+ show "{y. \<pi> @ [(x, y)] \<in> L'a} \<subseteq> Some ` out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ proof
+ fix y assume "y \<in> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ then have "\<pi> @ [(x, y)] \<in> L'a" by auto
+ then obtain \<pi>' where "\<pi> @ [(x, y)] = map (\<lambda>(x,y) . (x,Some y)) \<pi>'" and "\<pi>' \<in> L"
+ unfolding L'a_def by blast
+ then have "length (\<pi> @ [(x, y)]) = length \<pi>'"
+ by auto
+ then obtain \<gamma>' xy where "\<pi>' = \<gamma>'@[xy]"
+ by (metis add.right_neutral dual_order.strict_iff_not length_append_singleton less_add_Suc2 rev_exhaust take0 take_all_iff)
+ then have "(x,y) = (\<lambda>(x, y). (x, Some y)) xy"
+ using \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close> unfolding \<open>\<pi>' = \<gamma>'@[xy]\<close> by auto
+ then have "y = Some (snd xy)" and "xy = (x,snd xy)"
+ by (simp add: split_beta)+
+ moreover define y' where "y' = snd xy"
+ ultimately have "y = Some y'" and "xy = (x,y')"
+ by auto
+
+ have "map (\<lambda>(x, y). (x, the y)) \<pi> = \<gamma>'"
+ using \<open>\<pi> @ [(x, y)] = map (\<lambda>(x,y) . (x,Some y)) \<pi>'\<close> unfolding \<open>\<pi>' = \<gamma>'@[xy]\<close>
+ using bottom_id by auto
+
+ have "y' \<in> out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ using \<open>\<pi>' \<in> L\<close>
+ unfolding \<open>map (\<lambda>(x, y). (x, the y)) \<pi> = \<gamma>'\<close> \<open>\<pi>' = \<gamma>'@[xy]\<close> \<open>xy = (x,y')\<close> by auto
+ then show "y \<in> Some ` out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ unfolding \<open>y = Some y'\<close> by blast
+ qed
+ show "Some ` out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<subseteq> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ proof
+ fix y assume "y \<in> Some ` out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ then obtain y' where "y = Some y'" and "y' \<in> out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ by blast
+ then have "\<pi>'@[(x,y')] \<in> L"
+ unfolding \<open>map (\<lambda>(x, y). (x, the y)) \<pi> = \<pi>'\<close> by auto
+ then show "y \<in> {y. \<pi> @ [(x, y)] \<in> L'a}"
+ unfolding L'a_def \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close>
+ using \<open>y = Some y'\<close> image_iff by fastforce
+ qed
+ qed
+
+
+
+ show "out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = Some ` out[L, map (\<lambda>(x,y) . (x, the y)) \<pi>, x]"
+ proof -
+ assume "out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {}"
+ then obtain ya where "\<pi>'@[(x,ya)] \<in> L"
+ using \<open>\<pi>' \<in> L\<close> unfolding \<open>map (\<lambda>(x,y) . (x, the y)) \<pi> = \<pi>'\<close> by auto
+
+
+ have "{y. \<pi> @ [(x, y)] \<in> L'b} = {}"
+ proof (rule ccontr)
+ assume "{y. \<pi> @ [(x, y)] \<in> L'b} \<noteq> {}"
+ then obtain y where "\<pi> @ [(x, y)] \<in> L'b" by blast
+ then obtain \<pi>'' x' y' \<tau> where "\<pi> @ [(x, y)] = (map (\<lambda>(x,y) . (x,Some y)) \<pi>'')@[(x',y')]@\<tau>"
+ and "\<pi>'' \<in> L"
+ and "out[L,\<pi>'',x'] = {}"
+ and "x' \<in> X"
+ and "(y' = None \<or> y' \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ unfolding L'b_def
+ by blast
+
+ have "\<And> y'' . \<pi>''@[(x',y'')] \<notin> L"
+ using \<open>\<pi>'' \<in> L\<close> \<open>out[L,\<pi>'',x'] = {}\<close>
+ unfolding outputs.simps language_for_state.simps by force
+
+ have "length \<pi>' = length \<pi>''"
+ proof -
+ have "length \<pi>' = length \<pi>"
+ using \<open>map (\<lambda>(x, y). (x, the y)) \<pi> = \<pi>'\<close> length_map by blast
+
+ have "\<not> length \<pi>' < length \<pi>''"
+ proof
+ assume "length \<pi>' < length \<pi>''"
+ then have "length \<pi>'' = Suc (length \<pi>')"
+ by (metis (no_types, lifting) One_nat_def \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> \<open>length \<pi>' = length \<pi>\<close> add_diff_cancel_left' length_append length_append_singleton length_map list.size(3) not_less_eq plus_1_eq_Suc zero_less_Suc zero_less_diff)
+ then have "length \<pi>'' > length \<pi>"
+ by (simp add: \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close>)
+ then show False
+ by (metis (no_types, lifting) One_nat_def \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> length_Cons length_append length_append_singleton length_map less_add_same_cancel1 list.size(3) not_less_eq plus_1_eq_Suc zero_less_Suc)
+ qed
+ moreover have "\<not> length \<pi>'' < length \<pi>'"
+ proof
+ assume "length \<pi>'' < length \<pi>'"
+ then have "prefix ((map (\<lambda>(x,y) . (x,Some y)) \<pi>'')@[(x',y')]) (map (\<lambda>(x,y) . (x,Some y)) \<pi>')"
+ by (metis (no_types, lifting) \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close> \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> append.assoc length_append_singleton length_map linorder_not_le not_less_eq prefixI prefix_length_prefix)
+ then have "prefix \<pi>'' \<pi>'"
+ by (metis append_prefixD bottom_id map_mono_prefix)
+ then have "take (length \<pi>'') \<pi>' = \<pi>''"
+ by (metis append_eq_conv_conj prefix_def)
+
+ have "(x',y') = (((map (\<lambda>(x,y) . (x,Some y)) \<pi>'')@[(x',y')])) ! (length \<pi>'')"
+ by (induction \<pi>'' arbitrary: x' y'; auto)
+ then have "(x',y') = (map (\<lambda>(x,y) . (x,Some y)) \<pi>') ! (length \<pi>'')"
+ by (metis (no_types, lifting) \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close> \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> \<open>length \<pi>'' < length \<pi>'\<close> append_Cons length_map nth_append nth_append_length)
+ then have "fst (\<pi>' ! (length \<pi>'')) = x'"
+ by (simp add: \<open>length \<pi>'' < length \<pi>'\<close> split_beta)
+
+ have "out[L, take (length \<pi>'') \<pi>', fst (\<pi>' ! (length \<pi>''))] = {}"
+ unfolding \<open>take (length \<pi>'') \<pi>' = \<pi>''\<close> \<open>fst (\<pi>' ! (length \<pi>'')) = x'\<close>
+ using \<open>out[L,\<pi>'',x'] = {}\<close> .
+ moreover have "\<And> i . i < length \<pi>' \<Longrightarrow> out[L, take i \<pi>', fst (\<pi>' ! i)] \<noteq> {}"
+ using prefix_executable[OF assms(1) \<open>\<pi>' \<in> L\<close>]
+ by (meson outputs_executable)
+ ultimately show False
+ using \<open>length \<pi>'' < length \<pi>'\<close> by blast
+ qed
+ ultimately show ?thesis
+ by simp
+ qed
+ then have "\<pi>'' = \<pi>'"
+ by (metis \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> \<open>map (\<lambda>(x, y). (x, the y)) \<pi> = \<pi>'\<close> append_eq_append_conv bottom_id length_map)
+
+ show False
+ using \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>'' @ [(x', y')] @ \<tau>\<close> \<open>\<pi>'' = \<pi>'\<close> \<open>map (\<lambda>(x, y). (x, the y)) \<pi> = \<pi>'\<close> \<open>out[L,\<pi>'',x'] = {}\<close> \<open>out[L,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {}\<close>
+ by force
+ qed
+ then show ?thesis
+ using \<open>out[bottom_completion X Y L,\<pi>,x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close>
+ using \<open>{y. \<pi> @ [(x, y)] \<in> L'a} = Some ` out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x]\<close>
+ by force
+ qed
+
+
+ show "out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] = {} \<Longrightarrow> out[bottom_completion X Y L, \<pi>, x] = {None} \<union> Some ` Y"
+ proof -
+ assume "out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] = {}"
+ then have "{y. \<pi> @ [(x, y)] \<in> L'a} = {}"
+ unfolding \<open>{y. \<pi> @ [(x, y)] \<in> L'a} = Some ` out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x]\<close> by blast
+ moreover have "{y. \<pi> @ [(x, y)] \<in> L'b} = {None} \<union> Some ` Y"
+ proof
+ show "{y. \<pi> @ [(x, y)] \<in> L'b} \<subseteq> {None} \<union> Some ` Y"
+ proof
+ fix y assume "y \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ then have "\<pi> @ [(x, y)] \<in> L'b" by blast
+ then obtain \<pi>'' x' y' \<tau> where "\<pi> @ [(x, y)] = (map (\<lambda>(x,y) . (x,Some y)) \<pi>'')@[(x',y')]@\<tau>"
+ and "\<pi>'' \<in> L"
+ and "out[L,\<pi>'',x'] = {}"
+ and "x' \<in> X"
+ and "(y' = None \<or> y' \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ unfolding L'b_def
+ by blast
+
+ show "y \<in> {None} \<union> Some ` Y"
+ by (metis (no_types, lifting) Un_insert_right \<open>out[bottom_completion X Y L,\<pi>,x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close> \<open>y \<in> {y. \<pi> @ [(x, y)] \<in> L'b}\<close> assms(1) bottom_completion_is_language insert_subset mk_disjoint_insert outputs_in_alphabet)
+ qed
+ show "{None} \<union> Some ` Y \<subseteq> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ proof
+ fix y assume "y \<in> {None} \<union> Some ` Y"
+
+ have "\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>' @ [(x, y)] @ []"
+ by (simp add: \<open>\<pi> = map (\<lambda>(x, y). (x, Some y)) \<pi>'\<close>)
+ moreover note \<open>\<pi>' \<in> L\<close>
+ moreover have "out[L,\<pi>',x] = {}"
+ using \<open>out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] = {}\<close> unfolding \<open>map (\<lambda>(x,y) . (x, the y)) \<pi> = \<pi>'\<close> .
+ moreover note \<open>x \<in> X\<close>
+ moreover have "(y = None \<or> y \<in> Some ` Y)"
+ using \<open>y \<in> {None} \<union> Some ` Y\<close> by blast
+ moreover have "(\<forall>(x, y)\<in>set []. x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ by simp
+ ultimately show "y \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ unfolding L'b_def by blast
+ qed
+ qed
+ ultimately show ?thesis
+ using \<open>out[bottom_completion X Y L,\<pi>,x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close>
+ using \<open>{y. \<pi> @ [(x, y)] \<in> L'a} = Some ` out[L,map (\<lambda>(x,y) . (x, the y)) \<pi>,x]\<close>
+ by force
+ qed
+ qed
+
+ show "\<not> is_not_undefined \<pi> L \<Longrightarrow> out[bottom_completion X Y L,\<pi>,x] = {None} \<union> Some ` Y"
+ proof -
+ assume "\<not> is_not_undefined \<pi> L"
+ then have "\<pi> \<notin> L'a"
+ unfolding L'a_def by auto
+
+ have "{y. \<pi> @ [(x, y)] \<in> L'a} = {}"
+ proof (rule ccontr)
+ assume "{y. \<pi> @ [(x, y)] \<in> L'a} \<noteq> {}"
+ then obtain y where "\<pi> @ [(x, y)] \<in> L'a" by blast
+ then obtain \<gamma> where "\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<gamma>" and "\<gamma> \<in> L"
+ unfolding L'a_def by blast
+ then have "\<pi> = map (\<lambda>(x, y). (x, Some y)) (butlast \<gamma>)"
+ by (metis (mono_tags, lifting) butlast_snoc map_butlast)
+ moreover have "butlast \<gamma> \<in> L"
+ using \<open>\<gamma> \<in> L\<close> assms(1)
+ by (simp add: prefixeq_butlast)
+ ultimately show False
+ using \<open>\<pi> \<notin> L'a\<close>
+ using L'a_def by blast
+ qed
+ then have "out[?L, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L'b}"
+ using \<open>out[bottom_completion X Y L,\<pi>,x] = {y. \<pi> @ [(x, y)] \<in> L'a} \<union> {y. \<pi> @ [(x, y)] \<in> L'b}\<close> by blast
+ also have "\<dots> = {None} \<union> Some ` Y"
+ proof
+ show "{y. \<pi> @ [(x, y)] \<in> L'b} \<subseteq> {None} \<union> Some ` Y"
+ proof
+ fix y assume "y \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ then obtain \<pi>' x' y' \<tau> where "\<pi> @ [(x, y)] = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@\<tau>"
+ and "\<pi>' \<in> L"
+ and "out[L,\<pi>',x'] = {}"
+ and "x' \<in> X"
+ and "(y' = None \<or> y' \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ unfolding L'b_def
+ by blast
+
+ have "(x,y) \<in> set ([(x',y')]@\<tau>)"
+ by (metis \<open>\<pi> @ [(x, y)] = map (\<lambda>(x, y). (x, Some y)) \<pi>' @ [(x', y')] @ \<tau>\<close> append_is_Nil_conv last_appendR last_in_set last_snoc length_Cons list.size(3) nat.simps(3))
+ then show "y \<in> {None} \<union> Some ` Y"
+ using \<open>(y' = None \<or> y' \<in> Some ` Y)\<close> \<open>(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))\<close> by auto
+ qed
+ show "{None} \<union> Some ` Y \<subseteq> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ proof
+ fix y assume "y \<in> {None} \<union> Some ` Y"
+
+ have "\<pi> \<in> L'b"
+ using \<open>\<pi> \<notin> L'a\<close> \<open>?L = L'a \<union> L'b\<close> assms(3) by fastforce
+ then obtain \<pi>' x' y' \<tau> where "\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@\<tau>"
+ and "\<pi>' \<in> L"
+ and "out[L,\<pi>',x'] = {}"
+ and "x' \<in> X"
+ and "(y' = None \<or> y' \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ unfolding L'b_def
+ by blast
+
+ have "\<pi> @ [(x,y)] = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@(\<tau>@[(x,y)])"
+ unfolding \<open>\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@\<tau>\<close> by auto
+ moreover note \<open>\<pi>' \<in> L\<close> and \<open>out[L,\<pi>',x'] = {}\<close> and \<open>x' \<in> X\<close> and \<open>(y' = None \<or> y' \<in> Some ` Y)\<close>
+ moreover have "(\<forall> (x,y) \<in> set (\<tau>@[(x,y)]) . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ using \<open>\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y)\<close> \<open>y \<in> {None} \<union> Some ` Y\<close> \<open>x \<in> X\<close>
+ by auto
+ ultimately show "y \<in> {y. \<pi> @ [(x, y)] \<in> L'b}"
+ unfolding L'b_def by blast
+ qed
+ qed
+ finally show "out[?L,\<pi>,x] = {None} \<union> Some ` Y" .
+ qed
+qed
+
+
+
+theorem quasired_via_red :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(L1 \<preceq>[X,quasired Y] L2) \<longleftrightarrow> ((bottom_completion X Y L1) \<preceq>[X, red ({None} \<union> Some ` Y)] (bottom_completion X Y L2))"
+proof -
+
+ define L1' where "L1' = bottom_completion X Y L1"
+ define L2' where "L2' = bottom_completion X Y L2"
+
+ define L1'a where "L1'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L1)"
+ define L1'b where "L1'b = {(map (\<lambda>(x,y) . (x,Some y)) \<pi>)@[(x,y)]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L1 \<and> out[L1,\<pi>,x] = {} \<and> x \<in> X \<and> (y = None \<or> y \<in> Some ` Y) \<and> (\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))}"
+ define L2'a where "L2'a = ((\<lambda> \<pi> . map (\<lambda>(x,y) . (x,Some y)) \<pi>) ` L2)"
+ define L2'b where "L2'b = {(map (\<lambda>(x,y) . (x,Some y)) \<pi>)@[(x,y)]@\<tau> | \<pi> x y \<tau> . \<pi> \<in> L2 \<and> out[L2,\<pi>,x] = {} \<and> x \<in> X \<and> (y = None \<or> y \<in> Some ` Y) \<and> (\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))}"
+
+ let ?L1 = "bottom_completion X Y L1"
+
+ have "?L1 = L1'a \<union> L1'b"
+ unfolding L1'a_def L1'b_def bottom_completion.simps by blast
+ then have "\<And> \<pi> x . out[?L1, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L1'a} \<union> {y. \<pi> @ [(x, y)] \<in> L1'b}"
+ unfolding outputs.simps language_for_state.simps by blast
+
+ let ?L2 = "bottom_completion X Y L2"
+
+ have "?L2 = L2'a \<union> L2'b"
+ unfolding L2'a_def L2'b_def bottom_completion.simps by blast
+ then have "\<And> \<pi> x . out[?L2, \<pi>, x] = {y. \<pi> @ [(x, y)] \<in> L2'a} \<union> {y. \<pi> @ [(x, y)] \<in> L2'b}"
+ unfolding outputs.simps language_for_state.simps by blast
+
+ have "is_language X ({None} \<union> Some ` Y) ?L1"
+ using bottom_completion_is_language[OF assms(1)] .
+ have "is_language X ({None} \<union> Some ` Y) ?L2"
+ using bottom_completion_is_language[OF assms(2)] .
+ then have "\<And> \<pi> x . out[bottom_completion X Y L2,\<pi>,x] \<subseteq> {None} \<union> Some ` Y"
+ by (meson outputs_in_alphabet)
+
+ have "(?L1 \<preceq>[X, red ({None} \<union> Some ` Y)] ?L2) = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ unfolding type_1_conforms.simps red.simps
+ using \<open>\<And> \<pi> x . out[bottom_completion X Y L2,\<pi>,x] \<subseteq> {None} \<union> Some ` Y\<close> by force
+ also have "\<dots> = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . (out[?L2,\<pi>,x] = {None} \<union> Some ` Y \<or> (out[?L1,\<pi>,x] \<noteq> {} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])))"
+ by (metis (no_types, lifting) IntD1 \<open>is_language X ({None} \<union> Some ` Y) (bottom_completion X Y L1)\<close> \<open>is_language X ({None} \<union> Some ` Y) (bottom_completion X Y L2)\<close> assms(1) bottom_completion_out(1) bottom_completion_out(2) bottom_completion_out(3) image_is_empty outputs_in_alphabet subset_antisym)
+ also have "\<dots> = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . (out[?L2,\<pi>,x] = {None} \<union> Some ` Y \<or> (is_not_undefined \<pi> L1 \<and> is_not_undefined \<pi> L2 \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x,y) . (x, the y)) \<pi>,x])))"
+ proof -
+ have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> out[?L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y \<Longrightarrow>
+ (out[?L1,\<pi>,x] \<noteq> {} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x]) = (is_not_undefined \<pi> L1 \<and> is_not_undefined \<pi> L2 \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x,y) . (x, the y)) \<pi>,x])"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> ?L1 \<inter> ?L2" and "x \<in> X" and "out[?L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y"
+ then have "\<pi> \<in> ?L1" and "\<pi> \<in> ?L2" by blast+
+
+ have "is_not_undefined \<pi> L2"
+ using bottom_completion_out[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L2\<close>]
+ using \<open>out[bottom_completion X Y L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y\<close> by fastforce
+ have "out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {}"
+ using bottom_completion_out(1,2)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L2\<close>]
+ using \<open>is_not_undefined \<pi> L2\<close> \<open>out[bottom_completion X Y L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y\<close> by blast
+
+ show "(out[?L1,\<pi>,x] \<noteq> {} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x]) = (is_not_undefined \<pi> L1 \<and> is_not_undefined \<pi> L2 \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x,y) . (x, the y)) \<pi>,x])"
+ proof (cases "is_not_undefined \<pi> L1")
+ case False
+ then have "out[?L1,\<pi>,x] = {None} \<union> Some ` Y"
+ by (meson IntD1 \<open>\<pi> \<in> bottom_completion X Y L1 \<inter> bottom_completion X Y L2\<close> \<open>x \<in> X\<close> assms(1) bottom_completion_out(3))
+ then have "\<not> (out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ by (metis \<open>is_language X ({None} \<union> Some ` Y) (bottom_completion X Y L2)\<close> \<open>out[bottom_completion X Y L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y\<close> outputs_in_alphabet subset_antisym)
+ then show ?thesis
+ using False by presburger
+ next
+ case True
+
+ have "(out[?L1,\<pi>,x] \<noteq> {} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x]) = (out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x,y) . (x, the y)) \<pi>,x])"
+ proof (cases "out[L1,map (\<lambda>(x, y). (x, the y)) \<pi>,x] = {}")
+ case True
+
+ have "\<not> (out[?L1,\<pi>,x] \<noteq> {} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ unfolding bottom_completion_out(2)[OF assms(1) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L1\<close> \<open>is_not_undefined \<pi> L1\<close> True]
+ by (meson \<open>\<And>x \<pi>. out[bottom_completion X Y L2,\<pi>,x] \<subseteq> {None} \<union> Some ` Y\<close> \<open>out[bottom_completion X Y L2,\<pi>,x] \<noteq> {None} \<union> Some ` Y\<close> subset_antisym)
+ moreover have "\<not> (out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x,y) . (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x,y) . (x, the y)) \<pi>,x])"
+ using True by simp
+ ultimately show ?thesis by blast
+ next
+ case False
+ show ?thesis
+ unfolding bottom_completion_out(1)[OF assms(1) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L1\<close> \<open>is_not_undefined \<pi> L1\<close> False]
+ unfolding bottom_completion_out(1)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L2\<close> \<open>is_not_undefined \<pi> L2\<close> \<open>out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {}\<close>]
+ by blast
+ qed
+ then show ?thesis
+ using \<open>is_not_undefined \<pi> L1\<close> \<open>is_not_undefined \<pi> L2\<close>
+ by blast
+ qed
+ qed
+ then show ?thesis
+ by meson
+ qed
+ also have "\<dots> = ( (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . \<not> is_not_undefined \<pi> L1 \<longrightarrow> is_not_undefined \<pi> L2 \<longrightarrow> out[?L2,\<pi>,x] = {None} \<union> Some ` Y)
+ \<and> (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])))"
+ (is "?A = ?B")
+ proof
+ show "?A \<Longrightarrow> ?B"
+ proof -
+ assume ?A
+
+ have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> \<not> is_not_undefined \<pi> L1 \<Longrightarrow> is_not_undefined \<pi> L2 \<Longrightarrow> out[?L2,\<pi>,x] = {None} \<union> Some ` Y"
+ using \<open>?A\<close> by blast
+ moreover have "\<And> \<pi> x . \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+
+ let ?\<pi> = "map (\<lambda>(x, y). (x, Some y)) \<pi>"
+
+ have "is_not_undefined ?\<pi> L1" and "is_not_undefined ?\<pi> L2"
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> by auto
+ then have "?\<pi> \<in> ?L1" and "?\<pi> \<in> ?L2"
+ by auto
+
+ show "out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ proof (cases "out[L2,\<pi>,x] = {}")
+ case True
+ then show ?thesis by auto
+ next
+ case False
+ then have "out[bottom_completion X Y L2,?\<pi>,x] \<noteq> {None} \<union> Some ` Y"
+ using bottom_completion_out(1)[OF assms(2) \<open>x \<in> X\<close> \<open>?\<pi> \<in> ?L2\<close> \<open>is_not_undefined ?\<pi> L2\<close>]
+ unfolding bottom_id
+ by force
+ then have "out[L1,map (\<lambda>(x, y). (x, the y)) ?\<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x, y). (x, the y)) ?\<pi>,x] \<subseteq> out[L2,map (\<lambda>(x, y). (x, the y)) ?\<pi>,x]"
+ using \<open>?A\<close>
+ using \<open>?\<pi> \<in> ?L1\<close> \<open>?\<pi> \<in> ?L2\<close> \<open>x \<in> X\<close>
+ by blast
+ then show "out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ unfolding bottom_id by blast
+ qed
+ qed
+ ultimately show ?B
+ by meson
+ qed
+ show "?B \<Longrightarrow> ?A"
+ proof -
+ assume "?B"
+
+ have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> out[?L2,\<pi>,x] = {None} \<union> Some ` Y \<or> is_not_undefined \<pi> L1 \<and> is_not_undefined \<pi> L2 \<and> out[L1,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> ?L1 \<inter> ?L2" and "x \<in> X"
+ then have "\<pi> \<in> ?L1" and "\<pi> \<in> ?L2" by auto
+
+ show "out[?L2,\<pi>,x] = {None} \<union> Some ` Y \<or> is_not_undefined \<pi> L1 \<and> is_not_undefined \<pi> L2 \<and> out[L1,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {} \<and> out[L1,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<subseteq> out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x]"
+ proof (cases "out[?L2,\<pi>,x] = {None} \<union> Some ` Y")
+ case True
+ then show ?thesis by blast
+ next
+ case False
+
+ let ?\<pi> = "map (\<lambda>(x, y). (x, the y)) \<pi>"
+
+ have "is_not_undefined \<pi> L2"
+ using False \<open>(\<forall>\<pi> \<in>bottom_completion X Y L1 \<inter> bottom_completion X Y L2. \<forall>x\<in>X. \<not> is_not_undefined \<pi> L1 \<longrightarrow> is_not_undefined \<pi> L2 \<longrightarrow> out[bottom_completion X Y L2,\<pi>,x] = {None} \<union> Some ` Y) \<and> (\<forall>\<pi>\<in>L1 \<inter> L2. \<forall>x\<in>X. out[L2,\<pi>,x] = {} \<or> out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])\<close> \<open>\<pi> \<in> bottom_completion X Y L1 \<inter> bottom_completion X Y L2\<close> \<open>x \<in> X\<close>
+ by (meson \<open>\<pi> \<in> bottom_completion X Y L2\<close> assms(2) bottom_completion_out(3))
+ then have "?\<pi> \<in> L2"
+ using bottom_id
+ by (metis (mono_tags, lifting) imageE is_not_undefined.elims(2))
+
+ have "is_not_undefined \<pi> L1"
+ using False \<open>(\<forall>\<pi> \<in>bottom_completion X Y L1 \<inter> bottom_completion X Y L2. \<forall>x\<in>X. \<not> is_not_undefined \<pi> L1 \<longrightarrow> is_not_undefined \<pi> L2 \<longrightarrow> out[bottom_completion X Y L2,\<pi>,x] = {None} \<union> Some ` Y) \<and> (\<forall>\<pi>\<in>L1 \<inter> L2. \<forall>x\<in>X. out[L2,\<pi>,x] = {} \<or> out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])\<close> \<open>\<pi> \<in> bottom_completion X Y L1 \<inter> bottom_completion X Y L2\<close> \<open>x \<in> X\<close>
+ using \<open>is_not_undefined \<pi> L2\<close> by blast
+ then have "?\<pi> \<in> L1"
+ using bottom_id
+ by (metis (mono_tags, lifting) imageE is_not_undefined.elims(2))
+
+ have "out[L2,?\<pi>,x] \<noteq> {}"
+ using False bottom_completion_out(2)[OF assms(2) \<open>x \<in> X\<close> \<open>\<pi> \<in> ?L2\<close> \<open>is_not_undefined \<pi> L2\<close>]
+ by blast
+ then have "out[L1,?\<pi>,x] \<noteq> {}" and "out[L1,?\<pi>,x] \<subseteq> out[L2,?\<pi>,x]"
+ using \<open>?B\<close> \<open>?\<pi> \<in> L1\<close> \<open>?\<pi> \<in> L2\<close> \<open>x \<in> X\<close>
+ by (meson IntI)+
+ then show ?thesis
+ using \<open>is_not_undefined \<pi> L1\<close> \<open>is_not_undefined \<pi> L2\<close>
+ by blast
+ qed
+ qed
+ then show ?A
+ by blast
+ qed
+ qed
+ also have "\<dots> = ( (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . \<not> is_not_undefined \<pi> L1 \<longrightarrow> is_not_undefined \<pi> L2 \<longrightarrow> out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x] = {})
+ \<and> (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])))"
+ (is "(?A \<and> ?B) = (?C \<and> ?B)")
+ proof -
+ have "?A = ?C"
+ by (metis IntD2 None_notin_image_Some UnCI assms(2) bottom_completion_out(1) bottom_completion_out(2) insertCI)
+ then show ?thesis by meson
+ qed
+ also have "\<dots> = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . out[L2,\<pi>,x] = {} \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]))"
+ (is "(?A \<and> ?B) = ?B")
+ proof -
+ have "?B \<Longrightarrow> ?A"
+ proof -
+ assume "?B"
+
+
+ have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> \<not> is_not_undefined \<pi> L1 \<Longrightarrow> is_not_undefined \<pi> L2 \<Longrightarrow> out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x] = {}"
+ proof (rule ccontr)
+ fix \<pi> x assume "\<pi> \<in> ?L1 \<inter> ?L2" and "x \<in> X" and "\<not> is_not_undefined \<pi> L1" and "is_not_undefined \<pi> L2"
+ and "out[L2,map (\<lambda>(x, y). (x, the y)) \<pi>,x] \<noteq> {}"
+
+ let ?\<pi> = "map (\<lambda>(x, y). (x, the y)) \<pi>"
+ have "?\<pi> \<in> L2"
+ by (metis (mono_tags, lifting) \<open>is_not_undefined \<pi> L2\<close> bottom_id image_iff is_not_undefined.elims(2))
+
+ have "\<pi> \<in> ?L1"
+ using \<open>\<pi> \<in> ?L1 \<inter> ?L2\<close> by auto
+ moreover have "\<pi> \<notin> L1'a"
+ unfolding L1'a_def using \<open>\<not> is_not_undefined \<pi> L1\<close> by auto
+ ultimately have "\<pi> \<in> L1'b"
+ unfolding \<open>?L1 = L1'a \<union> L1'b\<close> by blast
+ then obtain \<pi>' x' y' \<tau> where "\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@\<tau>"
+ and "\<pi>' \<in> L1"
+ and "out[L1,\<pi>',x'] = {}"
+ and "x' \<in> X"
+ and "(y' = None \<or> y' \<in> Some ` Y)"
+ and "(\<forall> (x,y) \<in> set \<tau> . x \<in> X \<and> (y = None \<or> y \<in> Some ` Y))"
+ unfolding L1'b_def
+ by blast
+
+ have "?\<pi> = (\<pi>'@[(x', the y')]) @ (map (\<lambda>(x, y). (x, the y)) \<tau>)"
+ unfolding \<open>\<pi> = (map (\<lambda>(x,y) . (x,Some y)) \<pi>')@[(x',y')]@\<tau>\<close>
+ using bottom_id by (induction \<pi>' arbitrary: x' y' \<tau>; auto)
+ then have "\<pi>'@[(x', the y')] \<in> L2" and "\<pi>' \<in> L2"
+ using \<open>?\<pi> \<in> L2\<close>
+ by (metis assms(2) prefix_closure_no_member)+
+ then have "out[L2,\<pi>',x'] \<noteq> {}"
+ by fastforce
+
+ show False
+ using \<open>?B\<close> \<open>\<pi>' \<in> L1\<close> \<open>\<pi>' \<in> L2\<close> \<open>x' \<in> X\<close> \<open>out[L2,\<pi>',x'] \<noteq> {}\<close> \<open>out[L1,\<pi>',x'] = {}\<close>
+ by blast
+ qed
+ then show ?A
+ by blast
+ qed
+ then show ?thesis by meson
+ qed
+ also have "\<dots> = (L1 \<preceq>[X,quasired Y] L2)"
+ unfolding quasired_type_1[OF assms, symmetric] quasi_reduction_def
+ by (meson assms(2) executable_inputs_in_alphabet outputs_executable)
+ finally show ?thesis
+ by meson
+qed
+
+
+subsection \<open>Strong Reduction via Reduction and Undefinedness Outputs\<close>
+
+fun non_bottom_shortening :: "('x,'y option) word \<Rightarrow> ('x,'y option) word" where
+ "non_bottom_shortening \<pi> = filter (\<lambda> (x,y) . y \<noteq> None) \<pi>"
+
+fun non_bottom_projection :: "('x,'y option) word \<Rightarrow> ('x,'y) word" where
+ "non_bottom_projection \<pi> = map (\<lambda>(x,y) . (x,the y)) (non_bottom_shortening \<pi>)"
+
+lemma non_bottom_projection_split: "non_bottom_projection (\<pi>'@\<pi>'') = (non_bottom_projection \<pi>')@(non_bottom_projection \<pi>'')"
+ by (induction \<pi>' arbitrary: \<pi>''; auto)
+
+lemma non_bottom_projection_id : "non_bottom_projection (map (\<lambda>(x,y) . (x,Some y)) \<pi>) = \<pi>"
+ by (induction \<pi>; auto)
+
+
+fun undefinedness_completion :: "'x alphabet \<Rightarrow> ('x,'y) language \<Rightarrow> ('x, 'y option) language" where
+ "undefinedness_completion X L =
+ {\<pi> . non_bottom_projection \<pi> \<in> L \<and> (\<forall> \<pi>' x \<pi>'' . \<pi> = \<pi>' @ [(x,None)] @ \<pi>'' \<longrightarrow> x \<in> X \<and> out[L, non_bottom_projection \<pi>', x] = {})}"
+
+lemma undefinedness_completion_is_language :
+ assumes "is_language X Y L"
+shows "is_language X ({None} \<union> Some ` Y) (undefinedness_completion X L)"
+proof -
+ let ?L = "undefinedness_completion X L"
+
+ have "[] \<in> L"
+ using language_contains_nil[OF assms] .
+ moreover have "non_bottom_projection [] = []"
+ by auto
+ ultimately have "[] \<in> ?L"
+ by simp
+ then have "?L \<noteq> {}"
+ by blast
+ moreover have "\<And> \<pi> . \<pi> \<in> ?L \<Longrightarrow> (\<And> xy . xy \<in> set \<pi> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y))"
+ and "\<And> \<pi> . \<pi> \<in> ?L \<Longrightarrow> (\<And> \<pi>' . prefix \<pi>' \<pi> \<Longrightarrow> \<pi>' \<in> ?L)"
+ proof -
+ fix \<pi> assume "\<pi> \<in> ?L"
+ then have p1: "non_bottom_projection \<pi> \<in> L"
+ and p2: "\<And> \<pi>' x \<pi>'' . \<pi> = \<pi>' @ [(x,None)] @ \<pi>'' \<Longrightarrow> x \<in> X \<and> out[L, non_bottom_projection \<pi>', x] = {}"
+ by auto
+
+ show "\<And> xy . xy \<in> set \<pi> \<Longrightarrow> fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y)"
+ proof -
+ fix xy assume "xy \<in> set \<pi>"
+ then obtain \<pi>' x y \<pi>'' where "xy = (x,y)" and "\<pi> = \<pi>' @ [(x,y)] @ \<pi>''"
+ by (metis append_Cons append_Nil old.prod.exhaust split_list)
+
+
+ show "fst xy \<in> X \<and> snd xy \<in> ({None} \<union> Some ` Y)"
+ proof (cases "snd xy")
+ case None
+ then show ?thesis
+ unfolding \<open>xy = (x,y)\<close> snd_conv
+ using p2 \<open>\<pi> = \<pi>' @ [(x,y)] @ \<pi>''\<close>
+ by simp
+ next
+ case (Some y')
+ then have "y = Some y'"
+ unfolding \<open>xy = (x,y)\<close> by auto
+ have "(x,y') \<in> set (non_bottom_projection \<pi>)"
+ unfolding \<open>\<pi> = \<pi>' @ [(x,y)] @ \<pi>''\<close> \<open>y = Some y'\<close>
+ by auto
+ then show ?thesis
+ unfolding \<open>xy = (x,y)\<close> snd_conv \<open>y = Some y'\<close> fst_conv
+ using p1 assms
+ unfolding is_language.simps by fastforce
+ qed
+ qed
+
+ show "\<And> \<pi>' . prefix \<pi>' \<pi> \<Longrightarrow> \<pi>' \<in> ?L"
+ proof -
+ fix \<pi>' assume "prefix \<pi>' \<pi>"
+ then obtain \<pi>'' where "\<pi> = \<pi>'@\<pi>''"
+ using prefixE by blast
+
+ have "non_bottom_projection \<pi> = (non_bottom_projection \<pi>')@(non_bottom_projection \<pi>'')"
+ unfolding \<open>\<pi> = \<pi>'@\<pi>''\<close>
+ using non_bottom_projection_split .
+ then have "non_bottom_projection \<pi>' \<in> L"
+ by (metis assms p1 prefix_closure_no_member)
+ moreover have "\<And> \<pi>''' x \<pi>'''' . \<pi>' = \<pi>''' @ [(x,None)] @ \<pi>'''' \<Longrightarrow> x \<in> X \<and> out[L, non_bottom_projection \<pi>''', x] = {}"
+ using p2 unfolding \<open>\<pi> = \<pi>'@\<pi>''\<close>
+ by (metis append.assoc)
+ ultimately show "\<pi>' \<in> ?L"
+ by fastforce
+ qed
+ qed
+ ultimately show ?thesis
+ by (meson is_language.elims(3))
+qed
+
+
+lemma undefinedness_completion_inclusion :
+ assumes "\<pi> \<in> L"
+shows "map (\<lambda>(x,y) . (x,Some y)) \<pi> \<in> undefinedness_completion X L"
+proof -
+ let ?\<pi> = "map (\<lambda>(x,y) . (x,Some y)) \<pi>"
+
+ have "\<And> a . (a,None) \<notin> set ?\<pi>"
+ by (induction \<pi>; auto)
+ then have "\<forall> \<pi>' x \<pi>'' . ?\<pi> = \<pi>' @ [(x,None)] @ \<pi>'' \<longrightarrow> x \<in> X \<and> out[L, non_bottom_projection \<pi>', x] = {}"
+ by (metis Cons_eq_appendI in_set_conv_decomp)
+ moreover have "non_bottom_projection ?\<pi> \<in> L"
+ using \<open>\<pi> \<in> L\<close> unfolding non_bottom_projection_id .
+ ultimately show ?thesis
+ by auto
+qed
+
+
+lemma undefinedness_completion_out_shortening :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> undefinedness_completion X L"
+ and "x \<in> X"
+shows "out[undefinedness_completion X L, \<pi>, x] = out[undefinedness_completion X L, non_bottom_shortening \<pi>, x]"
+using assms(2,3) proof (induction "length \<pi>" arbitrary: \<pi> x rule: less_induct)
+ case less
+
+ let ?L = "undefinedness_completion X L"
+
+ show ?case proof (cases \<pi> rule: rev_cases)
+ case Nil
+ then show ?thesis by auto
+ next
+ case (snoc \<pi>' xy)
+
+ then obtain x' y' where "xy = (x',y')" by fastforce
+
+ have "x' \<in> X"
+ using snoc less.prems(1) unfolding \<open>xy = (x',y')\<close>
+ using undefinedness_completion_is_language[OF assms(1)]
+ by (metis fst_conv is_language.elims(2) last_in_set snoc_eq_iff_butlast)
+
+ have "\<pi>' \<in> ?L"
+ using snoc less.prems(1)
+ using undefinedness_completion_is_language[OF assms(1)]
+ using prefix_closure_no_member by blast
+
+ show ?thesis proof (cases y')
+ case None
+
+ then have "non_bottom_shortening \<pi> = non_bottom_shortening \<pi>'"
+ unfolding \<open>xy = (x',y')\<close> snoc by auto
+ then have "out[?L, non_bottom_shortening \<pi>, x] = out[?L, non_bottom_shortening \<pi>', x]"
+ by simp
+ also have "\<dots> = out[?L, \<pi>', x]"
+ using less.hyps[OF _ \<open>\<pi>' \<in> ?L\<close> \<open>x \<in> X\<close>] unfolding snoc
+ by (metis Suc_lessD length_append_singleton not_less_eq)
+ also have "\<dots> = out[?L, \<pi>, x]"
+ proof
+
+ show "out[?L, \<pi>', x] \<subseteq> out[?L, \<pi>, x]"
+ proof
+ fix y assume "y \<in> out[?L, \<pi>', x]"
+ then have "\<pi>'@[(x,y)] \<in> ?L"
+ by auto
+ then have p1: "non_bottom_projection (\<pi>'@[(x,y)]) \<in> L"
+ and p2: "\<And> \<gamma>' a \<gamma>'' . \<pi>'@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ by auto
+
+ have "non_bottom_projection (\<pi>@[(x,y)]) = non_bottom_projection (\<pi>'@[(x,y)])"
+ unfolding snoc \<open>xy = (x',y')\<close> None by auto
+ then have "non_bottom_projection (\<pi>@[(x,y)]) \<in> L"
+ using p1 by simp
+ moreover have "\<And> \<gamma>' a \<gamma>'' . \<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof -
+ fix \<gamma>' a \<gamma>'' assume "\<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''"
+ then have "\<pi>'@[(x',None)]@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''"
+ unfolding snoc \<open>xy = (x',y')\<close> None by auto
+
+ show "a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof (cases \<gamma>'' rule: rev_cases)
+ case Nil
+ then show ?thesis
+ using \<open>\<pi> @ [(x, y)] = \<gamma>' @ [(a, None)] @ \<gamma>''\<close> \<open>non_bottom_shortening \<pi> = non_bottom_shortening \<pi>'\<close> p2 by auto
+ next
+ case (snoc \<gamma>''' xy')
+ then show ?thesis
+ using \<open>\<pi> @ [(x, y)] = \<gamma>' @ [(a, None)] @ \<gamma>''\<close> less.prems(1) by force
+ qed
+ qed
+ ultimately show "y \<in> out[?L, \<pi>, x]"
+ by auto
+ qed
+
+ show "out[?L, \<pi>, x] \<subseteq> out[?L, \<pi>', x]"
+ proof
+ fix y assume "y \<in> out[?L, \<pi>, x]"
+ then have "\<pi>'@[(x',None)]@[(x,y)] \<in> ?L"
+ unfolding snoc \<open>xy = (x',y')\<close> None
+ by auto
+ then have p1: "non_bottom_projection (\<pi>'@[(x',None)]@[(x,y)]) \<in> L"
+ and p2: "\<And> \<gamma>' a \<gamma>'' . \<pi>'@[(x',None)]@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ by auto
+
+ have "non_bottom_projection (\<pi>'@[(x',None)]@[(x,y)]) = non_bottom_projection (\<pi>'@[(x,y)])"
+ by auto
+ then have "non_bottom_projection (\<pi>'@[(x,y)]) \<in> L"
+ using p1 by auto
+ moreover have "\<And> \<gamma>' a \<gamma>'' . \<pi>'@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof -
+ fix \<gamma>' a \<gamma>'' assume "\<pi>'@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''"
+
+ show "a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof (cases \<gamma>'' rule: rev_cases)
+ case Nil
+ then show ?thesis
+ by (metis None \<open>\<pi>' @ [(x, y)] = \<gamma>' @ [(a, None)] @ \<gamma>''\<close> \<open>non_bottom_shortening \<pi> = non_bottom_shortening \<pi>'\<close> \<open>xy = (x', y')\<close> append.assoc append.right_neutral append1_eq_conv non_bottom_projection.simps p2 snoc)
+ next
+ case (snoc \<gamma>''' xy')
+ then show ?thesis
+ using \<open>\<pi>' @ [(x, y)] = \<gamma>' @ [(a, None)] @ \<gamma>''\<close> \<open>\<pi>' \<in> undefinedness_completion X L\<close> by force
+ qed
+ qed
+ ultimately show "y \<in> out[?L, \<pi>', x]"
+ by auto
+ qed
+ qed
+ finally show ?thesis
+ by blast
+ next
+ case (Some y'')
+
+ have "non_bottom_shortening \<pi> = (non_bottom_shortening \<pi>')@[(x',Some y'')]"
+ unfolding snoc \<open>xy = (x',y')\<close> Some by auto
+ then have "non_bottom_projection \<pi> = (non_bottom_projection \<pi>')@[(x',y'')]"
+ by auto
+
+ have "\<pi>' @ [(x', Some y'')] \<in> ?L"
+ using less.prems(1) unfolding snoc \<open>xy = (x',y')\<close> Some .
+ then have "Some y'' \<in> out[?L,\<pi>',x']"
+ by auto
+ moreover have "out[?L,\<pi>',x'] = out[?L,non_bottom_shortening \<pi>',x']"
+ using less.hyps[OF _ \<open>\<pi>' \<in> ?L\<close> \<open>x' \<in> X\<close>]
+ unfolding snoc \<open>xy = (x',y')\<close> Some
+ by (metis length_append_singleton lessI)
+ ultimately have "Some y'' \<in> out[?L,non_bottom_shortening \<pi>',x']"
+ by blast
+
+
+ show ?thesis
+ proof
+ show "out[?L,\<pi>,x] \<subseteq> out[?L,non_bottom_shortening \<pi>,x]"
+ proof
+ fix y assume "y \<in> out[?L,\<pi>,x]"
+ then have "\<pi>'@[(x',Some y'')]@[(x,y)] \<in> ?L"
+ unfolding snoc \<open>xy = (x',y')\<close> Some by auto
+ then have p1: "non_bottom_projection (\<pi>'@[(x',Some y'')]@[(x,y)]) \<in> L"
+ and p2: "\<And> \<gamma>' a \<gamma>'' . \<pi>'@[(x',Some y'')]@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ by auto
+
+ have "non_bottom_projection ((non_bottom_shortening \<pi>)@[(x,y)]) = non_bottom_projection (\<pi>'@[(x',Some y'')]@[(x,y)])"
+ unfolding \<open>non_bottom_shortening \<pi> = (non_bottom_shortening \<pi>')@[(x',Some y'')]\<close>
+ by auto
+ then have "non_bottom_projection ((non_bottom_shortening \<pi>)@[(x,y)]) \<in> L"
+ using p1 by simp
+ moreover have "\<And> \<gamma>' a \<gamma>'' . (non_bottom_shortening \<pi>)@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof -
+ fix \<gamma>' a \<gamma>'' assume "(non_bottom_shortening \<pi>)@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''"
+ moreover have "(a, None) \<notin> set (non_bottom_shortening \<pi>)"
+ by (induction \<pi>; auto)
+ moreover have "\<And> xs a ys b zs . xs@[a] = ys@[b]@zs \<Longrightarrow> b \<notin> set xs \<Longrightarrow> zs = []"
+ by (metis append_Cons append_Nil butlast.simps(2) butlast_snoc in_set_butlast_appendI list.distinct(1) list.sel(1) list.set_sel(1))
+ ultimately have "\<gamma>'' = []"
+ by fastforce
+ then have "\<gamma>' = non_bottom_shortening \<pi>"
+ and "x = a"
+ and "y = None"
+ using \<open>(non_bottom_shortening \<pi>)@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''\<close>
+ by auto
+
+
+ show "a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ using \<open>x \<in> X\<close> unfolding \<open>x = a\<close>
+ unfolding \<open>\<gamma>' = non_bottom_shortening \<pi>\<close>
+ by (metis (no_types, lifting) \<open>non_bottom_projection (non_bottom_shortening \<pi> @ [(x, y)]) = non_bottom_projection (\<pi>' @ [(x', Some y'')] @ [(x, y)])\<close> \<open>x = a\<close> \<open>y = None\<close> append.assoc append.right_neutral append_same_eq non_bottom_projection_split p2)
+ qed
+ ultimately show "y \<in> out[?L,non_bottom_shortening \<pi>,x]"
+ by auto
+ qed
+
+ show "out[?L,non_bottom_shortening \<pi>,x] \<subseteq> out[?L,\<pi>,x]"
+ proof
+ fix y assume "y \<in> out[?L,non_bottom_shortening \<pi>,x]"
+ then have "(non_bottom_shortening \<pi>')@[(x',Some y'')]@[(x,y)] \<in> ?L"
+ unfolding snoc \<open>xy = (x',y')\<close> Some by auto
+ then have p1: "non_bottom_projection ((non_bottom_shortening \<pi>')@[(x',Some y'')]@[(x,y)]) \<in> L"
+ and p2: "\<And> \<gamma>' a \<gamma>'' . (non_bottom_shortening \<pi>')@[(x',Some y'')]@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ by auto
+
+ have "non_bottom_projection ((non_bottom_shortening \<pi>')@[(x',Some y'')]@[(x,y)]) = non_bottom_projection (\<pi>@[(x,y)])"
+ unfolding snoc \<open>xy = (x',y')\<close> Some by auto
+ then have "non_bottom_projection (\<pi>@[(x,y)]) \<in> L"
+ using p1 by presburger
+ moreover have "\<And> \<gamma>' a \<gamma>'' . \<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>'' \<Longrightarrow> a \<in> X \<and> out[L, non_bottom_projection \<gamma>', a] = {}"
+ proof
+ fix \<gamma>' a \<gamma>'' assume "\<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''"
+ then have "(a,None) \<in> set (\<pi>@[(x,y)])"
+ by auto
+ then consider "(a,None) \<in> set \<pi>" | "(a,None) = (x,y)"
+ by auto
+ then show "a \<in> X"
+ by (metis assms(1) fst_conv is_language.elims(2) less.prems(1) less.prems(2) undefinedness_completion_is_language)
+
+ show "out[L,non_bottom_projection \<gamma>',a] = {}"
+ proof (cases \<gamma>'' rule: rev_cases)
+ case Nil
+ then have "\<pi> = \<gamma>'" and "x = a" and "y = None"
+ using \<open>\<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''\<close> by auto
+ then show ?thesis
+ by (metis (no_types, opaque_lifting) \<open>non_bottom_projection (non_bottom_shortening \<pi>' @ [(x', Some y'')] @ [(x, y)]) = non_bottom_projection (\<pi> @ [(x, y)])\<close> \<open>non_bottom_shortening \<pi> = non_bottom_shortening \<pi>' @ [(x', Some y'')]\<close> append.assoc append_Cons append_Nil append_same_eq non_bottom_projection_split p2)
+ next
+ case (snoc \<gamma>''' xy')
+ then have "\<pi> = \<gamma>' @ [(a, None)] @ \<gamma>'''"
+ using \<open>\<pi>@[(x,y)] = \<gamma>' @ [(a,None)] @ \<gamma>''\<close> by auto
+
+ have "\<gamma>' @ [(a, None)] \<in> ?L"
+ using less.prems(1) unfolding \<open>\<pi> = \<gamma>' @ [(a, None)] @ \<gamma>'''\<close>
+ using undefinedness_completion_is_language[OF assms(1)]
+ by (metis append_assoc prefix_closure_no_member)
+ then show "out[L, non_bottom_projection \<gamma>', a] = {}"
+ by auto
+ qed
+ qed
+ ultimately show "y \<in> out[?L,\<pi>,x]"
+ by auto
+ qed
+ qed
+ qed
+ qed
+qed
+
+
+
+lemma undefinedness_completion_out_projection_not_empty :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> undefinedness_completion X L"
+ and "x \<in> X"
+ and "out[L, non_bottom_projection \<pi>, x] \<noteq> {}"
+shows "out[undefinedness_completion X L, non_bottom_shortening \<pi>, x] = Some ` out[L, non_bottom_projection \<pi>, x]"
+proof
+
+ let ?L = "undefinedness_completion X L"
+
+ have "\<pi>@[(x,None)] \<notin> ?L"
+ using assms(4) by auto
+ then have "None \<notin> out[?L,\<pi>,x]"
+ by auto
+ then have "None \<notin> out[?L,non_bottom_shortening \<pi>,x]"
+ using undefinedness_completion_out_shortening[OF assms(1,2,3)] by blast
+ then have "(non_bottom_shortening \<pi>)@[(x,None)] \<notin> ?L"
+ by auto
+
+ show "out[?L, non_bottom_shortening \<pi>, x] \<subseteq> Some ` out[L, non_bottom_projection \<pi>, x]"
+ proof
+ fix y assume "y \<in> out[?L, non_bottom_shortening \<pi>, x]"
+ then have "(non_bottom_shortening \<pi>) @ [(x,y)] \<in> ?L" by auto
+ then have "y \<noteq> None"
+ using \<open>(non_bottom_shortening \<pi>)@[(x,None)] \<notin> ?L\<close>
+ by meson
+ then obtain y' where "y = Some y'"
+ by auto
+
+ have "non_bottom_projection ((non_bottom_shortening \<pi>) @ [(x,y)]) = (non_bottom_projection \<pi>) @ [(x,y')]"
+ unfolding \<open>y = Some y'\<close>
+ by (induction \<pi>; auto)
+ then have "(non_bottom_projection \<pi>) @ [(x,y')] \<in> L"
+ using \<open>(non_bottom_shortening \<pi>) @ [(x,y)] \<in> ?L\<close> unfolding \<open>y = Some y'\<close>
+ by auto
+ then show "y \<in> Some ` out[L, non_bottom_projection \<pi>, x]"
+ unfolding \<open>y = Some y'\<close> by auto
+ qed
+
+ show "Some ` out[L,non_bottom_projection \<pi>,x] \<subseteq> out[?L,non_bottom_shortening \<pi>,x]"
+ proof
+ fix y assume "y \<in> Some ` out[L,non_bottom_projection \<pi>,x]"
+ then obtain y' where "y = Some y'" and "y' \<in> out[L,non_bottom_projection \<pi>,x]"
+ by auto
+ then have "(non_bottom_projection \<pi>) @ [(x,y')] \<in> L"
+ by auto
+ moreover have "non_bottom_projection ((non_bottom_shortening \<pi>) @ [(x,y)]) = (non_bottom_projection \<pi>) @ [(x,y')]"
+ unfolding \<open>y = Some y'\<close>
+ by (induction \<pi>; auto)
+ ultimately have "non_bottom_projection ((non_bottom_shortening \<pi>) @ [(x,y)]) \<in> L"
+ unfolding \<open>y = Some y'\<close>
+ by auto
+ moreover have "\<And> \<pi>' x' \<pi>'' . ((non_bottom_shortening \<pi>) @ [(x,y)]) = \<pi>' @ [(x',None)] @ \<pi>'' \<Longrightarrow> x' \<in> X \<and> out[L, non_bottom_projection \<pi>', x'] = {}"
+ proof -
+ fix \<pi>' x' \<pi>'' assume "((non_bottom_shortening \<pi>) @ [(x,y)]) = \<pi>' @ [(x',None)] @ \<pi>''"
+ then have "(x',None) \<in> set (non_bottom_shortening \<pi>)"
+ by (metis \<open>y = Some y'\<close> append_Cons in_set_conv_decomp old.prod.inject option.distinct(1) rotate1.simps(2) set_ConsD set_rotate1)
+ then have False
+ by (induction \<pi>; auto)
+ then show "x' \<in> X \<and> out[L, non_bottom_projection \<pi>', x'] = {}"
+ by blast
+ qed
+ ultimately show "y \<in> out[?L,non_bottom_shortening \<pi>,x]"
+ by auto
+ qed
+qed
+
+
+lemma undefinedness_completion_out_projection_empty :
+ assumes "is_language X Y L"
+ and "\<pi> \<in> undefinedness_completion X L"
+ and "x \<in> X"
+ and "out[L, non_bottom_projection \<pi>, x] = {}"
+shows "out[undefinedness_completion X L, non_bottom_shortening \<pi>, x] = {None}"
+proof
+
+ let ?L = "undefinedness_completion X L"
+
+ have p1: "non_bottom_projection \<pi> \<in> L"
+ and p2: "\<And> \<pi>' x \<pi>'' . \<pi> = \<pi>' @ [(x,None)] @ \<pi>'' \<Longrightarrow> x \<in> X \<and> out[L, non_bottom_projection \<pi>', x] = {}"
+ using assms(2) by auto
+
+ have "non_bottom_projection (\<pi>@[(x,None)]) \<in> L"
+ using p1 by auto
+ moreover have "\<And> \<pi>' x' \<pi>'' . \<pi>@[(x,None)] = \<pi>' @ [(x',None)] @ \<pi>'' \<Longrightarrow> x' \<in> X \<and> out[L, non_bottom_projection \<pi>', x'] = {}"
+ proof -
+ fix \<pi>' x' \<pi>'' assume "\<pi>@[(x,None)] = \<pi>' @ [(x',None)] @ \<pi>''"
+ show "x' \<in> X \<and> out[L, non_bottom_projection \<pi>', x'] = {}"
+ proof (cases \<pi>'' rule: rev_cases)
+ case Nil
+ then show ?thesis
+ using \<open>\<pi> @ [(x, None)] = \<pi>' @ [(x', None)] @ \<pi>''\<close> assms(3) assms(4) by auto
+ next
+ case (snoc ys y)
+ then show ?thesis
+ using \<open>\<pi> @ [(x, None)] = \<pi>' @ [(x', None)] @ \<pi>''\<close> p2 by auto
+ qed
+ qed
+ ultimately have "\<pi>@[(x,None)] \<in> ?L"
+ by auto
+ then show "{None} \<subseteq> out[?L,non_bottom_shortening \<pi>,x]"
+ unfolding undefinedness_completion_out_shortening[OF assms(1,2,3), symmetric]
+ by auto
+
+ show "out[?L,non_bottom_shortening \<pi>,x] \<subseteq> {None}"
+ proof (rule ccontr)
+ assume "\<not> out[?L,non_bottom_shortening \<pi>,x] \<subseteq> {None}"
+ then obtain y where "y \<in> out[?L,non_bottom_shortening \<pi>,x]" and "y \<noteq> None"
+ by blast
+ then obtain y' where "y = Some y'"
+ by auto
+
+ have "\<pi>@[(x,Some y')] \<in> ?L"
+ using \<open>y \<in> out[?L,non_bottom_shortening \<pi>,x]\<close>
+ unfolding \<open>y = Some y'\<close>
+ unfolding undefinedness_completion_out_shortening[OF assms(1,2,3), symmetric]
+ by auto
+ then have "(non_bottom_projection \<pi>)@[(x,y')] \<in> L"
+ by auto
+ then show False
+ using assms(4) by auto
+ qed
+qed
+
+
+theorem strongred_via_red :
+ assumes "is_language X Y L1"
+ and "is_language X Y L2"
+shows "(L1 \<preceq>[X,strongred Y] L2) \<longleftrightarrow> ((undefinedness_completion X L1) \<preceq>[X, red ({None} \<union> Some ` Y)] (undefinedness_completion X L2))"
+proof -
+
+ let ?L1 = "undefinedness_completion X L1"
+ let ?L2 = "undefinedness_completion X L2"
+
+ have "(L1 \<preceq>[X,strongred Y] L2) = (\<forall> \<pi> \<in> L1 \<inter> L2 . \<forall> x \<in> X . (out[L1,\<pi>,x] = {} \<and> out[L2,\<pi>,x] = {}) \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x]))"
+ (is "?A = ?B")
+ proof
+ show "?A \<Longrightarrow> ?B"
+ unfolding strongred_type_1[OF assms, symmetric] strong_reduction_def quasi_reduction_def
+ by (metis outputs_executable)
+ show "?B \<Longrightarrow> ?A"
+ unfolding strongred_type_1[OF assms, symmetric] strong_reduction_def quasi_reduction_def
+ by (metis assms(1) assms(2) executable_inputs_in_alphabet outputs_executable subset_empty)
+ qed
+ also have "\<dots> = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . (out[L1,non_bottom_projection \<pi>,x] = {} \<and> out[L2,non_bottom_projection \<pi>,x] = {}) \<or> (out[L1,non_bottom_projection \<pi>,x] \<noteq> {} \<and> out[L1,non_bottom_projection \<pi>,x] \<subseteq> out[L2,non_bottom_projection \<pi>,x]))"
+ (is "?A = ?B")
+ proof
+ have "\<And> \<pi> x . ?A \<Longrightarrow> \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,non_bottom_projection \<pi>,x] = {} \<and> out[L2,non_bottom_projection \<pi>,x] = {}) \<or> (out[L1,non_bottom_projection \<pi>,x] \<noteq> {} \<and> out[L1,non_bottom_projection \<pi>,x] \<subseteq> out[L2,non_bottom_projection \<pi>,x])"
+ proof -
+ fix \<pi> x assume "?A" and "\<pi> \<in> ?L1 \<inter> ?L2" and "x \<in> X"
+
+ let ?\<pi> = "non_bottom_projection \<pi>"
+
+ have "?\<pi> \<in> L1"
+ and "?\<pi> \<in> L2"
+ using \<open>\<pi> \<in> ?L1 \<inter> ?L2\<close> by auto
+ then show "(out[L1,?\<pi>,x] = {} \<and> out[L2,?\<pi>,x] = {}) \<or> (out[L1,?\<pi>,x] \<noteq> {} \<and> out[L1,?\<pi>,x] \<subseteq> out[L2,?\<pi>,x])"
+ using \<open>?A\<close> \<open>x \<in> X\<close> by blast
+ qed
+ then show "?A \<Longrightarrow> ?B"
+ by blast
+
+ have "\<And> \<pi> x . ?B \<Longrightarrow> \<pi> \<in> L1 \<inter> L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,\<pi>,x] = {} \<and> out[L2,\<pi>,x] = {}) \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ proof -
+ fix \<pi> x assume "?B" and "\<pi> \<in> L1 \<inter> L2" and "x \<in> X"
+
+ let ?\<pi> = "map (\<lambda>(x,y) . (x,Some y)) \<pi>"
+
+ have "?\<pi> \<in> ?L1" and "?\<pi> \<in> ?L2"
+ using \<open>\<pi> \<in> L1 \<inter> L2\<close> undefinedness_completion_inclusion by blast+
+ then have "(out[L1,non_bottom_projection ?\<pi>,x] = {} \<and> out[L2,non_bottom_projection ?\<pi>,x] = {}) \<or> (out[L1,non_bottom_projection ?\<pi>,x] \<noteq> {} \<and> out[L1,non_bottom_projection ?\<pi>,x] \<subseteq> out[L2,non_bottom_projection ?\<pi>,x])"
+ using \<open>?B\<close> \<open>x \<in> X\<close> by blast
+ then show "(out[L1,\<pi>,x] = {} \<and> out[L2,\<pi>,x] = {}) \<or> (out[L1,\<pi>,x] \<noteq> {} \<and> out[L1,\<pi>,x] \<subseteq> out[L2,\<pi>,x])"
+ unfolding non_bottom_projection_id .
+ qed
+ then show "?B \<Longrightarrow> ?A"
+ by blast
+ qed
+ also have "\<dots> = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . (out[?L1,\<pi>,x] = {None} \<and> out[?L2,\<pi>,x] = {None}) \<or> (out[?L1,\<pi>,x] \<noteq> {None} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x]))"
+ proof -
+ have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,non_bottom_projection \<pi>,x] = {} \<and> out[L2,non_bottom_projection \<pi>,x] = {}) = (out[?L1,\<pi>,x] = {None} \<and> out[?L2,\<pi>,x] = {None})"
+ by (metis IntD1 IntD2 None_notin_image_Some assms(1) assms(2) insertCI undefinedness_completion_out_projection_empty undefinedness_completion_out_projection_not_empty undefinedness_completion_out_shortening)
+ moreover have "\<And> \<pi> x . \<pi> \<in> ?L1 \<inter> ?L2 \<Longrightarrow> x \<in> X \<Longrightarrow> (out[L1,non_bottom_projection \<pi>,x] \<noteq> {} \<and> out[L1,non_bottom_projection \<pi>,x] \<subseteq> out[L2,non_bottom_projection \<pi>,x]) = (out[?L1,\<pi>,x] \<noteq> {None} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ proof -
+ fix \<pi> x assume "\<pi> \<in> ?L1 \<inter> ?L2" and "x \<in> X"
+ then have "\<pi> \<in> ?L1" and "\<pi> \<in> ?L2" by auto
+
+ have "(out[L1,non_bottom_projection \<pi>,x] \<noteq> {}) = (out[?L1,\<pi>,x] \<noteq> {None})"
+ by (metis None_notin_image_Some \<open>\<pi> \<in> undefinedness_completion X L1\<close> \<open>x \<in> X\<close> assms(1) singletonI undefinedness_completion_out_projection_empty undefinedness_completion_out_projection_not_empty undefinedness_completion_out_shortening)
+
+
+ show "(out[L1,non_bottom_projection \<pi>,x] \<noteq> {} \<and> out[L1,non_bottom_projection \<pi>,x] \<subseteq> out[L2,non_bottom_projection \<pi>,x]) = (out[?L1,\<pi>,x] \<noteq> {None} \<and> out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ proof (cases "out[L1,non_bottom_projection \<pi>,x] \<noteq> {}")
+ case False
+ then show ?thesis using \<open>(out[L1,non_bottom_projection \<pi>,x] \<noteq> {}) = (out[?L1,\<pi>,x] \<noteq> {None})\<close> by blast
+ next
+ case True
+ have "out[undefinedness_completion X L1,\<pi>,x] = Some ` out[L1,non_bottom_projection \<pi>,x]"
+ using undefinedness_completion_out_projection_not_empty[OF assms(1) \<open>\<pi> \<in> ?L1\<close> \<open>x \<in> X\<close> True]
+ unfolding undefinedness_completion_out_shortening[OF assms(1) \<open>\<pi> \<in> ?L1\<close> \<open>x \<in> X\<close>,symmetric] .
+
+
+ show ?thesis proof (cases "out[L2,non_bottom_projection \<pi>,x] = {}")
+ case True
+ then show ?thesis
+ by (metis \<open>(out[L1,non_bottom_projection \<pi>,x] \<noteq> {}) = (out[undefinedness_completion X L1,\<pi>,x] \<noteq> {None})\<close> \<open>\<pi> \<in> undefinedness_completion X L2\<close> \<open>out[undefinedness_completion X L1,\<pi>,x] = Some ` out[L1,non_bottom_projection \<pi>,x]\<close> \<open>x \<in> X\<close> assms(2) image_is_empty subset_empty subset_singletonD undefinedness_completion_out_projection_empty undefinedness_completion_out_shortening)
+ next
+ case False
+
+ have "out[undefinedness_completion X L2,\<pi>,x] = Some ` out[L2,non_bottom_projection \<pi>,x]"
+ using undefinedness_completion_out_projection_not_empty[OF assms(2) \<open>\<pi> \<in> ?L2\<close> \<open>x \<in> X\<close> False]
+ unfolding undefinedness_completion_out_shortening[OF assms(2) \<open>\<pi> \<in> ?L2\<close> \<open>x \<in> X\<close>,symmetric] .
+
+ show ?thesis
+ unfolding \<open>out[undefinedness_completion X L1,\<pi>,x] = Some ` out[L1,non_bottom_projection \<pi>,x]\<close>
+ unfolding \<open>out[undefinedness_completion X L2,\<pi>,x] = Some ` out[L2,non_bottom_projection \<pi>,x]\<close>
+ by (metis \<open>(out[L1,non_bottom_projection \<pi>,x] \<noteq> {}) = (out[undefinedness_completion X L1,\<pi>,x] \<noteq> {None})\<close> \<open>out[undefinedness_completion X L1,\<pi>,x] = Some ` out[L1,non_bottom_projection \<pi>,x]\<close> subset_image_iff these_image_Some_eq)
+ qed
+ qed
+ qed
+ ultimately show ?thesis
+ by meson
+ qed
+ also have "\<dots> = (\<forall> \<pi> \<in> ?L1 \<inter> ?L2 . \<forall> x \<in> X . out[?L1,\<pi>,x] \<subseteq> out[?L2,\<pi>,x])"
+ (is "?A = ?B")
+ proof
+ show "?A \<Longrightarrow> ?B"
+ by blast
+ show "?B \<Longrightarrow> ?A"
+ by (metis IntD2 None_notin_image_Some assms(2) insert_subset undefinedness_completion_out_projection_empty undefinedness_completion_out_projection_not_empty undefinedness_completion_out_shortening)
+ qed
+ also have "\<dots> = (?L1 \<preceq>[X, red ({None} \<union> Some ` Y)] ?L2)"
+ unfolding type_1_conforms.simps red.simps
+ using outputs_in_alphabet[OF undefinedness_completion_is_language[OF assms(2)]]
+ by force
+ finally show ?thesis .
+qed
+
+
+end
\ No newline at end of file
diff --git a/thys/IO_Language_Conformance/ROOT b/thys/IO_Language_Conformance/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/IO_Language_Conformance/ROOT
@@ -0,0 +1,9 @@
+chapter AFP
+
+session IO_Language_Conformance = "HOL-Library" +
+ options [timeout = 300]
+ theories
+ "Input_Output_Language_Conformance"
+ document_files
+ "root.tex"
+ "root.bib"
\ No newline at end of file
diff --git a/thys/IO_Language_Conformance/document/root.bib b/thys/IO_Language_Conformance/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/IO_Language_Conformance/document/root.bib
@@ -0,0 +1,18 @@
+@Inbook{Huang2023,
+author="Huang, Wen-ling
+and Sachtleben, Robert",
+editor="Haxthausen, Anne E.
+and Huang, Wen-ling
+and Roggenbach, Markus",
+title="Conformance Relations Between Input/Output Languages",
+bookTitle="Applicable Formal Methods for Safe Industrial Products: Essays Dedicated to Jan Peleska on the Occasion of His 65th Birthday",
+year="2023",
+publisher="Springer Nature Switzerland",
+address="Cham",
+pages="49--67",
+abstract="In this paper, we propose a novel unifying approach to characterising well-known conformance relations between finite state machines, including equivalence, reduction, and variations thereof. This approach is based on languages over input/output alphabets. It allows for easier comparison between conformance relations, and gives rise to a fundamental necessary and sufficient criterion for conformance testing.",
+isbn="978-3-031-40132-9",
+doi="10.1007/978-3-031-40132-9_4",
+url="https://doi.org/10.1007/978-3-031-40132-9_4"
+}
+
diff --git a/thys/IO_Language_Conformance/document/root.tex b/thys/IO_Language_Conformance/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/IO_Language_Conformance/document/root.tex
@@ -0,0 +1,65 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage{isabelle,isabellesym}
+\usepackage{amsmath, amssymb}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap]{stmaryrd}
+ %for \<Sqinter>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Conformance Relations between Input/Output Languages}
+\author{Robert Sachtleben}
+\maketitle
+
+\begin{abstract}
+ This entry formalises the paper of the same name by Huang et~al.~\cite{Huang2023} and presents a unifying characterisation of well-known conformance relations such as equivalence and language inclusion (reduction) on languages over input/output pairs.
+ This characterisation simplifies comparisons between conformance relations and from it a fundamental necessary and sufficient criterion for conformance testing is developed.
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/ROOTS b/thys/ROOTS
--- a/thys/ROOTS
+++ b/thys/ROOTS
@@ -1,768 +1,773 @@
ABY3_Protocols
ADS_Functor
AI_Planning_Languages_Semantics
AODV
AOT
AVL-Trees
AWN
Abortable_Linearizable_Modules
Abs_Int_ITP2012
Abstract-Hoare-Logics
Abstract-Rewriting
Abstract_Completeness
Abstract_Soundness
Ackermanns_not_PR
Actuarial_Mathematics
Adaptive_State_Counting
Affine_Arithmetic
Aggregation_Algebras
Akra_Bazzi
Algebraic_Numbers
Algebraic_VCs
Allen_Calculus
Amicable_Numbers
Amortized_Complexity
AnselmGod
Applicative_Lifting
Approximation_Algorithms
Architectural_Design_Patterns
Aristotles_Assertoric_Syllogistic
Arith_Prog_Rel_Primes
ArrowImpossibilityGS
Attack_Trees
Auto2_HOL
Auto2_Imperative_HOL
AutoFocus-Stream
Automated_Stateful_Protocol_Verification
Automatic_Refinement
AxiomaticCategoryTheory
BDD
BD_Security_Compositional
BNF_CC
BNF_Operations
BTree
Balog_Szemeredi_Gowers
Banach_Steinhaus
Belief_Revision
Bell_Numbers_Spivey
BenOr_Kozen_Reif
Berlekamp_Zassenhaus
Bernoulli
Bertrands_Postulate
Bicategory
BinarySearchTree
Binary_Code_Imprimitive
Binding_Syntax_Theory
Binomial-Heaps
Binomial-Queues
BirdKMP
Birkhoff_Finite_Distributive_Lattices
Blue_Eyes
Bondy
Boolean_Expression_Checkers
Boolos_Curious_Inference
Boolos_Curious_Inference_Automated
Bounded_Deducibility_Security
Buchi_Complementation
Budan_Fourier
Buffons_Needle
Buildings
BytecodeLogicJmlTypes
C2KA_DistributedSystems
CAVA_Automata
CAVA_LTL_Modelchecker
CCS
CHERI-C_Memory_Model
CISC-Kernel
CRDT
CRYSTALS-Kyber
CSP_RefTK
CVP_Hardness
CYK
CZH_Elementary_Categories
CZH_Foundations
CZH_Universal_Constructions
CakeML
CakeML_Codegen
Call_Arity
Card_Equiv_Relations
Card_Multisets
Card_Number_Partitions
Card_Partitions
Cartan_FP
Case_Labeling
Catalan_Numbers
Category
Category2
Category3
Catoids
Cauchy
Cayley_Hamilton
Certification_Monads
Ceva
Chandy_Lamport
Chord_Segments
Circus
Clean
Clique_and_Monotone_Circuits
ClockSynchInst
Closest_Pair_Points
CoCon
CoSMeDis
CoSMed
CofGroups
Coinductive
Coinductive_Languages
Collections
Combinable_Wands
Combinatorial_Enumeration_Algorithms
Combinatorics_Words
Combinatorics_Words_Graph_Lemma
Combinatorics_Words_Lyndon
CommCSL
Commuting_Hermitian
Comparison_Sort_Lower_Bound
Compiling-Exceptions-Correctly
Complete_Non_Orders
Completeness
Complex_Bounded_Operators
Complex_Geometry
Complx
ComponentDependencies
ConcurrentGC
ConcurrentIMP
Concurrent_Ref_Alg
Concurrent_Revisions
Conditional_Simplification
Conditional_Transfer_Rule
Consensus_Refined
Constructive_Cryptography
Constructive_Cryptography_CM
Constructor_Funs
Containers
Cook_Levin
CoreC++
Core_DOM
Core_SC_DOM
Correctness_Algebras
Cotangent_PFD_Formula
Count_Complex_Roots
+Coupledsim_Contrasim
CryptHOL
CryptoBasedCompositionalProperties
Crypto_Standards
Cubic_Quartic_Equations
DCR-ExecutionEquivalence
DFS_Framework
DOM_Components
DPRM_Theorem
DPT-SAT-Solver
DataRefinementIBP
Datatype_Order_Generator
Decl_Sem_Fun_PL
Decreasing-Diagrams
Decreasing-Diagrams-II
Dedekind_Real
Deep_Learning
Delta_System_Lemma
Density_Compiler
Dependent_SIFUM_Refinement
Dependent_SIFUM_Type_Systems
Depth-First-Search
Derangements
Deriving
Descartes_Sign_Rule
Design_Theory
Dict_Construction
Differential_Dynamic_Logic
Differential_Game_Logic
DigitsInBase
Digit_Expansions
Dijkstra_Shortest_Path
Diophantine_Eqns_Lin_Hom
Directed_Sets
Dirichlet_L
Dirichlet_Series
DiscretePricing
Discrete_Summation
DiskPaxos
Distributed_Distinct_Elements
Dominance_CHK
DynamicArchitectures
Dynamic_Tables
E_Transcendental
Earley_Parser
Echelon_Form
EdmondsKarp_Maxflow
Edwards_Elliptic_Curves_Group
Efficient-Mergesort
Efficient_Weighted_Path_Order
Elliptic_Curves_Group_Law
Encodability_Process_Calculi
Epistemic_Logic
Equivalence_Relation_Enumeration
Ergodic_Theory
Error_Function
Euler_MacLaurin
Euler_Partition
Euler_Polyhedron_Formula
Eval_FO
Example-Submission
Executable_Randomized_Algorithms
Expander_Graphs
Extended_Finite_State_Machine_Inference
Extended_Finite_State_Machines
FFT
FLP
FOL-Fitting
FOL_Axiomatic
FOL_Harrison
FOL_Seq_Calc1
FOL_Seq_Calc2
FOL_Seq_Calc3
FO_Theory_Rewriting
FSM_Tests
Factor_Algebraic_Polynomial
Factored_Transition_System_Bounding
Falling_Factorial_Sum
Farkas
FeatherweightJava
Featherweight_OCL
Fermat3_4
FileRefinement
FinFun
Finger-Trees
Finite-Map-Extras
Finite_Automata_HF
Finite_Fields
Finitely_Generated_Abelian_Groups
First_Order_Terms
First_Welfare_Theorem
Fishburn_Impossibility
Fisher_Yates
Fishers_Inequality
Fixed_Length_Vector
Flow_Networks
Floyd_Warshall
Flyspeck-Tame
FocusStreamsCaseStudies
Forcing
Formal_Puiseux_Series
Formal_SSA
Formula_Derivatives
Foundation_of_geometry
Fourier
Free-Boolean-Algebra
Free-Groups
Frequency_Moments
Fresh_Identifiers
FunWithFunctions
FunWithTilings
Functional-Automata
Functional_Ordered_Resolution_Prover
Furstenberg_Topology
GPU_Kernel_PL
Gabow_SCC
GaleStewart_Games
Gale_Shapley
Game_Based_Crypto
Gauss-Jordan-Elim-Fun
Gauss_Jordan
Gauss_Sums
Gaussian_Integers
GenClock
General-Triangle
Generalized_Counting_Sort
Generic_Deriving
Generic_Join
GewirthPGCProof
Girth_Chromatic
Given_Clause_Loops
GoedelGod
Goedel_HFSet_Semantic
Goedel_HFSet_Semanticless
Goedel_Incompleteness
Goodstein_Lambda
GraphMarkingIBP
Graph_Saturation
Graph_Theory
Gray_Codes
Green
Groebner_Bases
Groebner_Macaulay
Gromov_Hyperbolicity
Grothendieck_Schemes
Group-Ring-Module
HOL-CSP
HOLCF-Prelude
HRB-Slicing
Hahn_Jordan_Decomposition
Hales_Jewett
Heard_Of
Hello_World
HereditarilyFinite
Hermite
Hermite_Lindemann
Hidden_Markov_Models
Higher_Order_Terms
HoareForDivergence
Hoare_Time
Hood_Melville_Queue
HotelKeyCards
Huffman
Hybrid_Logic
Hybrid_Multi_Lane_Spatial_Logic
Hybrid_Systems_VCs
HyperCTL
HyperHoareLogic
Hyperdual
Hypergraph_Basics
IEEE_Floating_Point
IFC_Tracking
IMAP-CRDT
IMO2019
IMP2
IMP2_Binary_Heap
IMP_Compiler
IMP_Compiler_Reuse
+IO_Language_Conformance
IP_Addresses
Imperative_Insertion_Sort
Implicational_Logic
Impossible_Geometry
Incompleteness
Incredible_Proof_Machine
Independence_CH
Inductive_Confidentiality
Inductive_Inference
InfPathElimination
InformationFlowSlicing
InformationFlowSlicing_Inter
Integration
Interpolation_Polynomials_HOL_Algebra
Interpreter_Optimizations
Interval_Arithmetic_Word32
Intro_Dest_Elim
Involutions2Squares
Iptables_Semantics
Irrational_Series_Erdos_Straus
Irrationality_J_Hancl
Irrationals_From_THEBOOK
IsaGeoCoq
IsaNet
Isabelle_C
Isabelle_Marries_Dirac
Isabelle_Meta_Model
Jacobson_Basic_Algebra
Jinja
JinjaDCI
JinjaThreads
JiveDataStoreModel
Jordan_Hoelder
Jordan_Normal_Form
KAD
KAT_and_DRA
KBPs
KD_Tree
Key_Agreement_Strong_Adversaries
Khovanskii_Theorem
Kleene_Algebra
Kneser_Cauchy_Davenport
Knights_Tour
Knot_Theory
Knuth_Bendix_Order
Knuth_Morris_Pratt
Koenigsberg_Friendship
Kruskal
Kuratowski_Closure_Complement
LLL_Basis_Reduction
LLL_Factorization
LOFT
LP_Duality
LTL
LTL_Master_Theorem
LTL_Normal_Form
LTL_to_DRA
LTL_to_GBA
Lam-ml-Normalization
LambdaAuth
LambdaMu
Lambda_Free_EPO
Lambda_Free_KBOs
Lambda_Free_RPOs
Lambert_W
Landau_Symbols
Laplace_Transform
Latin_Square
LatticeProperties
Launchbury
Laws_of_Large_Numbers
Lazy-Lists-II
Lazy_Case
Lehmer
Lifting_Definition_Option
Lifting_the_Exponent
LightweightJava
LinearQuantifierElim
Linear_Inequalities
Linear_Programming
Linear_Recurrences
Liouville_Numbers
List-Index
List-Infinite
List_Interleaving
List_Inversions
List_Update
LocalLexing
Localization_Ring
Locally-Nameless-Sigma
Logging_Independent_Anonymity
Lovasz_Local
Lowe_Ontological_Argument
Lower_Semicontinuous
Lp
Lucas_Theorem
MDP-Algorithms
MDP-Rewards
MFMC_Countable
MFODL_Monitor_Optimized
MFOTL_Monitor
MSO_Regex_Equivalence
Markov_Models
Marriage
Mason_Stothers
Matrices_for_ODEs
Matrix
Matrix_Tensor
Matroids
Max-Card-Matching
Maximum_Segment_Sum
Median_Method
Median_Of_Medians_Selection
Menger
Mereology
Mersenne_Primes
Metalogic_ProofChecker
MHComputation
MiniML
MiniSail
Minimal_SSA
Minkowskis_Theorem
Minsky_Machines
MLSS_Decision_Proc
ML_Unification
Modal_Logics_for_NTS
Modular_Assembly_Kit_Security
Modular_arithmetic_LLL_and_HNF_algorithms
Monad_Memo_DP
Monad_Normalisation
MonoBoolTranAlgebra
MonoidalCategory
Monomorphic_Monad
MuchAdoAboutTwo
Multi_Party_Computation
Multirelations
Multirelations_Heterogeneous
Multiset_Ordering_NPC
Multitape_To_Singletape_TM
Myhill-Nerode
Name_Carrying_Type_Inference
Nano_JSON
Nash_Williams
Nat-Interval-Logic
Native_Word
Nested_Multisets_Ordinals
Network_Security_Policy_Verification
Neumann_Morgenstern_Utility
No_FTL_observers
No_FTL_observers_Gen_Rel
Nominal2
Noninterference_CSP
Noninterference_Concurrent_Composition
Noninterference_Generic_Unwinding
Noninterference_Inductive_Unwinding
Noninterference_Ipurge_Unwinding
Noninterference_Sequential_Composition
NormByEval
Nullstellensatz
Number_Theoretic_Transform
Octonions
OpSets
Open_Induction
Optics
Optimal_BST
Orbit_Stabiliser
Order_Lattice_Props
Ordered_Resolution_Prover
Ordinal
Ordinal_Partitions
Ordinals_and_Cardinals
Ordinary_Differential_Equations
PAC_Checker
PAL
PAPP_Impossibility
PCF
PLM
POPLmark-deBruijn
PSemigroupsConvolution
Package_logic
Padic_Field
Padic_Ints
Pairing_Heap
Paraconsistency
Parity_Game
Partial_Function_MR
Partial_Order_Reduction
Password_Authentication_Protocol
Pell
Perfect-Number-Thm
Perron_Frobenius
Physical_Quantities
Pi_Calculus
Pi_Transcendental
Planarity_Certificates
Pluennecke_Ruzsa_Inequality
Poincare_Bendixson
Poincare_Disc
Polygonal_Number_Theorem
Polynomial_Factorization
Polynomial_Interpolation
Polynomials
Pop_Refinement
Posix-Lexing
Possibilistic_Noninterference
Power_Sum_Polynomials
Pratt_Certificate
Prefix_Free_Code_Combinators
Presburger-Automata
Prim_Dijkstra_Simple
Prime_Distribution_Elementary
Prime_Harmonic_Series
Prime_Number_Theorem
Priority_Queue_Braun
Priority_Search_Trees
Probabilistic_Noninterference
Probabilistic_Prime_Tests
Probabilistic_System_Zoo
Probabilistic_Timed_Automata
Probabilistic_While
Probability_Inequality_Completeness
Program-Conflict-Analysis
Progress_Tracking
Projective_Geometry
Projective_Measurements
Promela
Proof_Strategy_Language
PropResPI
Propositional_Logic_Class
Propositional_Proof_Systems
Prpu_Maxflow
PseudoHoops
Psi_Calculi
Ptolemys_Theorem
Public_Announcement_Logic
QHLProver
QR_Decomposition
Quantales
Quantales_Converse
Quantifier_Elimination_Hybrid
Quasi_Borel_Spaces
Quaternions
Query_Optimization
Quick_Sort_Cost
RIPEMD-160-SPARK
ROBDD
RSAPSS
Ramsey-Infinite
Random_BSTs
Random_Graph_Subgraph_Threshold
Randomised_BSTs
Randomised_Social_Choice
Rank_Nullity_Theorem
Real_Impl
Real_Power
Real_Time_Deque
Recursion-Addition
Recursion-Theory-I
Refine_Imperative_HOL
Refine_Monadic
RefinementReactive
Regex_Equivalence
Registers
Regression_Test_Selection
Regular-Sets
Regular_Algebras
Regular_Tree_Relations
Relation_Algebra
Relational-Incorrectness-Logic
Relational_Cardinality
Relational_Disjoint_Set_Forests
Relational_Forests
Relational_Method
Relational_Minimum_Spanning_Trees
Relational_Paths
Rensets
Rep_Fin_Groups
ResiduatedTransitionSystem
Residuated_Lattices
Resolution_FOL
Rewrite_Properties_Reduction
Rewriting_Z
Ribbon_Proofs
Risk_Free_Lending
Robbins-Conjecture
Robinson_Arithmetic
Root_Balanced_Tree
Roth_Arithmetic_Progressions
Routing
Roy_Floyd_Warshall
SATSolverVerification
SCC_Bloemen_Sequential
SC_DOM_Components
SDS_Impossibility
SIFPL
SIFUM_Type_Systems
SPARCv8
+S_Finite_Measure_Monad
Safe_Distance
Safe_OCL
Safe_Range_RC
Saturation_Framework
Saturation_Framework_Extensions
Sauer_Shelah_Lemma
Schutz_Spacetime
Schwartz_Zippel
Secondary_Sylow
Security_Protocol_Refinement
Selection_Heap_Sort
SenSocialChoice
Separata
Separation_Algebra
Separation_Logic_Imperative_HOL
Separation_Logic_Unbounded
SequentInvertibility
Shadow_DOM
Shadow_SC_DOM
Shivers-CFA
ShortestPath
Show
Sigma_Commit_Crypto
Signature_Groebner
Simpl
Simple_Clause_Learning
Simple_Firewall
Simplex
Simplicial_complexes_and_boolean_functions
SimplifiedOntologicalArgument
Skew_Heap
Skip_Lists
Slicing
Sliding_Window_Algorithm
Smith_Normal_Form
Smooth_Manifolds
Solidity
Sophomores_Dream
Sort_Encodings
Source_Coding_Theorem
SpecCheck
Special_Function_Bounds
Splay_Tree
Sqrt_Babylonian
Stable_Matching
Stalnaker_Logic
+Standard_Borel_Spaces
Statecharts
Stateful_Protocol_Composition_and_Typing
Stellar_Quorums
Stern_Brocot
Stewart_Apollonius
Stirling_Formula
Stochastic_Matrices
Stone_Algebras
Stone_Kleene_Relation_Algebras
Stone_Relation_Algebras
Store_Buffer_Reduction
Stream-Fusion
Stream_Fusion_Code
StrictOmegaCategories
Strong_Security
Sturm_Sequences
Sturm_Tarski
Stuttering_Equivalence
Subresultants
Subset_Boolean_Algebras
SumSquares
Sunflowers
SuperCalc
Suppes_Theorem
Surprise_Paradox
Symmetric_Polynomials
Syntax_Independent_Logic
Synthetic_Completeness
Szemeredi_Regularity
Szpilrajn
TESL_Language
TLA
Tail_Recursive_Functions
Tarskis_Geometry
Taylor_Models
Three_Circles
Three_Squares
Timed_Automata
Topological_Semantics
Topology
TortoiseHare
TsirelsonBound
Transcendence_Series_Hancl_Rucki
Transformer_Semantics
Transition_Systems_and_Automata
Transitive-Closure
Transitive-Closure-II
Transitive_Models
+Transport
Treaps
Tree-Automata
Tree_Decomposition
Tree_Enumeration
Triangle
Trie
Turans_Graph_Theorem
Twelvefold_Way
Two_Generated_Word_Monoids_Intersection
Tycon
Types_Tableaus_and_Goedels_God
Types_To_Sets_Extension
UPF
UPF_Firewall
UTP
Undirected_Graph_Theory
Universal_Hash_Families
Universal_Turing_Machine
UpDown_Scheme
VYDRA_MDL
Valuation
Van_Emde_Boas_Trees
Van_der_Waerden
VectorSpace
VeriComp
Verified-Prover
Verified_SAT_Based_AI_Planning
VerifyThis2018
VerifyThis2019
Vickrey_Clarke_Groves
Virtual_Substitution
VolpanoSmith
WHATandWHERE_Security
WOOT_Strong_Eventual_Consistency
WebAssembly
Weight_Balanced_Trees
Weighted_Arithmetic_Geometric_Mean
Weighted_Path_Order
Well_Quasi_Orders
Wetzels_Problem
Winding_Number_Eval
Word_Lib
WorkerWrapper
X86_Semantics
XML
Youngs_Inequality
ZFC_in_HOL
Zeckendorf
Zeta_3_Irrational
Zeta_Function
pGCL
diff --git a/thys/S_Finite_Measure_Monad/Kernels.thy b/thys/S_Finite_Measure_Monad/Kernels.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Kernels.thy
@@ -0,0 +1,2961 @@
+(* Title: Kernels.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+section \<open> Kernels \<close>
+theory Kernels
+ imports Lemmas_S_Finite_Measure_Monad
+begin
+
+subsection \<open>S-Finite Measures\<close>
+locale s_finite_measure =
+ fixes M :: "'a measure"
+ assumes s_finite_sum: "\<exists>Mi :: nat \<Rightarrow> 'a measure. (\<forall>i. sets (Mi i) = sets M) \<and> (\<forall>i. finite_measure (Mi i)) \<and> (\<forall>A\<in>sets M. M A = (\<Sum>i. Mi i A))"
+
+lemma(in sigma_finite_measure) s_finite_measure: "s_finite_measure M"
+proof
+ obtain A :: "nat \<Rightarrow> _" where A: "range A \<subseteq> sets M" "\<Union> (range A) = space M" "\<And>i. emeasure M (A i) \<noteq> \<infinity>" "disjoint_family A"
+ by(metis sigma_finite_disjoint)
+ define Mi where "Mi \<equiv> (\<lambda>i. measure_of (space M) (sets M) (\<lambda>a. M (a \<inter> A i)))"
+ have emeasure_Mi:"Mi i a = M (a \<inter> A i)" if "a \<in> sets M" for i a
+ proof -
+ have "positive (sets (Mi i)) (\<lambda>a. M (a \<inter> A i))" "countably_additive (sets (Mi i)) (\<lambda>a. M (a \<inter> A i))"
+ unfolding positive_def countably_additive_def
+ proof safe
+ fix B :: "nat \<Rightarrow> _"
+ assume "range B \<subseteq> sets (Mi i)" "disjoint_family B"
+ with A(1) have "range (\<lambda>j. B j \<inter> A i) \<subseteq> sets M" "disjoint_family (\<lambda>j. B j \<inter> A i)"
+ by(fastforce simp: Mi_def disjoint_family_on_def)+
+ thus "(\<Sum>j. M (B j \<inter> A i)) = M (\<Union> (range B) \<inter> A i)"
+ by (metis UN_extend_simps(4) suminf_emeasure)
+ qed simp
+ from emeasure_measure_of[OF _ _ this] that show ?thesis
+ by(auto simp add: Mi_def sets.space_closed)
+ qed
+ have sets_Mi:"sets (Mi i) = sets M" for i by(simp add: Mi_def)
+ show "\<exists>Mi. (\<forall>i. sets (Mi i) = sets M) \<and> (\<forall>i. finite_measure (Mi i)) \<and> (\<forall>A\<in>sets M. emeasure M A = (\<Sum>i. emeasure (Mi i) A))"
+ proof(safe intro!: exI[where x=Mi])
+ fix i
+ show "finite_measure (Mi i)"
+ using A by(auto intro!: finite_measureI simp: sets_eq_imp_space_eq[OF sets_Mi] emeasure_Mi)
+ next
+ fix B
+ assume B:"B \<in> sets M"
+ with A(1,4) have "range (\<lambda>i. B \<inter> A i) \<subseteq> sets M" "disjoint_family (\<lambda>i. B \<inter> A i)"
+ by(auto simp: disjoint_family_on_def)
+ then show "M B = (\<Sum>i. (Mi i) B)"
+ by(simp add: emeasure_Mi[OF B] suminf_emeasure A(2) B)
+ qed(simp_all add: sets_Mi)
+qed
+
+lemmas(in finite_measure) s_finite_measure_finite_measure = s_finite_measure
+
+lemmas(in subprob_space) s_finite_measure_subprob = s_finite_measure
+
+lemmas(in prob_space) s_finite_measure_prob = s_finite_measure
+
+sublocale sigma_finite_measure \<subseteq> s_finite_measure
+ by(rule s_finite_measure)
+
+lemma s_finite_measureI:
+ assumes "\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. A\<in>sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)"
+ shows "s_finite_measure M"
+ by standard (use assms in blast)
+
+lemma s_finite_measure_prodI:
+ assumes "\<And>i j. sets (Mij i j) = sets M" "\<And>i j. Mij i j (space M) < \<infinity>" "\<And>A. A \<in> sets M \<Longrightarrow> M A = (\<Sum>i. (\<Sum>j. Mij i j A))"
+ shows "s_finite_measure M"
+proof -
+ define Mi' where "Mi' \<equiv> (\<lambda>n. case_prod Mij (prod_decode n))"
+ have sets_Mi'[measurable_cong]:"\<And>i. sets (Mi' i) = sets M"
+ using assms(1) by(simp add: Mi'_def split_beta')
+ have Mi'_finite:"\<And>i. finite_measure (Mi' i)"
+ using assms(2) sets_eq_imp_space_eq[OF sets_Mi'[symmetric]] top.not_eq_extremum
+ by(fastforce intro!: finite_measureI simp: Mi'_def split_beta')
+ show ?thesis
+ proof(safe intro!: s_finite_measureI[where Mi=Mi'] sets_Mi' Mi'_finite)
+ fix A
+ show "A \<in> sets M \<Longrightarrow> M A = (\<Sum>i. Mi' i A)"
+ by(simp add: assms(3) suminf_ennreal_2dimen[where f="\<lambda>(x,y). Mij x y A", simplified,OF refl,symmetric] Mi'_def split_beta')
+ qed
+qed
+
+corollary s_finite_measure_s_finite_sumI:
+ assumes "\<And>i. sets (Mi i) = sets M" "\<And>i. s_finite_measure (Mi i)" "\<And>A. A \<in> sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)"
+ shows "s_finite_measure M"
+proof -
+ from s_finite_measure.s_finite_sum[OF assms(2)]
+ obtain Mij where Mij[measurable]: "\<And>i j. sets (Mij i j) = sets M" "\<And>i j. finite_measure (Mij i j)" "\<And>i j A. A \<in> sets M \<Longrightarrow> Mi i A = (\<Sum>j. Mij i j A)"
+ by (metis assms(1))
+ show ?thesis
+ using finite_measure.emeasure_finite[OF Mij(2)]
+ by(auto intro!: s_finite_measure_prodI[where Mij = Mij] simp: assms(3) Mij top.not_eq_extremum)
+qed
+
+lemma countable_space_s_finite_measure:
+ assumes "countable (space M)" "sets M = Pow (space M)"
+ shows "s_finite_measure M"
+proof -
+ define Mi where "Mi \<equiv> (\<lambda>i. measure_of (space M) (sets M) (\<lambda>A. emeasure M (A \<inter> {from_nat_into (space M) i})))"
+ have sets_Mi[measurable_cong,simp]: "sets (Mi i) = sets M" for i
+ by(auto simp: Mi_def)
+ have emeasure_Mi: "emeasure (Mi i) A = emeasure M (A \<inter> {from_nat_into (space M) i})" if [measurable]: "A \<in> sets M" and i:"i \<in> to_nat_on (space M) ` (space M)" for i A
+ proof -
+ have "from_nat_into (space M) i \<in> space M"
+ by (simp add: from_nat_into_def i inv_into_into)
+ hence [measurable]: "{from_nat_into (space M) i} \<in> sets M"
+ using assms(2) by auto
+ have 1:"countably_additive (sets M) (\<lambda>A. emeasure M (A \<inter> {from_nat_into (space M) i}))"
+ unfolding countably_additive_def
+ proof safe
+ fix B :: "nat \<Rightarrow> _"
+ assume "range B \<subseteq> sets M" "disjoint_family B"
+ then have [measurable]:"\<And>i. B i \<in> sets M" and "disjoint_family (\<lambda>j. B j \<inter> {from_nat_into (space M) i})"
+ by(auto simp: disjoint_family_on_def)
+ then have "(\<Sum>j. emeasure M (B j \<inter> {from_nat_into (space M) i})) = emeasure M (\<Union> (range (\<lambda>j. B j \<inter> {from_nat_into (space M) i})))"
+ by(intro suminf_emeasure) auto
+ thus "(\<Sum>j. emeasure M (B j \<inter> {from_nat_into (space M) i})) = emeasure M (\<Union> (range B) \<inter> {from_nat_into (space M) i})"
+ by simp
+ qed
+ have 2:"positive (sets M) (\<lambda>A. emeasure M (A \<inter> {from_nat_into (space M) i}))"
+ by(auto simp: positive_def)
+ show ?thesis
+ by(simp add: Mi_def emeasure_measure_of_sigma[OF sets.sigma_algebra_axioms 2 1])
+ qed
+ define Mi' where "Mi' \<equiv> (\<lambda>i. if i \<in> to_nat_on (space M) ` (space M) then Mi i else null_measure M)"
+ have [measurable_cong, simp]: "sets (Mi' i) = sets M" for i
+ by(auto simp: Mi'_def)
+ show ?thesis
+ proof(rule s_finite_measure_s_finite_sumI[where Mi=Mi'])
+ fix A
+ assume A[measurable]: "A \<in> sets M"
+ show "emeasure M A = (\<Sum>i. emeasure (Mi' i) A)" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. emeasure M {x} \<partial>count_space A)"
+ using sets.sets_into_space[OF A] by(auto intro!: emeasure_countable_singleton simp: assms(2) countable_subset[OF _ assms(1)])
+ also have "... = (\<integral>\<^sup>+ x. emeasure (Mi (to_nat_on (space M) x)) A \<partial>count_space A)"
+ proof(safe intro!: nn_integral_cong)
+ fix x
+ assume "x \<in> space (count_space A)"
+ then have 1:"x \<in> A" by simp
+ hence 2:"to_nat_on (space M) x \<in> to_nat_on (space M) ` (space M)"
+ using A assms(2) by auto
+ have [simp]: "from_nat_into (space M) (to_nat_on (space M) x) = x"
+ by (metis 1 2 A assms(1) eq_from_nat_into_iff in_mono sets.sets_into_space)
+ show "emeasure M {x} = emeasure (Mi (to_nat_on (space M) x)) A"
+ using 1 by(simp add: emeasure_Mi[OF A 2])
+ qed
+ also have "... = (\<integral>\<^sup>+ x\<in>A. emeasure (Mi (to_nat_on (space M) x)) A \<partial>count_space UNIV)"
+ by (simp add: nn_integral_count_space_indicator)
+ also have "... = (\<integral>\<^sup>+ i\<in>to_nat_on (space M) ` A. emeasure (Mi i) A \<partial>count_space UNIV)"
+ by(rule nn_integral_count_compose_inj[OF inj_on_subset[OF inj_on_to_nat_on[OF assms(1)] sets.sets_into_space[OF A]]])
+ also have "... = (\<integral>\<^sup>+ i\<in>to_nat_on (space M) ` A. emeasure (Mi' i) A \<partial>count_space UNIV)"
+ proof -
+ {
+ fix x
+ assume "x \<in> A"
+ then have "to_nat_on (space M) x \<in> to_nat_on (space M) ` (space M)"
+ using sets.sets_into_space[OF A] by auto
+ hence "emeasure (Mi (to_nat_on (space M) x)) A = emeasure (Mi' (to_nat_on (space M) x)) A"
+ by(auto simp: Mi'_def)
+ }
+ thus ?thesis
+ by(auto intro!: nn_integral_cong simp: indicator_def)
+ qed
+ also have "... = (\<integral>\<^sup>+ i. emeasure (Mi' i) A \<partial>count_space UNIV)"
+ proof -
+ {
+ fix i
+ assume i:"i \<notin> to_nat_on (space M) ` A"
+ have "from_nat_into (space M) i \<notin> A" if "i \<in> to_nat_on (space M) ` (space M)"
+ by (metis i image_eqI that to_nat_on_from_nat_into)
+ with emeasure_Mi have "emeasure (Mi' i) A = 0"
+ by(auto simp: Mi'_def)
+ }
+ thus ?thesis
+ by(auto intro!: nn_integral_cong simp: indicator_def)
+ qed
+ also have "... = ?rhs"
+ by(rule nn_integral_count_space_nat)
+ finally show ?thesis .
+ qed
+ next
+ fix i
+ show "s_finite_measure (Mi' i)"
+ proof -
+ {
+ fix x
+ assume h:"x \<in> space M" "i = to_nat_on (space M) x"
+ then have i:"i \<in> to_nat_on (space M) ` space M"
+ by blast
+ have x: "from_nat_into (space M) i = x"
+ using h by (simp add: assms(1))
+ consider "M {x} = 0" | "M {x} \<noteq> 0" "M {x} < \<infinity>" | "M {x} = \<infinity>"
+ using top.not_eq_extremum by fastforce
+ hence "s_finite_measure (Mi (to_nat_on (space M) x))"
+ proof cases
+ case 1
+ then have [simp]:"Mi i = null_measure M"
+ by(auto intro!: measure_eqI simp: emeasure_Mi[OF _ i] x Int_insert_right)
+ show ?thesis
+ by(auto simp: h(2)[symmetric] intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+ next
+ case 2
+ then show ?thesis
+ unfolding h(2)[symmetric]
+ by(auto intro!: finite_measure.s_finite_measure_finite_measure finite_measureI simp: sets_eq_imp_space_eq[OF sets_Mi] emeasure_Mi[OF _ i] x h(1))
+ next
+ case 3
+ show ?thesis
+ unfolding h(2)[symmetric] s_finite_measure_def
+ proof(safe intro!: exI[where x="\<lambda>j. return M x"] prob_space.finite_measure prob_space_return h(1))
+ fix A
+ assume "A \<in> sets (Mi i)"
+ then have [measurable]: "A \<in> sets M"
+ by(simp add: Mi_def)
+ thus "emeasure (Mi i) A = (\<Sum>i. emeasure (return M x) A)"
+ by(simp add: emeasure_Mi[OF _ i] x) (cases "x \<in> A",auto simp: 3 nn_integral_count_space_nat[symmetric])
+ qed(auto simp: Mi_def)
+ qed
+ }
+ thus ?thesis
+ by(auto simp: Mi'_def) (auto intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+ qed
+ qed simp
+qed
+
+lemma s_finite_measure_subprob_space:
+ "s_finite_measure M \<longleftrightarrow> (\<exists>Mi :: nat \<Rightarrow> 'a measure. (\<forall>i. sets (Mi i) = sets M) \<and> (\<forall>i. (Mi i) (space M) \<le> 1) \<and> (\<forall>A\<in>sets M. M A = (\<Sum>i. Mi i A)))"
+proof
+ assume "\<exists>Mi. (\<forall>i. sets (Mi i) = sets M) \<and> (\<forall>i. emeasure (Mi i) (space M) \<le> 1) \<and> (\<forall>A\<in>sets M. M A = (\<Sum>i. (Mi i) A))"
+ then obtain Mi where 1:"\<And>i. sets (Mi i) = sets M" "\<And>i. emeasure (Mi i) (space M) \<le> 1" "(\<forall>A\<in>sets M. M A = (\<Sum>i. (Mi i) A))"
+ by auto
+ thus "s_finite_measure M"
+ by(auto simp: s_finite_measure_def sets_eq_imp_space_eq[OF 1(1)] intro!: finite_measureI exI[where x=Mi]) (metis ennreal_one_less_top linorder_not_le)
+next
+ assume "s_finite_measure M"
+ then obtain Mi' where Mi': "\<And>i. sets (Mi' i) = sets M" "\<And>i. finite_measure (Mi' i)" "\<And>A. A\<in>sets M \<Longrightarrow> M A = (\<Sum>i. Mi' i A)"
+ by (metis s_finite_measure.s_finite_sum)
+ obtain u where u:"\<And>i. u i < \<infinity>" "\<And>i. Mi' i (space M) = u i"
+ using Mi'(2) finite_measure.emeasure_finite top.not_eq_extremum by fastforce
+ define Mmn where "Mmn \<equiv> (\<lambda>(m,n). if n < nat \<lceil>enn2real (u m)\<rceil> then scale_measure (1 / ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>)) (Mi' m) else (sigma (space M) (sets M)))"
+ have sets_Mmn : "sets (Mmn k) = sets M" for k by(simp add: Mmn_def split_beta Mi')
+ have emeasure_Mmn: "(Mmn (m, n)) A = (Mi' m A) / ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>)" if "n < nat \<lceil>enn2real (u m)\<rceil>" "A \<in> sets M" for n m A
+ by(auto simp: Mmn_def that ennreal_divide_times)
+ have emeasure_Mmn_less1: "(Mmn (m, n)) A \<le> 1" for m n A
+ proof (cases "n < nat \<lceil>enn2real (u m)\<rceil> \<and> A \<in> sets M")
+ case h:True
+ have "(Mi' m) A \<le> ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>)"
+ by(rule order.trans[OF emeasure_mono[OF sets.sets_into_space sets.top]]) (insert u(1) h, auto simp: u(2)[symmetric] enn2real_le top.not_eq_extremum sets_eq_imp_space_eq[OF Mi'(1)] Mi'(1))
+ with h show ?thesis
+ by(simp add: emeasure_Mmn) (metis divide_le_posI_ennreal dual_order.eq_iff ennreal_zero_divide mult.right_neutral not_gr_zero zero_le)
+ qed(auto simp: Mmn_def emeasure_sigma emeasure_notin_sets Mi')
+ have Mi'_sum:"Mi' m A = (\<Sum>n. Mmn (m, n) A)" if "A \<in> sets M" for m A
+ proof -
+ have "(\<Sum>n. Mmn (m, n) A) = (\<Sum>n. Mmn (m, n + nat \<lceil>enn2real (u m)\<rceil>) A) + (\<Sum>n< nat \<lceil>enn2real (u m)\<rceil>. Mmn (m, n) A)"
+ by(simp add: suminf_offset[where f="\<lambda>n. Mmn (m, n) A"])
+ also have "... = (\<Sum>n< nat \<lceil>enn2real (u m)\<rceil>. Mmn (m, n) A)"
+ by(simp add: emeasure_sigma Mmn_def)
+ also have "... = (\<Sum>n< nat \<lceil>enn2real (u m)\<rceil>. (Mi' m A) / ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>))"
+ by(rule Finite_Cartesian_Product.sum_cong_aux) (auto simp: emeasure_Mmn that)
+ also have "... = Mi' m A"
+ proof (cases "nat \<lceil>enn2real (u m)\<rceil>")
+ case 0
+ with u[of m] show ?thesis
+ by simp (metis Mi'(1) emeasure_mono enn2real_positive_iff less_le_not_le linorder_less_linear not_less_zero sets.sets_into_space sets.top that)
+ next
+ case (Suc n')
+ then have "ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>) > 0"
+ using ennreal_less_zero_iff by fastforce
+ with u(1)[of m] have "of_nat (nat \<lceil>enn2real (u m)\<rceil>) / ennreal (real_of_int \<lceil>enn2real (u m)\<rceil>) = 1"
+ by (simp add: ennreal_eq_0_iff ennreal_of_nat_eq_real_of_nat)
+ thus ?thesis
+ by (simp add: ennreal_divide_times[symmetric])
+ qed
+ finally show ?thesis ..
+ qed
+ define Mi where "Mi \<equiv> (\<lambda>i. Mmn (prod_decode i))"
+ show "\<exists>Mi. (\<forall>i. sets (Mi i) = sets M) \<and> (\<forall>i. emeasure (Mi i) (space M) \<le> 1) \<and> (\<forall>A\<in>sets M. M A = (\<Sum>i. (Mi i) A))"
+ by(auto intro!: exI[where x=Mi] simp: Mi_def sets_Mmn suminf_ennreal_2dimen[OF Mi'_sum] Mi'(3)) (metis emeasure_Mmn_less1 prod_decode_aux.cases)
+qed
+
+lemma(in s_finite_measure) finite_measures:
+ obtains Mi where "\<And>i. sets (Mi i) = sets M" "\<And>i. (Mi i) (space M) \<le> 1" "\<And>A. M A = (\<Sum>i. Mi i A)"
+proof -
+ obtain Mi where Mi:"\<And>i. sets (Mi i) = sets M" "\<And>i. (Mi i) (space M) \<le> 1" "\<And>A. A \<in> sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)"
+ using s_finite_measure_axioms by(metis s_finite_measure_subprob_space)
+ hence "M A = (\<Sum>i. Mi i A)" for A
+ by(cases "A \<in> sets M") (auto simp: emeasure_notin_sets)
+ with Mi(1,2) show ?thesis
+ using that by blast
+qed
+
+lemma(in s_finite_measure) finite_measures_ne:
+ assumes "space M \<noteq> {}"
+ obtains Mi where "\<And>i. sets (Mi i) = sets M" "\<And>i. subprob_space (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by (metis assms finite_measures sets_eq_imp_space_eq subprob_spaceI)
+
+lemma(in s_finite_measure) finite_measures':
+ obtains Mi where "\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by (metis ennreal_top_neq_one finite_measureI finite_measures infinity_ennreal_def sets_eq_imp_space_eq top.extremum_uniqueI)
+
+lemma(in s_finite_measure) s_finite_measure_distr:
+ assumes f[measurable]:"f \<in> M \<rightarrow>\<^sub>M N"
+ shows "s_finite_measure (distr M N f)"
+proof -
+ obtain Mi where Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis finite_measures')
+ show ?thesis
+ by(auto intro!: s_finite_measureI[where Mi="(\<lambda>i. distr (Mi i) N f)"] finite_measure.finite_measure_distr[OF Mi(2)] simp: emeasure_distr Mi(3) sets_eq_imp_space_eq[OF Mi(1)])
+qed
+
+lemma nn_integral_measure_suminf:
+ assumes [measurable_cong]:"\<And>i. sets (Mi i) = sets M" and "\<And>A. A\<in>sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)" "f \<in> borel_measurable M"
+ shows "(\<Sum>i. \<integral>\<^sup>+x. f x \<partial>(Mi i)) = (\<integral>\<^sup>+x. f x \<partial>M)"
+ using assms(3)
+proof induction
+ case (cong f g)
+ then show ?case
+ by (metis (no_types, lifting) assms(1) nn_integral_cong sets_eq_imp_space_eq suminf_cong)
+next
+ case (set A)
+ then show ?case
+ using assms(1,2) by simp
+next
+ case (mult u c)
+ then show ?case
+ by(simp add: nn_integral_cmult)
+next
+ case (add u v)
+ then show ?case
+ by(simp add: nn_integral_add suminf_add[symmetric])
+next
+ case ih:(seq U)
+ have "(\<Sum>i. integral\<^sup>N (Mi i) (\<Squnion> range U)) = (\<Sum>i. \<integral>\<^sup>+ x. (\<Squnion>j. U j x) \<partial>(Mi i))"
+ by(auto intro!: suminf_cong) (metis SUP_apply)
+ also have "... = (\<Sum>i. \<Squnion>j. \<integral>\<^sup>+ x. U j x \<partial>(Mi i))"
+ using ih by(auto intro!: suminf_cong nn_integral_monotone_convergence_SUP)
+ also have "... = (\<Squnion>j. (\<Sum>i. \<integral>\<^sup>+ x. U j x \<partial>(Mi i)))"
+ using ih(3) by(auto intro!: ennreal_suminf_SUP_eq incseq_nn_integral)
+ also have "... = (\<Squnion>j. integral\<^sup>N M (U j))"
+ by(simp add: ih)
+ also have "... = (\<integral>\<^sup>+ x. (\<Squnion>j. U j x) \<partial>M)"
+ using ih by(auto intro!: nn_integral_monotone_convergence_SUP[symmetric])
+ also have "... = integral\<^sup>N M (\<Squnion> range U)"
+ by(metis SUP_apply)
+ finally show ?case .
+qed
+
+text \<open> A @{term \<open>density M f\<close>} of $s$-finite measure @{term M} and @{term \<open>f \<in> borel_measurable M\<close>} is again s-finite.
+ We do not require additional assumption, unlike $\sigma$-finite measures.\<close>
+lemma(in s_finite_measure) s_finite_measure_density:
+ assumes f[measurable]:"f \<in> borel_measurable M"
+ shows "s_finite_measure (density M f)"
+proof -
+ obtain Mi where Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis finite_measures')
+ show ?thesis
+ proof(rule s_finite_measure_s_finite_sumI[where Mi="\<lambda>i. density (Mi i) f"])
+ show "s_finite_measure (density (Mi i) f)" for i
+ proof -
+ define Mij where "Mij = (\<lambda>j::nat. if j = 0 then density (Mi i) (\<lambda>x. \<infinity> * indicator {x\<in>space M. f x = \<infinity>} x)
+ else if j = 1 then density (Mi i) (\<lambda>x. f x * indicator {x\<in>space M. f x < \<infinity>} x)
+ else null_measure M)"
+ have sets_Mij[measurable_cong]: "sets (Mij j) = sets M" for j
+ by(auto simp: Mij_def Mi)
+ have emeasure_Mi:"density (Mi i) f A = (\<Sum>j. Mij j A)" (is "?lhs = ?rhs") if A[measurable]: "A \<in> sets M" for A
+ proof -
+ have "?lhs = (\<integral>\<^sup>+x \<in> A. f x \<partial>Mi i)"
+ by(simp add: emeasure_density)
+ also have "... = (\<integral>\<^sup>+x. \<infinity> * indicator {x\<in>space M. f x = \<infinity>} x * indicator A x + f x * indicator {x\<in>space M. f x < \<infinity>} x * indicator A x \<partial>Mi i)"
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF Mi(1)] indicator_def) (simp add: top.not_eq_extremum)
+ also have "... = density (Mi i) (\<lambda>x. \<infinity> * indicator {x\<in>space M. f x = \<infinity>} x) A + density (Mi i) (\<lambda>x. f x * indicator {x\<in>space M. f x < \<infinity>} x) A"
+ by(simp add: nn_integral_add emeasure_density)
+ also have "... = ?rhs"
+ using suminf_finite[of "{..<Suc (Suc 0)}" "\<lambda>j. Mij j A"] by(auto simp: Mij_def)
+ finally show ?thesis .
+ qed
+ show ?thesis
+ proof(rule s_finite_measure_s_finite_sumI[OF _ _ emeasure_Mi])
+ fix j :: nat
+ consider "j = 0" | "j = 1" | "j \<noteq> 0" "j \<noteq> 1" by auto
+ then show "s_finite_measure (Mij j)"
+ proof cases
+ case 1
+ have 2:"Mij j A = (\<Sum>k. density (Mi i) (indicator {x\<in>space M. f x = \<top>}) A)" if A[measurable]:"A \<in> sets M" for A
+ by(auto simp: Mij_def 1 emeasure_density nn_integral_suminf[symmetric] sets_eq_imp_space_eq[OF Mi(1)] indicator_def intro!: nn_integral_cong) (simp add: nn_integral_count_space_nat[symmetric])
+ show ?thesis
+ by(auto simp: s_finite_measure_def 2 Mi(1)[of i] sets_Mij[of j] intro!: exI[where x="\<lambda>k. density (Mi i) (indicator {x\<in>space M. f x = \<infinity>})"] finite_measure.finite_measure_restricted Mi(2))
+ next
+ case 2
+ show ?thesis
+ by(auto intro!: sigma_finite_measure.s_finite_measure AE_mono_measure[OF Mi(1)] sum_le_suminf[where I="{i}" and f="\<lambda>i. Mi i _",simplified] simp: sigma_finite_measure.sigma_finite_iff_density_finite[OF finite_measure.sigma_finite_measure[OF Mi(2)[of i]]] le_measure[OF Mi(1)] Mi indicator_def 2 Mij_def) auto
+ next
+ case 3
+ then show ?thesis
+ by(auto simp: Mij_def intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+ qed
+ qed(auto simp: sets_Mij Mi)
+ qed
+ qed(auto simp: emeasure_density nn_integral_measure_suminf[OF Mi(1,3)] Mi(1))
+qed
+
+lemma
+ fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
+ assumes [measurable_cong]:"\<And>i. sets (Mi i) = sets M" and "\<And>A. A\<in>sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)" "integrable M f"
+ shows lebesgue_integral_measure_suminf:"(\<Sum>i. \<integral>x. f x \<partial>(Mi i)) = (\<integral>x. f x \<partial>M)" (is "?suminf")
+ and lebesgue_integral_measure_suminf_summable_norm: "summable (\<lambda>i. norm (\<integral>x. f x \<partial>(Mi i)))" (is "?summable2")
+ and lebesgue_integral_measure_suminf_summable_norm_in: "summable (\<lambda>i. \<integral>x. norm (f x) \<partial>(Mi i))" (is "?summable")
+proof -
+ have Mi:"Mi i \<le> M" for i
+ using assms(2) ennreal_suminf_lessD linorder_not_le by(fastforce simp: assms(1) le_measure[OF assms(1)])
+ have sum2: "summable (\<lambda>i. norm (\<integral>x. g x \<partial>(Mi i)))" if "summable (\<lambda>i. \<integral>x. norm (g x) \<partial>(Mi i))" for g :: "'a \<Rightarrow> 'b"
+ proof(rule summable_suminf_not_top)
+ have "(\<Sum>i. ennreal (norm (\<integral>x. g x \<partial>(Mi i)))) \<le> (\<Sum>i. ennreal (\<integral>x. norm (g x) \<partial>(Mi i)))"
+ by(auto intro!: suminf_le)
+ thus "(\<Sum>i. ennreal (norm (\<integral>x. g x \<partial>(Mi i)))) \<noteq> \<top>"
+ by (metis ennreal_suminf_neq_top[OF that] Bochner_Integration.integral_nonneg neq_top_trans norm_ge_zero)
+ qed simp
+ have "?suminf \<and> ?summable"
+ using assms(3)
+ proof induction
+ case h[measurable]:(base A c)
+ have Mi_fin:"Mi i A < \<infinity>" for i
+ by(rule order.strict_trans1[OF _ h(2)], auto simp: le_measureD3[OF Mi assms(1)])
+ have 1: "(\<integral>x. (indicat_real A x *\<^sub>R c) \<partial>Mi i) = measure (Mi i) A *\<^sub>R c" for i
+ using Mi_fin by simp
+ have 2:"summable (\<lambda>i. \<integral>x. norm (indicat_real A x *\<^sub>R c) \<partial>Mi i)"
+ proof(rule summable_suminf_not_top)
+ show "(\<Sum>i. ennreal (\<integral>x. norm (indicat_real A x *\<^sub>R c) \<partial>Mi i)) \<noteq> \<top>" (is "?l \<noteq> _")
+ proof -
+ have "?l = (\<Sum>i. Mi i A ) * norm c"
+ using Mi_fin by(auto intro!: suminf_cong simp: measure_def enn2real_mult ennreal_mult)
+ also have "... = M A * norm c"
+ by(simp add: assms(2))
+ also have "... \<noteq> \<top>"
+ using h(2) by (simp add: ennreal_mult_less_top top.not_eq_extremum)
+ finally show ?thesis .
+ qed
+ qed simp
+ have 3: "(\<Sum>i. \<integral>x. indicat_real A x *\<^sub>R c \<partial>Mi i) = (\<integral>x. indicat_real A x *\<^sub>R c \<partial>M)" (is "?l = ?r")
+ proof -
+ have [simp]: "summable (\<lambda>i. enn2real (Mi i A))"
+ using Mi_fin h by(auto intro!: summable_suminf_not_top simp: assms(2)[symmetric])
+ have "?l = (\<Sum>i. measure (Mi i) A) *\<^sub>R c"
+ by(auto intro!: suminf_cong simp: 1 measure_def suminf_scaleR_left)
+ also have "... = ?r"
+ using h(2) Mi_fin by(simp add: ennreal_inj[where a="(\<Sum>i. measure (Mi i) A)" and b="measure M A",OF suminf_nonneg measure_nonneg,symmetric,simplified measure_def] measure_def suminf_ennreal2[symmetric] assms(2)[symmetric])
+ finally show ?thesis .
+ qed
+ from 2 3 show ?case by simp
+ next
+ case ih[measurable]:(add f g)
+ have 1:"summable (\<lambda>i. \<integral>x. norm (f x + g x) \<partial>Mi i)"
+ proof(rule summable_suminf_not_top)
+ show "(\<Sum>i. ennreal (\<integral>x. norm (f x + g x) \<partial>Mi i)) \<noteq> \<top>" (is "?l \<noteq> _")
+ proof -
+ have "?l = (\<Sum>i. (\<integral>\<^sup>+x. ennreal (norm (f x + g x)) \<partial>Mi i))"
+ using ih by(auto intro!: suminf_cong nn_integral_eq_integral[symmetric] integrable_mono_measure[OF assms(1) Mi])
+ also have "... \<le> (\<Sum>i. (\<integral>\<^sup>+x. ennreal (norm (f x) + norm (g x)) \<partial>Mi i))"
+ by(auto intro!: suminf_le nn_integral_mono norm_triangle_ineq simp del: ennreal_plus)
+ also have "... = (\<Sum>i. (\<integral>\<^sup>+x. ennreal (norm (f x)) \<partial>Mi i)) + (\<Sum>i. (\<integral>\<^sup>+x. ennreal (norm (g x)) \<partial>Mi i))"
+ by(auto intro!: suminf_cong simp: nn_integral_add suminf_add)
+ also have "... = (\<Sum>i. ennreal (\<integral>x. norm (f x) \<partial>Mi i)) + (\<Sum>i. ennreal (\<integral>x. norm (g x) \<partial>Mi i))"
+ using ih by(simp add: nn_integral_eq_integral integrable_mono_measure[OF assms(1) Mi])
+ also have "... < \<top>"
+ using ennreal_suminf_neq_top[OF conjunct2[OF ih(3)]] ennreal_suminf_neq_top[OF conjunct2[OF ih(4)]]
+ by (meson Bochner_Integration.integral_nonneg ennreal_add_eq_top norm_ge_zero top.not_eq_extremum)
+ finally show ?thesis
+ using order.strict_iff_order by blast
+ qed
+ qed simp
+ with ih show ?case
+ by(auto simp: Bochner_Integration.integral_add[OF integrable_mono_measure[OF assms(1) Mi ih(1)] integrable_mono_measure[OF assms(1) Mi ih(2)]] suminf_add[symmetric,OF summable_norm_cancel[OF sum2[OF conjunct2[OF ih(3)]]] summable_norm_cancel[OF sum2[OF conjunct2[OF ih(4)]]]])
+ next
+ case ih[measurable]:(lim f fn)
+ have 1:"summable (\<lambda>i. \<integral>x. norm (f x) \<partial>(Mi i))"
+ proof(rule summable_suminf_not_top)
+ show "(\<Sum>i. ennreal (\<integral>x. norm (f x) \<partial>(Mi i))) \<noteq> \<top>" (is "?lhs \<noteq> _")
+ proof -
+ have "?lhs = (\<Sum>i. \<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>Mi i)"
+ by(auto intro!: suminf_cong nn_integral_eq_integral[symmetric] integrable_mono_measure[OF assms(1) Mi] simp: ih)
+ also have "... = (\<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>M)"
+ by(simp add: nn_integral_measure_suminf[OF assms(1,2)])
+ also have "... = ennreal (\<integral> x. norm (f x) \<partial>M)"
+ by(auto intro!: nn_integral_eq_integral ih(4))
+ also have "... < \<top>" by simp
+ finally show "?lhs \<noteq> \<top>"
+ using linorder_neq_iff by blast
+ qed
+ qed simp
+ have "(\<Sum>i. \<integral>x. f x \<partial>(Mi i)) = (\<integral>i. \<integral>x. f x \<partial>(Mi i) \<partial>(count_space UNIV))"
+ by(rule integral_count_space_nat[symmetric]) (simp add: integrable_count_space_nat_iff sum2[OF 1])
+ also have "... = lim (\<lambda>m. \<integral>i. \<integral>x. fn m x \<partial>(Mi i) \<partial>(count_space UNIV))"
+ proof(rule limI[OF integral_dominated_convergence[where w="\<lambda>i. 2 * (\<integral>x. norm (f x) \<partial>(Mi i))"],symmetric],auto simp: AE_count_space integrable_count_space_nat_iff 1)
+ show "(\<lambda>m. \<integral>x. fn m x \<partial>(Mi i)) \<longlonglongrightarrow> \<integral>x. f x \<partial>(Mi i)" for i
+ by(rule integral_dominated_convergence[where w="\<lambda>x. 2 * norm (f x)"],insert ih) (auto intro!: integrable_mono_measure[OF assms(1) Mi] simp: sets_eq_imp_space_eq[OF assms(1)])
+ next
+ fix i j
+ show "norm (\<integral>x. fn j x \<partial>(Mi i)) \<le> 2 * (\<integral>x. norm (f x) \<partial>(Mi i))" (is "?l \<le> ?r")
+ proof -
+ have "?l \<le> (\<integral>x. norm (fn j x) \<partial>(Mi i))"
+ by simp
+ also have "... \<le> (\<integral>x. 2 * norm (f x) \<partial>(Mi i))"
+ by(rule integral_mono,insert ih) (auto intro!: integrable_mono_measure[OF assms(1) Mi] simp: sets_eq_imp_space_eq[OF assms(1)])
+ finally show "?l \<le> ?r" by simp
+ qed
+ qed
+ also have "... = lim (\<lambda>m. (\<Sum>i. \<integral>x. fn m x \<partial>(Mi i)))"
+ proof -
+ have "(\<integral>i. \<integral>x. fn m x \<partial>(Mi i) \<partial>(count_space UNIV)) = (\<Sum>i. \<integral>x. fn m x \<partial>(Mi i))" for m
+ by(auto intro!: integral_count_space_nat sum2 simp: integrable_count_space_nat_iff) (use ih(5) in auto)
+ thus ?thesis by simp
+ qed
+ also have "... = lim (\<lambda>m. \<integral>x. fn m x \<partial>M)"
+ by(simp add: ih(5))
+ also have "... = (\<integral>x. f x \<partial>M)"
+ using ih by(auto intro!: limI[OF integral_dominated_convergence[where w="\<lambda>x. 2 * norm (f x)"]])
+ finally show ?case
+ using 1 by auto
+ qed
+ thus ?suminf ?summable ?summable2
+ by(simp_all add: sum2)
+qed
+
+(* Ported from sigma-finite measure.
+ The following proof is easier than the sigma-finite measure version. *)
+lemma (in s_finite_measure) measurable_emeasure_Pair':
+ assumes "Q \<in> sets (N \<Otimes>\<^sub>M M)"
+ shows "(\<lambda>x. emeasure M (Pair x -` Q)) \<in> borel_measurable N" (is "?s Q \<in> _")
+proof -
+ obtain Mi where Mi:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis finite_measures')
+ show ?thesis
+ using Mi(1,2) assms finite_measure.finite_measure_cut_measurable[of "Mi _" Q N]
+ by(simp add: Mi(3))
+qed
+
+lemma (in s_finite_measure) measurable_emeasure'[measurable (raw)]:
+ assumes space: "\<And>x. x \<in> space N \<Longrightarrow> A x \<subseteq> space M"
+ assumes A: "{x\<in>space (N \<Otimes>\<^sub>M M). snd x \<in> A (fst x)} \<in> sets (N \<Otimes>\<^sub>M M)"
+ shows "(\<lambda>x. emeasure M (A x)) \<in> borel_measurable N"
+proof -
+ from space have "\<And>x. x \<in> space N \<Longrightarrow> Pair x -` {x \<in> space (N \<Otimes>\<^sub>M M). snd x \<in> A (fst x)} = A x"
+ by (auto simp: space_pair_measure)
+ with measurable_emeasure_Pair'[OF A] show ?thesis
+ by (auto cong: measurable_cong)
+qed
+
+
+lemma(in s_finite_measure) emeasure_pair_measure':
+ assumes "X \<in> sets (N \<Otimes>\<^sub>M M)"
+ shows "emeasure (N \<Otimes>\<^sub>M M) X = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. indicator X (x, y) \<partial>M \<partial>N)" (is "_ = ?\<mu> X")
+proof (rule emeasure_measure_of[OF pair_measure_def])
+ show "positive (sets (N \<Otimes>\<^sub>M M)) ?\<mu>"
+ by (auto simp: positive_def)
+ have eq[simp]: "\<And>A x y. indicator A (x, y) = indicator (Pair x -` A) y"
+ by (auto simp: indicator_def)
+ show "countably_additive (sets (N \<Otimes>\<^sub>M M)) ?\<mu>"
+ proof (rule countably_additiveI)
+ fix F :: "nat \<Rightarrow> ('b \<times> 'a) set" assume F: "range F \<subseteq> sets (N \<Otimes>\<^sub>M M)" "disjoint_family F"
+ from F have *: "\<And>i. F i \<in> sets (N \<Otimes>\<^sub>M M)" by auto
+ moreover have "\<And>x. disjoint_family (\<lambda>i. Pair x -` F i)"
+ by (intro disjoint_family_on_bisimulation[OF F(2)]) auto
+ moreover have "\<And>x. range (\<lambda>i. Pair x -` F i) \<subseteq> sets M"
+ using F by (auto simp: sets_Pair1)
+ ultimately show "(\<Sum>n. ?\<mu> (F n)) = ?\<mu> (\<Union>i. F i)"
+ by (auto simp add: nn_integral_suminf[symmetric] vimage_UN suminf_emeasure
+ intro!: nn_integral_cong nn_integral_indicator[symmetric])
+ qed
+ show "{a \<times> b |a b. a \<in> sets N \<and> b \<in> sets M} \<subseteq> Pow (space N \<times> space M)"
+ using sets.space_closed[of N] sets.space_closed[of M] by auto
+qed fact
+
+lemma (in s_finite_measure) emeasure_pair_measure_alt':
+ assumes X: "X \<in> sets (N \<Otimes>\<^sub>M M)"
+ shows "emeasure (N \<Otimes>\<^sub>M M) X = (\<integral>\<^sup>+x. emeasure M (Pair x -` X) \<partial>N)"
+proof -
+ have [simp]: "\<And>x y. indicator X (x, y) = indicator (Pair x -` X) y"
+ by (auto simp: indicator_def)
+ show ?thesis
+ using X by (auto intro!: nn_integral_cong simp: emeasure_pair_measure' sets_Pair1)
+qed
+
+proposition (in s_finite_measure) emeasure_pair_measure_Times':
+ assumes A: "A \<in> sets N" and B: "B \<in> sets M"
+ shows "emeasure (N \<Otimes>\<^sub>M M) (A \<times> B) = emeasure N A * emeasure M B"
+proof -
+ have "emeasure (N \<Otimes>\<^sub>M M) (A \<times> B) = (\<integral>\<^sup>+x. emeasure M B * indicator A x \<partial>N)"
+ using A B by (auto intro!: nn_integral_cong simp: emeasure_pair_measure_alt')
+ also have "\<dots> = emeasure M B * emeasure N A"
+ using A by (simp add: nn_integral_cmult_indicator)
+ finally show ?thesis
+ by (simp add: ac_simps)
+qed
+
+lemma(in s_finite_measure) measure_times:
+ assumes[measurable]: "A \<in> sets N" "B \<in> sets M"
+ shows "measure (N \<Otimes>\<^sub>M M) (A \<times> B) = measure N A * measure M B"
+ by(auto simp: measure_def emeasure_pair_measure_Times' enn2real_mult)
+
+lemma pair_measure_s_finite_measure_suminf:
+ assumes Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ and Ni[measurable_cong]:"\<And>i. sets (Ni i) = sets N" "\<And>i. finite_measure (Ni i)" "\<And>A. N A = (\<Sum>i. Ni i A)"
+ shows "(M \<Otimes>\<^sub>M N) A = (\<Sum>i j. (Mi i \<Otimes>\<^sub>M Ni j) A)" (is "?lhs = ?rhs")
+proof -
+ interpret N: s_finite_measure N
+ by(auto intro!: s_finite_measureI[where Mi=Mi] s_finite_measureI[where Mi=Ni] assms)
+ show ?thesis
+ proof(cases "A \<in> sets (M \<Otimes>\<^sub>M N)")
+ case [measurable]:True
+ show ?thesis
+ proof -
+ have "?lhs = (\<integral>\<^sup>+x. N (Pair x -` A) \<partial>M)"
+ by(simp add: N.emeasure_pair_measure_alt')
+ also have "... = (\<Sum>i. \<integral>\<^sup>+x. N (Pair x -` A) \<partial>Mi i)"
+ using N.measurable_emeasure_Pair'[of A]
+ by(auto intro!: nn_integral_measure_suminf[OF Mi(1,3),symmetric])
+ also have "... = (\<Sum>i. \<integral>\<^sup>+x. (\<Sum>j. Ni j (Pair x -` A)) \<partial>Mi i)"
+ by(simp add: Ni(3))
+ also have "... = (\<Sum>i j. \<integral>\<^sup>+x. Ni j (Pair x -` A) \<partial>Mi i)"
+ using s_finite_measure.measurable_emeasure_Pair'[OF finite_measure.s_finite_measure_finite_measure[OF Ni(2)],of A]
+ by(auto simp: nn_integral_suminf intro!: suminf_cong)
+ also have "... = ?rhs"
+ by(auto intro!: suminf_cong simp: s_finite_measure.emeasure_pair_measure_alt'[OF finite_measure.s_finite_measure_finite_measure[OF Ni(2)]])
+ finally show ?thesis .
+ qed
+ next
+ case False
+ with Mi(1) Ni(1) show ?thesis
+ by(simp add: emeasure_notin_sets)
+ qed
+qed
+
+lemma pair_measure_s_finite_measure_suminf':
+ assumes Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ and Ni[measurable_cong]:"\<And>i. sets (Ni i) = sets N" "\<And>i. finite_measure (Ni i)" "\<And>A. N A = (\<Sum>i. Ni i A)"
+ shows "(M \<Otimes>\<^sub>M N) A = (\<Sum>i j. (Mi j \<Otimes>\<^sub>M Ni i) A)" (is "?lhs = ?rhs")
+proof -
+ interpret N: s_finite_measure N
+ by(auto intro!: s_finite_measureI[where Mi=Mi] s_finite_measureI[where Mi=Ni] assms)
+ show ?thesis
+ proof(cases "A \<in> sets (M \<Otimes>\<^sub>M N)")
+ case [measurable]:True
+ show ?thesis
+ proof -
+ have "?lhs = (\<integral>\<^sup>+x. N (Pair x -` A) \<partial>M)"
+ by(simp add: N.emeasure_pair_measure_alt')
+ also have "... = (\<integral>\<^sup>+x. (\<Sum>i. Ni i (Pair x -` A)) \<partial>M)"
+ by(auto intro!: nn_integral_cong simp: Ni)
+ also have "... = (\<Sum>i. (\<integral>\<^sup>+x. Ni i (Pair x -` A) \<partial>M))"
+ by(auto intro!: nn_integral_suminf simp: finite_measure.finite_measure_cut_measurable[OF Ni(2)])
+ also have "... = (\<Sum>i j. \<integral>\<^sup>+x. Ni i (Pair x -` A) \<partial>Mi j)"
+ by(auto intro!: suminf_cong nn_integral_measure_suminf[symmetric] simp: finite_measure.finite_measure_cut_measurable[OF Ni(2)] Mi)
+ also have "... = ?rhs"
+ by(auto intro!: suminf_cong simp: s_finite_measure.emeasure_pair_measure_alt'[OF finite_measure.s_finite_measure_finite_measure[OF Ni(2)]])
+ finally show ?thesis .
+ qed
+ next
+ case False
+ with Mi(1) Ni(1) show ?thesis
+ by(simp add: emeasure_notin_sets)
+ qed
+qed
+
+lemma pair_measure_s_finite_measure:
+ assumes "s_finite_measure M" and "s_finite_measure N"
+ shows "s_finite_measure (M \<Otimes>\<^sub>M N)"
+proof -
+ obtain Mi where Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis s_finite_measure.finite_measures'[OF assms(1)])
+ obtain Ni where Ni[measurable_cong]:"\<And>i. sets (Ni i) = sets N" "\<And>i. finite_measure (Ni i)" "\<And>A. N A = (\<Sum>i. Ni i A)"
+ by(metis s_finite_measure.finite_measures'[OF assms(2)])
+ show ?thesis
+ proof(rule s_finite_measure_prodI[where Mij="\<lambda>i j. Mi i \<Otimes>\<^sub>M Ni j"])
+ show "emeasure (Mi i \<Otimes>\<^sub>M Ni j) (space (M \<Otimes>\<^sub>M N)) < \<infinity>" for i j
+ using finite_measure.emeasure_finite[OF Mi(2)[of i]] finite_measure.emeasure_finite[OF Ni(2)[of j]]
+ by(auto simp: sets_eq_imp_space_eq[OF Mi(1)[of i],symmetric] sets_eq_imp_space_eq[OF Ni(1)[of j],symmetric] space_pair_measure s_finite_measure.emeasure_pair_measure_Times'[OF finite_measure.s_finite_measure_finite_measure[OF Ni(2)[of j]]] ennreal_mult_less_top top.not_eq_extremum)
+ qed(auto simp: pair_measure_s_finite_measure_suminf Mi Ni)
+qed
+
+lemma(in s_finite_measure) borel_measurable_nn_integral_fst':
+ assumes [measurable]: "f \<in> borel_measurable (N \<Otimes>\<^sub>M M)"
+ shows "(\<lambda>x. \<integral>\<^sup>+ y. f (x, y) \<partial>M) \<in> borel_measurable N"
+proof -
+ obtain Mi where Mi[measurable_cong]:"\<And>i. sets (Mi i) = sets M" "\<And>i. finite_measure (Mi i)" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis finite_measures')
+ show ?thesis
+ by(rule measurable_cong[where g="\<lambda>x. \<Sum>i. \<integral>\<^sup>+ y. f (x, y) \<partial>Mi i",THEN iffD2])
+ (auto simp: nn_integral_measure_suminf[OF Mi(1,3)] intro!: borel_measurable_suminf_order sigma_finite_measure.borel_measurable_nn_integral_fst[OF finite_measure.sigma_finite_measure[OF Mi(2)]])
+qed
+
+lemma (in s_finite_measure) nn_integral_fst':
+ assumes f: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)"
+ shows "(\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. f (x, y) \<partial>M \<partial>M1) = integral\<^sup>N (M1 \<Otimes>\<^sub>M M) f" (is "?I f = _")
+ using f proof induct
+ case (cong u v)
+ then have "?I u = ?I v"
+ by (intro nn_integral_cong) (auto simp: space_pair_measure)
+ with cong show ?case
+ by (simp cong: nn_integral_cong)
+qed (simp_all add: emeasure_pair_measure' nn_integral_cmult nn_integral_add
+ nn_integral_monotone_convergence_SUP measurable_compose_Pair1
+ borel_measurable_nn_integral_fst' nn_integral_mono incseq_def le_fun_def image_comp
+ cong: nn_integral_cong)
+
+lemma (in s_finite_measure) borel_measurable_nn_integral'[measurable (raw)]:
+ "case_prod f \<in> borel_measurable (N \<Otimes>\<^sub>M M) \<Longrightarrow> (\<lambda>x. \<integral>\<^sup>+ y. f x y \<partial>M) \<in> borel_measurable N"
+ using borel_measurable_nn_integral_fst'[of "case_prod f" N] by simp
+
+lemma distr_pair_swap_s_finite:
+ assumes "s_finite_measure M1" and "s_finite_measure M2"
+ shows "M1 \<Otimes>\<^sub>M M2 = distr (M2 \<Otimes>\<^sub>M M1) (M1 \<Otimes>\<^sub>M M2) (\<lambda>(x, y). (y, x))" (is "?P = ?D")
+proof -
+ {
+ from s_finite_measure.finite_measures'[OF assms(1)] s_finite_measure.finite_measures'[OF assms(2)]
+ obtain Mi1 Mi2
+ where Mi1:"\<And>i. sets (Mi1 i) = sets M1" "\<And>i. finite_measure (Mi1 i)" "\<And>A. M1 A = (\<Sum>i. Mi1 i A)"
+ and Mi2:"\<And>i. sets (Mi2 i) = sets M2" "\<And>i. finite_measure (Mi2 i)" "\<And>A. M2 A = (\<Sum>i. Mi2 i A)"
+ by metis
+ fix A
+ assume A[measurable]:"A \<in> sets (M1 \<Otimes>\<^sub>M M2)"
+ have "emeasure (M1 \<Otimes>\<^sub>M M2) A = emeasure (M2 \<Otimes>\<^sub>M M1) ((\<lambda>(x, y). (y, x)) -` A \<inter> space (M2 \<Otimes>\<^sub>M M1))"
+ proof -
+ {
+ fix i j
+ interpret pair_sigma_finite "Mi1 i" "Mi2 j"
+ by(auto simp: pair_sigma_finite_def Mi1(2) Mi2(2) finite_measure.sigma_finite_measure)
+ have "emeasure (Mi1 i \<Otimes>\<^sub>M Mi2 j) A = emeasure (Mi2 j \<Otimes>\<^sub>M Mi1 i) ((\<lambda>(x, y). (y, x)) -` A \<inter> space (M2 \<Otimes>\<^sub>M M1))"
+ using Mi1(1) Mi2(1) by(simp add: arg_cong[OF distr_pair_swap,of emeasure] emeasure_distr sets_eq_imp_space_eq[OF sets_pair_measure_cong[OF Mi2(1) Mi1(1)]])
+ }
+ thus ?thesis
+ by(auto simp: pair_measure_s_finite_measure_suminf'[OF Mi2 Mi1] pair_measure_s_finite_measure_suminf[OF Mi1 Mi2] intro!: suminf_cong)
+ qed
+ }
+ thus ?thesis
+ by(auto intro!: measure_eqI simp: emeasure_distr)
+qed
+
+proposition nn_integral_snd':
+ assumes "s_finite_measure M1" "s_finite_measure M2"
+ and f[measurable]: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M2)"
+ shows "(\<integral>\<^sup>+ y. (\<integral>\<^sup>+ x. f (x, y) \<partial>M1) \<partial>M2) = integral\<^sup>N (M1 \<Otimes>\<^sub>M M2) f"
+proof -
+ interpret M1: s_finite_measure M1 by fact
+ interpret M2: s_finite_measure M2 by fact
+ note measurable_pair_swap[OF f]
+ from M1.nn_integral_fst'[OF this]
+ have "(\<integral>\<^sup>+ y. (\<integral>\<^sup>+ x. f (x, y) \<partial>M1) \<partial>M2) = (\<integral>\<^sup>+ (x, y). f (y, x) \<partial>(M2 \<Otimes>\<^sub>M M1))"
+ by simp
+ also have "(\<integral>\<^sup>+ (x, y). f (y, x) \<partial>(M2 \<Otimes>\<^sub>M M1)) = integral\<^sup>N (M1 \<Otimes>\<^sub>M M2) f"
+ by (subst distr_pair_swap_s_finite[OF assms(1,2)]) (auto simp add: nn_integral_distr intro!: nn_integral_cong)
+ finally show ?thesis .
+qed
+
+lemma (in s_finite_measure) borel_measurable_lebesgue_integrable'[measurable (raw)]:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]: "case_prod f \<in> borel_measurable (N \<Otimes>\<^sub>M M)"
+ shows "Measurable.pred N (\<lambda>x. integrable M (f x))"
+proof -
+ have [simp]: "\<And>x. x \<in> space N \<Longrightarrow> integrable M (f x) \<longleftrightarrow> (\<integral>\<^sup>+y. norm (f x y) \<partial>M) < \<infinity>"
+ unfolding integrable_iff_bounded by simp
+ show ?thesis
+ by (simp cong: measurable_cong)
+qed
+
+lemma (in s_finite_measure) measurable_measure'[measurable (raw)]:
+ "(\<And>x. x \<in> space N \<Longrightarrow> A x \<subseteq> space M) \<Longrightarrow>
+ {x \<in> space (N \<Otimes>\<^sub>M M). snd x \<in> A (fst x)} \<in> sets (N \<Otimes>\<^sub>M M) \<Longrightarrow>
+ (\<lambda>x. measure M (A x)) \<in> borel_measurable N"
+ unfolding measure_def by (intro measurable_emeasure' borel_measurable_enn2real) auto
+
+proposition (in s_finite_measure) borel_measurable_lebesgue_integral'[measurable (raw)]:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f[measurable]: "case_prod f \<in> borel_measurable (N \<Otimes>\<^sub>M M)"
+ shows "(\<lambda>x. \<integral>y. f x y \<partial>M) \<in> borel_measurable N"
+proof -
+ from borel_measurable_implies_sequence_metric[OF f, of 0]
+ obtain s where s: "\<And>i. simple_function (N \<Otimes>\<^sub>M M) (s i)"
+ and "\<forall>x\<in>space (N \<Otimes>\<^sub>M M). (\<lambda>i. s i x) \<longlonglongrightarrow> (case x of (x, y) \<Rightarrow> f x y)"
+ and "\<forall>i. \<forall>x\<in>space (N \<Otimes>\<^sub>M M). dist (s i x) 0 \<le> 2 * dist (case x of (x, xa) \<Rightarrow> f x xa) 0"
+ by auto
+ then have *:
+ "\<And>x y. x \<in> space N \<Longrightarrow> y \<in> space M \<Longrightarrow> (\<lambda>i. s i (x, y)) \<longlonglongrightarrow> f x y"
+ "\<And>i x y. x \<in> space N \<Longrightarrow> y \<in> space M \<Longrightarrow> norm (s i (x, y)) \<le> 2 * norm (f x y)"
+ by (auto simp: space_pair_measure)
+
+ have [measurable]: "\<And>i. s i \<in> borel_measurable (N \<Otimes>\<^sub>M M)"
+ by (rule borel_measurable_simple_function) fact
+
+ have "\<And>i. s i \<in> measurable (N \<Otimes>\<^sub>M M) (count_space UNIV)"
+ by (rule measurable_simple_function) fact
+
+ define f' where [abs_def]: "f' i x =
+ (if integrable M (f x) then Bochner_Integration.simple_bochner_integral M (\<lambda>y. s i (x, y)) else 0)" for i x
+
+ { fix i x assume "x \<in> space N"
+ then have "Bochner_Integration.simple_bochner_integral M (\<lambda>y. s i (x, y)) =
+ (\<Sum>z\<in>s i ` (space N \<times> space M). measure M {y \<in> space M. s i (x, y) = z} *\<^sub>R z)"
+ using s[THEN simple_functionD(1)]
+ unfolding simple_bochner_integral_def
+ by (intro sum.mono_neutral_cong_left)
+ (auto simp: eq_commute space_pair_measure image_iff cong: conj_cong) }
+ note eq = this
+
+ show ?thesis
+ proof (rule borel_measurable_LIMSEQ_metric)
+ fix i show "f' i \<in> borel_measurable N"
+ unfolding f'_def by (simp_all add: eq cong: measurable_cong if_cong)
+ next
+ fix x assume x: "x \<in> space N"
+ { assume int_f: "integrable M (f x)"
+ have int_2f: "integrable M (\<lambda>y. 2 * norm (f x y))"
+ by (intro integrable_norm integrable_mult_right int_f)
+ have "(\<lambda>i. integral\<^sup>L M (\<lambda>y. s i (x, y))) \<longlonglongrightarrow> integral\<^sup>L M (f x)"
+ proof (rule integral_dominated_convergence)
+ from int_f show "f x \<in> borel_measurable M" by auto
+ show "\<And>i. (\<lambda>y. s i (x, y)) \<in> borel_measurable M"
+ using x by simp
+ show "AE xa in M. (\<lambda>i. s i (x, xa)) \<longlonglongrightarrow> f x xa"
+ using x * by auto
+ show "\<And>i. AE xa in M. norm (s i (x, xa)) \<le> 2 * norm (f x xa)"
+ using x * by auto
+ qed fact
+ moreover
+ { fix i
+ have "Bochner_Integration.simple_bochner_integrable M (\<lambda>y. s i (x, y))"
+ proof (rule simple_bochner_integrableI_bounded)
+ have "(\<lambda>y. s i (x, y)) ` space M \<subseteq> s i ` (space N \<times> space M)"
+ using x by auto
+ then show "simple_function M (\<lambda>y. s i (x, y))"
+ using simple_functionD(1)[OF s(1), of i] x
+ by (intro simple_function_borel_measurable)
+ (auto simp: space_pair_measure dest: finite_subset)
+ have "(\<integral>\<^sup>+ y. ennreal (norm (s i (x, y))) \<partial>M) \<le> (\<integral>\<^sup>+ y. 2 * norm (f x y) \<partial>M)"
+ using x * by (intro nn_integral_mono) auto
+ also have "(\<integral>\<^sup>+ y. 2 * norm (f x y) \<partial>M) < \<infinity>"
+ using int_2f unfolding integrable_iff_bounded by simp
+ finally show "(\<integral>\<^sup>+ xa. ennreal (norm (s i (x, xa))) \<partial>M) < \<infinity>" .
+ qed
+ then have "integral\<^sup>L M (\<lambda>y. s i (x, y)) = Bochner_Integration.simple_bochner_integral M (\<lambda>y. s i (x, y))"
+ by (rule simple_bochner_integrable_eq_integral[symmetric]) }
+ ultimately have "(\<lambda>i. Bochner_Integration.simple_bochner_integral M (\<lambda>y. s i (x, y))) \<longlonglongrightarrow> integral\<^sup>L M (f x)"
+ by simp }
+ then
+ show "(\<lambda>i. f' i x) \<longlonglongrightarrow> integral\<^sup>L M (f x)"
+ unfolding f'_def
+ by (cases "integrable M (f x)") (simp_all add: not_integrable_integral_eq)
+ qed
+qed
+
+lemma integrable_product_swap_s_finite:
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes M1:"s_finite_measure M1" and M2:"s_finite_measure M2"
+ and "integrable (M1 \<Otimes>\<^sub>M M2) f"
+ shows "integrable (M2 \<Otimes>\<^sub>M M1) (\<lambda>(x,y). f (y,x))"
+proof -
+ have *: "(\<lambda>(x,y). f (y,x)) = (\<lambda>x. f (case x of (x,y)\<Rightarrow>(y,x)))" by (auto simp: fun_eq_iff)
+ show ?thesis unfolding *
+ by (rule integrable_distr[OF measurable_pair_swap'])
+ (simp add: distr_pair_swap_s_finite[OF M1 M2,symmetric] assms)
+qed
+
+lemma integrable_product_swap_iff_s_finite:
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes M1:"s_finite_measure M1" and M2:"s_finite_measure M2"
+ shows "integrable (M2 \<Otimes>\<^sub>M M1) (\<lambda>(x,y). f (y,x)) \<longleftrightarrow> integrable (M1 \<Otimes>\<^sub>M M2) f"
+proof -
+ from integrable_product_swap_s_finite[OF M2 M1,of "\<lambda>(x,y). f (y,x)"] integrable_product_swap_s_finite[OF M1 M2,of f]
+ show ?thesis by auto
+qed
+
+lemma integral_product_swap_s_finite:
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes M1:"s_finite_measure M1" and M2:"s_finite_measure M2"
+ and f: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M2)"
+ shows "(\<integral>(x,y). f (y,x) \<partial>(M2 \<Otimes>\<^sub>M M1)) = integral\<^sup>L (M1 \<Otimes>\<^sub>M M2) f"
+proof -
+ have *: "(\<lambda>(x,y). f (y,x)) = (\<lambda>x. f (case x of (x,y)\<Rightarrow>(y,x)))" by (auto simp: fun_eq_iff)
+ show ?thesis unfolding *
+ by (simp add: integral_distr[symmetric, OF measurable_pair_swap' f] distr_pair_swap_s_finite[OF M1 M2,symmetric])
+qed
+
+theorem(in s_finite_measure) Fubini_integrable':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f[measurable]: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)"
+ and integ1: "integrable M1 (\<lambda>x. \<integral> y. norm (f (x, y)) \<partial>M)"
+ and integ2: "AE x in M1. integrable M (\<lambda>y. f (x, y))"
+ shows "integrable (M1 \<Otimes>\<^sub>M M) f"
+proof (rule integrableI_bounded)
+ have "(\<integral>\<^sup>+ p. norm (f p) \<partial>(M1 \<Otimes>\<^sub>M M)) = (\<integral>\<^sup>+ x. (\<integral>\<^sup>+ y. norm (f (x, y)) \<partial>M) \<partial>M1)"
+ by (simp add: nn_integral_fst'[symmetric])
+ also have "\<dots> = (\<integral>\<^sup>+ x. \<bar>\<integral>y. norm (f (x, y)) \<partial>M\<bar> \<partial>M1)"
+ proof(rule nn_integral_cong_AE)
+ show "AE x in M1. (\<integral>\<^sup>+ y. ennreal (norm (f (x, y))) \<partial>M) = ennreal \<bar>LINT y|M. norm (f (x, y))\<bar>"
+ using integ2
+ proof eventually_elim
+ fix x assume "integrable M (\<lambda>y. f (x, y))"
+ then have f: "integrable M (\<lambda>y. norm (f (x, y)))"
+ by simp
+ then have "(\<integral>\<^sup>+y. ennreal (norm (f (x, y))) \<partial>M) = ennreal (LINT y|M. norm (f (x, y)))"
+ by (rule nn_integral_eq_integral) simp
+ also have "\<dots> = ennreal \<bar>LINT y|M. norm (f (x, y))\<bar>"
+ using f by simp
+ finally show "(\<integral>\<^sup>+y. ennreal (norm (f (x, y))) \<partial>M) = ennreal \<bar>LINT y|M. norm (f (x, y))\<bar>" .
+ qed
+ qed
+ also have "\<dots> < \<infinity>"
+ using integ1 by (simp add: integrable_iff_bounded integral_nonneg_AE)
+ finally show "(\<integral>\<^sup>+ p. norm (f p) \<partial>(M1 \<Otimes>\<^sub>M M)) < \<infinity>" .
+qed fact
+
+lemma(in s_finite_measure) emeasure_pair_measure_finite':
+ assumes A: "A \<in> sets (M1 \<Otimes>\<^sub>M M)" and finite: "emeasure (M1 \<Otimes>\<^sub>M M) A < \<infinity>"
+ shows "AE x in M1. emeasure M {y\<in>space M. (x, y) \<in> A} < \<infinity>"
+proof -
+ from emeasure_pair_measure_alt'[OF A] finite
+ have "(\<integral>\<^sup>+ x. emeasure M (Pair x -` A) \<partial>M1) \<noteq> \<infinity>"
+ by simp
+ then have "AE x in M1. emeasure M (Pair x -` A) \<noteq> \<infinity>"
+ by (rule nn_integral_PInf_AE[rotated]) (intro measurable_emeasure_Pair' A)
+ moreover have "\<And>x. x \<in> space M1 \<Longrightarrow> Pair x -` A = {y\<in>space M. (x, y) \<in> A}"
+ using sets.sets_into_space[OF A] by (auto simp: space_pair_measure)
+ ultimately show ?thesis by (auto simp: less_top)
+qed
+
+lemma(in s_finite_measure) AE_integrable_fst''':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f[measurable]: "integrable (M1 \<Otimes>\<^sub>M M) f"
+ shows "AE x in M1. integrable M (\<lambda>y. f (x, y))"
+proof -
+ have "(\<integral>\<^sup>+x. (\<integral>\<^sup>+y. norm (f (x, y)) \<partial>M) \<partial>M1) = (\<integral>\<^sup>+x. norm (f x) \<partial>(M1 \<Otimes>\<^sub>M M))"
+ by (rule nn_integral_fst') simp
+ also have "(\<integral>\<^sup>+x. norm (f x) \<partial>(M1 \<Otimes>\<^sub>M M)) \<noteq> \<infinity>"
+ using f unfolding integrable_iff_bounded by simp
+ finally have "AE x in M1. (\<integral>\<^sup>+y. norm (f (x, y)) \<partial>M) \<noteq> \<infinity>"
+ by (intro nn_integral_PInf_AE borel_measurable_nn_integral')
+ (auto simp: measurable_split_conv)
+ with AE_space show ?thesis
+ by eventually_elim
+ (auto simp: integrable_iff_bounded measurable_compose[OF _ borel_measurable_integrable[OF f]] less_top)
+qed
+
+lemma(in s_finite_measure) integrable_fst_norm':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f[measurable]: "integrable (M1 \<Otimes>\<^sub>M M) f"
+ shows "integrable M1 (\<lambda>x. \<integral>y. norm (f (x, y)) \<partial>M)"
+ unfolding integrable_iff_bounded
+proof
+ show "(\<lambda>x. \<integral> y. norm (f (x, y)) \<partial>M) \<in> borel_measurable M1"
+ by (rule borel_measurable_lebesgue_integral') simp
+ have "(\<integral>\<^sup>+ x. ennreal (norm (\<integral>y. norm (f (x, y)) \<partial>M)) \<partial>M1) = (\<integral>\<^sup>+x. (\<integral>\<^sup>+y. norm (f (x, y)) \<partial>M) \<partial>M1)"
+ using AE_integrable_fst'''[OF f] by (auto intro!: nn_integral_cong_AE simp: nn_integral_eq_integral)
+ also have "(\<integral>\<^sup>+x. (\<integral>\<^sup>+y. norm (f (x, y)) \<partial>M) \<partial>M1) = (\<integral>\<^sup>+x. norm (f x) \<partial>(M1 \<Otimes>\<^sub>M M))"
+ by (rule nn_integral_fst') simp
+ also have "(\<integral>\<^sup>+x. norm (f x) \<partial>(M1 \<Otimes>\<^sub>M M)) < \<infinity>"
+ using f unfolding integrable_iff_bounded by simp
+ finally show "(\<integral>\<^sup>+ x. ennreal (norm (\<integral>y. norm (f (x, y)) \<partial>M)) \<partial>M1) < \<infinity>" .
+qed
+
+lemma(in s_finite_measure) integrable_fst''':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f[measurable]: "integrable (M1 \<Otimes>\<^sub>M M) f"
+ shows "integrable M1 (\<lambda>x. \<integral>y. f (x, y) \<partial>M)"
+ by(auto intro!: Bochner_Integration.integrable_bound[OF integrable_fst_norm'[OF f]])
+
+proposition(in s_finite_measure) integral_fst''':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f: "integrable (M1 \<Otimes>\<^sub>M M) f"
+ shows "(\<integral>x. (\<integral>y. f (x, y) \<partial>M) \<partial>M1) = integral\<^sup>L (M1 \<Otimes>\<^sub>M M) f"
+using f proof induct
+ case (base A c)
+ have A[measurable]: "A \<in> sets (M1 \<Otimes>\<^sub>M M)" by fact
+
+ have eq: "\<And>x y. x \<in> space M1 \<Longrightarrow> indicator A (x, y) = indicator {y\<in>space M. (x, y) \<in> A} y"
+ using sets.sets_into_space[OF A] by (auto split: split_indicator simp: space_pair_measure)
+
+ have int_A: "integrable (M1 \<Otimes>\<^sub>M M) (indicator A :: _ \<Rightarrow> real)"
+ using base by (rule integrable_real_indicator)
+ have "(\<integral> x. \<integral> y. indicator A (x, y) *\<^sub>R c \<partial>M \<partial>M1) = (\<integral>x. measure M {y\<in>space M. (x, y) \<in> A} *\<^sub>R c \<partial>M1)"
+ proof (intro integral_cong_AE)
+ from AE_integrable_fst'''[OF int_A] AE_space
+ show "AE x in M1. (\<integral>y. indicator A (x, y) *\<^sub>R c \<partial>M) = measure M {y\<in>space M. (x, y) \<in> A} *\<^sub>R c"
+ by eventually_elim (simp add: eq integrable_indicator_iff)
+ qed simp_all
+ also have "\<dots> = measure (M1 \<Otimes>\<^sub>M M) A *\<^sub>R c"
+ proof (subst integral_scaleR_left)
+ have "(\<integral>\<^sup>+x. ennreal (measure M {y \<in> space M. (x, y) \<in> A}) \<partial>M1) =
+ (\<integral>\<^sup>+x. emeasure M {y \<in> space M. (x, y) \<in> A} \<partial>M1)"
+ using emeasure_pair_measure_finite'[OF base]
+ by (intro nn_integral_cong_AE, eventually_elim) (simp add: emeasure_eq_ennreal_measure)
+ also have "\<dots> = emeasure (M1 \<Otimes>\<^sub>M M) A"
+ using sets.sets_into_space[OF A]
+ by (subst emeasure_pair_measure_alt')
+ (auto intro!: nn_integral_cong arg_cong[where f="emeasure M"] simp: space_pair_measure)
+ finally have *: "(\<integral>\<^sup>+x. ennreal (measure M {y \<in> space M. (x, y) \<in> A}) \<partial>M1) = emeasure (M1 \<Otimes>\<^sub>M M) A" .
+
+ from base * show "integrable M1 (\<lambda>x. measure M {y \<in> space M. (x, y) \<in> A})"
+ by (simp add: integrable_iff_bounded)
+ then have "(\<integral>x. measure M {y \<in> space M. (x, y) \<in> A} \<partial>M1) =
+ (\<integral>\<^sup>+x. ennreal (measure M {y \<in> space M. (x, y) \<in> A}) \<partial>M1)"
+ by (rule nn_integral_eq_integral[symmetric]) simp
+ also note *
+ finally show "(\<integral>x. measure M {y \<in> space M. (x, y) \<in> A} \<partial>M1) *\<^sub>R c = measure (M1 \<Otimes>\<^sub>M M) A *\<^sub>R c"
+ using base by (simp add: emeasure_eq_ennreal_measure)
+ qed
+ also have "\<dots> = (\<integral> a. indicator A a *\<^sub>R c \<partial>(M1 \<Otimes>\<^sub>M M))"
+ using base by simp
+ finally show ?case .
+next
+ case (add f g)
+ then have [measurable]: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)" "g \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)"
+ by auto
+ have "(\<integral> x. \<integral> y. f (x, y) + g (x, y) \<partial>M \<partial>M1) =
+ (\<integral> x. (\<integral> y. f (x, y) \<partial>M) + (\<integral> y. g (x, y) \<partial>M) \<partial>M1)"
+ apply (rule integral_cong_AE)
+ apply simp_all
+ using AE_integrable_fst'''[OF add(1)] AE_integrable_fst'''[OF add(3)]
+ apply eventually_elim
+ apply simp
+ done
+ also have "\<dots> = (\<integral> x. f x \<partial>(M1 \<Otimes>\<^sub>M M)) + (\<integral> x. g x \<partial>(M1 \<Otimes>\<^sub>M M))"
+ using integrable_fst'''[OF add(1)] integrable_fst'''[OF add(3)] add(2,4) by simp
+ finally show ?case
+ using add by simp
+next
+ case (lim f s)
+ then have [measurable]: "f \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)" "\<And>i. s i \<in> borel_measurable (M1 \<Otimes>\<^sub>M M)"
+ by auto
+
+ show ?case
+ proof (rule LIMSEQ_unique)
+ show "(\<lambda>i. integral\<^sup>L (M1 \<Otimes>\<^sub>M M) (s i)) \<longlonglongrightarrow> integral\<^sup>L (M1 \<Otimes>\<^sub>M M) f"
+ proof (rule integral_dominated_convergence)
+ show "integrable (M1 \<Otimes>\<^sub>M M) (\<lambda>x. 2 * norm (f x))"
+ using lim(5) by auto
+ qed (insert lim, auto)
+ have "(\<lambda>i. \<integral> x. \<integral> y. s i (x, y) \<partial>M \<partial>M1) \<longlonglongrightarrow> \<integral> x. \<integral> y. f (x, y) \<partial>M \<partial>M1"
+ proof (rule integral_dominated_convergence)
+ have "AE x in M1. \<forall>i. integrable M (\<lambda>y. s i (x, y))"
+ unfolding AE_all_countable using AE_integrable_fst'''[OF lim(1)] ..
+ with AE_space AE_integrable_fst'''[OF lim(5)]
+ show "AE x in M1. (\<lambda>i. \<integral> y. s i (x, y) \<partial>M) \<longlonglongrightarrow> \<integral> y. f (x, y) \<partial>M"
+ proof eventually_elim
+ fix x assume x: "x \<in> space M1" and
+ s: "\<forall>i. integrable M (\<lambda>y. s i (x, y))" and f: "integrable M (\<lambda>y. f (x, y))"
+ show "(\<lambda>i. \<integral> y. s i (x, y) \<partial>M) \<longlonglongrightarrow> \<integral> y. f (x, y) \<partial>M"
+ proof (rule integral_dominated_convergence)
+ show "integrable M (\<lambda>y. 2 * norm (f (x, y)))"
+ using f by auto
+ show "AE xa in M. (\<lambda>i. s i (x, xa)) \<longlonglongrightarrow> f (x, xa)"
+ using x lim(3) by (auto simp: space_pair_measure)
+ show "\<And>i. AE xa in M. norm (s i (x, xa)) \<le> 2 * norm (f (x, xa))"
+ using x lim(4) by (auto simp: space_pair_measure)
+ qed (insert x, measurable)
+ qed
+ show "integrable M1 (\<lambda>x. (\<integral> y. 2 * norm (f (x, y)) \<partial>M))"
+ by (intro integrable_mult_right integrable_norm integrable_fst''' lim)
+ fix i show "AE x in M1. norm (\<integral> y. s i (x, y) \<partial>M) \<le> (\<integral> y. 2 * norm (f (x, y)) \<partial>M)"
+ using AE_space AE_integrable_fst'''[OF lim(1), of i] AE_integrable_fst'''[OF lim(5)]
+ proof eventually_elim
+ fix x assume x: "x \<in> space M1"
+ and s: "integrable M (\<lambda>y. s i (x, y))" and f: "integrable M (\<lambda>y. f (x, y))"
+ from s have "norm (\<integral> y. s i (x, y) \<partial>M) \<le> (\<integral>\<^sup>+y. norm (s i (x, y)) \<partial>M)"
+ by (rule integral_norm_bound_ennreal)
+ also have "\<dots> \<le> (\<integral>\<^sup>+y. 2 * norm (f (x, y)) \<partial>M)"
+ using x lim by (auto intro!: nn_integral_mono simp: space_pair_measure)
+ also have "\<dots> = (\<integral>y. 2 * norm (f (x, y)) \<partial>M)"
+ using f by (intro nn_integral_eq_integral) auto
+ finally show "norm (\<integral> y. s i (x, y) \<partial>M) \<le> (\<integral> y. 2 * norm (f (x, y)) \<partial>M)"
+ by simp
+ qed
+ qed simp_all
+ then show "(\<lambda>i. integral\<^sup>L (M1 \<Otimes>\<^sub>M M) (s i)) \<longlonglongrightarrow> \<integral> x. \<integral> y. f (x, y) \<partial>M \<partial>M1"
+ using lim by simp
+ qed
+qed
+
+lemma (in s_finite_measure)
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes f: "integrable (M1 \<Otimes>\<^sub>M M) (case_prod f)"
+ shows AE_integrable_fst'': "AE x in M1. integrable M (\<lambda>y. f x y)"
+ and integrable_fst'': "integrable M1 (\<lambda>x. \<integral>y. f x y \<partial>M)"
+ and integrable_fst_norm: "integrable M1 (\<lambda>x. \<integral>y. norm (f x y) \<partial>M)"
+ and integral_fst'': "(\<integral>x. (\<integral>y. f x y \<partial>M) \<partial>M1) = integral\<^sup>L (M1 \<Otimes>\<^sub>M M) (\<lambda>(x, y). f x y)"
+ using AE_integrable_fst'''[OF f] integrable_fst'''[OF f] integral_fst'''[OF f] integrable_fst_norm'[OF f] by auto
+
+lemma
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes M1:"s_finite_measure M1" and M2:"s_finite_measure M2"
+ and f[measurable]: "integrable (M1 \<Otimes>\<^sub>M M2) (case_prod f)"
+ shows AE_integrable_snd_s_finite: "AE y in M2. integrable M1 (\<lambda>x. f x y)" (is "?AE")
+ and integrable_snd_s_finite: "integrable M2 (\<lambda>y. \<integral>x. f x y \<partial>M1)" (is "?INT")
+ and integrable_snd_norm_s_finite: "integrable M2 (\<lambda>y. \<integral>x. norm (f x y) \<partial>M1)" (is "?INT2")
+ and integral_snd_s_finite: "(\<integral>y. (\<integral>x. f x y \<partial>M1) \<partial>M2) = integral\<^sup>L (M1 \<Otimes>\<^sub>M M2) (case_prod f)" (is "?EQ")
+proof -
+ interpret Q: s_finite_measure M1 by fact
+ have Q_int: "integrable (M2 \<Otimes>\<^sub>M M1) (\<lambda>(x, y). f y x)"
+ using f unfolding integrable_product_swap_iff_s_finite[OF M1 M2,symmetric] by simp
+ show ?AE using Q.AE_integrable_fst'''[OF Q_int] by simp
+ show ?INT using Q.integrable_fst'''[OF Q_int] by simp
+ show ?INT2 using Q.integrable_fst_norm[OF Q_int] by simp
+ show ?EQ using Q.integral_fst'''[OF Q_int]
+ using integral_product_swap_s_finite[OF M1 M2,of "case_prod f"] by simp
+qed
+
+proposition Fubini_integral':
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _ :: {banach, second_countable_topology}"
+ assumes M1:"s_finite_measure M1" and M2:"s_finite_measure M2"
+ and f: "integrable (M1 \<Otimes>\<^sub>M M2) (case_prod f)"
+ shows "(\<integral>y. (\<integral>x. f x y \<partial>M1) \<partial>M2) = (\<integral>x. (\<integral>y. f x y \<partial>M2) \<partial>M1)"
+ unfolding integral_snd_s_finite[OF assms] s_finite_measure.integral_fst''[OF assms(2,3)] ..
+
+locale product_s_finite =
+ fixes M :: "'i \<Rightarrow> 'a measure"
+ assumes s_finite_measures: "\<And>i. s_finite_measure (M i)"
+
+sublocale product_s_finite \<subseteq> M?: s_finite_measure "M i" for i
+ by (rule s_finite_measures)
+
+locale finite_product_s_finite = product_s_finite M for M :: "'i \<Rightarrow> 'a measure" +
+ fixes I :: "'i set"
+ assumes finite_index: "finite I"
+
+lemma (in product_s_finite) emeasure_PiM:
+ "finite I \<Longrightarrow> (\<And>i. i\<in>I \<Longrightarrow> A i \<in> sets (M i)) \<Longrightarrow> emeasure (PiM I M) (Pi\<^sub>E I A) = (\<Prod>i\<in>I. emeasure (M i) (A i))"
+proof (induct I arbitrary: A rule: finite_induct)
+ case (insert i I)
+ interpret finite_product_s_finite M I by standard fact
+ have "finite (insert i I)" using \<open>finite I\<close> by auto
+ interpret I': finite_product_s_finite M "insert i I" by standard fact
+ let ?h = "(\<lambda>(f, y). f(i := y))"
+
+ let ?P = "distr (Pi\<^sub>M I M \<Otimes>\<^sub>M M i) (Pi\<^sub>M (insert i I) M) ?h"
+ let ?\<mu> = "emeasure ?P"
+ let ?I = "{j \<in> insert i I. emeasure (M j) (space (M j)) \<noteq> 1}"
+ let ?f = "\<lambda>J E j. if j \<in> J then emeasure (M j) (E j) else emeasure (M j) (space (M j))"
+
+ have "emeasure (Pi\<^sub>M (insert i I) M) (prod_emb (insert i I) M (insert i I) (Pi\<^sub>E (insert i I) A)) =
+ (\<Prod>i\<in>insert i I. emeasure (M i) (A i))"
+ proof (subst emeasure_extend_measure_Pair[OF PiM_def])
+ fix J E assume "(J \<noteq> {} \<or> insert i I = {}) \<and> finite J \<and> J \<subseteq> insert i I \<and> E \<in> (\<Pi> j\<in>J. sets (M j))"
+ then have J: "J \<noteq> {}" "finite J" "J \<subseteq> insert i I" and E: "\<forall>j\<in>J. E j \<in> sets (M j)" by auto
+ let ?p = "prod_emb (insert i I) M J (Pi\<^sub>E J E)"
+ let ?p' = "prod_emb I M (J - {i}) (\<Pi>\<^sub>E j\<in>J-{i}. E j)"
+ have "?\<mu> ?p =
+ emeasure (Pi\<^sub>M I M \<Otimes>\<^sub>M (M i)) (?h -` ?p \<inter> space (Pi\<^sub>M I M \<Otimes>\<^sub>M M i))"
+ by (intro emeasure_distr measurable_add_dim sets_PiM_I) fact+
+ also have "?h -` ?p \<inter> space (Pi\<^sub>M I M \<Otimes>\<^sub>M M i) = ?p' \<times> (if i \<in> J then E i else space (M i))"
+ using J E[rule_format, THEN sets.sets_into_space]
+ by (force simp: space_pair_measure space_PiM prod_emb_iff PiE_def Pi_iff split: if_split_asm)
+ also have "emeasure (Pi\<^sub>M I M \<Otimes>\<^sub>M (M i)) (?p' \<times> (if i \<in> J then E i else space (M i))) =
+ emeasure (Pi\<^sub>M I M) ?p' * emeasure (M i) (if i \<in> J then (E i) else space (M i))"
+ using J E by (intro M.emeasure_pair_measure_Times' sets_PiM_I) auto
+ also have "?p' = (\<Pi>\<^sub>E j\<in>I. if j \<in> J-{i} then E j else space (M j))"
+ using J E[rule_format, THEN sets.sets_into_space]
+ by (auto simp: prod_emb_iff PiE_def Pi_iff split: if_split_asm) blast+
+ also have "emeasure (Pi\<^sub>M I M) (\<Pi>\<^sub>E j\<in>I. if j \<in> J-{i} then E j else space (M j)) =
+ (\<Prod> j\<in>I. if j \<in> J-{i} then emeasure (M j) (E j) else emeasure (M j) (space (M j)))"
+ using E by (subst insert) (auto intro!: prod.cong)
+ also have "(\<Prod>j\<in>I. if j \<in> J - {i} then emeasure (M j) (E j) else emeasure (M j) (space (M j))) *
+ emeasure (M i) (if i \<in> J then E i else space (M i)) = (\<Prod>j\<in>insert i I. ?f J E j)"
+ using insert by (auto simp: mult.commute intro!: arg_cong2[where f="(*)"] prod.cong)
+ also have "\<dots> = (\<Prod>j\<in>J \<union> ?I. ?f J E j)"
+ using insert(1,2) J E by (intro prod.mono_neutral_right) auto
+ finally show "?\<mu> ?p = \<dots>" .
+
+ show "prod_emb (insert i I) M J (Pi\<^sub>E J E) \<in> Pow (\<Pi>\<^sub>E i\<in>insert i I. space (M i))"
+ using J E[rule_format, THEN sets.sets_into_space] by (auto simp: prod_emb_iff PiE_def)
+ next
+ show "positive (sets (Pi\<^sub>M (insert i I) M)) ?\<mu>" "countably_additive (sets (Pi\<^sub>M (insert i I) M)) ?\<mu>"
+ using emeasure_positive[of ?P] emeasure_countably_additive[of ?P] by simp_all
+ next
+ show "(insert i I \<noteq> {} \<or> insert i I = {}) \<and> finite (insert i I) \<and>
+ insert i I \<subseteq> insert i I \<and> A \<in> (\<Pi> j\<in>insert i I. sets (M j))"
+ using insert by auto
+ qed (auto intro!: prod.cong)
+ with insert show ?case
+ by (subst (asm) prod_emb_PiE_same_index) (auto intro!: sets.sets_into_space)
+qed simp
+
+
+lemma (in finite_product_s_finite) measure_times:
+ "(\<And>i. i \<in> I \<Longrightarrow> A i \<in> sets (M i)) \<Longrightarrow> emeasure (Pi\<^sub>M I M) (Pi\<^sub>E I A) = (\<Prod>i\<in>I. emeasure (M i) (A i))"
+ using emeasure_PiM[OF finite_index] by auto
+
+lemma (in product_s_finite) nn_integral_empty:
+ "0 \<le> f (\<lambda>k. undefined) \<Longrightarrow> integral\<^sup>N (Pi\<^sub>M {} M) f = f (\<lambda>k. undefined)"
+ by (simp add: PiM_empty nn_integral_count_space_finite)
+
+text \<open> Every s-finite measure is represented as the push-forward measure of a $\sigma$-finite measure.\<close>
+definition Mi_to_NM :: "(nat \<Rightarrow> 'a measure) \<Rightarrow> 'a measure \<Rightarrow> (nat \<times> 'a) measure" where
+"Mi_to_NM Mi M \<equiv> measure_of (space (count_space UNIV \<Otimes>\<^sub>M M)) (sets (count_space UNIV \<Otimes>\<^sub>M M)) (\<lambda>A. \<Sum>i. distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (\<lambda>x. (i,x)) A)"
+
+lemma
+ shows sets_Mi_to_NM[measurable_cong,simp]: "sets (Mi_to_NM Mi M) = sets (count_space UNIV \<Otimes>\<^sub>M M)"
+ and space_Mi_to_NM[simp]: "space (Mi_to_NM Mi M) = space (count_space UNIV \<Otimes>\<^sub>M M)"
+ by(simp_all add: Mi_to_NM_def)
+
+context
+ fixes M :: "'a measure" and Mi :: "nat \<Rightarrow> 'a measure"
+ assumes sets_Mi[measurable_cong,simp]: "\<And>i. sets (Mi i) = sets M"
+ and emeasure_Mi: "\<And>A. A \<in> sets M \<Longrightarrow> M A = (\<Sum>i. Mi i A)"
+begin
+
+lemma emeasure_Mi_to_NM:
+ assumes [measurable]: "A \<in> sets (count_space UNIV \<Otimes>\<^sub>M M)"
+ shows "emeasure (Mi_to_NM Mi M) A = (\<Sum>i. distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (\<lambda>x. (i,x)) A)"
+proof(rule emeasure_measure_of[where \<Omega>="space (count_space UNIV \<Otimes>\<^sub>M M)" and A="sets (count_space UNIV \<Otimes>\<^sub>M M)"])
+ show "countably_additive (sets (Mi_to_NM Mi M)) (\<lambda>A. \<Sum>i. emeasure (distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (Pair i)) A)"
+ unfolding countably_additive_def
+ proof safe
+ fix A :: "nat \<Rightarrow> (nat \<times> _) set"
+ assume "range A \<subseteq> sets (Mi_to_NM Mi M)" and dA:"disjoint_family A"
+ hence [measurable]: "\<And>i. A i \<in> sets (count_space UNIV \<Otimes>\<^sub>M M)"
+ by auto
+ show "(\<Sum>j i. emeasure (distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (Pair i)) (A j)) = (\<Sum>i. emeasure (distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (Pair i)) (\<Union> (range A)))" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<Sum>i j. emeasure (distr (Mi i) (count_space UNIV \<Otimes>\<^sub>M M) (Pair i)) (A j))"
+ by(auto simp: nn_integral_count_space_nat[symmetric] pair_sigma_finite_def sigma_finite_measure_count_space intro!: pair_sigma_finite.Fubini')
+ also have "... = ?rhs"
+ proof(rule suminf_cong)
+ fix n
+ have [simp]:"Pair n -` \<Union> (range A) = (\<Union> (range (\<lambda>j. Pair n -` A j)))"
+ by auto
+ show " (\<Sum>j. emeasure (distr (Mi n) (count_space UNIV \<Otimes>\<^sub>M M) (Pair n)) (A j)) = emeasure (distr (Mi n) (count_space UNIV \<Otimes>\<^sub>M M) (Pair n)) (\<Union> (range A))"
+ using dA by(fastforce intro!: suminf_emeasure simp: disjoint_family_on_def emeasure_distr)
+ qed
+ finally show ?thesis .
+ qed
+ qed
+qed(auto simp: positive_def sets.space_closed Mi_to_NM_def)
+
+lemma sigma_finite_Mi_to_NM_measure:
+ assumes "\<And>i. finite_measure (Mi i)"
+ shows "sigma_finite_measure (Mi_to_NM Mi M)"
+proof -
+ {
+ fix n
+ assume "emeasure (Mi_to_NM Mi M) ({n} \<times> space M) = \<top>"
+ moreover have "emeasure (Mi_to_NM Mi M) ({n} \<times> space M) = emeasure (Mi n) (space M)"
+ by(simp add: emeasure_Mi_to_NM emeasure_distr suminf_offset[of _ "Suc n"])
+ ultimately have False
+ using finite_measure.finite_emeasure_space[OF assms[of n]] by(auto simp: sets_eq_imp_space_eq[OF sets_Mi])
+ }
+ thus ?thesis
+ by(auto intro!: exI[where x="\<Union>i. {{i} \<times> space M}"] simp: space_pair_measure sigma_finite_measure_def)
+qed
+
+
+lemma distr_Mi_to_NM_M: "distr (Mi_to_NM Mi M) M snd = M"
+proof -
+ have [simp]:"Pair i -` snd -` A \<inter> Pair i -` space (count_space UNIV \<Otimes>\<^sub>M M) = A" if "A \<in> sets M" for A and i :: nat
+ using sets.sets_into_space[OF that] by(auto simp: space_pair_measure)
+ show ?thesis
+ by(auto intro!: measure_eqI simp: emeasure_distr emeasure_Mi_to_NM emeasure_Mi)
+qed
+
+end
+
+context
+ fixes \<mu> :: "'a measure"
+ assumes standard_borel_ne: "standard_borel_ne \<mu>"
+ and s_finite: "s_finite_measure \<mu>"
+begin
+
+interpretation \<mu> : s_finite_measure \<mu> by fact
+
+interpretation n_\<mu>: standard_borel_ne "count_space (UNIV :: nat set) \<Otimes>\<^sub>M \<mu>"
+ by (simp add: pair_standard_borel_ne standard_borel_ne)
+
+lemma exists_push_forward:
+ "\<exists>(\<mu>' :: real measure) f. f \<in> borel \<rightarrow>\<^sub>M \<mu> \<and> sets \<mu>' = sets borel \<and> sigma_finite_measure \<mu>'
+ \<and> distr \<mu>' \<mu> f = \<mu>"
+proof -
+ obtain \<mu>i where \<mu>i: "\<And>i. sets (\<mu>i i) = sets \<mu>" "\<And>i. finite_measure (\<mu>i i)" "\<And>A. \<mu> A = (\<Sum>i. \<mu>i i A)"
+ by(metis \<mu>.finite_measures')
+ show ?thesis
+ proof(safe intro!: exI[where x="distr (Mi_to_NM \<mu>i \<mu>) borel n_\<mu>.to_real"] exI[where x="snd \<circ> n_\<mu>.from_real"])
+ have [simp]:"distr (distr (Mi_to_NM \<mu>i \<mu>) borel n_\<mu>.to_real) (count_space UNIV \<Otimes>\<^sub>M \<mu>) n_\<mu>.from_real = Mi_to_NM \<mu>i \<mu>"
+ by(auto simp: distr_distr comp_def intro!:distr_id')
+ show "sigma_finite_measure (distr (Mi_to_NM \<mu>i \<mu>) borel n_\<mu>.to_real)"
+ by(rule sigma_finite_measure_distr[where N="count_space UNIV \<Otimes>\<^sub>M \<mu>" and f=n_\<mu>.from_real]) (auto intro!: sigma_finite_Mi_to_NM_measure \<mu>i)
+ next
+ have [simp]: "distr (Mi_to_NM \<mu>i \<mu>) \<mu> (snd \<circ> n_\<mu>.from_real \<circ> n_\<mu>.to_real) = distr (Mi_to_NM \<mu>i \<mu>) \<mu> snd"
+ by(auto intro!: distr_cong[OF refl])
+ show "distr (distr (Mi_to_NM \<mu>i \<mu>) borel n_\<mu>.to_real) \<mu> (snd \<circ> n_\<mu>.from_real) = \<mu>"
+ by(auto simp: distr_distr distr_Mi_to_NM_M[OF \<mu>i(1,3)])
+ qed auto
+qed
+
+abbreviation "\<mu>'_and_f \<equiv> (SOME (\<mu>'::real measure,f). f \<in> borel \<rightarrow>\<^sub>M \<mu> \<and> sets \<mu>' = sets borel \<and> sigma_finite_measure \<mu>' \<and> distr \<mu>' \<mu> f = \<mu>)"
+
+definition "sigma_pair_\<mu> \<equiv> fst \<mu>'_and_f"
+definition "sigma_pair_f \<equiv> snd \<mu>'_and_f"
+
+lemma
+ shows sigma_pair_f_measurable : "sigma_pair_f \<in> borel \<rightarrow>\<^sub>M \<mu>" (is ?g1)
+ and sets_sigma_pair_\<mu>: "sets sigma_pair_\<mu> = sets borel" (is ?g2)
+ and sigma_finite_sigma_pair_\<mu>: "sigma_finite_measure sigma_pair_\<mu>" (is ?g3)
+ and distr_sigma_pair: "distr sigma_pair_\<mu> \<mu> sigma_pair_f = \<mu>" (is ?g4)
+proof -
+ have "case \<mu>'_and_f of (\<mu>',f) \<Rightarrow> f \<in> borel \<rightarrow>\<^sub>M \<mu> \<and> sets \<mu>' = sets borel \<and> sigma_finite_measure \<mu>' \<and> distr \<mu>' \<mu> f = \<mu>"
+ by(rule someI_ex) (use exists_push_forward in auto)
+ then show ?g1 ?g2 ?g3 ?g4
+ by(auto simp: sigma_pair_\<mu>_def sigma_pair_f_def split_beta)
+qed
+
+end
+
+definition s_finite_measure_algebra :: "'a measure \<Rightarrow> 'a measure measure" where
+ "s_finite_measure_algebra K =
+ (SUP A \<in> sets K. vimage_algebra {M. s_finite_measure M \<and> sets M = sets K} (\<lambda>M. emeasure M A) borel)"
+
+lemma space_s_finite_measure_algebra:
+ "space (s_finite_measure_algebra K) = {M. s_finite_measure M \<and> sets M = sets K}"
+ by (auto simp add: s_finite_measure_algebra_def space_Sup_eq_UN)
+
+lemma s_finite_measure_algebra_cong: "sets M = sets N \<Longrightarrow> s_finite_measure_algebra M = s_finite_measure_algebra N"
+ by (simp add: s_finite_measure_algebra_def)
+
+lemma measurable_emeasure_s_finite_measure_algebra[measurable]:
+ "a \<in> sets A \<Longrightarrow> (\<lambda>M. emeasure M a) \<in> borel_measurable (s_finite_measure_algebra A)"
+ by (auto intro!: measurable_Sup1 measurable_vimage_algebra1 simp: s_finite_measure_algebra_def)
+
+lemma measurable_measure_s_finite_measure_algebra[measurable]:
+ "a \<in> sets A \<Longrightarrow> (\<lambda>M. measure M a) \<in> borel_measurable (s_finite_measure_algebra A)"
+ unfolding measure_def by measurable
+
+lemma s_finite_measure_algebra_measurableD:
+ assumes N: "N \<in> measurable M (s_finite_measure_algebra S)" and x: "x \<in> space M"
+ shows "space (N x) = space S"
+ and "sets (N x) = sets S"
+ and "measurable (N x) K = measurable S K"
+ and "measurable K (N x) = measurable K S"
+ using measurable_space[OF N x]
+ by (auto simp: space_s_finite_measure_algebra intro!: measurable_cong_sets dest: sets_eq_imp_space_eq)
+
+context
+ fixes K M N assumes K: "K \<in> measurable M (s_finite_measure_algebra N)"
+begin
+
+lemma s_finite_measure_algebra_kernel: "a \<in> space M \<Longrightarrow> s_finite_measure (K a)"
+ using measurable_space[OF K] by (simp add: space_s_finite_measure_algebra)
+
+lemma s_finite_measure_algebra_sets_kernel: "a \<in> space M \<Longrightarrow> sets (K a) = sets N"
+ using measurable_space[OF K] by (simp add: space_s_finite_measure_algebra)
+
+lemma measurable_emeasure_kernel_s_finite_measure_algebra[measurable]:
+ "A \<in> sets N \<Longrightarrow> (\<lambda>a. emeasure (K a) A) \<in> borel_measurable M"
+ using measurable_compose[OF K measurable_emeasure_s_finite_measure_algebra] .
+
+end
+
+lemma measurable_s_finite_measure_algebra:
+ "(\<And>a. a \<in> space M \<Longrightarrow> s_finite_measure (K a)) \<Longrightarrow>
+ (\<And>a. a \<in> space M \<Longrightarrow> sets (K a) = sets N) \<Longrightarrow>
+ (\<And>A. A \<in> sets N \<Longrightarrow> (\<lambda>a. emeasure (K a) A) \<in> borel_measurable M) \<Longrightarrow>
+ K \<in> measurable M (s_finite_measure_algebra N)"
+ by (auto intro!: measurable_Sup2 measurable_vimage_algebra2 simp: s_finite_measure_algebra_def)
+
+definition bind_kernel :: "'a measure \<Rightarrow> ('a \<Rightarrow> 'b measure) \<Rightarrow> 'b measure" (infixl "\<bind>\<^sub>k" 54) where
+"bind_kernel M k = (if space M = {} then count_space {} else
+ let Y = k (SOME x. x \<in> space M) in
+ measure_of (space Y) (sets Y) (\<lambda>B. \<integral>\<^sup>+x. (k x B) \<partial>M))"
+
+lemma bind_kernel_cong_All:
+ assumes "\<And>x. x \<in> space M \<Longrightarrow> f x = g x"
+ shows "M \<bind>\<^sub>k f = M \<bind>\<^sub>k g"
+proof(cases "space M = {}")
+ case 1:False
+ have "(SOME x. x \<in> space M) \<in> space M"
+ by (rule someI_ex) (use 1 in blast)
+ with assms have [simp]:"f (SOME x. x \<in> space M) = g (SOME x. x \<in> space M)" by simp
+ have "(\<lambda>B. \<integral>\<^sup>+ x. emeasure (f x) B \<partial>M) = (\<lambda>B. \<integral>\<^sup>+ x. emeasure (g x) B \<partial>M)"
+ by standard (auto intro!: nn_integral_cong simp: assms)
+ thus ?thesis
+ by(auto simp: bind_kernel_def 1)
+qed(simp add: bind_kernel_def)
+
+lemma sets_bind_kernel:
+ assumes "\<And>x. x \<in> space M \<Longrightarrow> sets (k x) = sets N" "space M \<noteq> {}"
+ shows "sets (M \<bind>\<^sub>k k) = sets N"
+proof -
+ have "sets (k (SOME x. x \<in> space M)) = sets N"
+ by(rule someI2_ex) (use assms in auto)
+ with sets_eq_imp_space_eq[OF this] show ?thesis
+ by(simp add: bind_kernel_def assms(2))
+qed
+
+subsection \<open> Measure Kernel \<close>
+locale measure_kernel =
+ fixes X :: "'a measure" and Y :: "'b measure" and \<kappa> :: "'a \<Rightarrow> 'b measure"
+ assumes kernel_sets[measurable_cong]: "\<And>x. x \<in> space X \<Longrightarrow> sets (\<kappa> x) = sets Y"
+ and emeasure_measurable[measurable]: "\<And>B. B \<in> sets Y \<Longrightarrow> (\<lambda>x. emeasure (\<kappa> x) B) \<in> borel_measurable X"
+ and Y_not_empty: "space X \<noteq> {} \<Longrightarrow> space Y \<noteq> {}"
+begin
+
+lemma kernel_space :"\<And>x. x \<in> space X \<Longrightarrow> space (\<kappa> x) = space Y"
+ by (meson kernel_sets sets_eq_imp_space_eq)
+
+lemma measure_measurable:
+ assumes "B \<in> sets Y"
+ shows "(\<lambda>x. measure (\<kappa> x) B) \<in> borel_measurable X"
+ using emeasure_measurable[OF assms] by (simp add: Sigma_Algebra.measure_def)
+
+lemma set_nn_integral_measure:
+ assumes [measurable_cong]: "sets \<mu> = sets X" and [measurable]: "A \<in> sets X" "B \<in> sets Y"
+ defines "\<nu> \<equiv> measure_of (space Y) (sets Y) (\<lambda>B. \<integral>\<^sup>+x\<in>A. (\<kappa> x B) \<partial>\<mu>)"
+ shows "\<nu> B = (\<integral>\<^sup>+x\<in>A. (\<kappa> x B) \<partial>\<mu>)"
+proof -
+ have nu_sets[measurable_cong]: "sets \<nu> = sets Y"
+ by(simp add: \<nu>_def)
+ have "positive (sets Y) (\<lambda>B. \<integral>\<^sup>+x\<in>A. (\<kappa> x B) \<partial>\<mu>)"
+ by(simp add: positive_def)
+ moreover have "countably_additive (sets Y) (\<lambda>B. \<integral>\<^sup>+x\<in>A. (\<kappa> x B) \<partial>\<mu>)"
+ unfolding countably_additive_def
+ proof safe
+ fix C :: "nat \<Rightarrow> _"
+ assume h:"range C \<subseteq> sets Y" "disjoint_family C"
+ thus "(\<Sum>i. \<integral>\<^sup>+x\<in>A. (\<kappa> x) (C i)\<partial>\<mu>) = (\<integral>\<^sup>+x\<in>A. (\<kappa> x) (\<Union> (range C))\<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF assms(1)] kernel_sets suminf_emeasure nn_integral_suminf[symmetric])
+ qed
+ ultimately show ?thesis
+ using \<nu>_def assms(3) emeasure_measure_of_sigma sets.sigma_algebra_axioms by blast
+qed
+
+corollary nn_integral_measure:
+ assumes "sets \<mu> = sets X" "B \<in> sets Y"
+ defines "\<nu> \<equiv> measure_of (space Y) (sets Y) (\<lambda>B. \<integral>\<^sup>+x. (\<kappa> x B) \<partial>\<mu>)"
+ shows "\<nu> B = (\<integral>\<^sup>+x. (\<kappa> x B) \<partial>\<mu>)"
+ using set_nn_integral_measure[OF assms(1) sets.top assms(2)]
+ by(simp add: \<nu>_def sets_eq_imp_space_eq[OF assms(1),symmetric])
+
+lemma distr_measure_kernel:
+ assumes [measurable]:"f \<in> Y \<rightarrow>\<^sub>M Z"
+ shows "measure_kernel X Z (\<lambda>x. distr (\<kappa> x) Z f)"
+ unfolding measure_kernel_def
+proof safe
+ fix B
+ assume B[measurable]: "B \<in> sets Z"
+ show "(\<lambda>x. emeasure (distr (\<kappa> x) Z f) B) \<in> borel_measurable X"
+ by(rule measurable_cong[where g= "(\<lambda>x. \<kappa> x (f -` B \<inter> space Y))",THEN iffD2]) (auto simp: emeasure_distr sets_eq_imp_space_eq[OF kernel_sets])
+next
+ show "\<And>x. space Z = {} \<Longrightarrow> x \<in> space X \<Longrightarrow> x \<in> {}"
+ by (metis Y_not_empty assms measurable_empty_iff)
+qed auto
+
+lemma measure_kernel_comp:
+ assumes [measurable]: "f \<in> W \<rightarrow>\<^sub>M X"
+ shows "measure_kernel W Y (\<lambda>x. \<kappa> (f x))"
+ using measurable_space[OF assms] kernel_sets Y_not_empty
+ by(auto simp: measure_kernel_def)
+
+lemma emeasure_bind_kernel:
+ assumes "sets \<mu> = sets X" "B \<in> sets Y" "space X \<noteq> {}"
+ shows "(\<mu> \<bind>\<^sub>k \<kappa>) B = (\<integral>\<^sup>+x. (\<kappa> x B) \<partial>\<mu>)"
+proof -
+ have "sets (\<kappa> (SOME x. x \<in> space \<mu>)) = sets Y"
+ by(rule someI2_ex) (use assms(3) kernel_sets sets_eq_imp_space_eq[OF assms(1)] in auto)
+ with sets_eq_imp_space_eq[OF this] show ?thesis
+ by(simp add: bind_kernel_def sets_eq_imp_space_eq[OF assms(1) ]assms(3) nn_integral_measure[OF assms(1,2)])
+qed
+
+lemma measure_bind_kernel:
+ assumes [measurable_cong]:"sets \<mu> = sets X" and [measurable]:"B \<in> sets Y" "space X \<noteq> {}" "AE x in \<mu>. \<kappa> x B < \<infinity>"
+ shows "measure (\<mu> \<bind>\<^sub>k \<kappa>) B = (\<integral>x. measure (\<kappa> x) B \<partial>\<mu>)"
+ using assms(4) by(auto simp: emeasure_bind_kernel[OF assms(1-3)] measure_def integral_eq_nn_integral intro!: arg_cong[of _ _ enn2real] nn_integral_cong_AE)
+
+lemma sets_bind_kernel:
+ assumes "space X \<noteq> {}" "sets \<mu> = sets X"
+ shows "sets (\<mu> \<bind>\<^sub>k \<kappa>) = sets Y"
+ using sets_bind_kernel[of \<mu> \<kappa>, OF kernel_sets,simplified sets_eq_imp_space_eq[OF assms(2)]]
+ by(auto simp: assms(1))
+
+lemma distr_bind_kernel:
+ assumes "space X \<noteq> {}" and [measurable_cong]:"sets \<mu> = sets X" and [measurable]: "f \<in> Y \<rightarrow>\<^sub>M Z"
+ shows "distr (\<mu> \<bind>\<^sub>k \<kappa>) Z f = \<mu> \<bind>\<^sub>k (\<lambda>x. distr (\<kappa> x) Z f)"
+proof -
+ {
+ fix A
+ assume A[measurable]:"A \<in> sets Z"
+ have sets[measurable_cong]:"sets (\<mu> \<bind>\<^sub>k \<kappa>) = sets Y"
+ by(rule sets_bind_kernel[OF assms(1,2)])
+ have "emeasure (distr (\<mu> \<bind>\<^sub>k \<kappa>) Z f) A = emeasure (\<mu> \<bind>\<^sub>k (\<lambda>x. distr (\<kappa> x) Z f)) A" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. emeasure (\<kappa> x) (f -` A \<inter> space Y) \<partial>\<mu>)"
+ by(simp add: emeasure_distr sets_eq_imp_space_eq[OF sets] emeasure_bind_kernel[OF assms(2) _ assms(1)])
+ also have "... = (\<integral>\<^sup>+ x. emeasure (distr (\<kappa> x) Z f) A \<partial>\<mu>)"
+ by(auto simp: emeasure_distr sets_eq_imp_space_eq[OF assms(2)] sets_eq_imp_space_eq[OF kernel_sets] intro!: nn_integral_cong)
+ also have "... = ?rhs"
+ by(simp add: measure_kernel.emeasure_bind_kernel[OF distr_measure_kernel[OF assms(3)] assms(2) _ assms(1)])
+ finally show ?thesis .
+ qed
+ }
+ thus ?thesis
+ by(auto intro!: measure_eqI simp: measure_kernel.sets_bind_kernel[OF distr_measure_kernel[OF assms(3)] assms(1,2)])
+qed
+
+lemma bind_kernel_distr:
+ assumes [measurable]: "f \<in> W \<rightarrow>\<^sub>M X" and "space W \<noteq> {}"
+ shows "distr W X f \<bind>\<^sub>k \<kappa> = W \<bind>\<^sub>k (\<lambda>x. \<kappa> (f x))"
+proof -
+ have X: "space X \<noteq> {}"
+ using measurable_space[OF assms(1)] assms(2) by auto
+ show ?thesis
+ by(rule measure_eqI, insert X) (auto simp: sets_bind_kernel[OF X] measure_kernel.sets_bind_kernel[OF measure_kernel_comp[OF assms(1)] assms(2) refl] emeasure_bind_kernel nn_integral_distr measure_kernel.emeasure_bind_kernel[OF measure_kernel_comp[OF assms(1)] refl _ assms(2)])
+qed
+
+lemma bind_kernel_return:
+ assumes "x \<in> space X"
+ shows "return X x \<bind>\<^sub>k \<kappa> = \<kappa> x"
+proof -
+ have X: "space X \<noteq> {}"
+ using assms by auto
+ show ?thesis
+ by(rule measure_eqI) (auto simp: sets_bind_kernel[OF X sets_return] kernel_sets[OF assms] emeasure_bind_kernel[OF sets_return,simplified,OF _ X] nn_integral_return[OF assms])
+qed
+
+lemma kernel_nn_integral_measurable:
+ assumes "f \<in> borel_measurable Y"
+ shows "(\<lambda>x. \<integral>\<^sup>+ y. f y \<partial>(\<kappa> x)) \<in> borel_measurable X"
+ using assms
+proof induction
+ case (cong f g)
+ then show ?case
+ by(auto intro!: measurable_cong[where f="\<lambda>x. \<integral>\<^sup>+ y. f y \<partial>(\<kappa> x)" and g= "\<lambda>x. \<integral>\<^sup>+ y. g y \<partial>(\<kappa> x)",THEN iffD2] nn_integral_cong simp: sets_eq_imp_space_eq[OF kernel_sets])
+next
+ case (set A)
+ then show ?case
+ by(auto intro!: measurable_cong[where f="\<lambda>x. integral\<^sup>N (\<kappa> x) (indicator A)" and g="\<lambda>x. \<kappa> x A",THEN iffD2])
+next
+ case (mult u c)
+ then show ?case
+ by(auto intro!: measurable_cong[where f="\<lambda>x. \<integral>\<^sup>+ y. c * u y \<partial>\<kappa> x" and g="\<lambda>x. c * \<integral>\<^sup>+ y. u y \<partial>\<kappa> x",THEN iffD2] simp: nn_integral_cmult)
+next
+ case (add u v)
+ then show ?case
+ by(auto intro!: measurable_cong[where f="\<lambda>x. \<integral>\<^sup>+ y. v y + u y \<partial>\<kappa> x" and g="\<lambda>x. (\<integral>\<^sup>+ y. v y \<partial>\<kappa> x) + (\<integral>\<^sup>+ y. u y \<partial>\<kappa> x)",THEN iffD2] simp: nn_integral_add)
+next
+ case (seq U)
+ then show ?case
+ by(intro measurable_cong[where f="\<lambda>x. integral\<^sup>N (\<kappa> x) (\<Squnion> range U)" and g="\<lambda>x. \<Squnion>i. integral\<^sup>N (\<kappa> x) (U i)",THEN iffD2])
+ (auto simp: nn_integral_monotone_convergence_SUP[of U,simplified SUP_apply[symmetric]])
+qed
+
+lemma bind_kernel_measure_kernel:
+ assumes "measure_kernel Y Z k'"
+ shows "measure_kernel X Z (\<lambda>x. \<kappa> x \<bind>\<^sub>k k')"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by(auto simp: measure_kernel_def measurable_def)
+next
+ case X:False
+ then have Y: "space Y \<noteq> {}"
+ by(simp add: Y_not_empty)
+ interpret k': measure_kernel Y Z k' by fact
+ show ?thesis
+ proof
+ fix B
+ assume "B \<in> sets Z"
+ with k'.emeasure_bind_kernel[OF kernel_sets,of _ B] show "(\<lambda>x. emeasure (\<kappa> x \<bind>\<^sub>k k') B) \<in> borel_measurable X"
+ by(auto intro!: measurable_cong[where f="\<lambda>x. emeasure (\<kappa> x \<bind>\<^sub>k k') B" and g="\<lambda>x. \<integral>\<^sup>+ y. emeasure (k' y) B \<partial>\<kappa> x",THEN iffD2] kernel_nn_integral_measurable simp: sets_eq_imp_space_eq[OF kernel_sets] Y)
+ qed(use k'.Y_not_empty Y k'.sets_bind_kernel[OF Y kernel_sets] in auto)
+qed
+
+lemma restrict_measure_kernel: "measure_kernel (restrict_space X A) Y \<kappa>"
+proof
+ fix B
+ assume "B \<in> sets Y"
+ from emeasure_measurable[OF this] show "(\<lambda>x. emeasure (\<kappa> x) B) \<in> borel_measurable (restrict_space X A)"
+ using measurable_restrict_space1 by blast
+qed(insert Y_not_empty,auto simp add: space_restrict_space kernel_sets)
+
+end
+
+lemma measure_kernel_cong_sets:
+ assumes "sets X = sets X'" "sets Y = sets Y'"
+ shows "measure_kernel X Y = measure_kernel X' Y'"
+ by standard (simp add: measure_kernel_def measurable_cong_sets[OF assms(1) refl] sets_eq_imp_space_eq[OF assms(1)] assms(2) sets_eq_imp_space_eq[OF assms(2)])
+
+lemma measure_kernel_pair_countble1:
+ assumes "countable A" "\<And>i. i \<in> A \<Longrightarrow> measure_kernel X Y (\<lambda>x. k (i,x))"
+ shows "measure_kernel (count_space A \<Otimes>\<^sub>M X) Y k"
+ using assms by(auto simp: measure_kernel_def space_pair_measure intro!: measurable_pair_measure_countable1)
+
+lemma measure_kernel_empty_trivial:
+ assumes "space X = {}"
+ shows "measure_kernel X Y k"
+ using assms by(auto simp: measure_kernel_def measurable_def)
+
+subsection \<open> Finite Kernel \<close>
+locale finite_kernel = measure_kernel +
+ assumes finite_measure_spaces: "\<exists>r<\<infinity>. \<forall>x\<in> space X. \<kappa> x (space Y) < r"
+begin
+
+lemma finite_measures:
+ assumes "x \<in> space X"
+ shows "finite_measure (\<kappa> x)"
+proof-
+ obtain r where "\<kappa> x (space Y) < r"
+ using finite_measure_spaces assms by metis
+ then show ?thesis
+ by(auto intro!: finite_measureI simp: sets_eq_imp_space_eq[OF kernel_sets[OF assms]])
+qed
+
+end
+
+lemma finite_kernel_empty_trivial: "space X = {} \<Longrightarrow> finite_kernel X Y f"
+ by(auto simp: finite_kernel_def finite_kernel_axioms_def measure_kernel_empty_trivial intro!: exI[where x=1])
+
+lemma finite_kernel_cong_sets:
+ assumes "sets X = sets X'" "sets Y = sets Y'"
+ shows "finite_kernel X Y = finite_kernel X' Y'"
+ by standard (auto simp: measure_kernel_cong_sets[OF assms] finite_kernel_def finite_kernel_axioms_def sets_eq_imp_space_eq[OF assms(1)] sets_eq_imp_space_eq[OF assms(2)])
+
+subsection \<open> Sub-Probability Kernel\<close>
+locale subprob_kernel = measure_kernel +
+ assumes subprob_spaces: "\<And>x. x \<in> space X \<Longrightarrow> subprob_space (\<kappa> x)"
+begin
+lemma subprob_space:
+ "\<And>x. x \<in> space X \<Longrightarrow> \<kappa> x (space Y) \<le> 1"
+ by (simp add: subprob_space.subprob_emeasure_le_1 subprob_spaces)
+
+lemma subprob_measurable[measurable]:
+ "\<kappa> \<in> X \<rightarrow>\<^sub>M subprob_algebra Y"
+ by(auto intro!: measurable_subprob_algebra_generated[OF sets.sigma_sets_eq[symmetric] sets.Int_stable sets.space_closed] simp: subprob_spaces kernel_sets emeasure_measurable)
+
+lemma finite_kernel: "finite_kernel X Y \<kappa>"
+ by(auto simp: finite_kernel_def finite_kernel_axioms_def intro!: measure_kernel_axioms exI[where x=2] order.strict_trans1[OF subprob_space.subprob_emeasure_le_1[OF subprob_spaces]])
+
+sublocale finite_kernel
+ by (rule finite_kernel)
+
+end
+
+lemma subprob_kernel_def':
+ "subprob_kernel X Y \<kappa> \<longleftrightarrow> \<kappa> \<in> X \<rightarrow>\<^sub>M subprob_algebra Y"
+ by(auto simp: subprob_kernel.subprob_measurable subprob_kernel_def subprob_kernel_axioms_def measure_kernel_def measurable_subprob_algebra measurable_empty_iff space_subprob_algebra_empty_iff)
+ (auto simp: subprob_measurableD(2) subprob_space_kernel)
+
+lemmas subprob_kernelI = measurable_subprob_algebra[simplified subprob_kernel_def'[symmetric]]
+
+lemma subprob_kernel_cong_sets:
+ assumes "sets X = sets X'" "sets Y = sets Y'"
+ shows "subprob_kernel X Y = subprob_kernel X' Y'"
+ by standard (auto simp: subprob_kernel_def' subprob_algebra_cong[OF assms(2)] measurable_cong_sets[OF assms(1) refl])
+
+lemma subprob_kernel_empty_trivial:
+ assumes "space X = {}"
+ shows "subprob_kernel X Y k"
+ using assms by(auto simp: subprob_kernel_def subprob_kernel_axioms_def intro!: measure_kernel_empty_trivial)
+
+lemma bind_kernel_bind:
+ assumes "f \<in> M \<rightarrow>\<^sub>M subprob_algebra N"
+ shows "M \<bind>\<^sub>k f = M \<bind> f"
+proof(cases "space M = {}")
+ case True
+ then show ?thesis
+ by(simp add: bind_kernel_def bind_def)
+next
+ case h:False
+ interpret subprob_kernel M N f
+ using assms(1) by(simp add: subprob_kernel_def')
+ show ?thesis
+ by(rule measure_eqI,insert sets_kernel[OF assms]) (auto simp: h sets_bind_kernel emeasure_bind_kernel[OF refl _ h] emeasure_bind[OF h assms])
+qed
+
+lemma(in measure_kernel) subprob_kernel_sum:
+ assumes "\<And>x. x \<in> space X \<Longrightarrow> finite_measure (\<kappa> x)"
+ obtains ki where "\<And>i. subprob_kernel X Y (ki i)" "\<And>A x. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+proof -
+ obtain u where u: "\<And>x. x \<in> space X \<Longrightarrow> u x < \<infinity>" "\<And>x. x \<in> space X \<Longrightarrow> u x = \<kappa> x (space Y)"
+ using finite_measure.emeasure_finite[OF assms]
+ by (simp add: top.not_eq_extremum)
+ have [measurable]: "u \<in> borel_measurable X"
+ by(simp cong: measurable_cong add: u(2))
+ define ki where "ki \<equiv> (\<lambda>i x. if i < nat \<lceil>enn2real (u x)\<rceil> then scale_measure (1 / ennreal (real_of_int \<lceil>enn2real (u x)\<rceil>)) (\<kappa> x) else (sigma (space Y) (sets Y)))"
+ have 1:"\<And>i x. x \<in> space X \<Longrightarrow> sets (ki i x) = sets Y"
+ by(auto simp: ki_def kernel_sets)
+ have "subprob_kernel X Y (ki i)" for i
+ proof -
+ {
+ fix i B
+ assume [measurable]: "B \<in> sets Y"
+ have "(\<lambda>x. emeasure (ki i x) B) = (\<lambda>x. if i < nat \<lceil>enn2real (u x)\<rceil> then (1 / ennreal (real_of_int \<lceil>enn2real (u x)\<rceil>)) * emeasure (\<kappa> x) B else 0)"
+ by(auto simp: ki_def emeasure_sigma)
+ also have "... \<in> borel_measurable X"
+ by simp
+ finally have "(\<lambda>x. emeasure (ki i x) B) \<in> borel_measurable X" .
+ }
+ moreover {
+ fix i x
+ assume x:"x \<in> space X"
+ have "emeasure (ki i x) (space Y) \<le> 1"
+ by(cases "u x = 0",auto simp: ki_def emeasure_sigma u(2)[OF x,symmetric]) (metis u(1)[OF x,simplified] divide_ennreal_def divide_le_posI_ennreal enn2real_le le_of_int_ceiling mult.commute mult.right_neutral not_gr_zero order.strict_iff_not)
+ hence "subprob_space (ki i x)"
+ using x Y_not_empty by(fastforce intro!: subprob_spaceI simp: sets_eq_imp_space_eq[OF 1[OF x]])
+ }
+ ultimately show ?thesis
+ by(auto simp: subprob_kernel_def measure_kernel_def 1 Y_not_empty subprob_kernel_axioms_def)
+ qed
+ moreover have "\<kappa> x A = (\<Sum>i. ki i x A)" if x:"x \<in> space X" for x A
+ proof (cases "A \<in> sets Y")
+ case A[measurable]:True
+ have "emeasure (\<kappa> x) A = (\<Sum>i<nat \<lceil>enn2real (u x)\<rceil>. emeasure (ki i x) A)"
+ proof(cases "u x = 0")
+ case True
+ then show ?thesis
+ using u(2)[OF that] by simp (metis A emeasure_eq_0 kernel_sets sets.sets_into_space sets.top x)
+ next
+ case u0:False
+ hence "real_of_int \<lceil>enn2real (u x)\<rceil> > 0"
+ by (metis enn2real_nonneg ennreal_0 ennreal_enn2real_if infinity_ennreal_def linorder_not_le nat_0_iff nle_le of_int_le_0_iff of_nat_eq_0_iff real_nat_ceiling_ge u(1) x)
+ with u(1)[OF x] have "of_nat (nat \<lceil>enn2real (u x)\<rceil>) / ennreal (real_of_int \<lceil>enn2real (u x)\<rceil>) = 1"
+ by(simp add: ennreal_eq_0_iff ennreal_of_nat_eq_real_of_nat)
+ thus ?thesis
+ by(simp add: ki_def ennreal_divide_times[symmetric] mult.assoc[symmetric])
+ qed
+ then show ?thesis
+ by(auto simp: suminf_offset[of "\<lambda>i. emeasure (ki i x) A" "nat \<lceil>enn2real (u x)\<rceil>"]) (simp add: ki_def emeasure_sigma)
+ next
+ case False
+ then show ?thesis
+ using kernel_sets[OF x] 1[OF x]
+ by(simp add: emeasure_notin_sets)
+ qed
+ ultimately show ?thesis
+ using that by blast
+qed
+
+subsection \<open> Probability Kernel \<close>
+locale prob_kernel = measure_kernel +
+ assumes prob_spaces: "\<And>x. x \<in> space X \<Longrightarrow> prob_space (\<kappa> x)"
+begin
+
+lemma prob_space:
+ "\<And>x. x \<in> space X \<Longrightarrow> \<kappa> x (space Y) = 1"
+ using kernel_space prob_space.emeasure_space_1 prob_spaces by fastforce
+
+lemma prob_measurable[measurable]:
+ "\<kappa> \<in> X \<rightarrow>\<^sub>M prob_algebra Y"
+ by(auto intro!: measurable_prob_algebra_generated[OF sets.sigma_sets_eq[symmetric] sets.Int_stable sets.space_closed] simp: prob_spaces kernel_sets emeasure_measurable)
+
+lemma subprob_kernel: "subprob_kernel X Y \<kappa>"
+ by (simp add: measurable_prob_algebraD subprob_kernel_def')
+
+sublocale subprob_kernel
+ by (simp add: subprob_kernel)
+
+lemma restrict_probability_kernel:
+ "prob_kernel (restrict_space X A) Y \<kappa>"
+ by(auto simp: prob_kernel_def restrict_measure_kernel prob_kernel_axioms_def space_restrict_space prob_spaces)
+
+end
+
+lemma prob_kernel_def':
+ "prob_kernel X Y \<kappa> \<longleftrightarrow> \<kappa> \<in> X \<rightarrow>\<^sub>M prob_algebra Y"
+proof
+ assume h:"\<kappa> \<in> X \<rightarrow>\<^sub>M prob_algebra Y"
+ show "prob_kernel X Y \<kappa>"
+ using subprob_measurableD(2)[OF measurable_prob_algebraD[OF h]] measurable_space[OF h] measurable_emeasure_kernel[OF measurable_prob_algebraD[OF h]]
+ by(auto simp: prob_kernel_def measure_kernel_def prob_kernel_axioms_def space_prob_algebra ) (metis prob_space.not_empty sets_eq_imp_space_eq)
+qed(auto simp: prob_kernel.prob_measurable prob_kernel_def prob_kernel_axioms_def measure_kernel_def)
+
+
+lemma bind_kernel_return'':
+ assumes "sets M = sets N"
+ shows "M \<bind>\<^sub>k return N = M"
+proof(cases "space M = {}")
+ case True
+ then show ?thesis
+ by(simp add: bind_kernel_def space_empty[symmetric])
+next
+ case False
+ then have 1: "space N \<noteq> {}"
+ by(simp add: sets_eq_imp_space_eq[OF assms])
+ interpret prob_kernel N N "return N"
+ by(simp add: prob_kernel_def')
+ show ?thesis
+ by(rule measure_eqI) (auto simp: emeasure_bind_kernel[OF assms _ 1] sets_bind_kernel[OF 1 assms] assms)
+qed
+
+subsection\<open> S-Finite Kernel \<close>
+locale s_finite_kernel = measure_kernel +
+ assumes s_finite_kernel_sum: "\<exists>ki. (\<forall>i. finite_kernel X Y (ki i) \<and> (\<forall>x\<in>space X. \<forall>A\<in>sets Y. \<kappa> x A = (\<Sum>i. ki i x A)))"
+
+lemma s_finite_kernel_subI:
+ assumes "\<And>x. x \<in> space X \<Longrightarrow> sets (\<kappa> x) = sets Y" "\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> A \<in> sets Y \<Longrightarrow> emeasure (\<kappa> x) A = (\<Sum>i. ki i x A)"
+ shows "s_finite_kernel X Y \<kappa>"
+proof -
+ interpret measure_kernel X Y \<kappa>
+ proof
+ show "B \<in> sets Y \<Longrightarrow> (\<lambda>x. emeasure (\<kappa> x) B) \<in> borel_measurable X" for B
+ using assms(2) by(simp add: assms(3) subprob_kernel_def' cong: measurable_cong)
+ next
+ show "space X \<noteq> {} \<Longrightarrow> space Y \<noteq> {}"
+ using assms(2)[of 0] by(auto simp: subprob_kernel_def measure_kernel_def)
+ qed fact
+ show ?thesis
+ by (auto simp: s_finite_kernel_def measure_kernel_axioms s_finite_kernel_axioms_def assms(2,3) intro!: exI[where x=ki] subprob_kernel.finite_kernel)
+qed
+
+context s_finite_kernel
+begin
+
+lemma s_finite_kernels_fin:
+ obtains ki where "\<And>i. finite_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+proof -
+ obtain ki where ki:"\<And>i. finite_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> A \<in> sets Y \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernel_sum)
+ hence "\<kappa> x A = (\<Sum>i. ki i x A)" if "x \<in> space X " for x A
+ by(cases "A \<in> sets Y", insert that kernel_sets[OF that]) (auto simp: finite_kernel_def measure_kernel_def emeasure_notin_sets)
+ with ki show ?thesis
+ using that by auto
+qed
+
+lemma s_finite_kernels:
+ obtains ki where "\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+proof -
+ obtain ki where ki:"\<And>i. finite_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernels_fin)
+ have "\<exists>kij. (\<forall>j. subprob_kernel X Y (kij j)) \<and> (\<forall>x A. x \<in> space X \<longrightarrow> ki i x A = (\<Sum>j. kij j x A))" for i
+ using measure_kernel.subprob_kernel_sum[of X Y "ki i", OF _ finite_kernel.finite_measures[OF ki(1)[of i]]] ki(1)[of i] by(metis finite_kernel_def)
+ then obtain kij where kij: "\<And>i j. subprob_kernel X Y (kij i j)" "\<And>x A i. x \<in> space X \<Longrightarrow> ki i x A = (\<Sum>j. kij i j x A)"
+ by metis
+ have "\<And>i. subprob_kernel X Y (case_prod kij (prod_decode i))"
+ using kij(1) by(auto simp: split_beta)
+ moreover have "x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. case_prod kij (prod_decode i) x A)" for x A
+ using suminf_ennreal_2dimen[of "\<lambda>i. ki i x A" "\<lambda>(i,j). kij i j x A"]
+ by(auto simp: ki(2) kij(2) split_beta')
+ ultimately show ?thesis
+ using that by fastforce
+qed
+
+lemma image_s_finite_measure:
+ assumes "x \<in> space X"
+ shows "s_finite_measure (\<kappa> x)"
+proof -
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernels)
+ show ?thesis
+ using ki(1)[simplified subprob_kernel_def'] measurable_space[OF ki(1)[simplified subprob_kernel_def'] assms]
+ by(auto intro!: s_finite_measureI[where Mi="\<lambda>i. ki i x"] subprob_space.axioms(1) simp: kernel_sets[OF assms] space_subprob_algebra ki(2)[OF assms])
+qed
+
+corollary kernel_measurable_s_finite[measurable]:"\<kappa> \<in> X \<rightarrow>\<^sub>M s_finite_measure_algebra Y"
+ by(auto intro!: measurable_s_finite_measure_algebra simp: kernel_sets image_s_finite_measure)
+
+lemma comp_measurable:
+ assumes f[measurable]:"f \<in> M \<rightarrow>\<^sub>M X"
+ shows "s_finite_kernel M Y (\<lambda>x. \<kappa> (f x))"
+proof -
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernels)
+ show ?thesis
+ using ki(1) measurable_space[OF f] by(auto intro!: s_finite_kernel_subI[where ki="\<lambda>i x. ki i (f x)"] simp: subprob_kernel_def' ki(2) kernel_sets)
+qed
+
+lemma distr_s_finite_kernel:
+ assumes f[measurable]: "f \<in> Y \<rightarrow>\<^sub>M Z"
+ shows "s_finite_kernel X Z (\<lambda>x. distr (\<kappa> x) Z f)"
+proof -
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernels)
+ hence 1:"x \<in> space X \<Longrightarrow> space (ki i x) = space Y" for x i
+ by(auto simp: subprob_kernel_def' intro!: subprob_measurableD(1)[of _ X Y])
+ have [measurable]:"B \<in> sets Z \<Longrightarrow> (\<lambda>x. emeasure (distr (\<kappa> x) Z f) B) \<in> borel_measurable X" for B
+ by(rule measurable_cong[where g="\<lambda>x. \<kappa> x (f -` B \<inter> space Y)", THEN iffD2]) (auto simp: emeasure_distr sets_eq_imp_space_eq[OF kernel_sets])
+ show ?thesis
+ using ki(1) measurable_distr[OF f] by(auto intro!: s_finite_kernel_subI[where ki="\<lambda>i x. distr (ki i x) Z f"] simp: subprob_kernel_def' emeasure_distr ki(2) sets_eq_imp_space_eq[OF kernel_sets] 1)
+qed
+
+lemma comp_s_finite_measure:
+ assumes "s_finite_measure \<mu>" and [measurable_cong]: "sets \<mu> = sets X"
+ shows "s_finite_measure (\<mu> \<bind>\<^sub>k \<kappa>)"
+proof(cases "space X = {}")
+ case 1:True
+ show ?thesis
+ by(auto simp: sets_eq_imp_space_eq[OF assms(2)] 1 bind_kernel_def intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+next
+ case 0:False
+ then have 1: "space \<mu> \<noteq> {}"
+ by(simp add: sets_eq_imp_space_eq[OF assms(2)])
+ have 2: "sets (\<kappa> (SOME x. x \<in> space \<mu>)) = sets Y"
+ by(rule someI2_ex, insert 1 kernel_sets) (auto simp: sets_eq_imp_space_eq[OF assms(2)])
+ have sets_bind[measurable_cong]: "sets (\<mu> \<bind>\<^sub>k \<kappa>) = sets Y"
+ by(simp add: bind_kernel_def 1 sets_eq_imp_space_eq[OF 2] 2)
+ obtain \<mu>i where mui[measurable_cong]: "\<And>i. sets (\<mu>i i) = sets X" "\<And>i. (\<mu>i i) (space X) \<le> 1" "\<And>A. \<mu> A = (\<Sum>i. \<mu>i i A)"
+ using s_finite_measure.finite_measures[OF assms(1)] assms(2) sets_eq_imp_space_eq[OF assms(2)] by metis
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by(metis s_finite_kernels)
+ define Mi where "Mi \<equiv> (\<lambda>n. (\<lambda>(i,j). measure_of (space Y) (sets Y) (\<lambda>A. \<integral>\<^sup>+x. (ki i x A) \<partial>(\<mu>i j))) (prod_decode n))"
+ have emeasure:"(\<mu> \<bind>\<^sub>k \<kappa>) A = (\<Sum>i. (Mi i) A)" (is "?lhs = ?rhs") if "A \<in> sets Y" for A
+ proof -
+ have "?lhs = (\<integral>\<^sup>+x. (\<kappa> x A) \<partial>\<mu>)"
+ by(simp add: emeasure_bind_kernel[OF assms(2) that 0])
+ also have "... = (\<integral>\<^sup>+x. (\<Sum>i. (ki i x A)) \<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong simp: ki sets_eq_imp_space_eq[OF assms(2)])
+ also have "... = (\<Sum>i. \<integral>\<^sup>+x. (ki i x A) \<partial>\<mu>)"
+ by(auto intro!: nn_integral_suminf) (metis ki(1) assms(2) measurable_cong_sets measure_kernel.emeasure_measurable subprob_kernel_def that)
+ also have "... = ?rhs"
+ unfolding Mi_def
+ proof(rule suminf_ennreal_2dimen[symmetric])
+ fix m
+ interpret kim: subprob_kernel X Y "ki m"
+ by(simp add: ki)
+ show "(\<integral>\<^sup>+ x. (ki m x) A \<partial>\<mu>) = (\<Sum>n. emeasure (case (m, n) of (i, j) \<Rightarrow> measure_of (space Y) (sets Y) (\<lambda>A. \<integral>\<^sup>+ x. emeasure (ki i x) A \<partial>\<mu>i j)) A)"
+ using kim.emeasure_measurable[OF that] by(simp add: kim.nn_integral_measure[OF mui(1) that] nn_integral_measure_suminf[OF mui(1)[simplified assms(2)[symmetric]] mui(3)])
+ qed
+ finally show ?thesis .
+ qed
+ have fin:"finite_measure (Mi i)" for i
+ proof(rule prod.exhaust[where y="prod_decode i"])
+ fix j1 j2
+ interpret kij: subprob_kernel X Y "ki j1"
+ by(simp add: ki)
+ assume pd:"prod_decode i = (j1, j2)"
+ have "Mi i (space (Mi i)) = (\<integral>\<^sup>+x. (ki j1 x (space Y)) \<partial>\<mu>i j2)"
+ by(auto simp: Mi_def pd kij.nn_integral_measure[OF mui(1) sets.top])
+ also have "... \<le> (\<integral>\<^sup>+x. 1 \<partial>\<mu>i j2)"
+ by(intro nn_integral_mono) (metis kij.subprob_space mui(1) sets_eq_imp_space_eq)
+ also have "... \<le> 1"
+ using mui by (simp add: sets_eq_imp_space_eq[OF mui(1)])
+ finally show "finite_measure (Mi i)"
+ by (metis ennreal_one_less_top finite_measureI infinity_ennreal_def less_le_not_le)
+ qed
+ have 3: "sets (Mi i) = sets (\<mu> \<bind>\<^sub>k \<kappa>)" for i
+ by(simp add: Mi_def split_beta sets_bind)
+ show "s_finite_measure (\<mu> \<bind>\<^sub>k \<kappa>)"
+ using emeasure fin 3 by (auto intro!: exI[where x=Mi] simp: s_finite_measure_def sets_bind)
+qed
+
+end
+
+lemma s_finite_kernel_empty_trivial:
+ assumes "space X = {}"
+ shows "s_finite_kernel X Y k"
+ using assms by(auto simp: s_finite_kernel_def s_finite_kernel_axioms_def intro!: measure_kernel_empty_trivial finite_kernel_empty_trivial)
+
+lemma s_finite_kernel_def': "s_finite_kernel X Y \<kappa> \<longleftrightarrow> ((\<forall>x. x \<in> space X \<longrightarrow> sets (\<kappa> x) = sets Y) \<and> (\<exists>ki. (\<forall>i. subprob_kernel X Y (ki i)) \<and> (\<forall>x A. x \<in> space X \<longrightarrow> A \<in> sets Y \<longrightarrow> emeasure (\<kappa> x) A = (\<Sum>i. ki i x A))))" (is "?l \<longleftrightarrow> ?r")
+proof
+ assume ?l
+ then interpret s_finite_kernel X Y \<kappa> .
+ from s_finite_kernels obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> emeasure (\<kappa> x) A = (\<Sum>i. emeasure (ki i x) A)"
+ by metis
+ thus ?r
+ by(auto simp: kernel_sets)
+qed(auto intro!: s_finite_kernel_subI)
+
+lemma(in finite_kernel) s_finite_kernel_finite_kernel: "s_finite_kernel X Y \<kappa>"
+proof
+ consider "space X = {}" | "space X \<noteq> {}" by auto
+ then show "\<exists>ki. \<forall>i. finite_kernel X Y (ki i) \<and> (\<forall>x\<in>space X. \<forall>A\<in>sets Y. (\<kappa> x) A = (\<Sum>i. (ki i x) A))"
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto simp: finite_kernel_def measure_kernel_def finite_kernel_axioms_def measurable_def intro!: exI[where x=0])
+ next
+ case 2
+ then have y:"space Y \<noteq> {}" by(simp add: Y_not_empty)
+ define ki where "ki i \<equiv> case i of 0 \<Rightarrow> \<kappa> | Suc _ \<Rightarrow> (\<lambda>_. sigma (space Y) (sets Y))" for i
+ have "finite_kernel X Y (ki i)" for i
+ by (cases i, auto simp: ki_def finite_kernel_axioms) (auto simp: emeasure_sigma finite_kernel_def measure_kernel_def finite_kernel_axioms_def y intro!: finite_measureI exI[where x=1])
+ moreover have "(\<kappa> x) A = (\<Sum>i. (ki i x) A)" for x A
+ by(simp add: suminf_offset[where i="Suc 0" and f="\<lambda>i. ki i x A",simplified],simp add: ki_def emeasure_sigma)
+ ultimately show ?thesis by auto
+ qed
+qed
+
+lemmas(in subprob_kernel) s_finite_kernel_subprob_kernel = s_finite_kernel_finite_kernel
+lemmas(in prob_kernel) s_finite_kernel_prob_kernel = s_finite_kernel_subprob_kernel
+
+sublocale finite_kernel \<subseteq> s_finite_kernel
+ by(rule s_finite_kernel_finite_kernel)
+
+lemma s_finite_kernel_cong_sets:
+ assumes "sets X = sets X'" "sets Y = sets Y'"
+ shows "s_finite_kernel X Y = s_finite_kernel X' Y'"
+ by standard (simp add: s_finite_kernel_def measurable_cong_sets[OF assms(1) refl] sets_eq_imp_space_eq[OF assms(1)] assms(2) measure_kernel_cong_sets[OF assms] s_finite_kernel_axioms_def finite_kernel_cong_sets[OF assms])
+
+lemma(in s_finite_kernel) s_finite_kernel_cong:
+ assumes "\<And>x. x \<in> space X \<Longrightarrow> \<kappa> x = g x"
+ shows "s_finite_kernel X Y g"
+ using assms s_finite_kernel_axioms by(auto simp: s_finite_kernel_def s_finite_kernel_axioms_def measure_kernel_def cong: measurable_cong)
+
+lemma(in s_finite_measure) s_finite_kernel_const:
+ assumes "space M \<noteq> {}"
+ shows "s_finite_kernel X M (\<lambda>x. M)"
+proof
+ obtain Mi where Mi:"\<And>i. sets (Mi i) = sets M" "\<And>i. (Mi i) (space M) \<le> 1" "\<And>A. M A = (\<Sum>i. Mi i A)"
+ by(metis finite_measures)
+ hence "\<And>i. subprob_kernel X M (\<lambda>x. Mi i)"
+ by(auto simp: subprob_kernel_def' space_subprob_algebra sets_eq_imp_space_eq[OF Mi(1)] assms intro!:measurable_const subprob_spaceI)
+ thus "\<exists>ki. \<forall>i. finite_kernel X M (ki i) \<and> (\<forall>x\<in>space X. \<forall>A\<in>sets M. M A = (\<Sum>i. (ki i x) A))"
+ by(auto intro!: exI[where x="\<lambda>i x. Mi i"] Mi(3) subprob_kernel.finite_kernel)
+qed (auto simp: assms)
+
+lemma s_finite_kernel_pair_countble1:
+ assumes "countable A" "\<And>i. i \<in> A \<Longrightarrow> s_finite_kernel X Y (\<lambda>x. k (i,x))"
+ shows "s_finite_kernel (count_space A \<Otimes>\<^sub>M X) Y k"
+proof -
+ have "\<exists>ki. (\<forall>j. subprob_kernel X Y (ki j)) \<and> (\<forall>x B. x \<in> space X \<longrightarrow> B \<in> sets Y \<longrightarrow> k (i,x) B = (\<Sum>j. ki j x B))" if "i \<in> A" for i
+ using s_finite_kernel.s_finite_kernels[OF assms(2)[OF that]] by metis
+ then obtain ki where ki:"\<And>i j. i \<in> A \<Longrightarrow> subprob_kernel X Y (ki i j)" "\<And>i x B. i \<in> A \<Longrightarrow> x \<in> space X \<Longrightarrow> B \<in> sets Y \<Longrightarrow> k (i,x) B = (\<Sum>j. ki i j x B)"
+ by metis
+ then show ?thesis
+ using assms(2) by(auto simp: s_finite_kernel_def' measure_kernel_pair_countble1[OF assms(1)] subprob_kernel_def' space_pair_measure intro!: exI[where x="\<lambda>j (i,x). ki i j x"] measurable_pair_measure_countable1 assms(1))
+qed
+
+lemma s_finite_kernel_s_finite_kernel:
+ assumes "\<And>i. s_finite_kernel X Y (ki i)" "\<And>x. x \<in> space X \<Longrightarrow> sets (k x) = sets Y" "\<And>x A. x \<in> space X \<Longrightarrow> A \<in> sets Y \<Longrightarrow> emeasure (k x) A = (\<Sum>i. (ki i) x A)"
+ shows "s_finite_kernel X Y k"
+proof -
+ have "\<exists>kij. (\<forall>j. subprob_kernel X Y (kij j)) \<and> (\<forall>x A. x \<in> space X \<longrightarrow> ki i x A = (\<Sum>j. kij j x A))" for i
+ using s_finite_kernel.s_finite_kernels[OF assms(1)[of i]] by metis
+ then obtain kij where kij:"\<And>i j. subprob_kernel X Y (kij i j)" "\<And>i x A. x \<in> space X \<Longrightarrow> ki i x A = (\<Sum>j. kij i j x A)"
+ by metis
+ define ki' where "ki' \<equiv> (\<lambda>n. case_prod kij (prod_decode n))"
+ have emeasure_sumk':"emeasure (k x) A = (\<Sum>i. emeasure (ki' i x) A)" if x:"x \<in> space X" and A: "A \<in> sets Y" for x A
+ by(auto simp: assms(3)[OF that] kij(2)[OF x] ki'_def intro!: suminf_ennreal_2dimen[symmetric])
+ have "subprob_kernel X Y (ki' i)" for i
+ using kij(1) by(auto simp: ki'_def split_beta')
+ thus ?thesis
+ by(auto simp: s_finite_kernel_def' measure_kernel_def assms(2) s_finite_kernel_axioms_def emeasure_sumk' intro!: exI[where x=ki'])
+qed
+
+lemma s_finite_kernel_finite_sumI:
+ assumes [measurable_cong]: "\<And>x. x \<in> space X \<Longrightarrow> sets (\<kappa> x) = sets Y"
+ and "\<And>i. i \<in> I \<Longrightarrow> subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> A \<in> sets Y \<Longrightarrow> emeasure (\<kappa> x) A = (\<Sum>i\<in>I. ki i x A)" "finite I" "I \<noteq> {}"
+ shows "s_finite_kernel X Y \<kappa>"
+proof -
+ consider "space X = {}" | "space X \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(rule s_finite_kernel_empty_trivial)
+ next
+ case 2
+ then have Y:"space Y \<noteq> {}"
+ using assms measure_kernel.Y_not_empty by (fastforce simp: subprob_kernel_def)
+ define ki' where "ki' \<equiv> (\<lambda>i x. if i < card I then ki (from_nat_into I i) x else null_measure Y)"
+ have [simp]:"subprob_kernel X Y (ki' i)" for i
+ by(cases "i < card I") (simp add: ki'_def from_nat_into assms, auto simp: ki'_def subprob_kernel_def measure_kernel_def subprob_kernel_axioms_def Y intro!: subprob_spaceI)
+ have [simp]: "(\<Sum>i. emeasure (ki' i x) A) = (\<Sum>i\<in>I. ki i x A)" for x A
+ using suminf_finite[of "{..<card I}" "\<lambda>i. (if i < card I then ki (from_nat_into I i) x else null_measure Y) A"]
+ by(auto simp: sum.reindex_bij_betw[OF bij_betw_from_nat_into_finite[OF assms(4)],symmetric] ki'_def)
+ have [measurable]:"B \<in> sets Y \<Longrightarrow> (\<lambda>x. emeasure (\<kappa> x) B) \<in> borel_measurable X" for B
+ using assms(2) by(auto simp: assms(3) subprob_kernel_def' cong: measurable_cong)
+ show ?thesis
+ by (auto simp: s_finite_kernel_def' intro!: exI[where x=ki'] assms)
+ qed
+qed
+
+text \<open> Each kernel does not need to be bounded by a uniform upper-bound in the definition of @{term s_finite_kernel} \<close>
+lemma s_finite_kernel_finite_bounded_sum:
+ assumes [measurable_cong]: "\<And>x. x \<in> space X \<Longrightarrow> sets (\<kappa> x) = sets Y"
+ and "\<And>i. measure_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> A \<in> sets Y \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)" "\<And>i x. x \<in> space X \<Longrightarrow> ki i x (space Y) < \<infinity>"
+ shows "s_finite_kernel X Y \<kappa>"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by(simp add: s_finite_kernel_empty_trivial)
+next
+ case X:False
+ then have Y: "space Y \<noteq> {}"
+ using assms(2)[of 0] by(simp add: measure_kernel_def)
+ show ?thesis
+ proof(rule s_finite_kernel_s_finite_kernel[where ki=ki,OF _ assms(1) assms(3)])
+ fix i
+ interpret m: measure_kernel X Y "ki i" by fact
+ define kij where "kij \<equiv> (\<lambda>(j :: nat) x. if j < nat \<lceil>enn2real (ki i x (space Y))\<rceil> then scale_measure (1 / ennreal \<lceil>enn2real (ki i x (space Y))\<rceil>) (ki i x) else sigma (space Y) (sets Y))"
+ have sets_kij: "sets (kij j x) = sets Y" if "x \<in> space X" for j x
+ by(auto simp: m.kernel_sets[OF that] kij_def)
+ have emeasure_kij: "ki i x A = (\<Sum>j. kij j x A)" if "x \<in> space X" "A \<in> sets Y" for x A
+ proof -
+ have "(\<Sum>j. kij j x A) = (\<Sum>j< nat \<lceil>enn2real (ki i x (space Y))\<rceil>. scale_measure (1 / ennreal \<lceil>enn2real (ki i x (space Y))\<rceil>) (ki i x) A)"
+ by(simp add: suminf_offset[where i="nat \<lceil>enn2real (ki i x (space Y))\<rceil>" and f="\<lambda>j. kij j x A"], simp add: kij_def emeasure_sigma)
+ also have "... = ki i x A"
+ proof(cases "nat \<lceil>enn2real (ki i x (space Y))\<rceil>")
+ case 0
+ then show ?thesis
+ by simp (metis assms(4) emeasure_eq_0 enn2real_le ennreal_0 infinity_ennreal_def le_zero_eq linorder_not_le m.kernel_space nle_le sets.sets_into_space sets.top that)
+ next
+ case (Suc n')
+ then have "ennreal (real_of_int \<lceil>enn2real (emeasure (ki i x) (space Y))\<rceil>) > 0"
+ using ennreal_less_zero_iff by fastforce
+ with assms(4)[OF that(1),of i] have [simp]: "of_nat (nat \<lceil>enn2real (emeasure (ki i x) (space Y))\<rceil>) / ennreal (real_of_int \<lceil>enn2real (emeasure (ki i x) (space Y))\<rceil>) = 1"
+ by (simp add: ennreal_eq_0_iff ennreal_of_nat_eq_real_of_nat)
+ show ?thesis
+ by(simp add: mult.assoc[symmetric] ennreal_times_divide)
+ qed
+ finally show ?thesis by simp
+ qed
+ have sk: "subprob_kernel X Y (kij j)" for j
+ proof -
+ {
+ fix B
+ assume [measurable]:"B \<in> sets Y"
+ have "emeasure (kij j x) B = (if j < nat \<lceil>enn2real (ki i x (space Y))\<rceil> then (ki i x) B / ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>) else 0)" if "x \<in> space X" for x
+ by(auto simp: kij_def emeasure_sigma divide_ennreal_def mult.commute)
+ hence " (\<lambda>x. emeasure (kij j x) B) \<in> borel_measurable X"
+ by(auto simp: kij_def cong: measurable_cong)
+ }
+ moreover {
+ fix x
+ assume x:"x \<in> space X"
+ have "subprob_space (kij j x)"
+ proof -
+ have "emeasure (kij j x) (space Y) \<le> 1"
+ proof -
+ {
+ assume 1:"j < nat \<lceil>enn2real (emeasure (ki i x) (space Y))\<rceil>"
+ then have "emeasure (ki i x) (space Y) > 0"
+ by (metis ceiling_zero enn2real_0 nat_zero_as_int not_gr_zero not_less_zero)
+ with assms(4)[OF x] have [simp]:"emeasure (ki i x) (space Y) / emeasure (ki i x) (space Y) = 1"
+ by simp
+ have [simp]:"emeasure (ki i x) (space Y) / ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>) \<le> 1"
+ proof(rule order.trans[where b="emeasure (ki i x) (space Y) / ki i x (space Y)",OF divide_le_posI_ennreal])
+ show "0 < ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>)"
+ using 1 assms(4)[OF x] enn2real_positive_iff top.not_eq_extremum by fastforce
+ next
+ have 1:"ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>) \<ge> ki i x (space Y)"
+ using assms(4)[OF x] enn2real_le by (simp add: linorder_neq_iff)
+ have "ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>) / ki i x (space Y) \<ge> 1"
+ by(rule order.trans[OF _ divide_right_mono_ennreal[OF 1,of "ki i x (space Y)"]]) simp
+ thus "emeasure (ki i x) (space Y) \<le> ennreal (real_of_int \<lceil>enn2real (ki i x (space Y))\<rceil>) * (emeasure (ki i x) (space Y) / ki i x (space Y))"
+ by (simp add: "1")
+ qed simp
+ have "1 / ennreal (real_of_int \<lceil>enn2real (emeasure (ki i x) (space Y))\<rceil>) * emeasure (ki i x) (space Y) \<le> 1"
+ by (simp add: ennreal_divide_times)
+ }
+ thus ?thesis
+ by(auto simp: kij_def emeasure_sigma)
+ qed
+ thus ?thesis
+ by(auto intro!: subprob_spaceI simp: sets_eq_imp_space_eq[OF sets_kij[OF x,of j]] Y)
+ qed
+ }
+ ultimately show ?thesis
+ by(auto simp: subprob_kernel_def measure_kernel_def sets_kij m.Y_not_empty subprob_kernel_axioms_def)
+ qed
+ show "s_finite_kernel X Y (ki i)"
+ by(auto intro!: s_finite_kernel_subI simp: emeasure_kij sk m.kernel_sets)
+ qed simp_all
+qed
+
+lemma(in measure_kernel) s_finite_kernel_finite_bounded:
+ assumes "\<And>x. x \<in> space X \<Longrightarrow> \<kappa> x (space Y) < \<infinity>"
+ shows "s_finite_kernel X Y \<kappa>"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by(simp add: s_finite_kernel_empty_trivial)
+next
+ case False
+ then have Y:"space Y \<noteq> {}" by(simp add: Y_not_empty)
+ have "measure_kernel X Y (case i of 0 \<Rightarrow> \<kappa> | Suc x \<Rightarrow> \<lambda>x. null_measure Y)" for i
+ by(cases i,auto simp: measure_kernel_axioms) (auto simp: measure_kernel_def Y)
+ moreover have "\<kappa> x A = (\<Sum>i. emeasure ((case i of 0 \<Rightarrow> \<kappa> | Suc x \<Rightarrow> \<lambda>x. null_measure Y) x) A)" for x A
+ by(simp add: suminf_offset[where i="Suc 0"])
+ moreover have "x \<in> space X \<Longrightarrow> emeasure ((case i of 0 \<Rightarrow> \<kappa> | Suc x \<Rightarrow> \<lambda>x. null_measure Y) x) (space Y) < \<top>" for x i
+ by(cases i) (use assms in auto)
+ ultimately show ?thesis
+ by(auto intro!: s_finite_kernel_finite_bounded_sum[where ki="\<lambda>i. case i of 0 \<Rightarrow> \<kappa> | Suc _ \<Rightarrow> (\<lambda>x. null_measure Y)" and X=X and Y=Y] simp: kernel_sets)
+qed
+
+lemma(in s_finite_kernel) density_s_finite_kernel:
+ assumes f[measurable]: "case_prod f \<in> X \<Otimes>\<^sub>M Y \<rightarrow>\<^sub>M borel"
+ shows "s_finite_kernel X Y (\<lambda>x. density (\<kappa> x) (f x))"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by(simp add: s_finite_kernel_empty_trivial)
+next
+ case False
+ note Y = Y_not_empty[OF this]
+ obtain ki' where ki': "\<And>i. subprob_kernel X Y (ki' i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki' i x A)"
+ by(metis s_finite_kernels)
+ hence sets_ki'[measurable_cong]:"\<And>x i. x \<in> space X \<Longrightarrow> sets (ki' i x) = sets Y"
+ by(auto simp: subprob_kernel_def measure_kernel_def)
+ define ki where "ki \<equiv> (\<lambda>i x. density (ki' i x) (f x))"
+ have sets_ki: "x \<in> space X \<Longrightarrow> sets (ki i x) = sets Y" for i x
+ using ki'(1) by(auto simp: subprob_kernel_def measure_kernel_def ki_def)
+ have emeasure_k:"density (\<kappa> x) (f x) A = (\<Sum>i. ki i x A)" if x:"x \<in> space X" and A[measurable]:"A \<in> sets Y" for x A
+ using kernel_sets[OF x] x ki'(1) sets_ki'[OF x] by(auto simp: emeasure_density nn_integral_measure_suminf[OF _ ki'(2),of x] ki_def)
+ show ?thesis
+ proof(rule s_finite_kernel_s_finite_kernel[where ki="ki",OF _ _ emeasure_k])
+ fix i
+ note nn_integral_measurable_subprob_algebra2[OF _ ki'(1)[of i,simplified subprob_kernel_def'],measurable]
+ define kij where "kij \<equiv> (\<lambda>j x. if j = 0 then density (ki' i x) (\<lambda>y. \<infinity> * indicator {y\<in>space Y. f x y = \<infinity>} y)
+ else if j = (Suc 0) then density (ki' i x) (\<lambda>y. f x y * indicator {y\<in>space Y. f x y < \<infinity>} y)
+ else null_measure Y)"
+ have emeasure_kij: "ki i x A = (\<Sum>j. kij j x A)" (is "?lhs = ?rhs") if x:"x \<in> space X" and [measurable]: "A \<in> sets Y" for x A
+ proof -
+ have "?lhs = (\<integral>\<^sup>+y\<in>A. f x y \<partial>ki' i x)"
+ using sets_ki[OF x,of i] x by(auto simp: ki_def emeasure_density)
+ also have "... = (\<integral>\<^sup>+y. (\<infinity> * indicator {y \<in> space Y. f x y = \<infinity>} y * indicator A y + f x y * indicator {y \<in> space Y. f x y < \<infinity>} y * indicator A y) \<partial>ki' i x)"
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF sets_ki'[OF x]] indicator_def) (simp add: top.not_eq_extremum)
+ also have "... = density (ki' i x) (\<lambda>y. \<infinity> * indicator {y\<in>space Y. f x y = \<infinity>} y) A + density (ki' i x) (\<lambda>y. f x y * indicator {y\<in>space Y. f x y < \<infinity>} y) A"
+ using sets_ki[OF x,of i] x by(auto simp: ki_def emeasure_density nn_integral_add)
+ also have "... = ?rhs"
+ using suminf_finite[of "{..<Suc (Suc 0)}" "\<lambda>j. kij j x A"] by(simp add: kij_def)
+ finally show ?thesis .
+ qed
+ have sets_kij[measurable_cong]:"x \<in> space X \<Longrightarrow> sets (kij j x) = sets Y" for j x
+ by(auto simp: kij_def sets_ki')
+ show "s_finite_kernel X Y (ki i)"
+ proof(rule s_finite_kernel_s_finite_kernel[where ki=kij,OF _ _ emeasure_kij])
+ fix j
+ consider "j = 0" | "j = Suc 0" | "j \<noteq> 0" "j \<noteq> Suc 0" by auto
+ then show "s_finite_kernel X Y (kij j)"
+ proof cases
+ case 1
+ have emeasure_ki: "emeasure (kij j x) A = (\<Sum>j. emeasure (density (ki' i x) (indicator {y \<in> space Y. f x y = \<top>})) A)" if x:"x \<in> space X" and [measurable]: "A \<in> sets Y" for x A
+ using sets_ki'[OF x] x by(auto simp: 1 kij_def emeasure_density nn_integral_suminf[symmetric] indicator_def intro!: nn_integral_cong) (simp add: nn_integral_count_space_nat[symmetric])
+ have [simp]:"subprob_kernel X Y (\<lambda>x. density (ki' i x) (indicator {y \<in> space Y. f x y = \<top>}))"
+ proof -
+ have [simp]:"x \<in> space X \<Longrightarrow> set_nn_integral (ki' i x) (space Y) (indicator {y \<in> space Y. f x y = \<top>}) \<le> 1" for x
+ by(rule order.trans[OF nn_integral_mono[where v="\<lambda>x. 1"]],insert ki'(1)[of i]) (auto simp: indicator_def subprob_kernel_def subprob_kernel_axioms_def intro!: subprob_space.emeasure_space_le_1)
+ show ?thesis
+ by(auto simp: subprob_kernel_def measure_kernel_def emeasure_density subprob_kernel_axioms_def sets_ki' sets_eq_imp_space_eq[OF sets_ki'] Y cong: measurable_cong intro!: subprob_spaceI)
+ qed
+ show ?thesis
+ by (auto simp: s_finite_kernel_def' sets_kij intro!: exI[where x="\<lambda>k x. density (ki' i x) (indicator {y \<in> space Y. f x y = \<top>})"] simp: emeasure_ki )
+ next
+ case j:2
+ have emeasure_ki: "emeasure (kij j x) A = (\<Sum>k. density (ki' i x) (\<lambda>y. f x y * indicator {y \<in> space Y. of_nat k \<le> f x y \<and> f x y < 1 + of_nat k} y) A)" if x:"x \<in> space X" and [measurable]:"A \<in> sets Y" for x A
+ proof -
+ have [simp]: "f x y * indicator {y \<in> space Y. f x y < \<top>} y * indicator A y = f x y * (\<Sum>k. indicator {y \<in> space Y. of_nat k \<le> f x y \<and> f x y < 1 + of_nat k} y) * indicator A y" if y:"y \<in> space Y" for y
+ proof(cases "f x y < \<top>")
+ case f:True
+ define l where "l \<equiv> floor (enn2real (f x y))"
+ have "nat l \<le> enn2real (f x y)" "enn2real (f x y) < 1 + nat l"
+ by (simp_all add: l_def) linarith
+ with y have l:"of_nat (nat l) \<le> f x y" "f x y < 1 + of_nat (nat l)"
+ using Orderings.order_eq_iff enn2real_positive_iff ennreal_enn2real_if ennreal_of_nat_eq_real_of_nat linorder_not_le of_nat_0_le_iff f by fastforce+
+ then have "(\<Sum>j. indicator {y \<in> space Y. of_nat j \<le> f x y \<and> f x y < 1 + of_nat j} y :: ennreal) = (\<Sum>j. if j = nat l then 1 else 0)"
+ by(auto intro!: suminf_cong simp: indicator_def y) (metis Suc_leI linorder_neqE_nat linorder_not_less of_nat_Suc of_nat_le_iff order_trans)
+ also have "... = 1"
+ using suminf_finite[where N="{nat l}" and f="\<lambda>j. if j = nat l then 1 else (0 :: ennreal)"] by simp
+ finally show ?thesis
+ by(auto, insert f) (auto simp: indicator_def)
+ qed(use top.not_eq_extremum in fastforce)
+ show ?thesis
+ using sets_ki[OF x] sets_ki'[OF x] x by(auto simp: kij_def j emeasure_density nn_integral_suminf[symmetric] sets_eq_imp_space_eq[OF sets_ki'[OF x]] intro!: nn_integral_cong)
+ qed
+ show ?thesis
+ proof(rule s_finite_kernel_finite_bounded_sum[OF sets_kij _ emeasure_ki])
+ fix k
+ show "measure_kernel X Y (\<lambda>x. density (ki' i x) (\<lambda>y. f x y * indicator {y \<in> space Y. of_nat k \<le> f x y \<and> f x y < 1 + of_nat k} y))"
+ using sets_ki'[of _ i] by(auto simp: measure_kernel_def emeasure_density Y cong: measurable_cong)
+ next
+ fix k x
+ assume x:"x \<in>space X"
+ have "emeasure (density (ki' i x) (\<lambda>y. f x y * indicator {y \<in> space Y. of_nat k \<le> f x y \<and> f x y < 1 + of_nat k} y)) (space Y) \<le> 1 + of_nat k"
+ by(auto simp: emeasure_density x,rule order.trans[OF nn_integral_mono[where v="\<lambda>x. 1 + of_nat k"]]) (insert subprob_kernel.subprob_space[OF ki'(1)[of i] x], auto simp: indicator_def subprob_kernel_def subprob_kernel_axioms_def sets_eq_imp_space_eq[OF sets_ki'[OF x]] intro!: mult_mono[where d="1 :: ennreal",OF order.refl,simplified])
+ also have "... < \<infinity>"
+ by (simp add: of_nat_less_top)
+ finally show "emeasure (density (ki' i x) (\<lambda>y. f x y * indicator {y \<in> space Y. of_nat k \<le> f x y \<and> f x y < 1 + of_nat k} y)) (space Y) < \<infinity>" .
+ qed auto
+ next
+ case 3
+ then show ?thesis
+ by(auto simp: kij_def s_finite_kernel_cong_sets[of X X Y,OF _ sets_null_measure[symmetric]] Y intro!: s_finite_measure.s_finite_kernel_const finite_measure.s_finite_measure_finite_measure finite_measureI)
+ qed
+ qed(auto simp: sets_ki)
+ qed(auto simp: kernel_sets)
+qed
+
+lemma(in s_finite_kernel) nn_integral_measurable_f:
+ assumes [measurable]:"(\<lambda>(x,y). f x y) \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. \<integral>\<^sup>+y. f x y \<partial>(\<kappa> x)) \<in> borel_measurable X"
+proof -
+ obtain \<kappa>i where \<kappa>i:"\<And>i. subprob_kernel X Y (\<kappa>i i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. \<kappa>i i x A)"
+ by(metis s_finite_kernels)
+ show ?thesis
+ proof(rule measurable_cong[THEN iffD2])
+ fix x
+ assume "x \<in> space X"
+ with \<kappa>i show "(\<integral>\<^sup>+ y. f x y \<partial>\<kappa> x) = (\<Sum>i. \<integral>\<^sup>+ y. f x y \<partial>\<kappa>i i x)"
+ by(auto intro!: nn_integral_measure_suminf[symmetric] simp: subprob_kernel_def kernel_sets measure_kernel_def)
+ next
+ show "(\<lambda>x. \<Sum>i. \<integral>\<^sup>+ y. f x y \<partial>\<kappa>i i x) \<in> borel_measurable X"
+ using \<kappa>i(1) nn_integral_measurable_subprob_algebra2[OF assms] by(simp add: subprob_kernel_def' )
+ qed
+qed
+
+lemma(in s_finite_kernel) nn_integral_measurable_f':
+ assumes "f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. \<integral>\<^sup>+y. f (x, y) \<partial>(\<kappa> x)) \<in> borel_measurable X"
+ using nn_integral_measurable_f[where f="curry f",simplified,OF assms] by simp
+
+lemma(in s_finite_kernel) bind_kernel_s_finite_kernel':
+ assumes "s_finite_kernel (X \<Otimes>\<^sub>M Y) Z (case_prod g)"
+ shows "s_finite_kernel X Z (\<lambda>x. \<kappa> x \<bind>\<^sub>k g x)"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by (simp add: s_finite_kernel_empty_trivial)
+next
+ case X:False
+ then have Y:"space Y \<noteq> {}"
+ by(simp add: Y_not_empty)
+ from s_finite_kernels obtain ki where ki:
+ "\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ by metis
+ interpret g:s_finite_kernel "X \<Otimes>\<^sub>M Y" Z "case_prod g" by fact
+ from g.s_finite_kernels[simplified space_pair_measure] obtain gi where gi:
+ "\<And>i. subprob_kernel (X \<Otimes>\<^sub>M Y) Z (gi i)" "\<And>x y A. x \<in> space X \<Longrightarrow> y \<in> space Y \<Longrightarrow> g x y A = (\<Sum>i. gi i (x,y) A)"
+ by auto metis
+ define kgi where "kgi = (\<lambda>i x. case prod_decode i of (i,j) \<Rightarrow> (ki j x \<bind> curry (gi i) x))"
+ have emeasure:"emeasure (\<kappa> x \<bind>\<^sub>k g x) A = (\<Sum>i. emeasure (kgi i x) A)" (is "?lhs = ?rhs") if x:"x \<in> space X" and A:"A \<in> sets Z" for x A
+ proof -
+ interpret gx: s_finite_kernel Y Z "g x"
+ using g.comp_measurable[OF measurable_Pair1'[OF x]] by auto
+ have "?lhs = (\<integral>\<^sup>+ y. g x y A \<partial>\<kappa> x)"
+ using gx.emeasure_bind_kernel[OF kernel_sets[OF x] A]
+ by(auto simp: sets_eq_imp_space_eq[OF kernel_sets[OF x]] Y)
+ also have "... = (\<integral>\<^sup>+ y. (\<Sum>i. gi i (x, y) A) \<partial>\<kappa> x)"
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF kernel_sets[OF x]] gi(2)[OF x])
+ also have "... = (\<Sum>i. \<integral>\<^sup>+ y. gi i (x, y) A \<partial>\<kappa> x)"
+ using gi(1) x A by(auto intro!: nn_integral_suminf simp: subprob_kernel_def')
+ also have "... = (\<Sum>i. (\<Sum>j. \<integral>\<^sup>+ y. gi i (x, y) A \<partial>ki j x))"
+ by(rule suminf_cong, rule nn_integral_measure_suminf[symmetric], insert kernel_sets[OF x] ki gi(1) x A)
+ (auto simp: subprob_kernel_def measure_kernel_def measurable_cong_sets[OF sets_pair_measure_cong[OF refl kernel_sets[OF x]]] intro!: measurable_Pair2[OF _ x])
+ also have "... = (\<Sum>i. (\<Sum>j. emeasure (ki j x \<bind> (curry (gi i) x)) A))"
+ using sets_eq_imp_space_eq[of "ki _ x" Y] ki(1) x gi(1) measurable_cong_sets[of _ _ "subprob_algebra Z" "subprob_algebra Z", OF sets_pair_measure_cong[of X X Y "ki _ x"]]
+ by(auto intro!: suminf_cong emeasure_bind[OF _ _ A,symmetric] measurable_Pair2[OF _ x] simp: curry_def subprob_kernel_def[of X] subprob_kernel_def'[of "X \<Otimes>\<^sub>M Y"] measure_kernel_def Y)
+ also have "... = ?rhs"
+ unfolding kgi_def by(rule suminf_ennreal_2dimen[symmetric]) (simp add: curry_def)
+ finally show ?thesis .
+ qed
+ have sets: "sets (\<kappa> x \<bind>\<^sub>k g x) = sets Z" if x:"x \<in> space X" for x
+ proof -
+ interpret gx: s_finite_kernel Y Z "g x"
+ using g.comp_measurable[OF measurable_Pair1'[OF x]] by auto
+ show ?thesis
+ by(simp add: gx.sets_bind_kernel[OF _ kernel_sets[OF x]] Y)
+ qed
+ have sk:"subprob_kernel X Z (kgi i)" for i
+ using ki(1)[of "snd (prod_decode i)"] gi(1)[of "fst (prod_decode i)"]
+ by(auto simp: subprob_kernel_def' kgi_def split_beta' curry_def)
+ show ?thesis
+ using sk by(auto simp: s_finite_kernel_def' emeasure sets subprob_kernel_def' intro!: exI[where x=kgi] measurable_cong[where g="\<lambda>x. \<Sum>i. emeasure (kgi i x) _" and f="\<lambda>x. emeasure (\<kappa> x \<bind>\<^sub>k g x) _",THEN iffD2])
+qed
+
+corollary(in s_finite_kernel) bind_kernel_s_finite_kernel:
+ assumes "s_finite_kernel Y Z k'"
+ shows "s_finite_kernel X Z (\<lambda>x. \<kappa> x \<bind>\<^sub>k k')"
+ by(auto intro!: bind_kernel_s_finite_kernel' s_finite_kernel.comp_measurable[OF assms measurable_snd] simp: split_beta')
+
+lemma(in s_finite_kernel) nn_integral_bind_kernel:
+ assumes "f \<in> borel_measurable Y" "sets \<mu> = sets X"
+ shows "(\<integral>\<^sup>+ y. f y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>)) = (\<integral>\<^sup>+x. (\<integral>\<^sup>+ y. f y \<partial>(\<kappa> x)) \<partial>\<mu>)"
+proof(cases "space X = {}")
+ case True
+ then show ?thesis
+ by(simp add: sets_eq_imp_space_eq[OF assms(2)] bind_kernel_def nn_integral_empty)
+next
+ case X:False
+ then have \<mu>:"space \<mu> \<noteq> {}" by(simp add: sets_eq_imp_space_eq[OF assms(2)])
+ note 1[measurable_cong] = assms(2) sets_bind_kernel[OF X assms(2)]
+ from assms(1) show ?thesis
+ proof induction
+ case ih:(cong f g)
+ have "(\<integral>\<^sup>+ y. f y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>)) = (\<integral>\<^sup>+ y. g y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>))" "(\<integral>\<^sup>+ x. integral\<^sup>N (\<kappa> x) f \<partial>\<mu>) = (\<integral>\<^sup>+ x. integral\<^sup>N (\<kappa> x) g \<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF 1(2)] sets_eq_imp_space_eq[OF assms(2)] sets_eq_imp_space_eq[OF kernel_sets] ih(3))
+ then show ?case
+ by(simp add: ih)
+ next
+ case (set A)
+ then show ?case
+ by(auto simp: emeasure_bind_kernel[OF 1(1) _ X] sets_eq_imp_space_eq[OF 1(1)] intro!: nn_integral_cong)
+ next
+ case ih:(mult u c)
+ then have "(\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. c * u y \<partial>\<kappa> x \<partial>\<mu>) = (\<integral>\<^sup>+ x. c * \<integral>\<^sup>+ y. u y \<partial>\<kappa> x \<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong nn_integral_cmult simp: sets_eq_imp_space_eq[OF 1(1)])
+ with ih nn_integral_measurable_f[of "\<lambda>_ y. u y"] show ?case
+ by(auto simp: nn_integral_cmult intro!: nn_integral_cong)
+ next
+ case ih:(add u v)
+ then have "(\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. v y + u y \<partial>\<kappa> x \<partial>\<mu>) = (\<integral>\<^sup>+ x. (\<integral>\<^sup>+ y. v y \<partial>\<kappa> x) + (\<integral>\<^sup>+ y. u y \<partial>\<kappa> x) \<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong simp: nn_integral_add sets_eq_imp_space_eq[OF 1(1)])
+ with ih nn_integral_measurable_f[of "\<lambda>_ y. u y"] nn_integral_measurable_f[of "\<lambda>_ y. v y"] show ?case
+ by(simp add: nn_integral_add)
+ next
+ case ih[measurable]:(seq U)
+ show ?case (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = ((\<Squnion>i. integral\<^sup>N (\<mu> \<bind>\<^sub>k \<kappa>) (U i)))"
+ by(rule nn_integral_monotone_convergence_SUP[of U,simplified SUP_apply[of U UNIV,symmetric]]) (use ih in auto)
+ also have "... = (\<Squnion>i. \<integral>\<^sup>+ x. (\<integral>\<^sup>+ y. U i y \<partial>\<kappa> x) \<partial>\<mu>)"
+ by(simp add: ih)
+ also have "... = (\<integral>\<^sup>+ x. (\<Squnion>i. (\<integral>\<^sup>+ y. U i y \<partial>\<kappa> x)) \<partial>\<mu>)"
+ proof(rule nn_integral_monotone_convergence_SUP[symmetric])
+ show "incseq (\<lambda>i x. \<integral>\<^sup>+ y. U i y \<partial>\<kappa> x)"
+ by standard+ (auto intro!: le_funI nn_integral_mono simp:le_funD[OF incseqD[OF ih(3)]])
+ qed(use nn_integral_measurable_f[of "\<lambda>_ y. U _ y"] in simp)
+ also have "... = ?rhs"
+ by(rule nn_integral_cong, rule nn_integral_monotone_convergence_SUP[of U,simplified SUP_apply[of U UNIV,symmetric],OF ih(3),symmetric]) (auto simp: sets_eq_imp_space_eq[OF 1(1)])
+ finally show ?thesis .
+ qed
+ qed
+qed
+
+lemma(in s_finite_kernel) bind_kernel_assoc:
+ assumes "s_finite_kernel Y Z k'" "sets \<mu> = sets X"
+ shows "\<mu> \<bind>\<^sub>k (\<lambda>x. \<kappa> x \<bind>\<^sub>k k') = \<mu> \<bind>\<^sub>k \<kappa> \<bind>\<^sub>k k'"
+proof(cases "space X = {}")
+ case X:False
+ then have \<mu>: "space \<mu> \<noteq> {}" and Y:"space Y \<noteq> {}"
+ by(simp_all add: Y_not_empty sets_eq_imp_space_eq[OF assms(2)])
+ interpret k':s_finite_kernel Y Z k' by fact
+ interpret k'': s_finite_kernel X Z "\<lambda>x. \<kappa> x \<bind>\<^sub>k k'"
+ by(rule bind_kernel_s_finite_kernel[OF assms(1)])
+ show ?thesis
+ proof(rule measure_eqI)
+ fix A
+ assume "A \<in> sets (\<mu> \<bind>\<^sub>k (\<lambda>x. \<kappa> x \<bind>\<^sub>k k'))"
+ then have A[measurable]: "A \<in> sets Z"
+ by(simp add: k''.sets_bind_kernel[OF X assms(2)])
+ show "emeasure (\<mu> \<bind>\<^sub>k (\<lambda>x. \<kappa> x \<bind>\<^sub>k k')) A = emeasure (\<mu> \<bind>\<^sub>k \<kappa> \<bind>\<^sub>k k') A" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. emeasure (\<kappa> x \<bind>\<^sub>k k') A \<partial>\<mu>)"
+ by(rule k''.emeasure_bind_kernel[OF assms(2) A X])
+ also have "... = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. k' y A \<partial>\<kappa> x \<partial>\<mu>)"
+ using k'.emeasure_bind_kernel[OF kernel_sets A]
+ by(auto intro!: nn_integral_cong simp: sets_eq_imp_space_eq[OF assms(2)] sets_eq_imp_space_eq[OF kernel_sets] Y)
+ also have "... = (\<integral>\<^sup>+ y. k' y A \<partial>(\<mu> \<bind>\<^sub>k \<kappa>))"
+ by(simp add: nn_integral_bind_kernel[OF k'.emeasure_measurable[OF A] assms(2)])
+ also have "... = ?rhs"
+ by(simp add: k'.emeasure_bind_kernel[OF sets_bind_kernel[OF X assms(2)] A] sets_eq_imp_space_eq[OF sets_bind_kernel[OF X assms(2)]] Y)
+ finally show ?thesis .
+ qed
+ qed(auto simp: k'.sets_bind_kernel[OF Y sets_bind_kernel[OF X assms(2)]] k''.sets_bind_kernel[OF X assms(2)])
+qed(simp add: bind_kernel_def sets_eq_imp_space_eq[OF assms(2)])
+
+lemma s_finite_kernel_pair_measure:
+ assumes "s_finite_kernel X Y k" and "s_finite_kernel X Z k'"
+ shows "s_finite_kernel X (Y \<Otimes>\<^sub>M Z) (\<lambda>x. k x \<Otimes>\<^sub>M k' x)"
+proof -
+ interpret k: s_finite_kernel X Y k by fact
+ interpret k': s_finite_kernel X Z k' by fact
+ from k.s_finite_kernels k'.s_finite_kernels obtain ki ki'
+ where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> k x A = (\<Sum>i. ki i x A)"
+ and ki':"\<And>i. subprob_kernel X Z (ki' i)" "\<And>x A. x \<in> space X \<Longrightarrow> k' x A = (\<Sum>i. ki' i x A)"
+ by metis
+ then have 1[measurable_cong]: "\<And>x i. x \<in> space X \<Longrightarrow> sets (ki i x) = sets Y" "\<And>x i. x \<in> space X \<Longrightarrow> sets (ki' i x) = sets Z"
+ by(auto simp: subprob_kernel_def measure_kernel_def)
+ define kki where "kki \<equiv> (\<lambda>i x. (\<lambda>(j,i). ki i x \<Otimes>\<^sub>M ki' j x) (prod_decode i))"
+ have kki1: "\<And>i. subprob_kernel X (Y \<Otimes>\<^sub>M Z) (kki i)"
+ using ki(1) ki'(1) by(auto simp: subprob_kernel_def' kki_def split_beta intro!: measurable_pair_measure)
+ have kki2: "(k x \<Otimes>\<^sub>M k' x) A = (\<Sum>i. (kki i x) A)" (is "?lhs = ?rhs") if x:"x \<in> space X" and A[measurable]: "A \<in> sets (Y \<Otimes>\<^sub>M Z)" for x A
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ y. \<integral>\<^sup>+ z. indicator A (y, z) \<partial>k' x \<partial>k x)"
+ using x by(simp add: s_finite_measure.emeasure_pair_measure'[OF k'.image_s_finite_measure])
+ also have "... = (\<integral>\<^sup>+ y. (\<Sum>j. \<integral>\<^sup>+ z. indicator A (y, z) \<partial>ki' j x) \<partial>k x)"
+ using ki' x by(auto intro!: nn_integral_cong nn_integral_measure_suminf[symmetric] simp: sets_eq_imp_space_eq[OF k.kernel_sets[OF x]] subprob_kernel_def measure_kernel_def k'.kernel_sets)
+ also have "... = (\<Sum>j. \<integral>\<^sup>+ y. \<integral>\<^sup>+ z. indicator A (y, z) \<partial>ki' j x \<partial>k x)"
+ using x by(auto intro!: nn_integral_suminf s_finite_measure.borel_measurable_nn_integral_fst' s_finite_kernel.image_s_finite_measure[OF subprob_kernel.s_finite_kernel_subprob_kernel[OF ki'(1)]])
+ also have "... = (\<Sum>j. (\<Sum>i. (\<integral>\<^sup>+ y. \<integral>\<^sup>+ z. indicator A (y, z) \<partial>ki' j x \<partial>ki i x)))"
+ using x ki by(auto intro!: suminf_cong nn_integral_measure_suminf[symmetric] s_finite_measure.borel_measurable_nn_integral_fst' simp: k.kernel_sets[OF x] subprob_kernel_def measure_kernel_def s_finite_kernel.image_s_finite_measure[OF subprob_kernel.s_finite_kernel_subprob_kernel[OF ki'(1)]])
+ also have "... = (\<Sum>j. (\<Sum>i. (ki i x \<Otimes>\<^sub>M ki' j x) A))"
+ using x by(auto simp: s_finite_measure.emeasure_pair_measure'[OF s_finite_kernel.image_s_finite_measure[OF subprob_kernel.s_finite_kernel_subprob_kernel[OF ki'(1)]]])
+ also have "... = ?rhs"
+ unfolding kki_def by(rule suminf_ennreal_2dimen[symmetric]) auto
+ finally show ?thesis .
+ qed
+ show ?thesis
+ proof
+ fix B
+ assume [measurable]:"B \<in> sets (Y \<Otimes>\<^sub>M Z)"
+ show "(\<lambda>x. emeasure (k x \<Otimes>\<^sub>M k' x) B) \<in> borel_measurable X"
+ by(rule measurable_cong[where g="\<lambda>x. \<Sum>i. (kki i x) B",THEN iffD2], insert kki1) (auto simp: subprob_kernel_def' kki2)
+ qed(auto intro!: exI[where x=kki] simp: subprob_kernel.finite_kernel kki1 kki2 k.kernel_sets k'.kernel_sets space_pair_measure k.Y_not_empty k'.Y_not_empty)
+qed
+
+lemma pair_measure_eq_bind_s_finite:
+ assumes "s_finite_measure \<mu>" "s_finite_measure \<nu>"
+ shows "\<mu> \<Otimes>\<^sub>M \<nu> = \<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y)))"
+proof -
+ consider "space \<mu> = {}" | "space \<nu> = {}" | "space \<mu> \<noteq> {}" "space \<nu> \<noteq> {}"
+ by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto simp: bind_kernel_def space_pair_measure intro!: space_empty)
+ next
+ case 2
+ then have "\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y))) = count_space {}"
+ by(auto simp: bind_kernel_def space_empty)
+ with 2 show ?thesis
+ by(auto simp: space_pair_measure intro!: space_empty)
+ next
+ case 3
+ show ?thesis
+ proof(intro measure_eqI sets_bind_kernel[OF _ 3(1),symmetric] sets_bind_kernel[OF _ 3(2)])
+ fix A
+ assume A[measurable]: "A \<in> sets (\<mu> \<Otimes>\<^sub>M \<nu>)"
+ show "emeasure (\<mu> \<Otimes>\<^sub>M \<nu>) A = emeasure (\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y)))) A" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y) A \<partial>\<nu> \<partial>\<mu>)"
+ by(simp add: s_finite_measure.emeasure_pair_measure'[OF assms(2)])
+ also have "... = (\<integral>\<^sup>+ x. (\<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y))) A \<partial>\<mu>)"
+ by(auto intro!: nn_integral_cong measure_kernel.emeasure_bind_kernel[OF _ _ A 3(2),symmetric] prob_kernel.axioms(1) simp: prob_kernel_def' simp del: emeasure_return)
+ also have "... = ?rhs"
+ by(auto intro!: measure_kernel.emeasure_bind_kernel[OF _ _ A 3(1),symmetric] s_finite_kernel.axioms(1) s_finite_kernel.bind_kernel_s_finite_kernel'[where Y=\<nu>] s_finite_measure.s_finite_kernel_const[OF assms(2) 3(2)] prob_kernel.s_finite_kernel_prob_kernel[of "\<mu> \<Otimes>\<^sub>M \<nu>"] simp: prob_kernel_def')
+ finally show ?thesis .
+ qed
+ qed simp
+ qed
+qed
+
+lemma bind_kernel_rotate_return:
+ assumes "s_finite_measure \<mu>" "s_finite_measure \<nu>"
+ shows "\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y))) = \<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y)))"
+proof -
+ consider "space \<mu> = {}" | "space \<nu> = {}" | "space \<mu> \<noteq> {}" "space \<nu> \<noteq> {}"
+ by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then have "\<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y))) = count_space {}"
+ by(auto simp: bind_kernel_def space_empty)
+ then show ?thesis
+ by(auto simp: bind_kernel_def space_pair_measure 1 intro!: space_empty)
+ next
+ case 2
+ then have "\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y))) = count_space {}"
+ by(auto simp: bind_kernel_def space_empty)
+ with 2 show ?thesis
+ by(auto simp: space_pair_measure bind_kernel_def intro!: space_empty)
+ next
+ case 3
+ show ?thesis
+ unfolding pair_measure_eq_bind_s_finite[OF assms,symmetric]
+ proof(intro measure_eqI)
+ fix A
+ assume A[measurable]:"A \<in> sets (\<mu> \<Otimes>\<^sub>M \<nu>)"
+ show "emeasure (\<mu> \<Otimes>\<^sub>M \<nu>) A = emeasure (\<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y)))) A" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. indicator A (x, y) \<partial>\<nu> \<partial>\<mu>)"
+ by(rule s_finite_measure.emeasure_pair_measure'[OF assms(2) A])
+ also have "... = (\<integral>\<^sup>+ y. \<integral>\<^sup>+ x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y) A \<partial>\<mu> \<partial>\<nu>)"
+ by(simp add: nn_integral_snd'[OF assms] s_finite_measure.nn_integral_fst'[OF assms(2)])
+ also have "... = (\<integral>\<^sup>+ y. (\<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y))) A \<partial>\<nu>)"
+ by(auto intro!: nn_integral_cong measure_kernel.emeasure_bind_kernel[OF _ _ A 3(1),symmetric] prob_kernel.axioms(1) simp add: prob_kernel_def' simp del: emeasure_return)
+ also have "... = ?rhs"
+ by(auto intro!: measure_kernel.emeasure_bind_kernel[OF _ _ A 3(2),symmetric] s_finite_kernel.axioms(1) s_finite_kernel.bind_kernel_s_finite_kernel'[where Y=\<mu>] s_finite_measure.s_finite_kernel_const[OF assms(1) 3(1)] prob_kernel.s_finite_kernel_prob_kernel[of "\<nu> \<Otimes>\<^sub>M \<mu>"] simp: prob_kernel_def')
+ finally show ?thesis .
+ qed
+ qed(auto intro!: sets_bind_kernel[OF _ 3(2),symmetric] sets_bind_kernel[OF _ 3(1)])
+ qed
+qed
+
+lemma bind_kernel_rotate':
+ assumes "s_finite_measure \<mu>" "s_finite_measure \<nu>" "s_finite_kernel (\<mu> \<Otimes>\<^sub>M \<nu>) Z (case_prod f)"
+ shows "\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. f x y)) = \<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. f x y))" (is "?lhs = ?rhs")
+proof -
+ interpret sk: s_finite_kernel "\<mu> \<Otimes>\<^sub>M \<nu>" Z "case_prod f" by fact
+ consider "space \<mu> = {}" | "space \<nu> = {}" | "space \<mu> \<noteq> {}" "space \<nu> \<noteq> {}"
+ by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then have "?rhs = count_space {}"
+ by(auto simp: bind_kernel_def space_empty)
+ then show ?thesis
+ by(auto simp: bind_kernel_def space_pair_measure 1 intro!: space_empty)
+ next
+ case 2
+ then show ?thesis
+ by(auto simp: space_pair_measure bind_kernel_def intro!: space_empty)
+ next
+ case 3
+ show ?thesis
+ proof -
+ have "?lhs = \<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y)) \<bind>\<^sub>k case_prod f)"
+ by(auto intro!: bind_kernel_cong_All simp: s_finite_kernel.bind_kernel_assoc[OF prob_kernel.s_finite_kernel_prob_kernel assms(3) refl,of \<nu> "\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (_, y)",simplified prob_kernel_def',symmetric] sk.bind_kernel_return space_pair_measure)
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y))) \<bind>\<^sub>k (case_prod f)"
+ by(auto simp: s_finite_kernel.bind_kernel_assoc[OF s_finite_kernel.bind_kernel_s_finite_kernel'[OF s_finite_measure.s_finite_kernel_const[OF assms(2) 3(2),of \<mu>] prob_kernel.s_finite_kernel_prob_kernel,of "\<mu> \<Otimes>\<^sub>M \<nu>" "\<lambda>x y. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y)",simplified] assms(3) refl, simplified prob_kernel_def',symmetric])
+ also have "... = \<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x,y))) \<bind>\<^sub>k (case_prod f)"
+ by(simp add: bind_kernel_rotate_return assms)
+ also have "... = \<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, y)) \<bind>\<^sub>k case_prod f)"
+ by(auto intro!: s_finite_kernel.bind_kernel_assoc[OF _ assms(3),symmetric] s_finite_kernel.bind_kernel_s_finite_kernel'[OF s_finite_measure.s_finite_kernel_const[OF assms(1) 3(1)]] prob_kernel.s_finite_kernel_prob_kernel[of "\<nu> \<Otimes>\<^sub>M \<mu>"] simp: prob_kernel_def')
+ also have "... = ?rhs"
+ by(auto intro!: bind_kernel_cong_All simp: s_finite_kernel.bind_kernel_assoc[OF prob_kernel.s_finite_kernel_prob_kernel assms(3) refl,of \<mu> "\<lambda>x. return (\<mu> \<Otimes>\<^sub>M \<nu>) (x, _)",simplified prob_kernel_def',symmetric] sk.bind_kernel_return space_pair_measure)
+ finally show ?thesis .
+ qed
+ qed
+qed
+
+lemma bind_kernel_rotate:
+ assumes "sets \<mu> = sets X" and "sets \<nu> = sets Y"
+ and "s_finite_measure \<mu>" "s_finite_measure \<nu>" "s_finite_kernel (X \<Otimes>\<^sub>M Y) Z (\<lambda>(x,y). f x y)"
+ shows "\<mu> \<bind>\<^sub>k (\<lambda>x. \<nu> \<bind>\<^sub>k (\<lambda>y. f x y)) = \<nu> \<bind>\<^sub>k (\<lambda>y. \<mu> \<bind>\<^sub>k (\<lambda>x. f x y))"
+ by(auto intro!: bind_kernel_rotate' assms simp: s_finite_kernel_cong_sets[OF sets_pair_measure_cong[OF assms(1,2)]])
+
+lemma(in s_finite_kernel) emeasure_measurable':
+ assumes A[measurable]: "(SIGMA x:space X. A x) \<in> sets (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. emeasure (\<kappa> x) (A x)) \<in> borel_measurable X"
+proof -
+ have **: "A x \<in> sets Y" if "x \<in> space X" for x
+ proof -
+ have "Pair x -` Sigma (space X) A = A x"
+ using that by auto
+ with sets_Pair1[OF A, of x] show "A x \<in> sets Y"
+ by auto
+ qed
+
+ have *: "\<And>x. fst x \<in> space X \<Longrightarrow> snd x \<in> A (fst x) \<longleftrightarrow> x \<in> (SIGMA x:space X. A x)"
+ by (auto simp: fun_eq_iff)
+ have "(\<lambda>(x, y). indicator (A x) y::ennreal) \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ by (measurable,subst measurable_cong[OF *]) (auto simp: space_pair_measure)
+ then have "(\<lambda>x. integral\<^sup>N (\<kappa> x) (indicator (A x))) \<in> borel_measurable X"
+ by(rule nn_integral_measurable_f)
+ moreover have "integral\<^sup>N (\<kappa> x) (indicator (A x)) = emeasure (\<kappa> x) (A x)" if "x \<in> space X" for x
+ using **[OF that] kernel_sets[OF that] by(auto intro!: nn_integral_indicator)
+ ultimately show "(\<lambda>x. emeasure (\<kappa> x) (A x)) \<in> borel_measurable X"
+ by(auto cong: measurable_cong)
+qed
+
+lemma(in s_finite_kernel) measure_measurable':
+ assumes "(SIGMA x:space X. A x) \<in> sets (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. measure (\<kappa> x) (A x)) \<in> borel_measurable X"
+ using emeasure_measurable'[OF assms] by(simp add: measure_def)
+
+lemma(in s_finite_kernel) AE_pred:
+ assumes P[measurable]:"Measurable.pred (X \<Otimes>\<^sub>M Y) (case_prod P)"
+ shows "Measurable.pred X (\<lambda>x. AE y in \<kappa> x. P x y)"
+proof -
+ have [measurable]:"Measurable.pred X (\<lambda>x. emeasure (\<kappa> x) {y \<in> space Y. \<not> P x y} = 0)"
+ proof(rule pred_eq_const1[where N=borel],rule emeasure_measurable')
+ have "(SIGMA x:space X. {y \<in> space Y. \<not> P x y}) = {xy\<in>space (X \<Otimes>\<^sub>M Y). \<not> P (fst xy) (snd xy)}"
+ by (auto simp: space_pair_measure)
+ also have "... \<in> sets (X \<Otimes>\<^sub>M Y)"
+ by simp
+ finally show "(SIGMA x:space X. {y \<in> space Y. \<not> P x y}) \<in> sets (X \<Otimes>\<^sub>M Y)" .
+ qed simp
+ have "{x \<in> space X. almost_everywhere (\<kappa> x) (P x)} = {x \<in> space X. emeasure (\<kappa> x) {y\<in>space Y. \<not> P x y} = 0}"
+ proof safe
+ fix x
+ assume x:"x \<in> space X"
+ show "(AE y in \<kappa> x. P x y) \<Longrightarrow> emeasure (\<kappa> x) {y \<in> space Y. \<not> P x y} = 0"
+ using emeasure_eq_0_AE[of "\<lambda>y. \<not> P x y" "\<kappa> x"]
+ by(simp add: sets_eq_imp_space_eq[OF kernel_sets[OF x]])
+ show "emeasure (\<kappa> x) {y \<in> space Y. \<not> P x y} = 0 \<Longrightarrow> almost_everywhere (\<kappa> x) (P x)"
+ using x by(auto intro!: AE_I[where N="{y \<in> space Y. \<not> P x y}"] simp: sets_eq_imp_space_eq[OF kernel_sets[OF x]] kernel_sets[OF x])
+ qed
+ also have "... \<in> sets X"
+ by(simp add: pred_def)
+ finally show ?thesis
+ by(simp add: pred_def)
+qed
+
+lemma(in subprob_kernel) integrable_probability_kernel_pred:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"(\<lambda>(x,y). f x y) \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "Measurable.pred X (\<lambda>x. integrable (\<kappa> x) (f x))"
+proof(rule measurable_cong[THEN iffD2])
+ show "x \<in> space X \<Longrightarrow> integrable (\<kappa> x) (f x) \<longleftrightarrow> (\<integral>\<^sup>+y. norm (f x y) \<partial>(\<kappa> x)) < \<infinity>" for x
+ by(auto simp: integrable_iff_bounded)
+next
+ have "(\<lambda>(x,y). ennreal (norm (f x y))) \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ by measurable
+ from nn_integral_measurable_f[OF this]
+ show "Measurable.pred X (\<lambda>x. (\<integral>\<^sup>+ y. ennreal (norm (f x y)) \<partial>\<kappa> x) < \<infinity>)"
+ by simp
+qed
+
+corollary integrable_measurable_subprob':
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"(\<lambda>(x,y). f x y) \<in> borel_measurable (X \<Otimes>\<^sub>M Y)" "k \<in> X \<rightarrow>\<^sub>M subprob_algebra Y"
+ shows "Measurable.pred X (\<lambda>x. integrable (k x) (f x))"
+ by(auto intro!: subprob_kernel.integrable_probability_kernel_pred[where Y=Y] simp: subprob_kernel_def')
+
+lemma(in subprob_kernel) integrable_probability_kernel_pred':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes "f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "Measurable.pred X (\<lambda>x. integrable (\<kappa> x) (curry f x))"
+ using integrable_probability_kernel_pred[of "curry f"] assms by auto
+
+lemma(in subprob_kernel) lebesgue_integral_measurable_f_subprob:
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. \<integral>y. f (x,y) \<partial>(\<kappa> x)) \<in> borel_measurable X"
+proof -
+ from borel_measurable_implies_sequence_metric[OF assms, of 0]
+ obtain s where s: "\<And>i. simple_function (X \<Otimes>\<^sub>M Y) (s i)"
+ and "\<forall>x\<in>space (X \<Otimes>\<^sub>M Y). (\<lambda>i. s i x) \<longlonglongrightarrow> f x"
+ and "\<forall>i. \<forall>x\<in>space (X \<Otimes>\<^sub>M Y). dist (s i x) 0 \<le> 2 * dist (f x) 0"
+ by auto
+ then have *:
+ "\<And>x y. x \<in> space X \<Longrightarrow> y \<in> space Y \<Longrightarrow> (\<lambda>i. s i (x, y)) \<longlonglongrightarrow> f (x,y)"
+ "\<And>i x y. x \<in> space X \<Longrightarrow> y \<in> space Y \<Longrightarrow> norm (s i (x, y)) \<le> 2 * norm (f (x, y))"
+ by (auto simp: space_pair_measure)
+
+ have [measurable]: "\<And>i. s i \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ by (rule borel_measurable_simple_function) fact
+
+ have s':"\<And>i. s i \<in> X \<Otimes>\<^sub>M Y \<rightarrow>\<^sub>M count_space UNIV"
+ by (rule measurable_simple_function) fact
+
+ define f' where [abs_def]: "f' i x =
+ (if integrable (\<kappa> x) (curry f x) then Bochner_Integration.simple_bochner_integral (\<kappa> x) (\<lambda>y. s i (x, y)) else 0)" for i x
+
+ have eq: "Bochner_Integration.simple_bochner_integral (\<kappa> x) (\<lambda>y. s i (x, y)) =
+ (\<Sum>z\<in>s i ` (space X \<times> space Y). measure (\<kappa> x) {y \<in> space (\<kappa> x). s i (x, y) = z} *\<^sub>R z)" if "x \<in> space X" for x i
+ proof -
+ have [measurable_cong]: "sets (\<kappa> x) = sets Y" and [simp]: "space (\<kappa> x) = space Y"
+ using that by (simp_all add: kernel_sets kernel_space)
+ with that show ?thesis
+ using s[THEN simple_functionD(1)]
+ unfolding simple_bochner_integral_def
+ by (intro sum.mono_neutral_cong_left)
+ (auto simp: eq_commute space_pair_measure image_iff cong: conj_cong)
+ qed
+
+ show ?thesis
+ proof (rule borel_measurable_LIMSEQ_metric)
+ fix i
+ note [measurable] = integrable_probability_kernel_pred'[OF assms]
+ have [measurable]:"(SIGMA x:space X. {y \<in> space Y. s i (x, y) = s i (a, b)}) \<in> sets (X \<Otimes>\<^sub>M Y)" for a b
+ proof -
+ have "(SIGMA x:space X. {y \<in> space Y. s i (x, y) = s i (a, b)}) = space (X \<Otimes>\<^sub>M Y) \<inter> s i -` {s i (a,b)}"
+ by(auto simp: space_pair_measure)
+ thus ?thesis
+ using s'[of i] by simp
+ qed
+ show "f' i \<in> borel_measurable X"
+ by (auto simp : eq kernel_space f'_def cong: measurable_cong if_cong intro!: borel_measurable_sum measurable_If borel_measurable_scaleR measure_measurable')
+ next
+ fix x
+ assume x:"x \<in> space X"
+ have "(\<lambda>i. Bochner_Integration.simple_bochner_integral (\<kappa> x) (\<lambda>y. s i (x, y))) \<longlonglongrightarrow> (\<integral>y. f (x,y) \<partial>(\<kappa> x))" if int_f:"integrable (\<kappa> x) (curry f x)"
+ proof -
+ have int_2f: "integrable (\<kappa> x) (\<lambda>y. 2 * norm (f (x,y)))"
+ using int_f by(auto simp: curry_def)
+ have "(\<lambda>i. integral\<^sup>L (\<kappa> x) (\<lambda>y. s i (x, y))) \<longlonglongrightarrow> integral\<^sup>L (\<kappa> x) (curry f x)"
+ proof (rule integral_dominated_convergence)
+ show "curry f x \<in> borel_measurable (\<kappa> x)"
+ using int_f by auto
+ next
+ show "\<And>i. (\<lambda>y. s i (x, y)) \<in> borel_measurable (\<kappa> x)"
+ using x kernel_sets by auto
+ next
+ show "AE xa in \<kappa> x. (\<lambda>i. s i (x, xa)) \<longlonglongrightarrow> curry f x xa"
+ using x *(1) kernel_space by(auto simp: curry_def)
+ next
+ show "\<And>i. AE xa in \<kappa> x. norm (s i (x, xa)) \<le> 2 * norm (f (x,xa))"
+ using x * (2) kernel_space by auto
+ qed fact
+ moreover have "integral\<^sup>L (\<kappa> x) (\<lambda>y. s i (x, y)) = Bochner_Integration.simple_bochner_integral (\<kappa> x) (\<lambda>y. s i (x, y))" for i
+ proof -
+ have "Bochner_Integration.simple_bochner_integrable (\<kappa> x) (\<lambda>y. s i (x, y))"
+ proof (rule simple_bochner_integrableI_bounded)
+ have "(\<lambda>y. s i (x, y)) ` space Y \<subseteq> s i ` (space X \<times> space Y)"
+ using x by auto
+ then show "simple_function (\<kappa> x) (\<lambda>y. s i (x, y))"
+ using simple_functionD(1)[OF s(1), of i] x kernel_space
+ by (intro simple_function_borel_measurable) (auto simp: space_pair_measure dest: finite_subset)
+ next
+ have "(\<integral>\<^sup>+ y. ennreal (norm (s i (x, y))) \<partial>\<kappa> x) \<le> (\<integral>\<^sup>+ y. 2 * norm (f (x,y)) \<partial>\<kappa> x)"
+ using x *(2) kernel_space by (intro nn_integral_mono) auto
+ also have "... < \<infinity>"
+ using int_2f unfolding integrable_iff_bounded by simp
+ finally show "(\<integral>\<^sup>+ y. ennreal (norm (s i (x, y))) \<partial>\<kappa> x) < \<infinity>" .
+ qed
+ then show ?thesis
+ by (rule simple_bochner_integrable_eq_integral[symmetric])
+ qed
+ ultimately show ?thesis
+ by(simp add: curry_def)
+ qed
+ thus "(\<lambda>i. f' i x) \<longlonglongrightarrow> (\<integral>y. f (x,y) \<partial>(\<kappa> x))"
+ by (cases "integrable (\<kappa> x) (curry f x)") (simp_all add: f'_def not_integrable_integral_eq curry_def)
+ qed
+qed
+
+lemma(in s_finite_kernel) integrable_measurable_pred[measurable (raw)]:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"case_prod f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "Measurable.pred X (\<lambda>x. integrable (\<kappa> x) (f x))"
+proof(cases "space X = {}")
+ case True
+ from space_empty[OF this] show ?thesis
+ by simp
+next
+ case h:False
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ using s_finite_kernels by metis
+ have [simp]:"integrable (\<kappa> x) (f x) = ((\<Sum>i. \<integral>\<^sup>+ y. ennreal (norm (f x y)) \<partial>ki i x) < \<infinity>)" if "x \<in> space X" for x
+ using ki(1) nn_integral_measure_suminf[of "\<lambda>i. ki i x" "\<kappa> x",OF _ ki(2)] that kernel_sets
+ by(auto simp: integrable_iff_bounded subprob_kernel_def measure_kernel_def)
+ note [measurable] = nn_integral_measurable_subprob_algebra2
+ show ?thesis
+ by(rule measurable_cong[where g="\<lambda>x. (\<Sum>i. \<integral>\<^sup>+y. ennreal (norm (f x y)) \<partial>(ki i x)) < \<infinity>",THEN iffD2]) (insert ki(1), auto simp: subprob_kernel_def')
+qed
+
+lemma(in s_finite_kernel) integral_measurable_f:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"case_prod f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. \<integral>y. f x y \<partial>(\<kappa> x)) \<in> borel_measurable X"
+proof -
+ obtain ki where ki:"\<And>i. subprob_kernel X Y (ki i)" "\<And>x A. x \<in> space X \<Longrightarrow> \<kappa> x A = (\<Sum>i. ki i x A)"
+ using s_finite_kernels by metis
+ note [measurable] = integral_measurable_subprob_algebra2
+
+ show ?thesis
+ proof(rule measurable_cong[where f="(\<lambda>x. if integrable (\<kappa> x) (f x) then (\<Sum>i. \<integral>y. f x y \<partial>(ki i x)) else 0)",THEN iffD1])
+ fix x
+ assume h:"x \<in> space X"
+ {
+ assume h':"integrable (\<kappa> x) (f x)"
+ have "(\<Sum>i. \<integral>y. f x y \<partial>(ki i x)) = (\<integral>y. f x y \<partial>(\<kappa> x))"
+ using lebesgue_integral_measure_suminf[of "\<lambda>i. ki i x" "\<kappa> x",OF _ ki(2) h'] ki(1) kernel_sets[OF h] h
+ by(auto simp: subprob_kernel_def measure_kernel_def)
+ }
+ thus "(if integrable (\<kappa> x) (f x) then (\<Sum>i. \<integral>y. f x y \<partial>(ki i x)) else 0) = (\<integral>y. f x y \<partial>(\<kappa> x))"
+ using not_integrable_integral_eq by auto
+ qed(insert ki(1), auto simp: subprob_kernel_def')
+qed
+
+lemma(in s_finite_kernel) integral_measurable_f':
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable]:"f \<in> borel_measurable (X \<Otimes>\<^sub>M Y)"
+ shows "(\<lambda>x. \<integral>y. f (x,y) \<partial>(\<kappa> x)) \<in> borel_measurable X"
+ using integral_measurable_f[of "curry f"] by simp
+
+lemma(in s_finite_kernel)
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable_cong]: "sets \<mu> = sets X"
+ and "integrable (\<mu> \<bind>\<^sub>k \<kappa>) f"
+ shows integrable_bind_kernelD1: "integrable \<mu> (\<lambda>x. \<integral>y. norm (f y) \<partial>\<kappa> x)" (is ?g1)
+ and integrable_bind_kernelD1': "integrable \<mu> (\<lambda>x. \<integral>y. f y \<partial>\<kappa> x)" (is ?g1')
+ and integrable_bind_kernelD2: "AE x in \<mu>. integrable (\<kappa> x) f" (is ?g2)
+ and integrable_bind_kernelD3: "space X \<noteq> {} \<Longrightarrow> f \<in> borel_measurable Y" (is "_ \<Longrightarrow> ?g3")
+proof -
+ show 1:"space X \<noteq> {} \<Longrightarrow> ?g3"
+ using assms(2) sets_bind_kernel[OF _ assms(1)] by(simp add: integrable_iff_bounded cong: measurable_cong_sets)
+ have "integrable \<mu> (\<lambda>x. \<integral>y. norm (f y) \<partial>\<kappa> x) \<and> integrable \<mu> (\<lambda>x. \<integral>y. f y \<partial>\<kappa> x) \<and> (AE x in \<mu>. integrable (\<kappa> x) f)"
+ proof(cases "space X = {}")
+ assume ne: "space X \<noteq> {}"
+ then have "space \<mu> \<noteq> {}" by(simp add: sets_eq_imp_space_eq[OF assms(1)])
+ note h = integral_measurable_f[measurable] sets_bind_kernel[OF ne assms(1),measurable_cong]
+ have g2: ?g2
+ unfolding integrable_iff_bounded AE_conj_iff
+ proof safe
+ show "AE x in \<mu>. f \<in> borel_measurable (\<kappa> x)"
+ using assms(2) by(auto simp: sets_eq_imp_space_eq[OF assms(1)] measurable_cong_sets[OF kernel_sets])
+ next
+ note nn_integral_measurable_f[measurable]
+ have "AE x in \<mu>. (\<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>\<kappa> x) \<noteq> \<infinity>"
+ by(rule nn_integral_PInf_AE,insert assms(2)) (auto simp: integrable_iff_bounded nn_integral_bind_kernel[OF _ assms(1)] intro!: )
+ thus "AE x in \<mu>. (\<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>\<kappa> x) < \<infinity>"
+ by (simp add: top.not_eq_extremum)
+ qed
+ have [simp]:"(\<integral>\<^sup>+ x. \<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>\<kappa> x \<partial>\<mu>) = (\<integral>\<^sup>+ x. ennreal (\<integral>y. norm (f y) \<partial>\<kappa> x)\<partial>\<mu>)"
+ using g2 by(auto intro!: nn_integral_cong_AE simp: nn_integral_eq_integral)
+ have g1: ?g1
+ using assms(2) by(auto simp: integrable_iff_bounded measurable_cong_sets[OF h(2)] measurable_cong_sets[OF assms(1)] nn_integral_bind_kernel[OF _ assms(1)])
+ have ?g1'
+ using assms(2) by(auto intro!: Bochner_Integration.integrable_bound[OF g1])
+ with g2 g1 show ?thesis
+ by auto
+ qed(auto simp: space_empty[of \<mu>] sets_eq_imp_space_eq[OF assms(1)] integrable_iff_bounded nn_integral_empty)
+ thus ?g1 ?g1' ?g2
+ by auto
+qed
+
+lemma(in s_finite_kernel)
+ fixes f :: "_ \<Rightarrow> _::{banach, second_countable_topology}"
+ assumes [measurable_cong]: "sets \<mu> = sets X"
+ and [measurable]:"AE x in \<mu>. integrable (\<kappa> x) f" "integrable \<mu> (\<lambda>x. \<integral>y. norm (f y) \<partial>\<kappa> x)" "f \<in> borel_measurable Y"
+ shows integrable_bind_kernel: "integrable (\<mu> \<bind>\<^sub>k \<kappa>) f"
+ and integral_bind_kernel: "(\<integral>y. f y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>)) = (\<integral>x. (\<integral>y. f y\<partial>\<kappa> x)\<partial> \<mu>)" (is ?eq)
+proof -
+ have "integrable (\<mu> \<bind>\<^sub>k \<kappa>) f \<and> (\<integral>y. f y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>)) = (\<integral>x. (\<integral>y. f y\<partial>\<kappa> x)\<partial> \<mu>)"
+ proof(cases "space X = {}")
+ assume ne: "space X \<noteq> {}"
+ note sets_bind[measurable_cong] = sets_bind_kernel[OF ne assms(1)]
+ note h = integral_measurable_f[measurable]
+ have 1:"integrable (\<mu> \<bind>\<^sub>k \<kappa>) f"
+ unfolding integrable_iff_bounded
+ proof
+ show "(\<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>(\<mu> \<bind>\<^sub>k \<kappa>)) < \<infinity>" (is "?l < _")
+ proof -
+ have "?l = (\<integral>\<^sup>+ x. ennreal (\<integral>y. norm (f y) \<partial>\<kappa> x)\<partial>\<mu>)"
+ using assms(2) by(auto intro!: nn_integral_cong_AE simp: nn_integral_eq_integral simp: nn_integral_bind_kernel[OF _ assms(1)])
+ also have "... < \<infinity>"
+ using assms(3) by(auto simp: integrable_iff_bounded)
+ finally show ?thesis .
+ qed
+ qed simp
+ then have ?eq
+ proof induction
+ case h[measurable]:(base A c)
+ hence 1:"integrable (\<mu> \<bind>\<^sub>k \<kappa>) (indicat_real A)"
+ by simp
+ have 2:"integrable \<mu> (\<lambda>x. measure (\<kappa> x) A)"
+ by(rule Bochner_Integration.integrable_cong[where f="\<lambda>x. Sigma_Algebra.measure (\<kappa> x) (A \<inter> space (\<kappa> x))",THEN iffD1,OF refl])
+ (insert h integrable_bind_kernelD1[OF assms(1) 1] sets_eq_imp_space_eq[OF kernel_sets], auto simp: sets_eq_imp_space_eq[OF assms(1)] sets_eq_imp_space_eq[OF kernel_sets] sets_bind)
+ have "AE x in \<mu>. emeasure (\<kappa> x) A \<noteq> \<infinity>"
+ by(rule nn_integral_PInf_AE,insert h) (auto simp: emeasure_bind_kernel[OF assms(1) _ ne] sets_bind)
+ hence 0:"AE x in \<mu>. emeasure (\<kappa> x) A < \<infinity>"
+ by (simp add: top.not_eq_extremum)
+ have "(\<integral>x. (\<integral>y. indicat_real A y *\<^sub>R c \<partial>\<kappa> x)\<partial> \<mu>) = (\<integral>x. measure (\<kappa> x) A *\<^sub>R c\<partial>\<mu>)"
+ using h integrable_bind_kernelD2[OF assms(1) integrable_real_indicator,of A]
+ by(auto intro!: integral_cong_AE simp: sets_eq_imp_space_eq[OF kernel_sets] sets_bind sets_eq_imp_space_eq[OF assms(1)])
+ also have "... = (\<integral>x. measure (\<kappa> x) A \<partial>\<mu>) *\<^sub>R c"
+ using 2 by(auto intro!: integral_scaleR_left)
+ finally show ?case
+ using h by(auto simp: measure_bind_kernel[OF assms(1) _ ne 0] sets_bind)
+ next
+ case ih:(add f g)
+ show ?case
+ using ih(1,2) integrable_bind_kernelD2[OF assms(1) ih(1)] integrable_bind_kernelD2[OF assms(1) ih(2)]
+ by(auto simp: ih(3,4) Bochner_Integration.integral_add[OF integrable_bind_kernelD1'[OF assms(1) ih(1)] integrable_bind_kernelD1'[OF assms(1) ih(2)],symmetric] intro!: integral_cong_AE)
+ next
+ case ih:(lim f fn)
+ show ?case (is "?lhs = ?rhs")
+ proof -
+ have conv: "AE x in \<mu>. (\<lambda>n. \<integral>y. fn n y\<partial>\<kappa> x) \<longlonglongrightarrow> (\<integral>y. f y \<partial>\<kappa> x)"
+ proof -
+ have conv:"AE x in \<mu>. integrable (\<kappa> x) f \<longrightarrow> (\<lambda>n. \<integral>y. fn n y\<partial>\<kappa> x) \<longlonglongrightarrow> (\<integral>y. f y \<partial>\<kappa> x)"
+ proof
+ fix x
+ assume h:"x \<in> space \<mu>"
+ then show "integrable (\<kappa> x) f \<longrightarrow> (\<lambda>n. \<integral>y. fn n y\<partial>\<kappa> x) \<longlonglongrightarrow> (\<integral>y. f y \<partial>\<kappa> x)"
+ using ih by(auto intro!: integral_dominated_convergence[where w="\<lambda>x. 2 * norm (f x)"] simp: sets_eq_imp_space_eq[OF sets_bind] sets_eq_imp_space_eq[OF kernel_sets[OF h[simplified sets_eq_imp_space_eq[OF assms(1)]]]] sets_eq_imp_space_eq[OF assms(1)])
+ qed
+ with conv integrable_bind_kernelD2[OF assms(1) ih(4)]
+ show ?thesis by fastforce
+ qed
+ have "?lhs = lim (\<lambda>n. \<integral>y. fn n y \<partial>(\<mu> \<bind>\<^sub>k \<kappa>))"
+ by(rule limI[OF integral_dominated_convergence[where w="\<lambda>x. 2 * norm (f x)"],symmetric]) (use ih in auto)
+ also have "... = lim (\<lambda>n. (\<integral>x. (\<integral>y. fn n y\<partial>\<kappa> x)\<partial> \<mu>))"
+ by(simp add: ih)
+ also have "... = (\<integral>x. lim (\<lambda>n. \<integral>y. fn n y\<partial>\<kappa> x)\<partial> \<mu>)"
+ proof(rule limI[OF integral_dominated_convergence[where w="\<lambda>x. \<integral>y. 2 * norm (f y) \<partial>\<kappa> x"]])
+ fix n
+ show "AE x in \<mu>. norm (\<integral>y. fn n y\<partial>\<kappa> x) \<le> (\<integral>y. 2 * norm (f y) \<partial>\<kappa> x)"
+ by(rule AE_mp[OF integrable_bind_kernelD2[OF assms(1) ih(1),of n] AE_mp[OF integrable_bind_kernelD2[OF assms(1) ih(4)]]],standard+,rule order.trans[OF integral_norm_bound integral_mono[of "\<kappa> _" "\<lambda>y. norm (fn n y)" _,OF _ _ ih(3)[simplified sets_eq_imp_space_eq[OF sets_bind]]]])
+ (auto simp: sets_eq_imp_space_eq[OF assms(1)] sets_eq_imp_space_eq[OF kernel_sets])
+ qed(use ih integrable_bind_kernelD1[OF assms(1) ih(4)] conv limI in auto,fastforce)
+ also have "... = ?rhs"
+ using ih conv limI by(auto intro!: integral_cong_AE, blast)
+ finally show ?thesis .
+ qed
+ qed
+ with 1 show ?thesis
+ by auto
+ qed(auto simp: bind_kernel_def space_empty[of \<mu>] sets_eq_imp_space_eq[OF assms(1)] integrable_iff_bounded nn_integral_empty Bochner_Integration.integral_empty)
+ thus "integrable (\<mu> \<bind>\<^sub>k \<kappa>) f" ?eq
+ by auto
+qed
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/Lemmas_S_Finite_Measure_Monad.thy b/thys/S_Finite_Measure_Monad/Lemmas_S_Finite_Measure_Monad.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Lemmas_S_Finite_Measure_Monad.thy
@@ -0,0 +1,266 @@
+(* Title: Lemmas_S_Finite_Measure_Monad.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+text \<open>For the terminology of s-finite measures/kernels, we refer to the work by Staton~\cite{staton_2017}.
+ For the definition of the s-finite measure monad, we refer to the lecture note by Yang~\cite{HongseokLecture2017}.
+ The construction of the s-finite measure monad is based on the detailed pencil-and-paper proof by Tetsuya Sato.
+ \<close>
+
+section \<open> Lemmas \<close>
+theory Lemmas_S_Finite_Measure_Monad
+ imports "HOL-Probability.Probability" "Standard_Borel_Spaces.StandardBorel"
+begin
+
+lemma integrable_mono_measure:
+ fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
+ assumes [measurable_cong,measurable]:"sets M = sets N" "M \<le> N" "integrable N f"
+ shows "integrable M f"
+ using assms(3) nn_integral_mono_measure[OF assms(1,2),of "\<lambda>x. ennreal (norm (f x))"]
+ by(auto simp: integrable_iff_bounded)
+
+lemma AE_mono_measure:
+ assumes "sets M = sets N" "M \<le> N" "AE x in N. P x"
+ shows "AE x in M. P x"
+ by (metis (no_types, lifting) AE_E Collect_cong assms eventually_ae_filter le_measure le_zero_eq null_setsI sets_eq_imp_space_eq)
+
+lemma finite_measure_return:"finite_measure (return M x)"
+ by(auto intro!: finite_measureI) (metis ennreal_top_neq_one ennreal_zero_neq_top indicator_eq_0_iff indicator_eq_1_iff)
+
+lemma nn_integral_return':
+ assumes "x \<notin> space M"
+ shows "(\<integral>\<^sup>+ x. g x \<partial>return M x) = 0"
+proof -
+ have "emeasure (return M x) A = 0" for A
+ by(cases "A \<in> sets M",insert assms) (auto simp: indicator_def emeasure_notin_sets dest: sets.sets_into_space)
+ thus ?thesis
+ by(auto simp: nn_integral_def simple_integral_def) (meson SUP_least le_zero_eq)
+qed
+
+lemma pair_measure_return: "return M l \<Otimes>\<^sub>M return N r = return (M \<Otimes>\<^sub>M N) (l,r)"
+proof(safe intro!: measure_eqI)
+ fix A
+ assume "A \<in> sets (return M l \<Otimes>\<^sub>M return N r)"
+ then have A[measurable]:"A \<in> sets (M \<Otimes>\<^sub>M N)" by simp
+ note [measurable_cong] = sets_return[of M] sets_return[of N]
+ interpret finite_measure "return N r" by(simp add: finite_measure_return)
+ consider "l \<notin> space M" | "r \<notin> space N" | "l \<in> space M" "r \<in> space N" by auto
+ then show "emeasure (return M l \<Otimes>\<^sub>M return N r) A = emeasure (return (M \<Otimes>\<^sub>M N) (l, r)) A" (is "?lhs = ?rhs")
+ by(cases, insert sets.sets_into_space[OF A]) (auto simp: emeasure_pair_measure nn_integral_return' space_pair_measure nn_integral_return, auto simp: indicator_def)
+qed simp_all
+
+lemma null_measure_distr: "distr (null_measure M) N f = null_measure N"
+ by(auto intro!: measure_eqI simp: distr_def emeasure_sigma)
+
+lemma distr_id':
+ assumes "sets N = sets M"
+ and "\<And>x. x \<in> space N \<Longrightarrow> f x = x"
+ shows "distr N M f = N"
+ by(simp add: distr_cong[OF refl refl,of N f id,simplified,OF assms(2),simplified] distr_id2[OF assms(1)[symmetric]] id_def)
+
+lemma measure_density_times:
+ assumes [measurable]:"S \<in> sets M" "X \<in> sets M" "r \<noteq> \<infinity>"
+ shows "measure (density M (\<lambda>x. indicator S x * r)) X = enn2real r * measure M (S \<inter> X)"
+proof -
+ have [simp]:"density M (\<lambda>x. indicator S x * r) = density (density M (indicator S)) (\<lambda>_. r)"
+ by(simp add: density_density_eq)
+ show ?thesis
+ by(simp add: measure_density_const[OF _ assms(3)] measure_restricted)
+qed
+
+lemma complete_the_square:
+ fixes a b c x :: real
+ assumes "a \<noteq> 0"
+ shows "a*x\<^sup>2 + b * x + c = a * (x + (b / (2*a)))\<^sup>2 - ((b\<^sup>2 - 4* a * c)/(4*a))"
+ using assms by(simp add: comm_semiring_1_class.power2_sum power2_eq_square[of "b / (2 * a)"] ring_class.ring_distribs(1) division_ring_class.diff_divide_distrib power2_eq_square[of b])
+
+lemma complete_the_square2':
+ fixes a b c x :: real
+ assumes "a \<noteq> 0"
+ shows "a*x\<^sup>2 - 2 * b * x + c = a * (x - (b / a))\<^sup>2 - ((b\<^sup>2 - a*c)/a)"
+ using complete_the_square[OF assms,where b="-2 * b" and x=x and c=c]
+ by(simp add: division_ring_class.diff_divide_distrib assms)
+
+lemma normal_density_mu_x_swap:
+ "normal_density \<mu> \<sigma> x = normal_density x \<sigma> \<mu>"
+ by(simp add: normal_density_def power2_commute)
+
+lemma normal_density_plus_shift: "normal_density \<mu> \<sigma> (x + y) = normal_density (\<mu> - x) \<sigma> y"
+ by(simp add: normal_density_def add.commute diff_diff_eq2)
+
+lemma normal_density_times:
+ assumes "\<sigma> > 0" "\<sigma>' > 0"
+ shows "normal_density \<mu> \<sigma> x * normal_density \<mu>' \<sigma>' x = (1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))) * exp (- (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))) * normal_density ((\<mu>*\<sigma>'\<^sup>2 + \<mu>'*\<sigma>\<^sup>2)/(\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x"
+ (is "?lhs = ?rhs")
+proof -
+ have non0: "2*\<sigma>\<^sup>2 \<noteq> 0" "2*\<sigma>'\<^sup>2 \<noteq> 0" "\<sigma>\<^sup>2 + \<sigma>'\<^sup>2 \<noteq> 0"
+ using assms by auto
+ have "?lhs = exp (- ((x - \<mu>)\<^sup>2 / (2 * \<sigma>\<^sup>2))) * exp (- ((x - \<mu>')\<^sup>2 / (2 * \<sigma>'\<^sup>2))) / (sqrt (2 * pi * \<sigma>\<^sup>2) * sqrt (2 * pi * \<sigma>'\<^sup>2)) "
+ by(simp add: normal_density_def)
+ also have "... = exp (- ((x - \<mu>)\<^sup>2 / (2 * \<sigma>\<^sup>2)) - ((x - \<mu>')\<^sup>2 / (2 * \<sigma>'\<^sup>2))) / (sqrt (2 * pi * \<sigma>\<^sup>2) * sqrt (2 * pi * \<sigma>'\<^sup>2))"
+ by(simp add: exp_add[of "- ((x - \<mu>)\<^sup>2 / (2 * \<sigma>\<^sup>2))" "- ((x - \<mu>')\<^sup>2 / (2 * \<sigma>'\<^sup>2))",simplified add_uminus_conv_diff])
+ also have "... = exp (- (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) - (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))) / (sqrt (2 * pi * \<sigma>\<^sup>2) * sqrt (2 * pi * \<sigma>'\<^sup>2))"
+ proof -
+ have "((x - \<mu>)\<^sup>2 / (2 * \<sigma>\<^sup>2)) + ((x - \<mu>')\<^sup>2 / (2 * \<sigma>'\<^sup>2)) = (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) + (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))"
+ (is "?lhs' = ?rhs'")
+ proof -
+ have "?lhs' = (2 * ((x - \<mu>)\<^sup>2 * \<sigma>'\<^sup>2) + 2 * ((x - \<mu>')\<^sup>2 * \<sigma>\<^sup>2)) / (4 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp add: field_class.add_frac_eq[OF non0(1,2)])
+ also have "... = ((x - \<mu>)\<^sup>2 * \<sigma>'\<^sup>2 + (x - \<mu>')\<^sup>2 * \<sigma>\<^sup>2) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp add: power2_eq_square division_ring_class.add_divide_distrib)
+ also have "... = ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * x\<^sup>2 - 2 * (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) * x + (\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2)) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp add: comm_ring_1_class.power2_diff ring_class.left_diff_distrib semiring_class.distrib_right)
+ also have "... = ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 - ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2)\<^sup>2 - (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2)) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp only: complete_the_square2'[OF non0(3),of x "(\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2)" "(\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2)"])
+ also have "... = ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2)) - (((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2)\<^sup>2 - (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2)) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp add: division_ring_class.diff_divide_distrib)
+ also have "... = (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * ((\<sigma> * \<sigma>') / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) - (((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2)\<^sup>2 - (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2)) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) / (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2))"
+ by(simp add: monoid_mult_class.power2_eq_square[of "(\<sigma> * \<sigma>') / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)"] ab_semigroup_mult_class.mult.commute[of "\<sigma>\<^sup>2 + \<sigma>'\<^sup>2"] )
+ (simp add: monoid_mult_class.power2_eq_square[of \<sigma>] monoid_mult_class.power2_eq_square[of \<sigma>'])
+ also have "... = (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) - ((\<mu> * \<sigma>'\<^sup>2)\<^sup>2 + (\<mu>' * \<sigma>\<^sup>2)\<^sup>2 + 2 * (\<mu> * \<sigma>'\<^sup>2) * (\<mu>' * \<sigma>\<^sup>2) - (\<sigma>\<^sup>2 * (\<mu>'\<^sup>2 * \<sigma>\<^sup>2) + \<sigma>\<^sup>2 * (\<mu>\<^sup>2 * \<sigma>'\<^sup>2) + (\<sigma>'\<^sup>2 * (\<mu>'\<^sup>2 * \<sigma>\<^sup>2) + \<sigma>'\<^sup>2 * (\<mu>\<^sup>2 * \<sigma>'\<^sup>2)))) / ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2)))"
+ by(simp add: comm_semiring_1_class.power2_sum[of "\<mu> * \<sigma>'\<^sup>2" "\<mu>' * \<sigma>\<^sup>2"] semiring_class.distrib_right[of "\<sigma>\<^sup>2" "\<sigma>'\<^sup>2" "\<mu>'\<^sup>2 * \<sigma>\<^sup>2 + \<mu>\<^sup>2 * \<sigma>'\<^sup>2"] )
+ (simp add: semiring_class.distrib_left[of _ "\<mu>'\<^sup>2 * \<sigma>\<^sup>2 " "\<mu>\<^sup>2 * \<sigma>'\<^sup>2"])
+ also have "... = (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) + ((\<sigma>\<^sup>2 * \<sigma>'\<^sup>2)*\<mu>\<^sup>2 + (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2)*\<mu>'\<^sup>2 - (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2) * 2 * (\<mu>*\<mu>')) / ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * (2 * (\<sigma>\<^sup>2 * \<sigma>'\<^sup>2)))"
+ by(simp add: monoid_mult_class.power2_eq_square division_ring_class.minus_divide_left)
+ also have "... = (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) + (\<mu>\<^sup>2 + \<mu>'\<^sup>2 - 2 * (\<mu>*\<mu>')) / ((\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) * 2)"
+ using assms by(simp add: division_ring_class.add_divide_distrib division_ring_class.diff_divide_distrib)
+ also have "... = ?rhs'"
+ by(simp add: comm_ring_1_class.power2_diff ab_semigroup_mult_class.mult.commute[of 2])
+ finally show ?thesis .
+ qed
+ thus ?thesis
+ by simp
+ qed
+ also have "... = (exp (- (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))) / (sqrt (2 * pi * \<sigma>\<^sup>2) * sqrt (2 * pi * \<sigma>'\<^sup>2))) * sqrt (2 * pi * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) * normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x"
+ by(simp add: exp_add[of "- (x - (\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2 / (2 * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2)" "- (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))",simplified] normal_density_def)
+ also have "... = ?rhs"
+ proof -
+ have "exp (- (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))) / (sqrt (2 * pi * \<sigma>\<^sup>2) * sqrt (2 * pi * \<sigma>'\<^sup>2)) * sqrt (2 * pi * (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2))\<^sup>2) = 1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) * exp (- (\<mu> - \<mu>')\<^sup>2 / (2 * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)))"
+ using assms by(simp add: real_sqrt_mult)
+ thus ?thesis
+ by simp
+ qed
+ finally show ?thesis .
+qed
+
+lemma KL_normal_density:
+ assumes [arith]: "b > 0" "d > 0"
+ shows "KL_divergence (exp 1) (density lborel (normal_density a b)) (density lborel (normal_density c d)) = ln (b / d) + (d\<^sup>2 + (c - a)\<^sup>2) / (2 * b\<^sup>2) - 1 / 2" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = (\<integral>x. normal_density c d x * ln (normal_density c d x / normal_density a b x) \<partial>lborel)"
+ by(unfold log_ln,rule lborel.KL_density_density) (use order.strict_implies_not_eq[OF normal_density_pos[of b a]] in auto)
+ also have "... = (\<integral>x. normal_density c d x * ln (normal_density c d x) - normal_density c d x * ln (normal_density a b x) \<partial>lborel)"
+ by(simp add: ln_div[OF normal_density_pos[OF assms(2)] normal_density_pos[OF assms(1)]] right_diff_distrib)
+ also have "... = (\<integral>x. normal_density c d x * ln (exp (- (x - c)\<^sup>2 / (2 * d\<^sup>2)) / sqrt (2 * pi * d\<^sup>2)) - normal_density c d x * ln (exp (- (x - a)\<^sup>2 / (2 * b\<^sup>2)) / sqrt (2 * pi * b\<^sup>2)) \<partial>lborel)"
+ by(simp add: normal_density_def)
+ also have "... = (\<integral>x. normal_density c d x * (- (x - c)\<^sup>2 / (2 * d\<^sup>2) - ln (sqrt (2 * pi * d\<^sup>2))) - (normal_density c d x * (- (x - a)\<^sup>2 / (2 * b\<^sup>2) - ln (sqrt (2 * pi * b\<^sup>2)))) \<partial>lborel)"
+ by(simp add: ln_div)
+ also have "... = (\<integral>x. normal_density c d x * (ln (sqrt (2 * pi * b\<^sup>2)) - ln (sqrt (2 * pi * d\<^sup>2))) + (normal_density c d x * ((x - a)\<^sup>2 / (2 * b\<^sup>2)) - normal_density c d x * ((x - c)\<^sup>2 / (2 * d\<^sup>2))) \<partial>lborel)"
+ by(auto intro!: Bochner_Integration.integral_cong simp: right_diff_distrib)
+ also have "... = (\<integral>x. normal_density c d x * (ln (sqrt (2 * pi * b\<^sup>2)) - ln (sqrt (2 * pi * d\<^sup>2))) + (normal_density c d x * ((x - c)\<^sup>2 / (2 * b\<^sup>2) + (2 * x * (c - a) + a^2 - c^2) / (2 * b\<^sup>2)) - normal_density c d x * ((x - c)\<^sup>2 / (2 * d\<^sup>2))) \<partial>lborel)"
+ by(auto intro!: Bochner_Integration.integral_cong simp: add_divide_distrib[symmetric] power2_diff) (simp add: right_diff_distrib)
+ also have "... = (\<integral>x. (ln (sqrt (2 * pi * b\<^sup>2)) - ln (sqrt (2 * pi * d\<^sup>2))) * normal_density c d x + ((1 / (2 * b\<^sup>2) * (normal_density c d x * (x - c)\<^sup>2) + (2 * (c - a)) / (2 * b\<^sup>2) * (normal_density c d x * x) + (a^2 - c^2) / (2 * b\<^sup>2) * (normal_density c d x)) - 1 / (2 * d\<^sup>2) * (normal_density c d x * (x - c)\<^sup>2)) \<partial>lborel)"
+ by(auto intro!: Bochner_Integration.integral_cong simp: add_divide_distrib[symmetric] ring_distribs)
+ also have "... = (\<integral>x. (ln (sqrt (2 * pi * b\<^sup>2)) - ln (sqrt (2 * pi * d\<^sup>2))) * normal_density c d x \<partial>lborel) + (((\<integral>x. 1 / (2 * b\<^sup>2) * (normal_density c d x * (x - c)\<^sup>2) \<partial>lborel) + (\<integral>x. (2 * (c - a)) / (2 * b\<^sup>2) * (normal_density c d x * x) \<partial>lborel) + (\<integral>x. (a^2 - c^2) / (2 * b\<^sup>2) * (normal_density c d x) \<partial>lborel)) - (\<integral>x. 1 / (2 * d\<^sup>2) * (normal_density c d x * (x - c)\<^sup>2) \<partial>lborel))"
+ using integrable_normal_moment_nz_1[OF assms(2)] integrable_normal_moment[OF assms(2),where k=2] by simp
+ also have "... = ln (sqrt (2 * pi * b\<^sup>2)) - ln (sqrt (2 * pi * d\<^sup>2)) + 1 / (2 * b\<^sup>2) * d\<^sup>2 + (2 * c - 2 * a) / (2 * b\<^sup>2) * c + (a\<^sup>2 - c\<^sup>2) / (2 * b\<^sup>2) - 1 / (2 * d\<^sup>2) * d\<^sup>2"
+ by(simp add: integral_normal_moment_even[OF assms(2),of _ 1,simplified] integral_normal_moment_nz_1[OF assms(2)] del: times_divide_eq_left)
+ also have "... = ln (b / d) + 1 / (2 * b\<^sup>2) * d\<^sup>2 + (2 * c - 2 * a) / (2 * b\<^sup>2) * c + (a\<^sup>2 - c\<^sup>2) / (2 * b\<^sup>2) - 1 / (2 * d\<^sup>2) * d\<^sup>2"
+ by(simp add: ln_sqrt ln_mult power2_eq_square diff_divide_distrib[symmetric] ln_div)
+ also have "... = ?rhs"
+ by(auto simp: add_divide_distrib[symmetric] power2_diff left_diff_distrib) (simp add: power2_eq_square)
+ finally show ?thesis .
+qed
+
+lemma count_space_prod:"count_space (UNIV :: ('a :: countable) set) \<Otimes>\<^sub>M count_space (UNIV :: ('b :: countable) set) = count_space UNIV"
+ by(auto simp: pair_measure_countable)
+
+lemma measure_pair_pmf:
+ fixes p :: "('a :: countable) pmf" and q :: "('b :: countable) pmf"
+ shows "measure_pmf p \<Otimes>\<^sub>M measure_pmf q = measure_pmf (pair_pmf p q)" (is "?lhs = ?rhs")
+proof -
+ interpret pair_prob_space "measure_pmf p" "measure_pmf q"
+ by standard
+ have "?lhs = measure_pmf p \<bind> (\<lambda>x. measure_pmf q \<bind> (\<lambda>y. return (measure_pmf p \<Otimes>\<^sub>M measure_pmf q) (x, y)))"
+ by(rule pair_measure_eq_bind)
+ also have "... = ?rhs"
+ by(simp add: measure_pmf_bind pair_pmf_def return_pmf.rep_eq cong: return_cong[OF sets_pair_measure_cong[OF sets_measure_pmf_count_space[of p] sets_measure_pmf_count_space[of q],simplified count_space_prod]])
+ finally show ?thesis .
+qed
+
+lemma distr_PiM_distr:
+ assumes "finite I" "\<And>i. i \<in> I \<Longrightarrow> sigma_finite_measure (distr (M i) (N i) (f i))"
+ and "\<And>i. i \<in> I \<Longrightarrow> f i \<in> M i \<rightarrow>\<^sub>M N i"
+ shows "distr (\<Pi>\<^sub>M i\<in>I. M i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) = (\<Pi>\<^sub>M i\<in>I. distr (M i) (N i) (f i))"
+proof -
+ define M' where "M' \<equiv> (\<lambda>i. if i \<in> I then M i else null_measure (M i))"
+ have f[measurable]: "\<And>i. i \<in> I \<Longrightarrow> f i \<in> M' i \<rightarrow>\<^sub>M N i" and [measurable_cong]: "\<And>i. sets (M' i) = sets (M i)" and [simp]: "\<And>i. i \<in> I \<Longrightarrow> M' i = M i"
+ by(auto simp: M'_def assms)
+ interpret product_sigma_finite "\<lambda>i. distr (M' i) (N i) (f i)"
+ by(auto simp: product_sigma_finite_def M'_def assms(2)) (auto intro!: finite_measure.sigma_finite_measure finite_measureI simp: null_measure_distr)
+ interpret ps: product_sigma_finite M'
+ by(auto simp: product_sigma_finite_def M'_def intro!: finite_measure.sigma_finite_measure[of "null_measure _"] finite_measureI sigma_finite_measure_distr[OF assms(2)])
+ have "distr (\<Pi>\<^sub>M i\<in>I. M i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) = distr (\<Pi>\<^sub>M i\<in>I. M' i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i))"
+ by(simp cong: PiM_cong)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. distr (M' i) (N i) (f i))"
+ proof(rule PiM_eqI[OF assms(1)])
+ fix A
+ assume "\<And>i. i \<in> I \<Longrightarrow> A i \<in> sets (distr (M' i) (N i) (f i))"
+ hence h[measurable]:"\<And>i. i \<in> I \<Longrightarrow> A i \<in> sets (N i)"
+ by simp
+ have [simp]:"(\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) -` (Pi\<^sub>E I A) \<inter> space (Pi\<^sub>M I M') = (\<Pi>\<^sub>E i\<in>I. f i -` A i \<inter> space (M' i))"
+ by(auto simp: space_PiM)
+ show "emeasure (distr (Pi\<^sub>M I M') (Pi\<^sub>M I N) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i))) (Pi\<^sub>E I A) = (\<Prod>i\<in>I. emeasure (distr (M' i) (N i) (f i)) (A i))"
+ by(auto simp: emeasure_distr assms(1) ps.emeasure_PiM[OF assms(1)])
+ qed(simp_all cong: sets_PiM_cong)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. distr (M i) (N i) (f i))"
+ by(auto cong: PiM_cong)
+ finally show ?thesis .
+qed
+
+lemma distr_PiM_distr_prob:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> prob_space (M i)"
+ and "\<And>i. i \<in> I \<Longrightarrow> f i \<in> M i \<rightarrow>\<^sub>M N i"
+ shows "distr (\<Pi>\<^sub>M i\<in>I. M i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) = (\<Pi>\<^sub>M i\<in>I. distr (M i) (N i) (f i))"
+proof -
+ define M' where "M' \<equiv> (\<lambda>i. if i \<in> I then M i else return (count_space UNIV) undefined)"
+ define N' where "N' \<equiv> (\<lambda>i. if i \<in> I then N i else return (count_space UNIV) undefined)"
+ interpret p: product_prob_space "\<lambda>i. distr (M' i) (N' i) (f i)"
+ by(auto simp: product_prob_space_def product_prob_space_axioms_def product_sigma_finite_def M'_def prob_space_return N'_def assms intro!: prob_space_imp_sigma_finite prob_space.prob_space_distr)
+ interpret p': product_prob_space M'
+ by(auto simp: product_prob_space_def product_prob_space_axioms_def product_sigma_finite_def M'_def prob_space_return assms intro!: prob_space_imp_sigma_finite)
+ have f[measurable]: "\<And>i. i \<in> I \<Longrightarrow> f i \<in> M' i \<rightarrow>\<^sub>M N' i"
+ by(auto simp: assms M'_def N'_def)
+ have [simp]: "p.emb I = prod_emb I N'"
+ by standard (auto simp: prod_emb_def)
+ have "distr (\<Pi>\<^sub>M i\<in>I. M i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) = distr (\<Pi>\<^sub>M i\<in>I. M' i) (\<Pi>\<^sub>M i\<in>I. N' i) (\<lambda>xi. \<lambda>i\<in>I. f i (xi i))"
+ by(simp add: M'_def N'_def cong: PiM_cong)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. distr (M' i) (N' i) (f i))"
+ proof(rule p.PiM_eq)
+ fix J F
+ assume h[measurable]: "finite J" "J \<subseteq> I" "\<And>j. j \<in> J \<Longrightarrow> F j \<in> p.M.events j"
+ then have [measurable]: "\<And>j. j \<in> J \<Longrightarrow> F j \<in> sets (N' j)" by simp
+ show " emeasure (distr (Pi\<^sub>M I M') (Pi\<^sub>M I N') (\<lambda>xi. \<lambda>i\<in>I. f i (xi i))) (p.emb I J (Pi\<^sub>E J F)) = (\<Prod>j\<in>J. emeasure (distr (M' j) (N' j) (f j)) (F j))" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = emeasure (Pi\<^sub>M I M') ((\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) -` (prod_emb I N' J (Pi\<^sub>E J F)) \<inter> space (Pi\<^sub>M I M'))"
+ by(simp add: emeasure_distr h)
+ also have "... = emeasure (Pi\<^sub>M I M') (prod_emb I M' J (\<Pi>\<^sub>E i\<in>J. f i -` (F i) \<inter> space (M' i)))"
+ proof -
+ have [simp]:"(\<lambda>xi. \<lambda>i\<in>I. f i (xi i)) -` (prod_emb I N' J (Pi\<^sub>E J F)) \<inter> space (Pi\<^sub>M I M') = prod_emb I M' J (\<Pi>\<^sub>E i\<in>J. f i -` (F i) \<inter> space (M' i))"
+ using measurable_space[OF f] h(1,2,3)
+ by(fastforce simp: space_PiM prod_emb_def PiE_def extensional_def Pi_def M'_def N'_def)
+ show ?thesis by simp
+ qed
+ also have "... = (\<Prod>i\<in>J. emeasure (M' i) (f i -` (F i) \<inter> space (M' i)))"
+ by(rule p'.emeasure_PiM_emb,insert h(2)) (auto simp: h(1))
+ also have "... = ?rhs"
+ using h(2) by(auto simp: emeasure_distr intro!: comm_monoid_mult_class.prod.cong)
+ finally show ?thesis .
+ qed
+ qed (simp cong: sets_PiM_cong)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. distr (M i) (N i) (f i))"
+ by(simp add: M'_def N'_def cong: distr_cong PiM_cong)
+ finally show ?thesis .
+qed
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/Measure_QuasiBorel_Adjunction.thy b/thys/S_Finite_Measure_Monad/Measure_QuasiBorel_Adjunction.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Measure_QuasiBorel_Adjunction.thy
@@ -0,0 +1,1532 @@
+(* Title: Measure_QuasiBorel_Adjunction.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+subsection \<open>Relation to Measurable Spaces\<close>
+
+theory Measure_QuasiBorel_Adjunction
+ imports "QuasiBorel" "QBS_Morphism" Lemmas_S_Finite_Measure_Monad
+begin
+
+text \<open> We construct the adjunction between \textbf{Meas} and \textbf{QBS},
+ where \textbf{Meas} is the category of measurable spaces and measurable functions,
+ and \textbf{QBS} is the category of quasi-Borel spaces and morphisms.\<close>
+
+subsubsection \<open> The Functor $R$ \<close>
+definition measure_to_qbs :: "'a measure \<Rightarrow> 'a quasi_borel" where
+"measure_to_qbs X \<equiv> Abs_quasi_borel (space X, borel \<rightarrow>\<^sub>M X)"
+
+lemma
+ shows qbs_space_R: "qbs_space (measure_to_qbs X) = space X" (is ?goal1)
+ and qbs_Mx_R: "qbs_Mx (measure_to_qbs X) = borel \<rightarrow>\<^sub>M X" (is ?goal2)
+proof -
+ have "Rep_quasi_borel (measure_to_qbs X) = (space X, borel \<rightarrow>\<^sub>M X)"
+ by(auto intro!: Abs_quasi_borel_inverse is_quasi_borel_intro qbs_closed1I qbs_closed2I simp: measure_to_qbs_def dest:measurable_space) (rule qbs_closed3I, auto)
+ thus ?goal1 ?goal2
+ by (simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+text \<open> The following lemma says that @{term measure_to_qbs} is a functor from \textbf{Meas} to \textbf{QBS}. \<close>
+lemma r_preserves_morphisms:
+ "X \<rightarrow>\<^sub>M Y \<subseteq> (measure_to_qbs X) \<rightarrow>\<^sub>Q (measure_to_qbs Y)"
+ by(auto intro!: qbs_morphismI simp: qbs_Mx_R)
+
+subsubsection \<open> The Functor $L$ \<close>
+definition sigma_Mx :: "'a quasi_borel \<Rightarrow> 'a set set" where
+"sigma_Mx X \<equiv> {U \<inter> qbs_space X |U. \<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` U \<in> sets borel}"
+
+definition qbs_to_measure :: "'a quasi_borel \<Rightarrow> 'a measure" where
+"qbs_to_measure X \<equiv> Abs_measure (qbs_space X, sigma_Mx X, \<lambda>A. (if A = {} then 0 else if A \<in> - sigma_Mx X then 0 else \<infinity>))"
+
+lemma measure_space_L: "measure_space (qbs_space X) (sigma_Mx X) (\<lambda>A. (if A = {} then 0 else if A \<in> - sigma_Mx X then 0 else \<infinity>))"
+ unfolding measure_space_def
+proof safe
+
+ show "sigma_algebra (qbs_space X) (sigma_Mx X)"
+ proof(rule sigma_algebra.intro)
+ show "algebra (qbs_space X) (sigma_Mx X)"
+ proof
+ have "\<forall> U \<in> sigma_Mx X. U \<subseteq> qbs_space X"
+ using sigma_Mx_def subset_iff by fastforce
+ thus "sigma_Mx X \<subseteq> Pow (qbs_space X)" by auto
+ next
+ show "{} \<in> sigma_Mx X"
+ unfolding sigma_Mx_def by auto
+ next
+ fix A
+ fix B
+ assume "A \<in> sigma_Mx X"
+ "B \<in> sigma_Mx X"
+ then have "\<exists> Ua. A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)"
+ by (simp add: sigma_Mx_def)
+ then obtain Ua where pa:"A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)" by auto
+ have "\<exists> Ub. B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)"
+ using \<open>B \<in> sigma_Mx X\<close> sigma_Mx_def by auto
+ then obtain Ub where pb:"B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)" by auto
+ from pa pb have [simp]:"\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (Ua \<inter> Ub) \<in> sets borel"
+ by auto
+ from this pa pb sigma_Mx_def have [simp]:"(Ua \<inter> Ub) \<inter> qbs_space X \<in> sigma_Mx X" by blast
+ from pa pb have [simp]:"A \<inter> B = (Ua \<inter> Ub) \<inter> qbs_space X" by auto
+ thus "A \<inter> B \<in> sigma_Mx X" by simp
+ next
+ fix A
+ fix B
+ assume "A \<in> sigma_Mx X"
+ "B \<in> sigma_Mx X"
+ then have "\<exists> Ua. A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)"
+ by (simp add: sigma_Mx_def)
+ then obtain Ua where pa:"A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)" by auto
+ have "\<exists> Ub. B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)"
+ using \<open>B \<in> sigma_Mx X\<close> sigma_Mx_def by auto
+ then obtain Ub where pb:"B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)" by auto
+ from pa pb have [simp]:"A - B = (Ua \<inter> -Ub) \<inter> qbs_space X" by auto
+ from pa pb have "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -`(Ua \<inter> -Ub) \<in> sets borel"
+ by (metis Diff_Compl double_compl sets.Diff vimage_Compl vimage_Int)
+ hence 1:"A - B \<in> sigma_Mx X"
+ using sigma_Mx_def \<open>A - B = Ua \<inter> - Ub \<inter> qbs_space X\<close> by blast
+ show "\<exists>C\<subseteq>sigma_Mx X. finite C \<and> disjoint C \<and> A - B = \<Union> C"
+ proof
+ show "{A - B} \<subseteq>sigma_Mx X \<and> finite {A-B} \<and> disjoint {A-B} \<and> A - B = \<Union> {A-B}"
+ using 1 by auto
+ qed
+ next
+ fix A
+ fix B
+ assume "A \<in> sigma_Mx X"
+ "B \<in> sigma_Mx X"
+ then have "\<exists> Ua. A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)"
+ by (simp add: sigma_Mx_def)
+ then obtain Ua where pa:"A = Ua \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel)" by auto
+ have "\<exists> Ub. B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)"
+ using \<open>B \<in> sigma_Mx X\<close> sigma_Mx_def by auto
+ then obtain Ub where pb:"B = Ub \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ub \<in> sets borel)" by auto
+ from pa pb have "A \<union> B = (Ua \<union> Ub) \<inter> qbs_space X" by auto
+ from pa pb have "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -`(Ua \<union> Ub) \<in> sets borel" by auto
+ then show "A \<union> B \<in> sigma_Mx X"
+ unfolding sigma_Mx_def
+ using \<open>A \<union> B = (Ua \<union> Ub) \<inter> qbs_space X\<close> by blast
+ next
+ have "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (UNIV) \<in> sets borel"
+ by simp
+ thus "qbs_space X \<in> sigma_Mx X"
+ unfolding sigma_Mx_def
+ by blast
+ qed
+ next
+ show "sigma_algebra_axioms (sigma_Mx X)"
+ unfolding sigma_algebra_axioms_def
+ proof safe
+ fix A :: "nat \<Rightarrow> _"
+ assume 1:"range A \<subseteq> sigma_Mx X"
+ then have 2:"\<forall>i. \<exists>Ui. A i = Ui \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ui \<in> sets borel)"
+ unfolding sigma_Mx_def by auto
+ then have "\<exists> U :: nat \<Rightarrow> _. \<forall>i. A i = U i \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (U i) \<in> sets borel)"
+ by (rule choice)
+ from this obtain U where pu:"\<forall>i. A i = U i \<inter> qbs_space X \<and> (\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (U i) \<in> sets borel)"
+ by auto
+ hence "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (\<Union> (range U)) \<in> sets borel"
+ by (simp add: countable_Un_Int(1) vimage_UN)
+ from pu have "\<Union> (range A) = (\<Union>i::nat. (U i \<inter> qbs_space X))" by blast
+ hence "\<Union> (range A) = \<Union> (range U) \<inter> qbs_space X" by auto
+ thus "\<Union> (range A) \<in> sigma_Mx X"
+ using sigma_Mx_def \<open>\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` \<Union> (range U) \<in> sets borel\<close> by blast
+ qed
+ qed
+next
+ show "countably_additive (sigma_Mx X) (\<lambda>A. if A = {} then 0 else if A \<in> - sigma_Mx X then 0 else \<infinity>)"
+ proof(rule countably_additiveI)
+ fix A :: "nat \<Rightarrow> _"
+ assume h:"range A \<subseteq> sigma_Mx X"
+ "\<Union> (range A) \<in> sigma_Mx X"
+ consider "\<Union> (range A) = {}" | "\<Union> (range A) \<noteq> {}"
+ by auto
+ then show "(\<Sum>i. if A i = {} then 0 else if A i \<in> - sigma_Mx X then 0 else \<infinity>) =
+ (if \<Union> (range A) = {} then 0 else if \<Union> (range A) \<in> - sigma_Mx X then 0 else (\<infinity> :: ennreal))"
+ proof cases
+ case 1
+ then have "\<And>i. A i = {}"
+ by simp
+ thus ?thesis
+ by(simp add: 1)
+ next
+ case 2
+ then obtain j where hj:"A j \<noteq> {}"
+ by auto
+ have "(\<Sum>i. if A i = {} then 0 else if A i \<in> - sigma_Mx X then 0 else \<infinity>) = (\<infinity> :: ennreal)"
+ proof -
+ have hsum:"\<And>N f. sum f {..<N} \<le> (\<Sum>n. (f n :: ennreal))"
+ by (simp add: sum_le_suminf)
+ have hsum':"\<And>P f. (\<exists>j. j \<in> P \<and> f j = (\<infinity> :: ennreal)) \<Longrightarrow> finite P \<Longrightarrow> sum f P = \<infinity>"
+ by auto
+ have h1:"(\<Sum>i<j+1. if A i = {} then 0 else if A i \<in> - sigma_Mx X then 0 else \<infinity>) = (\<infinity> :: ennreal)"
+ proof(rule hsum')
+ show "\<exists>ja. ja \<in> {..<j + 1} \<and> (if A ja = {} then 0 else if A ja \<in> - sigma_Mx X then 0 else \<infinity>) = (\<infinity> :: ennreal)"
+ proof(rule exI[where x=j],rule conjI)
+ have "A j \<in> sigma_Mx X"
+ using h(1) by auto
+ then show "(if A j = {} then 0 else if A j \<in> - sigma_Mx X then 0 else \<infinity>) = (\<infinity> :: ennreal)"
+ using hj by simp
+ qed simp
+ qed simp
+ have "(\<Sum>i<j+1. if A i = {} then 0 else if A i \<in> - sigma_Mx X then 0 else \<infinity>) \<le> (\<Sum>i. if A i = {} then 0 else if A i \<in> - sigma_Mx X then 0 else (\<infinity> :: ennreal))"
+ by(rule hsum)
+ thus ?thesis
+ by(simp only: h1) (simp add: top.extremum_unique)
+ qed
+ moreover have "(if \<Union> (range A) = {} then 0 else if \<Union> (range A) \<in> - sigma_Mx X then 0 else \<infinity>) = (\<infinity> :: ennreal)"
+ using 2 h(2) by simp
+ ultimately show ?thesis
+ by simp
+ qed
+ qed
+qed(simp add: positive_def)
+
+lemma
+ shows space_L: "space (qbs_to_measure X) = qbs_space X" (is ?goal1)
+ and sets_L: "sets (qbs_to_measure X) = sigma_Mx X" (is ?goal2)
+ and emeasure_L: "emeasure (qbs_to_measure X) = (\<lambda>A. if A = {} \<or> A \<notin> sigma_Mx X then 0 else \<infinity>)" (is ?goal3)
+proof -
+ have "Rep_measure (qbs_to_measure X) = (qbs_space X, sigma_Mx X, \<lambda>A. (if A = {} then 0 else if A \<in> - sigma_Mx X then 0 else \<infinity>))"
+ unfolding qbs_to_measure_def by(auto intro!: Abs_measure_inverse simp: measure_space_L)
+ thus ?goal1 ?goal2 ?goal3
+ by(auto simp: sets_def space_def emeasure_def)
+qed
+
+lemma qbs_Mx_sigma_Mx_contra:
+ assumes "qbs_space X = qbs_space Y"
+ and "qbs_Mx X \<subseteq> qbs_Mx Y"
+ shows "sigma_Mx Y \<subseteq> sigma_Mx X"
+ using assms by(auto simp: sigma_Mx_def)
+
+
+text \<open> The following lemma says that @{term qbs_to_measure} is a functor from \textbf{QBS} to \textbf{Meas}. \<close>
+lemma l_preserves_morphisms:
+ "X \<rightarrow>\<^sub>Q Y \<subseteq> (qbs_to_measure X) \<rightarrow>\<^sub>M (qbs_to_measure Y)"
+proof safe
+ fix f
+ assume h:"f \<in> X \<rightarrow>\<^sub>Q Y"
+ show "f \<in> (qbs_to_measure X) \<rightarrow>\<^sub>M (qbs_to_measure Y)"
+ proof(rule measurableI)
+ fix A
+ assume "A \<in> sets (qbs_to_measure Y)"
+ then obtain Ua where pa:"A = Ua \<inter> qbs_space Y \<and> (\<forall>\<alpha>\<in>qbs_Mx Y. \<alpha> -` Ua \<in> sets borel)"
+ by (auto simp: sigma_Mx_def sets_L)
+ have "\<forall>\<alpha>\<in>qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y"
+ "\<forall>\<alpha>\<in> qbs_Mx X. \<alpha> -` (f -` (qbs_space Y)) = UNIV"
+ using qbs_morphism_space[OF h] qbs_morphism_Mx[OF h] by (auto simp: qbs_Mx_to_X)
+ hence "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (f -` A) = \<alpha> -` (f -` Ua)"
+ by (simp add: pa)
+ from pa this qbs_morphism_def have "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` (f -` A) \<in> sets borel"
+ by (simp add: vimage_comp \<open>\<forall>\<alpha>\<in>qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y\<close>)
+ thus "f -` A \<inter> space (qbs_to_measure X) \<in> sets (qbs_to_measure X)"
+ using sigma_Mx_def by(auto simp: sets_L space_L)
+ qed (insert qbs_morphism_space[OF h], auto simp: space_L)
+qed
+
+
+abbreviation qbs_borel ("borel\<^sub>Q") where "borel\<^sub>Q \<equiv> measure_to_qbs borel"
+abbreviation qbs_count_space ("count'_space\<^sub>Q") where "qbs_count_space I \<equiv> measure_to_qbs (count_space I)"
+
+declare [[coercion measure_to_qbs]]
+
+lemma
+ shows qbs_space_qbs_borel[simp]: "qbs_space borel\<^sub>Q = UNIV"
+ and qbs_space_count_space[simp]: "qbs_space (qbs_count_space I) = I"
+ and qbs_Mx_qbs_borel: "qbs_Mx borel\<^sub>Q = borel_measurable borel"
+ and qbs_Mx_count_space: "qbs_Mx (qbs_count_space I) = borel \<rightarrow>\<^sub>M count_space I"
+ by(simp_all add: qbs_space_R qbs_Mx_R)
+
+(* Want to remove the following *)
+lemma
+ shows qbs_space_qbs_borel'[qbs]: "r \<in> qbs_space borel\<^sub>Q"
+ and qbs_space_count_space_UNIV'[qbs]: "x \<in> qbs_space (qbs_count_space (UNIV :: (_ :: countable) set))"
+ by simp_all
+
+lemma qbs_Mx_is_morphisms: "qbs_Mx X = borel\<^sub>Q \<rightarrow>\<^sub>Q X"
+proof safe
+ fix \<alpha> :: "real \<Rightarrow> _"
+ assume "\<alpha> \<in> borel\<^sub>Q \<rightarrow>\<^sub>Q X"
+ have "id \<in> qbs_Mx borel\<^sub>Q" by (simp add: qbs_Mx_R)
+ then have "\<alpha> \<circ> id \<in> qbs_Mx X"
+ using qbs_morphism_Mx[OF \<open>\<alpha> \<in> borel\<^sub>Q \<rightarrow>\<^sub>Q X\<close>]
+ by blast
+ then show "\<alpha> \<in> qbs_Mx X" by simp
+qed(auto intro!: qbs_morphismI simp: qbs_Mx_qbs_borel)
+
+lemma exp_qbs_Mx': "qbs_Mx (exp_qbs X Y) = {g. case_prod g \<in> borel\<^sub>Q \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q Y}"
+ by(auto simp: qbs_Mx_qbs_borel comp_def qbs_Mx_is_morphisms split_beta' intro!:curry_preserves_morphisms)
+
+lemma arg_swap_morphism':
+ assumes "(\<lambda>g. f (\<lambda>w x. g x w)) \<in> exp_qbs X (exp_qbs W Y) \<rightarrow>\<^sub>Q Z"
+ shows "f \<in> exp_qbs W (exp_qbs X Y) \<rightarrow>\<^sub>Q Z"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx (exp_qbs W (exp_qbs X Y))"
+ then have "(\<lambda>((r,w),x). \<alpha> r w x) \<in> (borel\<^sub>Q \<Otimes>\<^sub>Q W) \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q Y"
+ by(auto simp: qbs_Mx_is_morphisms dest: uncurry_preserves_morphisms)
+ hence "(\<lambda>(r,w,x). \<alpha> r w x) \<in> borel\<^sub>Q \<Otimes>\<^sub>Q W \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphism_cong'[where f="(\<lambda>((r,w),x). \<alpha> r w x) \<circ> (\<lambda>(x, y, z). ((x, y), z))" and g="\<lambda>(r,w,x). \<alpha> r w x"] qbs_morphism_comp[OF qbs_morphism_pair_assoc2])
+ hence "(\<lambda>(r,x,w). \<alpha> r w x) \<in> borel\<^sub>Q \<Otimes>\<^sub>Q X \<Otimes>\<^sub>Q W \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphism_cong'[where f="(\<lambda>(r,w,x). \<alpha> r w x) \<circ> map_prod id (\<lambda>(x,y). (y,x))" and g="(\<lambda>(r,x,w). \<alpha> r w x)"] qbs_morphism_comp qbs_morphism_map_prod qbs_morphism_pair_swap)
+ hence "(\<lambda>((r,x),w). \<alpha> r w x) \<in> (borel\<^sub>Q \<Otimes>\<^sub>Q X) \<Otimes>\<^sub>Q W \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphism_cong'[where f="(\<lambda>(r,x,w). \<alpha> r w x) \<circ> (\<lambda>((x, y), z). (x, y, z))" and g="\<lambda>((r,x),w). \<alpha> r w x"] qbs_morphism_comp[OF qbs_morphism_pair_assoc1])
+ hence "(\<lambda>r x w. \<alpha> r w x) \<in> qbs_Mx (exp_qbs X (exp_qbs W Y))"
+ by(auto simp: qbs_Mx_is_morphisms split_beta')
+ from qbs_morphism_Mx[OF assms this] show "f \<circ> \<alpha> \<in> qbs_Mx Z"
+ by(auto simp: comp_def)
+qed
+
+lemma qbs_Mx_subset_of_measurable: "qbs_Mx X \<subseteq> borel \<rightarrow>\<^sub>M qbs_to_measure X"
+proof
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx X"
+ show "\<alpha> \<in> borel \<rightarrow>\<^sub>M qbs_to_measure X"
+ proof(rule measurableI)
+ fix x
+ show "\<alpha> x \<in> space (qbs_to_measure X)"
+ using qbs_Mx_to_X \<open>\<alpha> \<in> qbs_Mx X\<close> by(simp add: space_L)
+ next
+ fix A
+ assume "A \<in> sets (qbs_to_measure X)"
+ then have "\<alpha> -`(qbs_space X) = UNIV"
+ using \<open>\<alpha> \<in> qbs_Mx X\<close> qbs_Mx_to_X by(auto simp: sets_L)
+ then show "\<alpha> -` A \<inter> space borel \<in> sets borel"
+ using \<open>\<alpha> \<in> qbs_Mx X\<close> \<open>A \<in> sets (qbs_to_measure X)\<close>
+ by(auto simp add: sigma_Mx_def sets_L)
+ qed
+qed
+
+lemma L_max_of_measurables:
+ assumes "space M = qbs_space X"
+ and "qbs_Mx X \<subseteq> borel \<rightarrow>\<^sub>M M"
+ shows "sets M \<subseteq> sets (qbs_to_measure X)"
+proof
+ fix U
+ assume "U \<in> sets M"
+ from sets.sets_into_space[OF this] in_mono[OF assms(2)] measurable_sets_borel[OF _ this]
+ show "U \<in> sets (qbs_to_measure X)"
+ using assms(1)
+ by(auto intro!: exI[where x=U] simp: sigma_Mx_def sets_L)
+qed
+
+
+lemma qbs_Mx_are_measurable[simp,measurable]:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ shows "\<alpha> \<in> borel \<rightarrow>\<^sub>M qbs_to_measure X"
+ using assms qbs_Mx_subset_of_measurable by auto
+
+lemma measure_to_qbs_cong_sets:
+ assumes "sets M = sets N"
+ shows "measure_to_qbs M = measure_to_qbs N"
+ by(rule qbs_eqI) (simp add: qbs_Mx_R measurable_cong_sets[OF _ assms])
+
+lemma lr_sets[simp]:
+ "sets X \<subseteq> sets (qbs_to_measure (measure_to_qbs X))"
+ unfolding sets_L
+proof safe
+ fix U
+ assume "U \<in> sets X"
+ then have "U \<inter> space X = U" by simp
+ moreover have "\<forall>\<alpha>\<in>borel \<rightarrow>\<^sub>M X. \<alpha> -` U \<in> sets borel"
+ using \<open>U \<in> sets X\<close> by(auto simp add: measurable_def)
+ ultimately show "U \<in> sigma_Mx (measure_to_qbs X)"
+ by(auto simp add: sigma_Mx_def qbs_Mx_R qbs_space_R)
+qed
+
+lemma(in standard_borel) lr_sets_ident[simp, measurable_cong]:
+ "sets (qbs_to_measure (measure_to_qbs M)) = sets M"
+ unfolding sets_L
+proof safe
+ fix V
+ assume "V \<in> sigma_Mx (measure_to_qbs M)"
+ then obtain U where H2: "V = U \<inter> space M" "\<And>\<alpha>::real \<Rightarrow> _. \<alpha>\<in>borel \<rightarrow>\<^sub>M M \<Longrightarrow> \<alpha> -` U \<in> sets borel"
+ by(auto simp: sigma_Mx_def qbs_Mx_R qbs_space_R)
+ consider "space M = {}" | "space M \<noteq> {}" by auto
+ then show "V \<in> sets M"
+ proof cases
+ case 1
+ then show ?thesis
+ by(simp add: H2)
+ next
+ case 2
+ have "from_real -` V = from_real -` (U \<inter> space M)" using H2 by auto
+ also have "... = from_real -` U" using from_real_measurable'[OF 2] by(auto simp add: measurable_def)
+ finally have "to_real -` from_real -` U \<inter> space M \<in> sets M"
+ by (meson "2" H2(2) from_real_measurable' measurable_sets to_real_measurable)
+ moreover have "to_real -` from_real -` U \<inter> space M = U \<inter> space M"
+ by auto
+ ultimately show ?thesis using H2 by simp
+ qed
+qed(insert lr_sets, auto simp: sets_L)
+
+corollary sets_lr_polish_borel[simp, measurable_cong]: "sets (qbs_to_measure qbs_borel) = sets (borel :: (_ :: polish_space) measure)"
+ by(auto intro!: standard_borel.lr_sets_ident standard_borel_ne.standard_borel)
+
+corollary sets_lr_count_space[simp, measurable_cong]: "sets (qbs_to_measure (qbs_count_space (UNIV :: (_ :: countable) set))) = sets (count_space UNIV)"
+ by(rule standard_borel.lr_sets_ident) (auto intro!: standard_borel_ne.standard_borel)
+
+subsubsection \<open> The Adjunction \<close>
+lemma lr_adjunction_correspondence :
+ "X \<rightarrow>\<^sub>Q (measure_to_qbs Y) = (qbs_to_measure X) \<rightarrow>\<^sub>M Y"
+proof safe
+(* \<subseteq> *)
+ fix f
+ assume "f \<in> X \<rightarrow>\<^sub>Q (measure_to_qbs Y)"
+ show "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y"
+ proof(rule measurableI)
+ fix x
+ assume "x \<in> space (qbs_to_measure X)"
+ thus "f x \<in> space Y"
+ using qbs_morphism_space[OF \<open>f \<in> X \<rightarrow>\<^sub>Q (measure_to_qbs Y)\<close>]
+ by (auto simp: qbs_space_R space_L)
+ next
+ fix A
+ assume "A \<in> sets Y"
+ have "\<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx (measure_to_qbs Y)"
+ using qbs_morphism_Mx[OF \<open>f \<in> X \<rightarrow>\<^sub>Q (measure_to_qbs Y)\<close>] by auto
+ hence "\<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> borel \<rightarrow>\<^sub>M Y" by (simp add: qbs_Mx_R)
+ hence "\<forall>\<alpha> \<in> qbs_Mx X. \<alpha> -` (f -` A) \<in> sets borel"
+ using \<open>A\<in> sets Y\<close> measurable_sets_borel vimage_comp by metis
+ thus "f -` A \<inter> space (qbs_to_measure X) \<in> sets (qbs_to_measure X)"
+ using sigma_Mx_def by (auto simp: space_L sets_L)
+ qed
+
+(* \<supseteq> *)
+next
+ fix f
+ assume "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y"
+ show "f \<in> X \<rightarrow>\<^sub>Q measure_to_qbs Y"
+ proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx X"
+ have "f \<circ> \<alpha> \<in> borel \<rightarrow>\<^sub>M Y"
+ proof(rule measurableI)
+ fix x :: real
+ from \<open>\<alpha> \<in> qbs_Mx X\<close> qbs_Mx_to_X have "\<alpha> x \<in> qbs_space X" by auto
+ hence "\<alpha> x \<in> space (qbs_to_measure X)" by (simp add: space_L)
+ thus "(f \<circ> \<alpha>) x \<in> space Y"
+ using \<open>f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y\<close>
+ by (metis comp_def measurable_space)
+ next
+ fix A
+ assume "A \<in> sets Y"
+ from \<open>f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y\<close> measurable_sets this measurable_def
+ have "f -` A \<inter> space (qbs_to_measure X) \<in> sets (qbs_to_measure X)"
+ by blast
+ hence "f -` A \<inter> qbs_space X \<in> sigma_Mx X" by (simp add: sets_L space_L)
+ then have "\<exists>V. f -` A \<inter> qbs_space X = V \<inter> qbs_space X \<and> (\<forall>\<beta>\<in> qbs_Mx X. \<beta> -` V \<in> sets borel)"
+ by (simp add: sigma_Mx_def)
+ then obtain V where h:"f -` A \<inter> qbs_space X = V \<inter> qbs_space X \<and> (\<forall>\<beta>\<in> qbs_Mx X. \<beta> -` V \<in> sets borel)" by auto
+ have 1:"\<alpha> -` (f -` A) = \<alpha> -` (f -` A \<inter> qbs_space X)"
+ using \<open>\<alpha> \<in> qbs_Mx X\<close> qbs_Mx_to_X by blast
+ have 2:"\<alpha> -` (V \<inter> qbs_space X) = \<alpha> -` V"
+ using \<open>\<alpha> \<in> qbs_Mx X\<close> qbs_Mx_to_X by blast
+ from 1 2 h have "(f \<circ> \<alpha>) -` A = \<alpha> -` V" by (simp add: vimage_comp)
+ from this h \<open>\<alpha> \<in> qbs_Mx X \<close>show "(f \<circ> \<alpha>) -` A \<inter> space borel \<in> sets borel" by simp
+ qed
+ thus "f \<circ> \<alpha> \<in> qbs_Mx (measure_to_qbs Y)"
+ by(simp add:qbs_Mx_R)
+ qed
+qed
+
+lemma(in standard_borel) standard_borel_r_full_faithful:
+ "M \<rightarrow>\<^sub>M Y = measure_to_qbs M \<rightarrow>\<^sub>Q measure_to_qbs Y"
+proof
+ have "measure_to_qbs M \<rightarrow>\<^sub>Q measure_to_qbs Y \<subseteq> qbs_to_measure (measure_to_qbs M) \<rightarrow>\<^sub>M qbs_to_measure (measure_to_qbs Y)"
+ by (simp add: l_preserves_morphisms)
+ also have "... = M \<rightarrow>\<^sub>M qbs_to_measure (measure_to_qbs Y)"
+ using measurable_cong_sets by auto
+ also have "... \<subseteq> M \<rightarrow>\<^sub>M Y"
+ by(rule measurable_mono[OF lr_sets]) (simp_all add: qbs_space_R space_L)
+ finally show "measure_to_qbs M \<rightarrow>\<^sub>Q measure_to_qbs Y \<subseteq> M \<rightarrow>\<^sub>M Y" .
+qed(rule r_preserves_morphisms)
+
+lemma qbs_morphism_dest:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q measure_to_qbs Y"
+ shows "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y"
+ using assms lr_adjunction_correspondence by auto
+
+lemma(in standard_borel) qbs_morphism_dest:
+ assumes "k \<in> measure_to_qbs M \<rightarrow>\<^sub>Q measure_to_qbs Y"
+ shows "k \<in> M \<rightarrow>\<^sub>M Y"
+ using standard_borel_r_full_faithful assms by auto
+
+lemma qbs_morphism_measurable_intro:
+ assumes "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M Y"
+ shows "f \<in> X \<rightarrow>\<^sub>Q measure_to_qbs Y"
+ using assms lr_adjunction_correspondence by auto
+
+lemma(in standard_borel) qbs_morphism_measurable_intro:
+ assumes "k \<in> M \<rightarrow>\<^sub>M Y"
+ shows "k \<in> measure_to_qbs M \<rightarrow>\<^sub>Q measure_to_qbs Y"
+ using standard_borel_r_full_faithful assms by auto
+
+lemma r_preserves_product :
+ "measure_to_qbs (X \<Otimes>\<^sub>M Y) = measure_to_qbs X \<Otimes>\<^sub>Q measure_to_qbs Y"
+ by(auto intro!: qbs_eqI simp: measurable_pair_iff pair_qbs_Mx qbs_Mx_R)
+
+lemma l_product_sets:
+ "sets (qbs_to_measure X \<Otimes>\<^sub>M qbs_to_measure Y) \<subseteq> sets (qbs_to_measure (X \<Otimes>\<^sub>Q Y))"
+proof(rule sets_pair_in_sets)
+ fix A B
+ assume h:"A \<in> sets (qbs_to_measure X)" "B \<in> sets (qbs_to_measure Y)"
+ then obtain Ua Ub where hu:
+ "A = Ua \<inter> qbs_space X" "\<forall>\<alpha>\<in>qbs_Mx X. \<alpha> -` Ua \<in> sets borel"
+ "B = Ub \<inter> qbs_space Y" "\<forall>\<alpha>\<in>qbs_Mx Y. \<alpha> -` Ub \<in> sets borel"
+ by(auto simp add: sigma_Mx_def sets_L)
+ show "A \<times> B \<in> sets (qbs_to_measure (X \<Otimes>\<^sub>Q Y))"
+ proof -
+ have "A \<times> B = Ua \<times> Ub \<inter> qbs_space (X \<Otimes>\<^sub>Q Y) \<and> (\<forall>\<alpha>\<in>qbs_Mx (X \<Otimes>\<^sub>Q Y). \<alpha> -` (Ua \<times> Ub) \<in> sets borel)"
+ using hu by(auto simp add: vimage_Times pair_qbs_space pair_qbs_Mx)
+ thus ?thesis
+ by(auto simp add: sigma_Mx_def sets_L intro!: exI[where x="Ua \<times> Ub"])
+ qed
+qed
+
+corollary qbs_borel_prod: "qbs_borel \<Otimes>\<^sub>Q qbs_borel = (qbs_borel :: ('a::second_countable_topology \<times> 'b::second_countable_topology) quasi_borel)"
+ by(simp add: r_preserves_product[symmetric] borel_prod)
+
+corollary qbs_count_space_prod: "qbs_count_space (UNIV :: ('a :: countable) set) \<Otimes>\<^sub>Q qbs_count_space (UNIV :: ('b :: countable) set) = qbs_count_space UNIV"
+ by(auto simp: r_preserves_product[symmetric] count_space_prod)
+
+lemma r_preserves_product': "measure_to_qbs (\<Pi>\<^sub>M i\<in>I. M i) = (\<Pi>\<^sub>Q i\<in>I. measure_to_qbs (M i))"
+proof(rule qbs_eqI)
+ show "qbs_Mx (measure_to_qbs (Pi\<^sub>M I M)) = qbs_Mx (\<Pi>\<^sub>Q i\<in>I. measure_to_qbs (M i))"
+ proof safe
+ fix f :: "real \<Rightarrow> _"
+ assume "f \<in> qbs_Mx (measure_to_qbs (Pi\<^sub>M I M))"
+ with measurable_space[of f borel "Pi\<^sub>M I M"] show "f \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>I. measure_to_qbs (M i))"
+ by(auto simp: qbs_Mx_R PiQ_Mx space_PiM intro!:ext[of "\<lambda>r. f r _"])
+ next
+ fix f :: "real \<Rightarrow> _"
+ assume "f \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>I. measure_to_qbs (M i))"
+ then have "\<And>i. i \<in> I \<Longrightarrow> (\<lambda>r. f r i) \<in> borel \<rightarrow>\<^sub>M M i" "\<And>i. i \<notin> I \<Longrightarrow> (\<lambda>r. f r i) = (\<lambda>r. undefined)"
+ by (auto simp: qbs_Mx_R PiQ_Mx)
+ with measurable_space[OF this(1)] fun_cong[OF this(2)] show "f \<in> qbs_Mx (measure_to_qbs (Pi\<^sub>M I M))"
+ by(auto intro!: measurable_PiM_single' simp: qbs_Mx_R)
+ qed
+qed
+
+lemma PiQ_qbs_borel:
+ "(\<Pi>\<^sub>Q i::('a:: countable)\<in>UNIV. (qbs_borel :: ('b::second_countable_topology quasi_borel))) = qbs_borel"
+ by(simp add: r_preserves_product'[symmetric] measure_to_qbs_cong_sets[OF sets_PiM_equal_borel])
+
+lemma qbs_morphism_from_countable:
+ fixes X :: "'a quasi_borel"
+ assumes "countable (qbs_space X)"
+ "qbs_Mx X \<subseteq> borel \<rightarrow>\<^sub>M count_space (qbs_space X)"
+ and "\<And>i. i \<in> qbs_space X \<Longrightarrow> f i \<in> qbs_space Y"
+ shows "f \<in> X \<rightarrow>\<^sub>Q Y"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx X"
+ then have [measurable]: "\<alpha> \<in> borel \<rightarrow>\<^sub>M count_space (qbs_space X)"
+ using assms(2) ..
+ define k :: "'a \<Rightarrow> real \<Rightarrow> _"
+ where "k \<equiv> (\<lambda>i _. f i)"
+ have "f \<circ> \<alpha> = (\<lambda>r. k (\<alpha> r) r)"
+ by(auto simp add: k_def)
+ also have "... \<in> qbs_Mx Y"
+ by(rule qbs_closed3_dest2[OF assms(1)]) (use assms(3) k_def in simp_all)
+ finally show "f \<circ> \<alpha> \<in> qbs_Mx Y" .
+qed
+
+corollary qbs_morphism_count_space':
+ assumes "\<And>i. i \<in> I \<Longrightarrow> f i \<in> qbs_space Y" "countable I"
+ shows "f \<in> qbs_count_space I \<rightarrow>\<^sub>Q Y"
+ using assms by(auto intro!: qbs_morphism_from_countable simp: qbs_Mx_R)
+
+corollary qbs_morphism_count_space:
+ assumes "\<And>i. f i \<in> qbs_space Y"
+ shows "f \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q Y"
+ using assms by(auto intro!: qbs_morphism_from_countable simp: qbs_Mx_R)
+
+lemma [qbs]:
+ shows not_qbs_pred: "Not \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ and or_qbs_pred: "(\<or>) \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and and_qbs_pred: "(\<and>) \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and implies_qbs_pred: "(\<longrightarrow>) \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and iff_qbs_pred: "(\<longleftrightarrow>) \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ by(auto intro!: qbs_morphism_count_space)
+
+lemma [qbs]:
+ shows less_count_qbs_pred: "(<) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and le_count_qbs_pred: "(\<le>) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and eq_count_qbs_pred: "(=) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and plus_count_qbs_morphism: "(+) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and minus_count_qbs_morphism: "(-) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and mult_count_qbs_morphism: "(*) \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q exp_qbs (qbs_count_space UNIV) (qbs_count_space UNIV)"
+ and Suc_qbs_morphism: "Suc \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ by(auto intro!: qbs_morphism_count_space)
+
+lemma qbs_morphism_product_iff:
+ "f \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i :: (_ :: countable)\<in>UNIV. Y) \<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q Y"
+proof
+ assume h:"f \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>UNIV. Y)"
+ show "f \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q Y"
+ by(rule arg_swap_morphism, rule qbs_morphism_count_space) (simp add: qbs_morphism_component_singleton'[OF h qbs_morphism_ident'])
+next
+ assume "f \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q Y"
+ from qbs_morphism_space[OF arg_swap_morphism[OF this]]
+ show "f \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>UNIV. Y)"
+ by(auto intro!: product_qbs_canonical1[where f="(\<lambda>i x. f x i)"])
+qed
+
+lemma qbs_morphism_pair_countable1:
+ assumes "countable (qbs_space X)"
+ "qbs_Mx X \<subseteq> borel \<rightarrow>\<^sub>M count_space (qbs_space X)"
+ and "\<And>i. i \<in> qbs_space X \<Longrightarrow> f i \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>(x,y). f x y) \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ by(auto intro!: uncurry_preserves_morphisms qbs_morphism_from_countable[OF assms(1,2)] assms(3))
+
+lemma qbs_morphism_pair_countable2:
+ assumes "countable (qbs_space Y)"
+ "qbs_Mx Y \<subseteq> borel \<rightarrow>\<^sub>M count_space (qbs_space Y)"
+ and "\<And>i. i \<in> qbs_space Y \<Longrightarrow> (\<lambda>x. f x i) \<in> X \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>(x,y). f x y) \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ by(auto intro!: qbs_morphism_pair_swap[of "case_prod (\<lambda>x y. f y x)",simplified] qbs_morphism_pair_countable1 assms)
+
+corollary qbs_morphism_pair_count_space1:
+ assumes "\<And>i. f i \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>(x,y). f x y) \<in> qbs_count_space (UNIV :: ('a :: countable) set) \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ by(auto intro!: qbs_morphism_pair_countable1 simp: qbs_Mx_R assms)
+
+corollary qbs_morphism_pair_count_space2:
+ assumes "\<And>i. (\<lambda>x. f x i) \<in> X \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>(x,y). f x y) \<in> X \<Otimes>\<^sub>Q qbs_count_space (UNIV :: ('a :: countable) set) \<rightarrow>\<^sub>Q Z"
+ by(auto intro!: qbs_morphism_pair_countable2 simp: qbs_Mx_R assms)
+
+lemma qbs_morphism_compose_countable':
+ assumes [qbs]:"\<And>i. i \<in> I \<Longrightarrow> (\<lambda>x. f i x) \<in> X \<rightarrow>\<^sub>Q Y" "g \<in> X \<rightarrow>\<^sub>Q qbs_count_space I" "countable I"
+ shows "(\<lambda>x. f (g x) x) \<in> X \<rightarrow>\<^sub>Q Y"
+proof -
+ have [qbs]:"f \<in> qbs_count_space I \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphism_count_space' simp: assms(3))
+ show ?thesis
+ by simp
+qed
+
+lemma qbs_morphism_compose_countable:
+ assumes [simp]:"\<And>i::'i::countable. (\<lambda>x. f i x) \<in> X \<rightarrow>\<^sub>Q Y" "g \<in> X \<rightarrow>\<^sub>Q (qbs_count_space UNIV)"
+ shows "(\<lambda>x. f (g x) x) \<in> X \<rightarrow>\<^sub>Q Y"
+ by(rule qbs_morphism_compose_countable'[of UNIV f]) simp_all
+
+lemma qbs_morphism_op:
+ assumes "case_prod f \<in> X \<Otimes>\<^sub>M Y \<rightarrow>\<^sub>M Z"
+ shows "f \<in> measure_to_qbs X \<rightarrow>\<^sub>Q measure_to_qbs Y \<Rightarrow>\<^sub>Q measure_to_qbs Z"
+ using r_preserves_morphisms assms
+ by(fastforce simp: r_preserves_product[symmetric] intro!: curry_preserves_morphisms)
+
+lemma [qbs]:
+ shows plus_qbs_morphism: "(+) \<in> (qbs_borel :: (_::{second_countable_topology, topological_monoid_add}) quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and plus_ereal_qbs_morphism: "(+) \<in> (qbs_borel :: ereal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and diff_qbs_morphism: "(-) \<in> (qbs_borel :: (_::{second_countable_topology, real_normed_vector}) quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and diff_ennreal_qbs_morphism: "(-) \<in> (qbs_borel :: ennreal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and diff_ereal_qbs_morphism: "(-) \<in> (qbs_borel :: ereal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and times_qbs_morphism: "(*) \<in> (qbs_borel :: (_::{second_countable_topology, real_normed_algebra}) quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and times_ennreal_qbs_morphism: "(*) \<in> (qbs_borel :: ennreal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and times_ereal_qbs_morphism: "(*) \<in> (qbs_borel :: ereal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and divide_qbs_morphism: "(/) \<in> (qbs_borel :: (_::{second_countable_topology, real_normed_div_algebra}) quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and divide_ennreal_qbs_morphism: "(/) \<in> (qbs_borel :: ennreal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and divide_ereal_qbs_morphism: "(/) \<in> (qbs_borel :: ereal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and log_qbs_morphism: "log \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and root_qbs_morphism: "root \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and scaleR_qbs_morphism: "(*\<^sub>R) \<in> qbs_borel \<rightarrow>\<^sub>Q (qbs_borel :: (_::{second_countable_topology, real_normed_vector}) quasi_borel) \<Rightarrow>\<^sub>Q qbs_borel"
+ and qbs_morphism_inner: "(\<bullet>) \<in> qbs_borel \<rightarrow>\<^sub>Q (qbs_borel :: (_::{second_countable_topology, real_inner}) quasi_borel) \<Rightarrow>\<^sub>Q qbs_borel"
+ and dist_qbs_morphism: "dist \<in> (qbs_borel :: (_::{second_countable_topology, metric_space}) quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and powr_qbs_morphism: "(powr) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q (qbs_borel :: real quasi_borel)"
+ and max_qbs_morphism: "(max :: (_ :: {second_countable_topology, linorder_topology}) \<Rightarrow> _ \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and min_qbs_morphism: "(min :: (_ :: {second_countable_topology, linorder_topology}) \<Rightarrow> _ \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and sup_qbs_morphism: "(sup :: (_ :: {lattice,second_countable_topology, linorder_topology}) \<Rightarrow> _ \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and inf_qbs_morphism: "(inf :: (_ :: {lattice,second_countable_topology, linorder_topology}) \<Rightarrow> _ \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+ and less_qbs_pred: "(<) \<in> (qbs_borel :: _ ::{second_countable_topology, linorder_topology} quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+ and eq_qbs_pred: "(=) \<in> (qbs_borel :: _ ::{second_countable_topology, linorder_topology} quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+ and le_qbs_pred: "(\<le>) \<in> (qbs_borel :: _ ::{second_countable_topology, linorder_topology} quasi_borel) \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+ by(auto intro!: qbs_morphism_op)
+
+lemma [qbs]:
+ shows abs_real_qbs_morphism: "abs \<in> (qbs_borel :: real quasi_borel) \<rightarrow>\<^sub>Q qbs_borel"
+ and abs_ereal_qbs_morphism: "abs \<in> (qbs_borel :: ereal quasi_borel) \<rightarrow>\<^sub>Q qbs_borel"
+ and real_floor_qbs_morphism: "(floor :: real \<Rightarrow> int) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ and real_ceiling_qbs_morphism: "(ceiling :: real \<Rightarrow> int) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ and exp_qbs_morphism: "(exp::'a::{real_normed_field,banach}\<Rightarrow>'a) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and ln_qbs_morphism: "ln \<in> (qbs_borel :: real quasi_borel) \<rightarrow>\<^sub>Q qbs_borel"
+ and sqrt_qbs_morphism: "sqrt \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and of_real_qbs_morphism: "(of_real :: _ \<Rightarrow> (_::real_normed_algebra)) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and sin_qbs_morphism: "(sin :: _ \<Rightarrow> (_::{real_normed_field,banach})) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and cos_qbs_morphism: "(cos :: _ \<Rightarrow> (_::{real_normed_field,banach})) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and arctan_qbs_morphism: "arctan \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and Re_qbs_morphism: "Re \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and Im_qbs_morphism: "Im \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and sgn_qbs_morphism: "(sgn::_::real_normed_vector \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and norm_qbs_morphism: "norm \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and invers_qbs_morphism: "(inverse :: _ \<Rightarrow> (_ ::real_normed_div_algebra)) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and invers_ennreal_qbs_morphism: "(inverse :: _ \<Rightarrow> ennreal) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and invers_ereal_qbs_morphism: "(inverse :: _ \<Rightarrow> ereal) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and uminus_qbs_morphism: "(uminus :: _ \<Rightarrow> (_::{second_countable_topology, real_normed_vector})) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and ereal_qbs_morphism: "ereal \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and real_of_ereal_qbs_morphism: "real_of_ereal \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and enn2ereal_qbs_morphism: "enn2ereal \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and e2ennreal_qbs_morphism: "e2ennreal \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and ennreal_qbs_morphism: "ennreal \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and qbs_morphism_nth: "(\<lambda>x::real^'n. x $ i) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and qbs_morphism_product_candidate: "\<And>i. (\<lambda>x. x i) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ and uminus_ereal_qbs_morphism: "(uminus :: _ \<Rightarrow> ereal) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ by(auto intro!: set_mp[OF r_preserves_morphisms])
+
+lemma qbs_morphism_sum:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> 'b::{second_countable_topology, topological_comm_monoid_add}"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Sum>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_suminf_order:
+ fixes f :: "nat \<Rightarrow> 'a \<Rightarrow> 'b::{complete_linorder, second_countable_topology, linorder_topology, topological_comm_monoid_add}"
+ assumes "\<And>i. f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows " (\<lambda>x. \<Sum>i. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_prod:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> 'b::{second_countable_topology, real_normed_field}"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Prod>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_Min:
+ "finite I \<Longrightarrow> (\<And>i. i \<in> I \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel) \<Longrightarrow> (\<lambda>x. Min ((\<lambda>i. f i x)`I) :: 'b::{second_countable_topology, linorder_topology}) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_Max:
+ "finite I \<Longrightarrow> (\<And>i. i \<in> I \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel) \<Longrightarrow> (\<lambda>x. Max ((\<lambda>i. f i x)`I) :: 'b::{second_countable_topology, linorder_topology}) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_Max2:
+ fixes f::"_ \<Rightarrow> _ \<Rightarrow> 'a::{second_countable_topology, dense_linorder, linorder_topology}"
+ shows "finite I \<Longrightarrow> (\<And>i. f i \<in> X \<rightarrow>\<^sub>Q qbs_borel) \<Longrightarrow> (\<lambda>x. Max{f i x |i. i \<in> I}) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(simp add: lr_adjunction_correspondence)
+
+lemma [qbs]:
+ shows qbs_morphism_liminf: "liminf \<in> (qbs_count_space UNIV \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q (qbs_borel :: 'a :: {complete_linorder, second_countable_topology, linorder_topology} quasi_borel)"
+ and qbs_morphism_limsup: "limsup \<in> (qbs_count_space UNIV \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q (qbs_borel :: 'a :: {complete_linorder, second_countable_topology, linorder_topology} quasi_borel)"
+ and qbs_morphism_lim: "lim \<in> (qbs_count_space UNIV \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q (qbs_borel :: 'a :: {complete_linorder, second_countable_topology, linorder_topology} quasi_borel)"
+proof(safe intro!: qbs_morphismI)
+ fix f :: "real \<Rightarrow> nat \<Rightarrow> 'a"
+ assume "f \<in> qbs_Mx (count_space\<^sub>Q UNIV \<Rightarrow>\<^sub>Q borel\<^sub>Q)"
+ then have [measurable]:"\<And>i. (\<lambda>r. f r i) \<in> borel_measurable borel"
+ by(auto simp: qbs_Mx_is_morphisms) (metis PiQ_qbs_borel measurable_product_then_coordinatewise qbs_Mx_is_morphisms qbs_Mx_qbs_borel qbs_morphism_product_iff)
+ show "liminf \<circ> f \<in> qbs_Mx borel\<^sub>Q" "limsup \<circ> f \<in> qbs_Mx borel\<^sub>Q" "lim \<circ> f \<in> qbs_Mx borel\<^sub>Q"
+ by(auto simp: qbs_Mx_is_morphisms lr_adjunction_correspondence comp_def)
+qed
+
+lemma qbs_morphism_SUP:
+ fixes F :: "_ \<Rightarrow> _ \<Rightarrow> _::{complete_linorder, linorder_topology, second_countable_topology}"
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> F i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Squnion> i\<in>I. F i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_INF:
+ fixes F :: "_ \<Rightarrow> _ \<Rightarrow> _::{complete_linorder, linorder_topology, second_countable_topology}"
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> F i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Sqinter> i\<in>I. F i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_cSUP:
+ fixes F :: "_ \<Rightarrow> _ \<Rightarrow> 'a::{conditionally_complete_linorder, linorder_topology, second_countable_topology}"
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> F i \<in> X \<rightarrow>\<^sub>Q qbs_borel" "\<And>x. x \<in> qbs_space X \<Longrightarrow> bdd_above ((\<lambda>i. F i x) ` I)"
+ shows "(\<lambda>x. \<Squnion> i\<in>I. F i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence space_L)
+
+lemma qbs_morphism_cINF:
+ fixes F :: "_ \<Rightarrow> _ \<Rightarrow> 'a::{conditionally_complete_linorder, linorder_topology, second_countable_topology}"
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> F i \<in> X \<rightarrow>\<^sub>Q qbs_borel" "\<And>x. x \<in> qbs_space X \<Longrightarrow> bdd_below ((\<lambda>i. F i x) ` I)"
+ shows "(\<lambda>x. \<Sqinter> i\<in>I. F i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence space_L)
+
+lemma qbs_morphism_lim_metric:
+ fixes f :: "nat \<Rightarrow> 'a \<Rightarrow> 'b::{banach, second_countable_topology}"
+ assumes "\<And>i. f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. lim (\<lambda>i. f i x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_LIMSEQ_metric:
+ fixes f :: "nat \<Rightarrow> 'a \<Rightarrow> 'b :: metric_space"
+ assumes "\<And>i. f i \<in> X \<rightarrow>\<^sub>Q qbs_borel" "\<And>x. x \<in> qbs_space X \<Longrightarrow> (\<lambda>i. f i x) \<longlonglongrightarrow> g x"
+ shows "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using borel_measurable_LIMSEQ_metric[where M="qbs_to_measure X"] assms
+ by(auto simp add: lr_adjunction_correspondence space_L)
+
+lemma power_qbs_morphism[qbs]:
+ "(power :: (_ ::{power,real_normed_algebra}) \<Rightarrow> nat \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q qbs_borel"
+ by(rule arg_swap_morphism) (auto intro!: qbs_morphism_count_space set_mp[OF r_preserves_morphisms])
+
+lemma power_ennreal_qbs_morphism[qbs]:
+ "(power :: ennreal \<Rightarrow> nat \<Rightarrow> _) \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q qbs_borel"
+ by(rule arg_swap_morphism) (auto intro!: qbs_morphism_count_space set_mp[OF r_preserves_morphisms])
+
+lemma qbs_morphism_compw: "(^^) \<in> (X \<Rightarrow>\<^sub>Q X) \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q X)"
+proof(rule arg_swap_morphism,rule qbs_morphism_count_space)
+ fix n
+ show "(\<lambda>y. y ^^ n) \<in> X \<Rightarrow>\<^sub>Q X \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X"
+ by(induction n) simp_all
+qed
+
+lemma qbs_morphism_compose_n[qbs]:
+ assumes [qbs]: "f \<in> X \<rightarrow>\<^sub>Q X"
+ shows "(\<lambda>n. f^^n) \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X"
+proof(intro qbs_morphism_count_space)
+ fix n
+ show "f ^^ n \<in> X \<rightarrow>\<^sub>Q X"
+ by (induction n) simp_all
+qed
+
+lemma qbs_morphism_compose_n':
+ assumes "f \<in> X \<rightarrow>\<^sub>Q X"
+ shows "f^^n \<in> X \<rightarrow>\<^sub>Q X"
+ using qbs_morphism_space[OF qbs_morphism_compose_n[OF assms]] by(simp add: exp_qbs_space qbs_space_R)
+
+lemma qbs_morphism_uminus_eq_ereal[simp]:
+ "(\<lambda>x. - f x :: ereal) \<in> X \<rightarrow>\<^sub>Q qbs_borel \<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_borel" (is "?l = ?r")
+ by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_ereal_iff:
+ shows "(\<lambda>x. ereal (f x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel\<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(simp add: borel_measurable_ereal_iff lr_adjunction_correspondence)
+
+lemma qbs_morphism_ereal_sum:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> ereal"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Sum>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_ereal_prod:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> ereal"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Prod>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_extreal_suminf:
+ fixes f :: "nat \<Rightarrow> 'a \<Rightarrow> ereal"
+ assumes "\<And>i. f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. (\<Sum>i. f i x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_ennreal_iff:
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> 0 \<le> f x"
+ shows "(\<lambda>x. ennreal (f x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel \<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using borel_measurable_ennreal_iff[where M="qbs_to_measure X"] assms
+ by(simp add: space_L lr_adjunction_correspondence)
+
+lemma qbs_morphism_prod_ennreal:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> ennreal"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<lambda>x. \<Prod>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(simp add: space_L lr_adjunction_correspondence)
+
+lemma count_space_qbs_morphism:
+ "f \<in> qbs_count_space (UNIV :: 'a set) \<rightarrow>\<^sub>Q qbs_borel"
+ by(auto intro!: set_mp[OF r_preserves_morphisms])
+
+declare count_space_qbs_morphism[where 'a="_ :: countable",qbs]
+
+lemma count_space_count_space_qbs_morphism:
+ "f \<in> qbs_count_space (UNIV :: (_ :: countable) set) \<rightarrow>\<^sub>Q qbs_count_space (UNIV :: (_ :: countable) set)"
+ by(auto intro!: set_mp[OF r_preserves_morphisms])
+
+lemma qbs_morphism_case_nat':
+ assumes [qbs]: "i = 0 \<Longrightarrow> f \<in> X \<rightarrow>\<^sub>Q Y"
+ "\<And>j. i = Suc j \<Longrightarrow> (\<lambda>x. g x j) \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>x. case_nat (f x) (g x) i) \<in> X \<rightarrow>\<^sub>Q Y"
+ by (cases i) simp_all
+
+lemma qbs_morphism_case_nat[qbs]:
+ "case_nat \<in> X \<rightarrow>\<^sub>Q (qbs_count_space UNIV \<Rightarrow>\<^sub>Q X) \<Rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q X"
+ by(rule curry_preserves_morphisms, rule arg_swap_morphism) (auto intro!: qbs_morphism_count_space qbs_morphism_case_nat')
+
+
+lemma qbs_morphism_case_nat'':
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "g \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>UNIV. Y)"
+ shows "(\<lambda>x. case_nat (f x) (g x)) \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>UNIV. Y)"
+ using assms by (simp add: qbs_morphism_product_iff)
+
+lemma qbs_morphism_rec_nat[qbs]: "rec_nat \<in> X \<rightarrow>\<^sub>Q (count_space UNIV \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X) \<Rightarrow>\<^sub>Q count_space UNIV \<Rightarrow>\<^sub>Q X"
+proof(rule curry_preserves_morphisms,rule arg_swap_morphism,rule qbs_morphism_count_space)
+ fix n
+ show "(\<lambda>y. rec_nat (fst y) (snd y) n) \<in> X \<Otimes>\<^sub>Q (qbs_count_space UNIV \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X) \<rightarrow>\<^sub>Q X"
+ by (induction n) simp_all
+qed
+
+lemma qbs_morphism_Max_nat:
+ fixes P :: "nat \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes "\<And>i. P i \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ shows "(\<lambda>x. Max {i. P i x}) \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_Min_nat:
+ fixes P :: "nat \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes "\<And>i. P i \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ shows "(\<lambda>x. Min {i. P i x}) \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+lemma qbs_morphism_sum_nat:
+ fixes f :: "'c \<Rightarrow> 'a \<Rightarrow> nat"
+ assumes "\<And>i. i \<in> S \<Longrightarrow> f i \<in>X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ shows "(\<lambda>x. \<Sum>i\<in>S. f i x) \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV"
+ using assms by(simp add: lr_adjunction_correspondence)
+
+
+lemma qbs_morphism_case_enat':
+ assumes f[qbs]: "f \<in> X \<rightarrow>\<^sub>Q qbs_count_space UNIV" and [qbs]: "\<And>i. g i \<in> X \<rightarrow>\<^sub>Q Y" "h \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>x. case f x of enat i \<Rightarrow> g i x | \<infinity> \<Rightarrow> h x) \<in> X \<rightarrow>\<^sub>Q Y"
+proof (rule qbs_morphism_compose_countable[OF _ f])
+ fix i
+ show "(\<lambda>x. case i of enat i \<Rightarrow> g i x | \<infinity> \<Rightarrow> h x) \<in> X \<rightarrow>\<^sub>Q Y"
+ by (cases i) simp_all
+qed
+
+lemma qbs_morphism_case_enat[qbs]: "case_enat \<in> qbs_space ((qbs_count_space UNIV \<Rightarrow>\<^sub>Q X) \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q qbs_count_space UNIV \<Rightarrow>\<^sub>Q X)"
+proof -
+ note qbs_morphism_case_enat'[qbs]
+ show ?thesis
+ by(auto intro!: curry_preserves_morphisms,rule qbs_morphismI) (simp add: qbs_Mx_is_morphisms comp_def, qbs, simp_all)
+qed
+
+lemma qbs_morphism_restrict[qbs]:
+ assumes X: "\<And>i. i \<in> I \<Longrightarrow> f i \<in> X \<rightarrow>\<^sub>Q (Y i)"
+ shows "(\<lambda>x. \<lambda>i\<in>I. f i x) \<in> X \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>I. Y i)"
+ using assms by(auto intro!: product_qbs_canonical1)
+
+lemma If_qbs_morphism[qbs]: "If \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X"
+proof(rule qbs_morphismI)
+ show "\<alpha> \<in> qbs_Mx (count_space\<^sub>Q UNIV) \<Longrightarrow> If \<circ> \<alpha> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q X)" for \<alpha>
+ by(auto intro!: qbs_Mx_indicat[where S="{r. \<alpha> (_ (_ r))}",simplified] simp: qbs_Mx_count_space exp_qbs_Mx)
+qed
+
+lemma normal_density_qbs[qbs]: "normal_density \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+proof -
+ have [simp]:"normal_density = (\<lambda>\<mu> \<sigma> x. 1 / sqrt (2 * pi * \<sigma>\<^sup>2) * exp (-(x - \<mu>)\<^sup>2/ (2 * \<sigma>\<^sup>2)))"
+ by standard+ (auto simp: normal_density_def)
+ show ?thesis
+ by simp
+qed
+
+lemma erlang_density_qbs[qbs]: "erlang_density \<in> qbs_count_space UNIV \<rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q qbs_borel"
+proof -
+ have [simp]: "erlang_density = (\<lambda>k l x. (if x < 0 then 0 else (l^(Suc k) * x^k * exp (- l * x)) / fact k))"
+ by standard+ (auto simp: erlang_density_def)
+ show ?thesis
+ by simp
+qed
+
+lemma list_nil_qbs[qbs]: "[] \<in> qbs_space (list_qbs X)"
+ by(simp add: list_qbs_space)
+
+lemma list_cons_qbs_morphism: "list_cons \<in> X \<rightarrow>\<^sub>Q (list_of X) \<Rightarrow>\<^sub>Q (list_of X)"
+proof(intro curry_preserves_morphisms pair_qbs_morphismI)
+ fix \<alpha> \<beta>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ "\<beta> \<in> qbs_Mx (list_of X)"
+ then obtain \<gamma> f where hf:
+ "\<beta> = (\<lambda>r. (f r, \<gamma> (f r) r))" "f \<in> borel \<rightarrow>\<^sub>M count_space UNIV" "\<And>i. i \<in> range f \<Longrightarrow> \<gamma> i \<in> qbs_Mx (\<Pi>\<^sub>Q j\<in>{..<i}. X)"
+ by(auto simp: coprod_qbs_Mx_def list_of_def coprod_qbs_Mx)
+ define f' \<beta>'
+ where "f' \<equiv> (\<lambda>r. Suc (f r))" "\<beta>' \<equiv> (\<lambda>i r n. if n = 0 then \<alpha> r else \<gamma> (i - 1) r (n - 1))"
+ then have "(\<lambda>r. list_cons (fst (\<alpha> r, \<beta> r)) (snd (\<alpha> r, \<beta> r))) = (\<lambda>r. (f' r, \<beta>' (f' r) r))"
+ by(auto simp: comp_def hf(1) ext list_cons_def)
+ also have "... \<in> qbs_Mx (list_of X)"
+ unfolding list_of_def
+ proof(rule coprod_qbs_MxI)
+ show "f' \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ using hf by(simp add: f'_\<beta>'_def(1))
+ next
+ fix j
+ assume hj:"j \<in> range f'"
+ then have hj':"j - 1 \<in> range f"
+ by(auto simp: f'_\<beta>'_def(1))
+ show "\<beta>' j \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>{..<j}. X)"
+ proof(rule prod_qbs_MxI)
+ fix i
+ assume hi:"i \<in> {..<j}"
+ then consider "i = 0" | "0 < i" "i < j"
+ by auto
+ then show "(\<lambda>r. \<beta>' j r i) \<in> qbs_Mx X"
+ proof cases
+ case 1
+ then show ?thesis by(simp add: h(1) f'_\<beta>'_def(2))
+ next
+ case 2
+ then have "i - 1 \<in> {..<j - 1}" by simp
+ from prod_qbs_MxD(1)[OF hf(3)[OF hj'] this] 2
+ show ?thesis
+ by(simp add: f'_\<beta>'_def(2))
+ qed
+ next
+ fix i
+ assume hi:"i \<notin> {..<j}"
+ then have "i \<noteq> 0" "i - Suc 0 \<notin> {..<j - Suc 0}"
+ using f'_\<beta>'_def(1) hj by fastforce+
+ with prod_qbs_MxD(2)[OF hf(3)[OF hj']]
+ show "(\<lambda>r. \<beta>' j r i) = (\<lambda>r. undefined)"
+ by(simp add: f'_\<beta>'_def(2))
+ qed
+ qed
+ finally show "(\<lambda>r. list_cons (fst (\<alpha> r, \<beta> r)) (snd (\<alpha> r, \<beta> r))) \<in> qbs_Mx (list_of X)" .
+qed
+
+corollary cons_qbs_morphism[qbs]: "Cons \<in> X \<rightarrow>\<^sub>Q (list_qbs X) \<Rightarrow>\<^sub>Q list_qbs X"
+proof(rule arg_swap_morphism)
+ show "(\<lambda>x y. y # x) \<in> list_qbs X \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs X"
+ proof(rule qbs_morphism_cong'[where f="(\<lambda>l x. x # (to_list l)) \<circ> from_list"])
+ show " (\<lambda>l x. x # to_list l) \<circ> from_list \<in> list_qbs X \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs X"
+ proof(rule qbs_morphism_comp[where Y="list_of X"])
+ show " (\<lambda>l x. x # to_list l) \<in> list_of X \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs X"
+ proof(rule curry_preserves_morphisms)
+ show "(\<lambda>lx. snd lx # to_list (fst lx)) \<in> list_of X \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q list_qbs X"
+ proof(rule qbs_morphism_cong'[where f="to_list \<circ> (\<lambda>(l,x). from_list (x # to_list l))"])
+ show "to_list \<circ> (\<lambda>(l, x). from_list (x # to_list l)) \<in> list_of X \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q list_qbs X"
+ proof(rule qbs_morphism_comp[where Y="list_of X"])
+ show "(\<lambda>(l, x). from_list (x # to_list l)) \<in> list_of X \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q list_of X"
+ by(rule qbs_morphism_cong'[where f="(\<lambda>(l,x). list_cons x l)",OF _ uncurry_preserves_morphisms[of "\<lambda>(l,x). list_cons x l",simplified,OF arg_swap_morphism[OF list_cons_qbs_morphism]]]) (auto simp: pair_qbs_space to_list_from_list_ident)
+ qed(simp add: list_qbs_def map_qbs_morphism_f)
+ qed(auto simp: pair_qbs_space to_list_from_list_ident to_list_simp2)
+ qed
+ qed(auto simp: list_qbs_def to_list_from_list_ident intro!: map_qbs_morphism_inverse_f)
+ qed(simp add: from_list_to_list_ident)
+qed
+
+lemma rec_list_morphism':
+ "rec_list' \<in> qbs_space (Y \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q list_of X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_of X \<Rightarrow>\<^sub>Q Y)"
+ unfolding list_of_def
+proof(intro curry_preserves_morphisms[OF arg_swap_morphism] coprod_qbs_canonical1')
+ fix n
+ show "(\<lambda>x y. rec_list' (fst y) (snd y) (n, x)) \<in> (\<Pi>\<^sub>Q i\<in>{..<n}. X) \<rightarrow>\<^sub>Q exp_qbs (Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (\<amalg>\<^sub>Q n\<in>UNIV. \<Pi>\<^sub>Q i\<in>{..<n}. X) (exp_qbs Y Y))) Y"
+ proof(induction n)
+ case 0
+ show ?case
+ proof(rule curry_preserves_morphisms[OF qbs_morphismI])
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx ((\<Pi>\<^sub>Q i\<in>{..<0::nat}. X) \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (\<amalg>\<^sub>Q n\<in>UNIV. \<Pi>\<^sub>Q i\<in>{..<n::nat}. X) (exp_qbs Y Y)))"
+ have "\<And>r. fst (\<alpha> r) = (\<lambda>n. undefined)"
+ proof -
+ fix r
+ have "\<And>i. (\<lambda>r. fst (\<alpha> r) i) = (\<lambda>r. undefined)"
+ using h by(auto simp: exp_qbs_Mx PiQ_Mx pair_qbs_Mx comp_def split_beta')
+ thus "fst (\<alpha> r) = (\<lambda>n. undefined)"
+ by(fastforce dest: fun_cong)
+ qed
+ hence "(\<lambda>xy. rec_list' (fst (snd xy)) (snd (snd xy)) (0, fst xy)) \<circ> \<alpha> = (\<lambda>x. fst (snd (\<alpha> x)))"
+ by(auto simp: rec_list'_simp1[simplified list_nil_def] comp_def split_beta')
+ also have "... \<in> qbs_Mx Y"
+ using h by(auto simp: pair_qbs_Mx comp_def)
+ finally show "(\<lambda>xy. rec_list' (fst (snd xy)) (snd (snd xy)) (0, fst xy)) \<circ> \<alpha> \<in> qbs_Mx Y" .
+ qed
+ next
+ case ih:(Suc n)
+ show ?case
+ proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>{..<Suc n}. X)"
+ define \<alpha>' where "\<alpha>' \<equiv> (\<lambda>r. snd (list_tail (Suc n, \<alpha> r)))"
+ define a where "a \<equiv> (\<lambda>r. \<alpha> r 0)"
+ then have ha:"a \<in> qbs_Mx X"
+ using h by(auto simp: PiQ_Mx)
+ have 1:"\<alpha>' \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>{..<n}. X)"
+ using h by(fastforce simp: PiQ_Mx list_tail_def \<alpha>'_def)
+ hence 2: "\<And>r. (n, \<alpha>' r) \<in> qbs_space (list_of X)"
+ using qbs_Mx_to_X[of \<alpha>'] by (fastforce simp: PiQ_space coprod_qbs_space list_of_def)
+ have 3: "\<And>r. (Suc n, \<alpha> r) \<in> qbs_space (list_of X)"
+ using qbs_Mx_to_X[of \<alpha>] h by (fastforce simp: PiQ_space coprod_qbs_space list_of_def)
+ have 4: "\<And>r. (n, \<alpha>' r) = list_tail (Suc n, \<alpha> r)"
+ by(simp add: list_tail_def \<alpha>'_def)
+ have 5: "\<And>r. (Suc n, \<alpha> r) = list_cons (a r) (n, \<alpha>' r)"
+ unfolding a_def by(simp add: list_simp5[OF 3,simplified 4[symmetric],simplified list_head_def list_cons_def list_nil_def] list_cons_def) auto
+ have 6: "(\<lambda>r. (n, \<alpha>' r)) \<in> qbs_Mx (list_of X)"
+ using 1 by(auto intro!: coprod_qbs_MxI simp: PiQ_space coprod_qbs_space list_of_def)
+
+ have "(\<lambda>x y. rec_list' (fst y) (snd y) (Suc n, x)) \<circ> \<alpha> = (\<lambda>r y. rec_list' (fst y) (snd y) (Suc n, \<alpha> r))"
+ by auto
+ also have "... = (\<lambda>r y. snd y (a r) (n, \<alpha>' r) (rec_list' (fst y) (snd y) (n, \<alpha>' r)))"
+ by(simp only: 5 rec_list'_simp2[OF 2])
+ also have "... \<in> qbs_Mx (exp_qbs (Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y))) Y)"
+ proof -
+ have "(\<lambda>(r,y). snd y (a r) (n, \<alpha>' r) (rec_list' (fst y) (snd y) (n, \<alpha>' r))) = (\<lambda>(y,x1,x2,x3). y x1 x2 x3) \<circ> (\<lambda>(r,y). (snd y, a r, (n, \<alpha>' r), rec_list' (fst y) (snd y) (n, \<alpha>' r)))"
+ by auto
+ also have "... \<in> qbs_borel \<Otimes>\<^sub>Q (Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y))) \<rightarrow>\<^sub>Q Y"
+ proof(rule qbs_morphism_comp[where Y="exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<Otimes>\<^sub>Q X \<Otimes>\<^sub>Q list_of X \<Otimes>\<^sub>Q Y"])
+ show "(\<lambda>(r, y). (snd y, a r, (n, \<alpha>' r), rec_list' (fst y) (snd y) (n, \<alpha>' r))) \<in> qbs_borel \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<rightarrow>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<Otimes>\<^sub>Q X \<Otimes>\<^sub>Q list_of X \<Otimes>\<^sub>Q Y"
+ unfolding split_beta'
+ proof(safe intro!: qbs_morphism_Pair)
+ show "(\<lambda>x. a (fst x)) \<in> qbs_borel \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<rightarrow>\<^sub>Q X"
+ using ha qbs_Mx_is_morphisms[of X] ha by auto
+ next
+ show "(\<lambda>x. (n, \<alpha>' (fst x))) \<in> qbs_borel \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<rightarrow>\<^sub>Q list_of X"
+ using 6 by(simp add: qbs_Mx_is_morphisms) (use fst_qbs_morphism qbs_morphism_compose in blast)
+ next
+ show "(\<lambda>x. rec_list' (fst (snd x)) (snd (snd x)) (n, \<alpha>' (fst x))) \<in> qbs_borel \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<rightarrow>\<^sub>Q Y"
+ using qbs_morphism_Mx[OF ih 1, simplified comp_def] uncurry_preserves_morphisms[of "(\<lambda>(x,y). rec_list' (fst y) (snd y) (n, \<alpha>' x))" qbs_borel "Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y))" Y] qbs_Mx_is_morphisms[of "exp_qbs (Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y))) Y"]
+ by(fastforce simp: split_beta' list_of_def)
+ qed qbs
+ next
+ show "(\<lambda>(y, x1, x2, x3). y x1 x2 x3) \<in> exp_qbs X (exp_qbs (list_of X) (exp_qbs Y Y)) \<Otimes>\<^sub>Q X \<Otimes>\<^sub>Q list_of X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Y"
+ by simp
+ qed
+ finally show ?thesis
+ by(simp add: exp_qbs_Mx')
+ qed
+ finally show "(\<lambda>x y. rec_list' (fst y) (snd y) (Suc n, x)) \<circ> \<alpha> \<in> qbs_Mx (exp_qbs (Y \<Otimes>\<^sub>Q exp_qbs X (exp_qbs (\<amalg>\<^sub>Q n\<in>UNIV. \<Pi>\<^sub>Q i\<in>{..<n}. X) (exp_qbs Y Y))) Y)"
+ by(simp add: list_of_def)
+ qed
+ qed
+qed simp
+
+lemma rec_list_morphism[qbs]: "rec_list \<in> qbs_space (Y \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y)"
+proof(rule curry_preserves_morphisms[OF arg_swap_morphism])
+ show "(\<lambda>l yf. rec_list (fst yf) (snd yf) l) \<in> list_qbs X \<rightarrow>\<^sub>Q Y \<Otimes>\<^sub>Q (X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q Y"
+ proof(rule qbs_morphism_cong'[where f="(\<lambda>l' (y,f). rec_list y f (to_list l')) \<circ> from_list",OF _ qbs_morphism_comp[where Y="list_of X"]])
+ show "(\<lambda>l' (y,f). rec_list y f (to_list l')) \<in> list_of X \<rightarrow>\<^sub>Q Y \<Otimes>\<^sub>Q (X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q Y"
+ apply(rule arg_swap_morphism,simp only: split_beta' list_qbs_def)
+ apply(rule uncurry_preserves_morphisms)
+ apply(rule arg_swap_morphism)
+ apply(rule arg_swap_morphism')
+ apply(rule qbs_morphism_cong'[OF _ arg_swap_morphism_map_qbs1[OF arg_swap_morphism'[OF arg_swap_morphism[OF rec_list_morphism']]]])
+ apply(auto simp: rec_list'_def from_list_to_list_ident)
+ done
+ qed(auto simp: from_list_to_list_ident list_qbs_def to_list_from_list_ident intro!: map_qbs_morphism_inverse_f)
+qed
+
+hide_const (open) list_nil list_cons list_head list_tail from_list rec_list' to_list'
+
+hide_fact (open) list_simp1 list_simp2 list_simp3 list_simp4 list_simp5 list_simp6 list_simp7 from_list_in_list_of' list_cons_qbs_morphism rec_list'_simp1
+ to_list_from_list_ident from_list_in_list_of to_list_set to_list_simp1 to_list_simp2 list_head_def list_tail_def from_list_length
+ list_cons_in_list_of rec_list_morphism' rec_list'_simp2 list_decomp1 list_destruct_rule list_induct_rule from_list_to_list_ident
+
+corollary case_list_morphism[qbs]: "case_list \<in> qbs_space ((Y :: 'b quasi_borel) \<Rightarrow>\<^sub>Q ((X :: 'a quasi_borel) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y)"
+proof -
+ have [simp]:"case_list = (\<lambda>y (f :: 'a \<Rightarrow> 'a list \<Rightarrow> 'b) l. rec_list y (\<lambda>x l' y. f x l') l)"
+ proof standard+
+ fix y :: 'b and f :: "'a \<Rightarrow> 'a list \<Rightarrow> 'b" and l :: "'a list"
+ show "(case l of [] \<Rightarrow> y | x # xa \<Rightarrow> f x xa) = rec_list y (\<lambda>x l' y. f x l') l"
+ by (cases l) auto
+ qed
+ show ?thesis
+ by simp
+qed
+
+lemma fold_qbs_morphism[qbs]: "fold \<in> qbs_space ((X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y)"
+proof -
+ have [simp]:"fold = (\<lambda>f l. rec_list id (\<lambda>x xs l. l \<circ> f x) l)"
+ apply standard+
+ subgoal for f l x
+ by(induction l arbitrary: x) simp_all
+ done
+ show ?thesis
+ by simp
+qed
+
+lemma [qbs]:
+ shows foldr_qbs_morphism: "foldr \<in> qbs_space ((X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Y)"
+ and foldl_qbs_morphism: "foldl \<in> qbs_space ((X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q X) \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs Y \<Rightarrow>\<^sub>Q X)"
+ and zip_qbs_morphism: "zip \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q list_qbs Y \<Rightarrow>\<^sub>Q list_qbs (pair_qbs X Y))"
+ and append_qbs_morphism: "append \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ and concat_qbs_morphism: "concat \<in> qbs_space (list_qbs (list_qbs X) \<Rightarrow>\<^sub>Q list_qbs X)"
+ and drop_qbs_morphism: "drop \<in> qbs_space (qbs_count_space UNIV \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ and take_qbs_morphism: "take \<in> qbs_space (qbs_count_space UNIV \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ and rev_qbs_morphism: "rev \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ by(auto simp: foldr_def foldl_def zip_def append_def concat_def drop_def take_def rev_def)
+
+lemma [qbs]:
+ fixes X :: "'a quasi_borel" and Y :: "'b quasi_borel"
+ shows map_qbs_morphism: "map \<in> qbs_space ((X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs Y)" (is ?map)
+ and fileter_qbs_morphism: "filter \<in> qbs_space ((X \<Rightarrow>\<^sub>Q count_space\<^sub>Q UNIV) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)" (is ?filter)
+ and length_qbs_morphism: "length \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q qbs_count_space UNIV)" (is ?length)
+ and tl_qbs_morphism: "tl \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)" (is ?tl)
+ and list_all_qbs_morphism: "list_all \<in> qbs_space ((X \<Rightarrow>\<^sub>Q qbs_count_space UNIV) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q qbs_count_space UNIV)" (is ?list_all)
+ and bind_list_qbs_morphism: "(\<bind>) \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q list_qbs Y) \<Rightarrow>\<^sub>Q list_qbs Y)" (is ?bind)
+proof -
+ have [simp]: "map = (\<lambda>f. rec_list [] (\<lambda>x xs l. f x # l))"
+ apply standard+
+ subgoal for f l
+ by(induction l) simp_all
+ done
+ have [simp]: "filter = (\<lambda>P. rec_list [] (\<lambda>x xs l. if P x then x # l else l))"
+ apply standard+
+ subgoal for f l
+ by(induction l) simp_all
+ done
+ have [simp]: "length = (\<lambda>l. foldr (\<lambda>_ n. Suc n) l 0)"
+ apply standard
+ subgoal for l
+ by (induction l) simp_all
+ done
+ have [simp]: "tl = (\<lambda>l. case l of [] \<Rightarrow> [] | _ # xs \<Rightarrow> xs)"
+ by standard (simp add: tl_def)
+ have [simp]: "list_all = (\<lambda>P xs. foldr (\<lambda>x b. b \<and> P x) xs True)"
+ apply (standard,standard)
+ subgoal for P xs
+ by(induction xs arbitrary: P) auto
+ done
+ have [simp]: "List.bind = (\<lambda>xs f. concat (map f xs))"
+ by standard+ (simp add: List.bind_def)
+ show ?map ?filter ?length ?tl ?list_all ?bind
+ by simp_all
+qed
+
+lemma list_eq_qbs_morphism[qbs]:
+ assumes [qbs]: "(=) \<in> qbs_space (X \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q count_space UNIV)"
+ shows "(=) \<in> qbs_space (list_qbs X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q count_space UNIV)"
+proof -
+ have [simp]:"(=) = (\<lambda>xs ys. length xs = length ys \<and> list_all (case_prod (=)) (zip xs ys))"
+ using Ball_set list_eq_iff_zip_eq by fastforce
+ show ?thesis
+ by simp
+qed
+
+lemma insort_key_qbs_morphism[qbs]:
+ shows "insort_key \<in> qbs_space ((X \<Rightarrow>\<^sub>Q (borel\<^sub>Q ::'b :: {second_countable_topology, linorder_topology} quasi_borel)) \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)" (is ?g1)
+ and "insort_key \<in> qbs_space ((X \<Rightarrow>\<^sub>Q count_space\<^sub>Q (UNIV :: (_ :: countable) set)) \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)" (is ?g2)
+proof -
+ have [simp]:"insort_key = (\<lambda>f x. rec_list [x] (\<lambda>y ys l. if f x \<le> f y then x#y#ys else y#l))"
+ apply standard+
+ subgoal for f x l
+ by(induction l) simp_all
+ done
+ show ?g1 ?g2
+ by simp_all
+qed
+
+lemma sort_key_qbs_morphism[qbs]:
+ shows "sort_key \<in> qbs_space ((X \<Rightarrow>\<^sub>Q (borel\<^sub>Q ::'b :: {second_countable_topology, linorder_topology} quasi_borel)) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ and "sort_key \<in> qbs_space ((X \<Rightarrow>\<^sub>Q count_space\<^sub>Q (UNIV :: (_ :: countable) set)) \<Rightarrow>\<^sub>Q list_qbs X \<Rightarrow>\<^sub>Q list_qbs X)"
+ unfolding sort_key_def by simp_all
+
+lemma sort_qbs_morphism[qbs]:
+ shows "sort \<in> list_qbs (borel\<^sub>Q ::'b :: {second_countable_topology, linorder_topology} quasi_borel) \<rightarrow>\<^sub>Q list_qbs borel\<^sub>Q"
+ and "sort \<in> list_qbs (count_space\<^sub>Q (UNIV :: (_ :: countable) set)) \<rightarrow>\<^sub>Q list_qbs (count_space\<^sub>Q UNIV)"
+ by simp_all
+
+subsubsection \<open> Morphism Pred\<close>
+abbreviation "qbs_pred X P \<equiv> P \<in> X \<rightarrow>\<^sub>Q qbs_count_space (UNIV :: bool set)"
+
+lemma qbs_pred_iff_measurable_pred:
+ "qbs_pred X P = Measurable.pred (qbs_to_measure X) P"
+ by(simp add: lr_adjunction_correspondence)
+
+lemma(in standard_borel) qbs_pred_iff_measurable_pred:
+ "qbs_pred (measure_to_qbs M) P = Measurable.pred M P"
+ by(simp add: qbs_pred_iff_measurable_pred measurable_cong_sets[OF lr_sets_ident refl])
+
+lemma qbs_pred_iff_sets:
+"{x \<in>space (qbs_to_measure X). P x} \<in> sets (qbs_to_measure X) \<longleftrightarrow> qbs_pred X P"
+ by (simp add: Measurable.pred_def lr_adjunction_correspondence space_L)
+
+lemma
+ assumes [qbs]:"P \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q qbs_count_space UNIV" "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows indicator_qbs_morphism''': "(\<lambda>x. indicator {y. P x y} (f x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel" (is ?g1)
+ and indicator_qbs_morphism'': "(\<lambda>x. indicator {y\<in>qbs_space Y. P x y} (f x)) \<in> X \<rightarrow>\<^sub>Q qbs_borel" (is ?g2)
+proof -
+ have [simp]:"{x \<in> qbs_space X. P x (f x)} = {x \<in> qbs_space X. f x \<in> qbs_space Y \<and> P x (f x)}"
+ using qbs_morphism_space[OF assms(2)] by blast
+ show ?g1 ?g2
+ using qbs_morphism_app[OF assms,simplified qbs_pred_iff_sets[symmetric]] qbs_morphism_space[OF assms(2)]
+ by(auto intro!: borel_measurable_indicator' simp: lr_adjunction_correspondence space_L)
+qed
+
+lemma
+ assumes [qbs]:"P \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+ shows indicator_qbs_morphism[qbs]:"(\<lambda>x. indicator {y \<in> qbs_space Y. P x y}) \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q qbs_borel" (is ?g1)
+ and indicator_qbs_morphism':"(\<lambda>x. indicator {y. P x y}) \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q qbs_borel" (is ?g2)
+proof -
+ note indicator_qbs_morphism''[qbs] indicator_qbs_morphism'''[qbs]
+ show ?g1 ?g2
+ by(auto intro!: curry_preserves_morphisms[OF pair_qbs_morphismI] simp: qbs_Mx_is_morphisms)
+qed
+
+lemma indicator_qbs[qbs]:
+ assumes "qbs_pred X P"
+ shows "indicator {x. P x} \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ using assms by(auto simp: lr_adjunction_correspondence)
+
+lemma All_qbs_pred[qbs]: "qbs_pred (count_space\<^sub>Q (UNIV :: ('a :: countable) set) \<Rightarrow>\<^sub>Q count_space\<^sub>Q UNIV) All"
+proof(rule qbs_morphismI)
+ fix a :: "real \<Rightarrow> 'a \<Rightarrow> bool"
+ assume "a \<in> qbs_Mx (count_space\<^sub>Q UNIV \<Rightarrow>\<^sub>Q count_space\<^sub>Q UNIV)"
+ hence [measurable]: "\<And>f g. f \<in> borel_measurable borel \<Longrightarrow> g \<in> borel \<rightarrow>\<^sub>M count_space UNIV \<Longrightarrow> (\<lambda>x::real. a (f x) (g x)) \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ by(auto simp add: exp_qbs_Mx qbs_Mx_R)
+ show " All \<circ> a \<in> qbs_Mx (count_space\<^sub>Q UNIV)"
+ by(simp add: comp_def qbs_Mx_R)
+qed
+
+lemma Ex_qbs_pred[qbs]: "qbs_pred (count_space\<^sub>Q (UNIV :: ('a :: countable) set) \<Rightarrow>\<^sub>Q count_space\<^sub>Q UNIV) Ex"
+proof(rule qbs_morphismI)
+ fix a :: "real \<Rightarrow> 'a \<Rightarrow> bool"
+ assume "a \<in> qbs_Mx (count_space\<^sub>Q UNIV \<Rightarrow>\<^sub>Q count_space\<^sub>Q UNIV)"
+ hence [measurable]: "\<And>f g. f \<in> borel_measurable borel \<Longrightarrow> g \<in> borel \<rightarrow>\<^sub>M count_space UNIV \<Longrightarrow> (\<lambda>x::real. a (f x) (g x)) \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ by(auto simp add: exp_qbs_Mx qbs_Mx_R)
+ show "Ex \<circ> a \<in> qbs_Mx (count_space\<^sub>Q UNIV)"
+ by(simp add: comp_def qbs_Mx_R)
+qed
+
+lemma Ball_qbs_pred_countable:
+ assumes "\<And>i::'a :: countable. i \<in> I \<Longrightarrow> qbs_pred X (P i)"
+ shows "qbs_pred X (\<lambda>x. \<forall>x\<in>I. P i x)"
+ using assms by(simp add: qbs_pred_iff_measurable_pred)
+
+lemma Ball_qbs_pred:
+ assumes "finite I" "\<And>i. i \<in> I \<Longrightarrow> qbs_pred X (P i)"
+ shows "qbs_pred X (\<lambda>x. \<forall>x\<in>I. P i x)"
+ using assms by(simp add: qbs_pred_iff_measurable_pred)
+
+lemma Bex_qbs_pred_countable:
+ assumes "\<And>i::'a :: countable. i \<in> I \<Longrightarrow> qbs_pred X (P i)"
+ shows "qbs_pred X (\<lambda>x. \<exists>x\<in>I. P i x)"
+ using assms by(simp add: qbs_pred_iff_measurable_pred)
+
+lemma Bex_qbs_pred:
+ assumes "finite I" "\<And>i. i \<in> I \<Longrightarrow> qbs_pred X (P i)"
+ shows "qbs_pred X (\<lambda>x. \<exists>x\<in>I. P i x)"
+ using assms by(simp add: qbs_pred_iff_measurable_pred)
+
+lemma qbs_morphism_If_sub_qbs:
+ assumes [qbs]: "qbs_pred X P"
+ and [qbs]: "f \<in> sub_qbs X {x\<in>qbs_space X. P x} \<rightarrow>\<^sub>Q Y" "g \<in> sub_qbs X {x\<in>qbs_space X. \<not> P x} \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>x. if P x then f x else g x) \<in> X \<rightarrow>\<^sub>Q Y"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ interpret standard_borel_ne "borel :: real measure" by simp
+ have [measurable]: "Measurable.pred borel (\<lambda>x. P (\<alpha> x))"
+ using h by(simp add: qbs_pred_iff_measurable_pred[symmetric] qbs_Mx_is_morphisms)
+ consider "qbs_space X = {}"
+ | "{x\<in>qbs_space X. \<not> P x} = qbs_space X"
+ | "{x\<in>qbs_space X. P x} = qbs_space X"
+ | "{x\<in>qbs_space X. P x} \<noteq> {}" "{x\<in>qbs_space X. \<not> P x} \<noteq> {}" by blast
+ then show "(\<lambda>x. if P x then f x else g x) \<circ> \<alpha> \<in> qbs_Mx Y" (is "?f \<in> _")
+ proof cases
+ case 1
+ with h show ?thesis
+ by(simp add: qbs_empty_equiv)
+ next
+ case 2
+ have [simp]:"(\<lambda>x. if P x then f x else g x) \<circ> \<alpha> = g \<circ> \<alpha>"
+ by standard (use qbs_Mx_to_X[OF h] 2 in auto)
+ show ?thesis
+ using 2 qbs_morphism_Mx[OF assms(3)] h by(simp add: sub_qbs_ident)
+ next
+ case 3
+ have [simp]:"(\<lambda>x. if P x then f x else g x) \<circ> \<alpha> = f \<circ> \<alpha>"
+ by standard (use qbs_Mx_to_X[OF h] 3 in auto)
+ show ?thesis
+ using 3 qbs_morphism_Mx[OF assms(2)] h by(simp add: sub_qbs_ident)
+ next
+ case 4
+ then obtain x0 x1 where
+ x0:"x0 \<in> qbs_space X" "P x0" and x1:"x1 \<in> qbs_space X" "\<not> P x1"
+ by blast
+ define a0 where "a0 = (\<lambda>r. if P (\<alpha> r) then \<alpha> r else x0)"
+ define a1 where "a1 = (\<lambda>r. if \<not> P (\<alpha> r) then \<alpha> r else x1)"
+ have "a0 \<in> qbs_Mx (sub_qbs X {x\<in>qbs_space X. P x})" "a1 \<in> qbs_Mx (sub_qbs X {x\<in>qbs_space X. \<not> P x})"
+ using x0 x1 qbs_Mx_to_X[OF h] h
+ by(auto simp: sub_qbs_Mx a0_def a1_def intro!: qbs_closed3_dest2'[of UNIV "\<lambda>r. P (\<alpha> r)" "\<lambda>b r. if b then \<alpha> r else x0"]) (simp_all add: qbs_Mx_is_morphisms)
+ from qbs_morphism_Mx[OF assms(2) this(1)] qbs_morphism_Mx[OF assms(3) this(2)]
+ have h0:"(\<lambda>r. f (a0 r)) \<in> qbs_Mx Y" "(\<lambda>r. g (a1 r)) \<in> qbs_Mx Y"
+ by (simp_all add: comp_def)
+ have [simp]:"(\<lambda>x. if P x then f x else g x) \<circ> \<alpha> = (\<lambda>r. if P (\<alpha> r) then f (a0 r) else g (a1 r))"
+ by standard (auto simp: comp_def a0_def a1_def)
+ show "(\<lambda>x. if P x then f x else g x) \<circ> \<alpha> \<in> qbs_Mx Y"
+ using h h0 by(simp add: qbs_Mx_is_morphisms)
+ qed
+qed
+
+subsubsection \<open> The Adjunction w.r.t. Ordering\<close>
+lemma l_mono: "mono qbs_to_measure"
+proof
+ fix X Y :: "'a quasi_borel"
+ show "X \<le> Y \<Longrightarrow> qbs_to_measure X \<le> qbs_to_measure Y"
+ proof(induction rule: less_eq_quasi_borel.induct)
+ case (1 X Y)
+ then show ?case
+ by(simp add: less_eq_measure.intros(1) space_L)
+ next
+ case (2 X Y)
+ then have "sigma_Mx X \<subseteq> sigma_Mx Y"
+ by(auto simp add: sigma_Mx_def)
+ then consider "sigma_Mx X \<subset> sigma_Mx Y" | "sigma_Mx X = sigma_Mx Y"
+ by auto
+ then show ?case
+ apply(cases)
+ apply(rule less_eq_measure.intros(2))
+ apply(simp_all add: 2 space_L sets_L)
+ by(rule less_eq_measure.intros(3),simp_all add: 2 sets_L space_L emeasure_L)
+ qed
+qed
+
+lemma r_mono: "mono measure_to_qbs"
+proof
+ fix M N :: "'a measure"
+ show "M \<le> N \<Longrightarrow> measure_to_qbs M \<le> measure_to_qbs N"
+ proof(induction rule: less_eq_measure.inducts)
+ case (1 M N)
+ then show ?case
+ by(simp add: less_eq_quasi_borel.intros(1) qbs_space_R)
+ next
+ case (2 M N)
+ then have "(borel :: real measure) \<rightarrow>\<^sub>M N \<subseteq> borel \<rightarrow>\<^sub>M M"
+ by(simp add: measurable_mono)
+ then consider "(borel :: real measure) \<rightarrow>\<^sub>M N \<subset> borel \<rightarrow>\<^sub>M M" | "(borel :: real measure) \<rightarrow>\<^sub>M N = borel \<rightarrow>\<^sub>M M"
+ by auto
+ then show ?case
+ by cases (rule less_eq_quasi_borel.intros(2),simp_all add: 2 qbs_space_R qbs_Mx_R)+
+ next
+ case (3 M N)
+ then show ?case
+ apply -
+ by(rule less_eq_quasi_borel.intros(2)) (simp_all add: measurable_mono qbs_space_R qbs_Mx_R)
+ qed
+qed
+
+lemma rl_order_adjunction:
+ "X \<le> qbs_to_measure Y \<longleftrightarrow> measure_to_qbs X \<le> Y"
+proof
+ assume 1: "X \<le> qbs_to_measure Y"
+ then show "measure_to_qbs X \<le> Y"
+ proof(induction rule: less_eq_measure.cases)
+ case (1 M N)
+ then have [simp]:"qbs_space Y = space N"
+ by(simp add: 1(2)[symmetric] space_L)
+ show ?case
+ by(rule less_eq_quasi_borel.intros(1),simp add: 1 qbs_space_R)
+ next
+ case (2 M N)
+ then have [simp]:"qbs_space Y = space N"
+ by(simp add: 2(2)[symmetric] space_L)
+ show ?case
+ proof(rule less_eq_quasi_borel.intros(2))
+ show "qbs_Mx Y \<subseteq> qbs_Mx (measure_to_qbs X)"
+ unfolding qbs_Mx_R
+ proof
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx Y"
+ show "\<alpha> \<in> borel \<rightarrow>\<^sub>M X"
+ proof(rule measurableI)
+ show "\<And>x. \<alpha> x \<in> space X"
+ using qbs_Mx_to_X[OF h] by (auto simp add: 2)
+ next
+ fix A
+ assume "A \<in> sets X"
+ then have "A \<in> sets (qbs_to_measure Y)"
+ using 2 by auto
+ then obtain U where
+ hu:"A = U \<inter> space N" "(\<forall>\<alpha>\<in>qbs_Mx Y. \<alpha> -` U \<in> sets borel)"
+ by(auto simp add: sigma_Mx_def sets_L)
+ have "\<alpha> -` A = \<alpha> -` U"
+ using qbs_Mx_to_X[OF h] by(auto simp add: hu)
+ thus "\<alpha> -` A \<inter> space borel \<in> sets borel"
+ using h hu(2) by simp
+ qed
+ qed
+ qed(auto simp: 2 qbs_space_R)
+ next
+ case (3 M N)
+ then have [simp]:"qbs_space Y = space N"
+ by(simp add: 3(2)[symmetric] space_L)
+ show ?case
+ proof(rule less_eq_quasi_borel.intros(2))
+ show "qbs_Mx Y \<subseteq> qbs_Mx (measure_to_qbs X)"
+ unfolding qbs_Mx_R
+ proof
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx Y"
+ show "\<alpha> \<in> borel \<rightarrow>\<^sub>M X"
+ proof(rule measurableI)
+ show "\<And>x. \<alpha> x \<in> space X"
+ using qbs_Mx_to_X[OF h] by(auto simp: 3)
+ next
+ fix A
+ assume "A \<in> sets X"
+ then have "A \<in> sets (qbs_to_measure Y)"
+ using 3 by auto
+ then obtain U where
+ hu:"A = U \<inter> space N" "(\<forall>\<alpha>\<in>qbs_Mx Y. \<alpha> -` U \<in> sets borel)"
+ by(auto simp add: sigma_Mx_def sets_L)
+ have "\<alpha> -` A = \<alpha> -` U"
+ using qbs_Mx_to_X[OF h] by(auto simp add: hu)
+ thus "\<alpha> -` A \<inter> space borel \<in> sets borel"
+ using h hu(2) by simp
+ qed
+ qed
+ qed(auto simp: 3 qbs_space_R)
+ qed
+next
+ assume "measure_to_qbs X \<le> Y"
+ then show "X \<le> qbs_to_measure Y"
+ proof(induction rule: less_eq_quasi_borel.cases)
+ case (1 A B)
+ have [simp]: "space X = qbs_space A"
+ by(simp add: 1(1)[symmetric] qbs_space_R)
+ show ?case
+ by(rule less_eq_measure.intros(1)) (simp add: 1 space_L)
+ next
+ case (2 A B)
+ then have hmy:"qbs_Mx Y \<subseteq> borel \<rightarrow>\<^sub>M X"
+ using qbs_Mx_R by blast
+ have [simp]: "space X = qbs_space A"
+ by(simp add: 2(1)[symmetric] qbs_space_R)
+ have "sets X \<subseteq> sigma_Mx Y"
+ proof
+ fix U
+ assume hu:"U \<in> sets X"
+ show "U \<in> sigma_Mx Y"
+ unfolding sigma_Mx_def
+ proof(safe intro!: exI[where x=U])
+ show "\<And>x. x \<in> U \<Longrightarrow> x \<in> qbs_space Y"
+ using sets.sets_into_space[OF hu]
+ by(auto simp add: 2)
+ next
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx Y"
+ then have "\<alpha> \<in> borel \<rightarrow>\<^sub>M X"
+ using hmy by(auto)
+ thus "\<alpha> -` U \<in> sets borel"
+ using hu by(simp add: measurable_sets_borel)
+ qed
+ qed
+ then consider "sets X = sigma_Mx Y" | "sets X \<subset> sigma_Mx Y"
+ by auto
+ then show ?case
+ proof cases
+ case 1
+ show ?thesis
+ proof(rule less_eq_measure.intros(3))
+ show "emeasure X \<le> emeasure (qbs_to_measure Y)"
+ unfolding emeasure_L
+ proof(rule le_funI)
+ fix U
+ consider "U = {}" | "U \<notin> sigma_Mx Y" | "U \<noteq> {} \<and> U \<in> sigma_Mx Y"
+ by auto
+ then show "emeasure X U \<le> (if U = {} \<or> U \<notin> sigma_Mx Y then 0 else \<infinity>)"
+ proof cases
+ case 1
+ then show ?thesis by simp
+ next
+ case h:2
+ then have "U \<notin> sigma_Mx A"
+ using qbs_Mx_sigma_Mx_contra[OF 2(3)[symmetric] 2(4)] 2(2) by auto
+ hence "U \<notin> sets X"
+ using lr_sets 2(1) sets_L by blast
+ thus ?thesis
+ by(simp add: h emeasure_notin_sets)
+ next
+ case 3
+ then show ?thesis
+ by simp
+ qed
+ qed
+ qed(simp_all add: 1 2 space_L sets_L)
+ next
+ case h2:2
+ show ?thesis
+ by(rule less_eq_measure.intros(2)) (simp add: space_L 2, simp add: h2 sets_L)
+ qed
+ qed
+qed
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/Monad_QuasiBorel.thy b/thys/S_Finite_Measure_Monad/Monad_QuasiBorel.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Monad_QuasiBorel.thy
@@ -0,0 +1,3501 @@
+(* Title: Monad_QuasiBorel.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+
+section \<open>The S-Finite Measure Monad\<close>
+
+theory Monad_QuasiBorel
+ imports
+ "Measure_QuasiBorel_Adjunction"
+ "Kernels"
+
+begin
+subsection \<open> The S-Finite Measure Monad\<close>
+subsubsection \<open> Space of S-Finite Measures\<close>
+locale in_Mx =
+ fixes X :: "'a quasi_borel"
+ and \<alpha> :: "real \<Rightarrow> 'a"
+ assumes in_Mx[simp]:"\<alpha> \<in> qbs_Mx X"
+begin
+
+lemma \<alpha>_measurable[measurable]: "\<alpha> \<in> borel \<rightarrow>\<^sub>M qbs_to_measure X"
+ using in_Mx qbs_Mx_subset_of_measurable by blast
+
+lemma \<alpha>_qbs_morphism[qbs]: "\<alpha> \<in> qbs_borel \<rightarrow>\<^sub>Q X"
+ using in_Mx by(simp only: qbs_Mx_is_morphisms)
+
+lemma X_not_empty: "qbs_space X \<noteq> {}"
+ using in_Mx by(auto simp: qbs_empty_equiv simp del: in_Mx)
+
+lemma inverse_UNIV[simp]: "\<alpha> -` (qbs_space X) = UNIV"
+ by fastforce
+
+end
+
+locale qbs_s_finite = in_Mx X \<alpha> + s_finite_measure \<mu>
+ for X :: "'a quasi_borel" and \<alpha> and \<mu> :: "real measure" +
+ assumes mu_sets[measurable_cong]: "sets \<mu> = sets borel"
+begin
+
+lemma mu_not_empty: "space \<mu> \<noteq> {}"
+ by(simp add: sets_eq_imp_space_eq[OF mu_sets])
+
+end
+
+lemma qbs_s_finite_All:
+ assumes "\<alpha> \<in> qbs_Mx X" "s_finite_kernel M borel k" "x \<in> space M"
+ shows "qbs_s_finite X \<alpha> (k x)"
+proof -
+ interpret s_finite_kernel M borel k by fact
+ show ?thesis
+ using assms(1,3) image_s_finite_measure[OF assms(3)] by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def kernel_sets)
+qed
+
+locale qbs_prob = in_Mx X \<alpha> + real_distribution \<mu>
+ for X :: "'a quasi_borel" and \<alpha> \<mu>
+begin
+
+lemma qbs_s_finite: "qbs_s_finite X \<alpha> \<mu>"
+ by(auto simp: qbs_s_finite_def qbs_s_finite_axioms_def in_Mx_def s_finite_measure_prob)
+
+sublocale qbs_s_finite by(rule qbs_s_finite)
+
+end
+
+lemma(in qbs_s_finite) qbs_probI: "prob_space \<mu> \<Longrightarrow> qbs_prob X \<alpha> \<mu>"
+ by(auto simp: qbs_prob_def in_Mx_def real_distribution_def real_distribution_axioms_def mu_sets)
+
+locale pair_qbs_s_finites = pq1: qbs_s_finite X \<alpha> \<mu> + pq2: qbs_s_finite Y \<beta> \<nu>
+ for X :: "'a quasi_borel" and \<alpha> \<mu> and Y :: "'b quasi_borel" and \<beta> \<nu>
+begin
+
+lemma ab_measurable[measurable]: "map_prod \<alpha> \<beta> \<in> borel \<Otimes>\<^sub>M borel \<rightarrow>\<^sub>M qbs_to_measure (X \<Otimes>\<^sub>Q Y)"
+proof -
+ have "map_prod \<alpha> \<beta> \<in> qbs_to_measure (measure_to_qbs (borel \<Otimes>\<^sub>M borel)) \<rightarrow>\<^sub>M qbs_to_measure (X \<Otimes>\<^sub>Q Y)"
+ by(auto intro!: set_mp[OF l_preserves_morphisms] simp: r_preserves_product)
+ moreover have "sets (qbs_to_measure (measure_to_qbs (borel \<Otimes>\<^sub>M borel))) = sets ((borel \<Otimes>\<^sub>M borel) :: (real \<times> real) measure)"
+ by(auto intro!: standard_borel.lr_sets_ident pair_standard_borel_ne standard_borel_ne.standard_borel)
+ ultimately show ?thesis by simp
+qed
+
+end
+
+locale pair_qbs_probs = pq1: qbs_prob X \<alpha> \<mu> + pq2: qbs_prob Y \<beta> \<nu>
+ for X :: "'a quasi_borel" and \<alpha> \<mu> and Y :: "'b quasi_borel" and \<beta> \<nu>
+begin
+sublocale pair_qbs_s_finites
+ by standard
+end
+
+locale pair_qbs_s_finite = pq1: qbs_s_finite X \<alpha> \<mu> + pq2: qbs_s_finite X \<beta> \<nu>
+ for X :: "'a quasi_borel" and \<alpha> \<mu> and \<beta> \<nu>
+begin
+sublocale pair_qbs_s_finites X \<alpha> \<mu> X \<beta> \<nu>
+ by standard
+end
+
+locale pair_qbs_prob = pq1: qbs_prob X \<alpha> \<mu> + pq2: qbs_prob X \<beta> \<nu>
+ for X :: "'a quasi_borel" and \<alpha> \<mu> and \<beta> \<nu>
+begin
+
+sublocale pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ by standard
+
+sublocale pair_qbs_probs X \<alpha> \<mu> X \<beta> \<mu>
+ by standard
+
+end
+
+type_synonym 'a qbs_s_finite_t = "'a quasi_borel * (real \<Rightarrow> 'a) * real measure"
+definition qbs_s_finite_eq :: "['a qbs_s_finite_t, 'a qbs_s_finite_t] \<Rightarrow> bool" where
+ "qbs_s_finite_eq p1 p2 \<equiv>
+ (let (X, \<alpha>, \<mu>) = p1;
+ (Y, \<beta>, \<nu>) = p2 in
+ qbs_s_finite X \<alpha> \<mu> \<and> qbs_s_finite Y \<beta> \<nu> \<and> X = Y \<and>
+ distr \<mu> (qbs_to_measure X) \<alpha> = distr \<nu> (qbs_to_measure Y) \<beta>)"
+
+definition qbs_s_finite_eq' :: "['a qbs_s_finite_t, 'a qbs_s_finite_t] \<Rightarrow> bool" where
+ "qbs_s_finite_eq' p1 p2 \<equiv>
+ (let (X, \<alpha>, \<mu>) = p1;
+ (Y, \<beta>, \<nu>) = p2 in
+ qbs_s_finite X \<alpha> \<mu> \<and> qbs_s_finite Y \<beta> \<nu> \<and> X = Y \<and>
+ (\<forall>f\<in>X \<rightarrow>\<^sub>Q (qbs_borel :: ennreal quasi_borel). (\<integral>\<^sup>+x. f (\<alpha> x) \<partial>\<mu>) = (\<integral>\<^sup>+x. f (\<beta> x) \<partial>\<nu>)))"
+
+lemma(in qbs_s_finite)
+ shows qbs_s_finite_eq_refl[simp]: "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X,\<alpha>,\<mu>)"
+ and qbs_s_finite_eq'_refl[simp]: "qbs_s_finite_eq' (X,\<alpha>,\<mu>) (X,\<alpha>,\<mu>)"
+ by(simp_all add: qbs_s_finite_eq_def qbs_s_finite_eq'_def qbs_s_finite_axioms)
+
+lemma(in pair_qbs_s_finite)
+ shows qbs_s_finite_eq_intro: "distr \<mu> (qbs_to_measure X) \<alpha> = distr \<nu> (qbs_to_measure X) \<beta> \<Longrightarrow> qbs_s_finite_eq (X,\<alpha>,\<mu>) (X,\<beta>,\<nu>)"
+ and qbs_s_finite_eq'_intro: "(\<And>f. f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sup>+x. f (\<alpha> x) \<partial> \<mu>) = (\<integral>\<^sup>+x. f (\<beta> x) \<partial> \<nu>)) \<Longrightarrow> qbs_s_finite_eq' (X,\<alpha>,\<mu>) (X,\<beta>,\<nu>)"
+ by(simp_all add: qbs_s_finite_eq_def qbs_s_finite_eq'_def pq1.qbs_s_finite_axioms pq2.qbs_s_finite_axioms)
+
+lemma qbs_s_finite_eq_dest:
+ assumes "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ shows "qbs_s_finite X \<alpha> \<mu>" "qbs_s_finite Y \<beta> \<nu>" "Y = X" "distr \<mu> (qbs_to_measure X) \<alpha> = distr \<nu> (qbs_to_measure X) \<beta>"
+ using assms by(auto simp: qbs_s_finite_eq_def)
+
+lemma qbs_s_finite_eq'_dest:
+ assumes "qbs_s_finite_eq' (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ shows "qbs_s_finite X \<alpha> \<mu>" "qbs_s_finite Y \<beta> \<nu>" "Y = X" "\<And>f. f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sup>+x. f (\<alpha> x) \<partial> \<mu>) = (\<integral>\<^sup>+x. f (\<beta> x) \<partial> \<nu>)"
+ using assms by(auto simp: qbs_s_finite_eq'_def)
+
+lemma(in qbs_prob) qbs_s_finite_eq_qbs_prob_cong:
+ assumes "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ shows "qbs_prob Y \<beta> \<nu>"
+proof -
+ interpret qs: pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ using assms(1) by(auto simp: qbs_s_finite_eq_def pair_qbs_s_finites_def)
+ show ?thesis
+ by(auto intro!: qs.pq2.qbs_probI prob_space_distrD[of \<beta> _ "qbs_to_measure Y"]) (auto simp: qbs_s_finite_eq_dest(3)[OF assms] qbs_s_finite_eq_dest(4)[OF assms,symmetric] intro!: prob_space_distr)
+qed
+
+lemma
+ shows qbs_s_finite_eq_symp: "symp qbs_s_finite_eq"
+ and qbs_s_finite_eq_transp: "transp qbs_s_finite_eq"
+ by(simp_all add: qbs_s_finite_eq_def transp_def symp_def)
+
+quotient_type 'a qbs_measure = "'a qbs_s_finite_t" / partial: qbs_s_finite_eq
+ morphisms rep_qbs_measure qbs_measure
+proof(rule part_equivpI)
+ let ?U = "UNIV :: 'a set"
+ let ?Uf = "UNIV :: (real \<Rightarrow> 'a) set"
+ let ?f = "(\<lambda>_. undefined) :: real \<Rightarrow> 'a"
+ have "qbs_s_finite (Abs_quasi_borel (?U, ?Uf)) ?f (return borel 0)"
+ unfolding qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def
+ proof safe
+ have "Rep_quasi_borel (Abs_quasi_borel (?U,?Uf)) = (?U, ?Uf)"
+ using Abs_quasi_borel_inverse by (auto simp add: qbs_closed1_def qbs_closed2_def qbs_closed3_def is_quasi_borel_def)
+ thus "(\<lambda>_. undefined) \<in> qbs_Mx (Abs_quasi_borel (?U, ?Uf))"
+ by(simp add: qbs_Mx_def)
+ next
+ show "s_finite_measure (return borel 0)"
+ by(auto intro!: sigma_finite_measure.s_finite_measure prob_space_imp_sigma_finite prob_space_return)
+ qed simp_all
+ thus "\<exists>x :: 'a qbs_s_finite_t. qbs_s_finite_eq x x"
+ by(auto simp: qbs_s_finite_eq_def intro!: exI[where x="(Abs_quasi_borel (?U,?Uf), ?f, return borel 0)"])
+qed(simp_all add: qbs_s_finite_eq_symp qbs_s_finite_eq_transp)
+
+interpretation qbs_measure : quot_type "qbs_s_finite_eq" "Abs_qbs_measure" "Rep_qbs_measure"
+ using Abs_qbs_measure_inverse Rep_qbs_measure
+ by(simp add: quot_type_def equivp_implies_part_equivp qbs_measure_equivp Rep_qbs_measure_inverse Rep_qbs_measure_inject) blast
+
+syntax
+ "_qbs_measure" :: "'a quasi_borel \<Rightarrow> (real \<Rightarrow> 'a) \<Rightarrow> real measure \<Rightarrow> 'a qbs_measure" ("\<lbrakk>_,/ _,/ _\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n")
+translations
+ "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" \<rightleftharpoons> "CONST qbs_measure (X, \<alpha>, \<mu>)"
+
+lemma rep_qbs_s_finite_measure': "\<exists>X \<alpha> \<mu>. p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<and> qbs_s_finite X \<alpha> \<mu>"
+ by(rule qbs_measure.abs_induct,auto simp add: qbs_s_finite_eq_def)
+
+lemma rep_qbs_s_finite_measure:
+ obtains X \<alpha> \<mu> where "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ using that rep_qbs_s_finite_measure' by blast
+
+definition qbs_null_measure :: "'a quasi_borel \<Rightarrow> 'a qbs_measure" where
+"qbs_null_measure X \<equiv> \<lbrakk>X, SOME a. a \<in> qbs_Mx X, null_measure borel\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+
+lemma qbs_null_measure_s_finite: "qbs_space X \<noteq> {} \<Longrightarrow> qbs_s_finite X (SOME a. a \<in> qbs_Mx X) (null_measure borel)"
+ by(auto simp: qbs_empty_equiv qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def some_in_eq intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+
+lemma(in qbs_s_finite) in_Rep_qbs_measure':
+ assumes "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X',\<alpha>',\<mu>')"
+ shows "(X',\<alpha>',\<mu>') \<in> Rep_qbs_measure \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by (metis assms mem_Collect_eq qbs_s_finite_eq_refl qbs_measure_def qbs_measure.abs_def qbs_measure.abs_inverse)
+
+lemmas(in qbs_s_finite) in_Rep_qbs_measure = in_Rep_qbs_measure'[OF qbs_s_finite_eq_refl]
+
+lemma(in qbs_s_finite) if_in_Rep_qbs_measure:
+ assumes "(X',\<alpha>',\<mu>') \<in> Rep_qbs_measure \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ shows "X' = X"
+ "qbs_s_finite X' \<alpha>' \<mu>'"
+ "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X',\<alpha>',\<mu>')"
+proof -
+ show h:"X' = X"
+ using assms qbs_measure.Rep_qbs_measure[of "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"]
+ by auto (metis mem_Collect_eq qbs_s_finite_eq_dest(3) qbs_s_finite_eq_refl qbs_measure_def qbs_measure.abs_def qbs_measure.abs_inverse)
+next
+ show "qbs_s_finite X' \<alpha>' \<mu>'"
+ using assms qbs_measure.Rep_qbs_measure[of "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"]
+ by (auto simp: qbs_s_finite_eq_dest(2))
+next
+ show "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X',\<alpha>',\<mu>')"
+ using assms qbs_measure.Rep_qbs_measure[of "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"]
+ by auto (metis mem_Collect_eq qbs_s_finite_eq_dest(3) qbs_s_finite_eq_refl qbs_measure_def qbs_measure.abs_def qbs_measure.abs_inverse)
+qed
+
+lemma qbs_s_finite_eq_1_imp_2:
+ assumes "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)" "f \<in> X \<rightarrow>\<^sub>Q (qbs_borel :: (_ :: {banach}) quasi_borel)"
+ shows "(\<integral>x. f (\<alpha> x) \<partial>\<mu>) = (\<integral>x. f (\<beta> x) \<partial>\<nu>)" (is "?lhs = ?rhs")
+proof -
+ interpret pq : pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ using assms by(auto intro!: pair_qbs_s_finite.intro simp: qbs_s_finite_eq_def)
+ have [measurable]: "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M borel"
+ using assms by(simp add: lr_adjunction_correspondence)
+ have "?lhs = (\<integral>x. f x \<partial>(distr \<mu> (qbs_to_measure X) \<alpha>))"
+ by(simp add: integral_distr)
+ also have "... = (\<integral>x. f x \<partial>(distr \<nu> (qbs_to_measure X) \<beta>))"
+ by(simp add: qbs_s_finite_eq_dest(4)[OF assms(1)])
+ also have "... = ?rhs"
+ by(simp add: integral_distr)
+ finally show ?thesis .
+qed
+
+lemma qbs_s_finite_eq_equiv: "qbs_s_finite_eq = qbs_s_finite_eq'"
+proof(rule ext[OF ext])
+ show "\<And>a b :: 'a qbs_s_finite_t. qbs_s_finite_eq a b = qbs_s_finite_eq' a b"
+ proof safe
+ fix X Y :: "'a quasi_borel" and \<alpha> \<beta> \<mu> \<nu>
+ {
+ assume h:"qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ then interpret pq : pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ by(auto intro!: pair_qbs_s_finite.intro simp: qbs_s_finite_eq_def)
+ show "qbs_s_finite_eq' (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ unfolding qbs_s_finite_eq_dest(3)[OF h]
+ proof(rule pq.qbs_s_finite_eq'_intro)
+ fix f :: "'a \<Rightarrow> ennreal"
+ assume f:"f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ show "(\<integral>\<^sup>+ x. f (\<alpha> x) \<partial>\<mu>) = (\<integral>\<^sup>+ x. f (\<beta> x) \<partial>\<nu>)" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. f x \<partial>(distr \<mu> (qbs_to_measure X) \<alpha>))"
+ by(rule nn_integral_distr[symmetric]) (use f lr_adjunction_correspondence in auto)
+ also have "... = (\<integral>\<^sup>+ x. f x \<partial>(distr \<nu> (qbs_to_measure X) \<beta>))"
+ by(simp add: qbs_s_finite_eq_dest(4)[OF h])
+ also have "... = ?rhs"
+ by(rule nn_integral_distr) (use f lr_adjunction_correspondence in auto)
+ finally show ?thesis .
+ qed
+ qed
+ }
+ {
+ assume h:"qbs_s_finite_eq' (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ then interpret pq : pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ by(auto intro!: pair_qbs_s_finite.intro simp: qbs_s_finite_eq'_def)
+ show "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)"
+ unfolding qbs_s_finite_eq'_dest(3)[OF h]
+ proof(rule pq.qbs_s_finite_eq_intro[OF measure_eqI])
+ fix U
+ assume hu[measurable]:"U \<in> sets (distr \<mu> (qbs_to_measure X) \<alpha>)"
+ show "emeasure (distr \<mu> (qbs_to_measure X) \<alpha>) U = emeasure (distr \<nu> (qbs_to_measure X) \<beta>) U"
+ (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. indicator U x \<partial> (distr \<mu> (qbs_to_measure X) \<alpha>))"
+ using hu by simp
+ also have "... = (\<integral>\<^sup>+ x. indicator U (\<alpha> x) \<partial>\<mu>)"
+ by(rule nn_integral_distr) (use hu in auto)
+ also have "... = (\<integral>\<^sup>+ x. indicator U (\<beta> x) \<partial>\<nu>)"
+ by(auto intro!: qbs_s_finite_eq'_dest(4)[OF h] simp: lr_adjunction_correspondence)
+ also have "... = (\<integral>\<^sup>+ x. indicator U x \<partial> (distr \<nu> (qbs_to_measure X) \<beta>))"
+ by(rule nn_integral_distr[symmetric]) (use hu in auto)
+ also have "... = ?rhs"
+ using hu by simp
+ finally show ?thesis .
+ qed
+ qed simp
+ }
+ qed
+qed
+
+lemma qbs_s_finite_measure_eq: "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>) \<Longrightarrow> \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using Quotient3_rel[OF Quotient3_qbs_measure] by blast
+
+lemma(in pair_qbs_s_finite) qbs_s_finite_measure_eq:
+ "distr \<mu> (qbs_to_measure X) \<alpha> = distr \<nu> (qbs_to_measure X) \<beta> \<Longrightarrow> \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto intro!: qbs_s_finite_measure_eq qbs_s_finite_eq_intro)
+
+lemma(in pair_qbs_s_finite) qbs_s_finite_measure_eq':
+ "(\<And>f. f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sup>+x. f (\<alpha> x) \<partial> \<mu>) = (\<integral>\<^sup>+x. f (\<beta> x) \<partial> \<nu>)) \<Longrightarrow> \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite_eq'_intro[simplified qbs_s_finite_eq_equiv[symmetric]] by(auto intro!: qbs_s_finite_measure_eq simp: qbs_s_finite_eq_def)
+
+lemma(in pair_qbs_s_finite) qbs_s_finite_measure_eq_inverse:
+ assumes "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ shows "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X,\<beta>,\<nu>)" "qbs_s_finite_eq' (X,\<alpha>,\<mu>) (X,\<beta>,\<nu>)"
+ using Quotient3_rel[OF Quotient3_qbs_measure,of "(X,\<alpha>,\<mu>)" "(X,\<beta>,\<nu>)",simplified]
+ by(simp_all add: assms qbs_s_finite_eq_equiv)
+
+lift_definition qbs_space_of :: "'a qbs_measure \<Rightarrow> 'a quasi_borel"
+is fst by(auto simp: qbs_s_finite_eq_def)
+
+lemma(in qbs_s_finite) qbs_space_of[simp]:
+ "qbs_space_of \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = X" by(simp add: qbs_space_of.abs_eq)
+
+lemma rep_qbs_space_of:
+ assumes "qbs_space_of s = X"
+ shows "\<exists>\<alpha> \<mu>. s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<and> qbs_s_finite X \<alpha> \<mu>"
+proof -
+ obtain X' \<alpha> \<mu> where hs:
+ "s = \<lbrakk>X', \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X' \<alpha> \<mu>"
+ using rep_qbs_s_finite_measure'[of s] by auto
+ then interpret qs:qbs_s_finite X' \<alpha> \<mu>
+ by simp
+ show ?thesis
+ using assms hs(2) by(auto simp add: hs(1))
+qed
+
+corollary qbs_s_space_of_not_empty: "qbs_space (qbs_space_of X) \<noteq> {}"
+ by transfer (auto simp: qbs_s_finite_eq_def qbs_s_finite_def in_Mx_def qbs_empty_equiv)
+
+
+subsubsection \<open> The S-Finite Measure Monad\<close>
+definition monadM_qbs :: "'a quasi_borel \<Rightarrow> 'a qbs_measure quasi_borel" where
+"monadM_qbs X \<equiv> Abs_quasi_borel ({s. qbs_space_of s = X}, {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k})"
+
+lemma
+ shows monadM_qbs_space: "qbs_space (monadM_qbs X) = {s. qbs_space_of s = X}"
+ and monadM_qbs_Mx: "qbs_Mx (monadM_qbs X) = {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+proof -
+ have "{\<lambda>r::real. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k} \<subseteq> UNIV \<rightarrow> {s. qbs_space_of s = X}"
+ proof safe
+ fix x \<alpha> and k :: "real \<Rightarrow> real measure"
+ assume h:"\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k"
+ interpret k:s_finite_kernel borel borel k by fact
+ interpret qbs_s_finite X \<alpha> "k x"
+ using k.image_s_finite_measure h(1) by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def k.kernel_sets)
+ show "qbs_space_of \<lbrakk>X, \<alpha>, k x\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = X"
+ by simp
+ qed
+ moreover have "qbs_closed1 {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+ proof(safe intro!: qbs_closed1I)
+ fix \<alpha> and f :: "real \<Rightarrow> real" and k :: "real\<Rightarrow> real measure"
+ assume h:"f \<in> borel_measurable borel" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k"
+ then show "\<exists>\<alpha>' ka. (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<circ> f = (\<lambda>r. \<lbrakk>X, \<alpha>', ka r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<alpha>' \<in> qbs_Mx X \<and> s_finite_kernel borel borel ka"
+ by(auto intro!: exI[where x=\<alpha>] exI[where x="\<lambda>x. k (f x)"] simp: s_finite_kernel.comp_measurable[OF h(3,1)])
+ qed
+ moreover have "qbs_closed2 {s. qbs_space_of s = X} {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+ proof(safe intro!: qbs_closed2I)
+ fix s
+ assume h:"X = qbs_space_of s"
+ from rep_qbs_space_of[OF this[symmetric]] obtain \<alpha> \<mu> where s:"s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ by auto
+ then interpret qbs_s_finite X \<alpha> \<mu> by simp
+ show "\<exists>\<alpha> k. (\<lambda>r. s) = (\<lambda>r. \<lbrakk>qbs_space_of s, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<alpha> \<in> qbs_Mx (qbs_space_of s) \<and> s_finite_kernel borel borel k"
+ by(auto intro!: exI[where x=\<alpha>] exI[where x="\<lambda>r. \<mu>"] s_finite_kernel_const simp: s(1) s_finite_kernel_cong_sets[OF _ mu_sets[symmetric]] sets_eq_imp_space_eq[OF mu_sets])
+ qed
+ moreover have "qbs_closed3 {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+ proof(safe intro!: qbs_closed3I)
+ fix P :: "real \<Rightarrow> nat" and Fi :: "nat \<Rightarrow> _"
+ assume P[measurable]: "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ and "\<forall>i. Fi i \<in> {\<lambda>r::real. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+ then obtain \<alpha>i ki where Fi: "\<And>i. Fi i = (\<lambda>r. \<lbrakk>X, \<alpha>i i, ki i r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<And>i. \<alpha>i i \<in> qbs_Mx X" "\<And>i. s_finite_kernel borel borel (ki i)"
+ by auto metis
+ interpret nat_real: standard_borel_ne "count_space (UNIV :: nat set) \<Otimes>\<^sub>M (borel :: real measure)"
+ by(auto intro!: pair_standard_borel_ne)
+ note [simp] = nat_real.from_real_to_real[simplified space_pair_measure, simplified]
+ define \<alpha> where "\<alpha> \<equiv> (\<lambda>r. case_prod \<alpha>i (nat_real.from_real r))"
+ define k where "k \<equiv> (\<lambda>r. distr (distr (ki (P r) r) (count_space UNIV \<Otimes>\<^sub>M borel) (\<lambda>r'. (P r, r'))) borel nat_real.to_real)"
+ have \<alpha>: "\<alpha> \<in> qbs_Mx X"
+ unfolding \<alpha>_def qbs_Mx_is_morphisms
+ proof(rule qbs_morphism_compose[where g=nat_real.from_real and Y="qbs_count_space UNIV \<Otimes>\<^sub>Q qbs_borel"])
+ show "nat_real.from_real \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_count_space UNIV \<Otimes>\<^sub>Q qbs_borel"
+ by(simp add: r_preserves_product[symmetric] standard_borel.standard_borel_r_full_faithful[of "borel :: real measure",simplified,symmetric] standard_borel_ne.standard_borel)
+ next
+ show "case_prod \<alpha>i \<in> qbs_count_space UNIV \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q X"
+ using Fi(2) by(auto intro!: qbs_morphism_pair_count_space1 simp: qbs_Mx_is_morphisms)
+ qed
+ have sets_ki[measurable_cong]: "sets (ki i r) = sets borel" "sets (k r) = sets borel" for i r
+ using Fi(3) by(auto simp: s_finite_kernel_def measure_kernel_def k_def)
+ interpret k:s_finite_kernel borel borel k
+ proof -
+ have 1:"k = (\<lambda>(i,r). distr (ki i r) borel (\<lambda>r'. nat_real.to_real (i, r'))) \<circ> (\<lambda>r. (P r, r))"
+ by standard (auto simp: k_def distr_distr comp_def)
+ have "s_finite_kernel borel borel ..."
+ unfolding comp_def
+ by(rule s_finite_kernel.comp_measurable[where X="count_space UNIV \<Otimes>\<^sub>M borel"],rule s_finite_kernel_pair_countble1, auto intro!: s_finite_kernel.distr_s_finite_kernel[OF Fi(3)])
+ thus "s_finite_kernel borel borel k" by(simp add: 1)
+ qed
+ have "(\<lambda>r. Fi (P r) r) = (\<lambda>r. \<lbrakk>X, \<alpha>, k r \<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ unfolding Fi(1)
+ proof
+ fix r
+ interpret pq:pair_qbs_s_finite X "\<alpha>i (P r)" "ki (P r) r" \<alpha> "k r"
+ by(auto simp: pair_qbs_s_finite_def qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def k.image_s_finite_measure s_finite_kernel.image_s_finite_measure[OF Fi(3)] sets_ki \<alpha> Fi(2))
+ show "\<lbrakk>X, \<alpha>i (P r), ki (P r) r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(rule pq.qbs_s_finite_measure_eq, simp add: k_def distr_distr comp_def,simp add: \<alpha>_def)
+ qed
+ thus "\<exists>\<alpha> k. (\<lambda>r. Fi (P r) r) = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k"
+ by(auto intro!: exI[where x=\<alpha>] exI[where x=k] simp: \<alpha> k.s_finite_kernel_axioms)
+ qed
+ ultimately have "Rep_quasi_borel (monadM_qbs X) = ({s. qbs_space_of s = X}, {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k})"
+ by(auto intro!: Abs_quasi_borel_inverse simp: monadM_qbs_def is_quasi_borel_def)
+ thus "qbs_space (monadM_qbs X) = {s. qbs_space_of s = X}" "qbs_Mx (monadM_qbs X) = {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> s_finite_kernel borel borel k}"
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma monadM_qbs_empty_iff: "qbs_space X = {} \<longleftrightarrow> qbs_space (monadM_qbs X) = {}"
+ by(auto simp: monadM_qbs_space qbs_s_space_of_not_empty) (meson in_Mx.intro qbs_closed2_dest qbs_s_finite.qbs_space_of qbs_s_finite_def rep_qbs_s_finite_measure')
+
+lemma(in qbs_s_finite) in_space_monadM[qbs]: "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<in> qbs_space (monadM_qbs X)"
+ by(simp add: monadM_qbs_space)
+
+lemma rep_qbs_space_monadM:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ obtains \<alpha> \<mu> where "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ using rep_qbs_space_of assms that by(auto simp: monadM_qbs_space)
+
+lemma rep_qbs_space_monadM_sigma_finite:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ obtains \<alpha> \<mu> where "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" "sigma_finite_measure \<mu>"
+proof -
+ obtain \<alpha> \<mu> where s:"s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ by(metis rep_qbs_space_monadM assms)
+ hence "standard_borel_ne \<mu>""s_finite_measure \<mu>"
+ by(auto intro!: standard_borel_ne_sets[of borel \<mu>] simp: qbs_s_finite_def qbs_s_finite_axioms_def)
+ from exists_push_forward[OF this] obtain \<mu>' f where f:
+ "f \<in> (borel :: real measure) \<rightarrow>\<^sub>M \<mu>" "sets \<mu>' = sets borel" "sigma_finite_measure \<mu>'" "distr \<mu>' \<mu> f = \<mu>"
+ by metis
+ hence [measurable]: "f \<in> borel_measurable borel"
+ using s(2) by(auto simp: qbs_s_finite_def qbs_s_finite_axioms_def cong: measurable_cong_sets)
+ interpret pair_qbs_s_finite X \<alpha> \<mu> "\<alpha> \<circ> f" \<mu>'
+ proof -
+ have "qbs_s_finite X (\<alpha> \<circ> f) \<mu>'"
+ using s(2) by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def[of \<mu>'] f(2,3) sigma_finite_measure.s_finite_measure)
+ thus "pair_qbs_s_finite X \<alpha> \<mu> (\<alpha> \<circ> f) \<mu>'"
+ by(auto simp: pair_qbs_s_finite_def s(2))
+ qed
+ have "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<alpha> \<circ> f, \<mu>'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof -
+ have [simp]:" distr \<mu> (qbs_to_measure X) \<alpha> = distr (distr \<mu>' \<mu> f) (qbs_to_measure X) \<alpha>"
+ by(simp add: f(4))
+ show ?thesis
+ by(auto intro!: qbs_s_finite_measure_eq simp: distr_distr)
+ qed
+ with s(1) pq2.qbs_s_finite_axioms f(3) that
+ show ?thesis by metis
+qed
+
+lemma qbs_space_of_in: "s \<in> qbs_space (monadM_qbs X) \<Longrightarrow> qbs_space_of s = X"
+ by(simp add: monadM_qbs_space)
+
+lemma in_qbs_space_of: "s \<in> qbs_space (monadM_qbs (qbs_space_of s))"
+ by(simp add: monadM_qbs_space)
+
+subsubsection \<open> $l$ \<close>
+lift_definition qbs_l :: "'a qbs_measure \<Rightarrow> 'a measure"
+is "\<lambda>p. distr (snd (snd p)) (qbs_to_measure (fst p)) (fst (snd p))"
+ by(auto simp: qbs_s_finite_eq_def)
+
+lemma(in qbs_s_finite) qbs_l: "qbs_l \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = distr \<mu> (qbs_to_measure X) \<alpha>"
+ by(simp add: qbs_l.abs_eq)
+
+interpretation qbs_l_s_finite: s_finite_measure "qbs_l (s :: 'a qbs_measure)"
+proof(transfer)
+ show "\<And>s:: 'a qbs_s_finite_t. qbs_s_finite_eq s s \<Longrightarrow> s_finite_measure (distr (snd (snd s)) (qbs_to_measure (fst s)) (fst (snd s)))"
+ proof safe
+ fix X :: "'a quasi_borel"
+ fix \<alpha> \<mu>
+ assume "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X,\<alpha>,\<mu>)"
+ then interpret qbs_s_finite X \<alpha> \<mu>
+ by(simp add: qbs_s_finite_eq_def)
+ show "s_finite_measure (distr (snd (snd (X,\<alpha>,\<mu>))) (qbs_to_measure (fst (X,\<alpha>,\<mu>))) (fst (snd (X,\<alpha>,\<mu>))))"
+ by(auto intro!: s_finite_measure.s_finite_measure_distr simp: s_finite_measure_axioms)
+ qed
+qed
+
+lemma space_qbs_l: "qbs_space (qbs_space_of s) = space (qbs_l s)"
+ by(transfer, auto simp: space_L)
+
+lemma space_qbs_l_ne: "space (qbs_l s) \<noteq> {}"
+ by transfer (auto simp: qbs_s_finite_eq_def qbs_s_finite_def in_Mx_def space_L qbs_empty_equiv)
+
+lemma qbs_l_sets: "sets (qbs_to_measure (qbs_space_of s)) = sets (qbs_l s)"
+ by(transfer,simp)
+
+lemma qbs_null_measure_in_Mx: "qbs_space X \<noteq> {} \<Longrightarrow> qbs_null_measure X \<in> qbs_space (monadM_qbs X)"
+ by(simp add: qbs_s_finite.in_space_monadM[OF qbs_null_measure_s_finite] qbs_null_measure_def)
+
+lemma qbs_null_measure_null_measure:"qbs_space X \<noteq> {} \<Longrightarrow> qbs_l (qbs_null_measure X) = null_measure (qbs_to_measure X)"
+ by(auto simp: qbs_null_measure_def qbs_s_finite.qbs_l[OF qbs_null_measure_s_finite] null_measure_distr)
+
+lemma space_qbs_l_in:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "space (qbs_l s) = qbs_space X"
+ by (metis assms qbs_s_finite.qbs_space_of rep_qbs_space_monadM space_qbs_l)
+
+lemma sets_qbs_l:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "sets (qbs_l s) = sets (qbs_to_measure X)"
+ using assms qbs_l_sets qbs_space_of_in by blast
+
+lemma measurable_qbs_l:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "qbs_l s \<rightarrow>\<^sub>M M = X \<rightarrow>\<^sub>Q measure_to_qbs M"
+ by(auto simp: measurable_cong_sets[OF qbs_l_sets[of s,simplified qbs_space_of_in[OF assms(1)],symmetric] refl] lr_adjunction_correspondence)
+
+lemma measurable_qbs_l':
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "qbs_l s \<rightarrow>\<^sub>M M = qbs_to_measure X \<rightarrow>\<^sub>M M"
+ by(simp add: measurable_qbs_l[OF assms] lr_adjunction_correspondence)
+
+lemma rep_qbs_Mx_monadM:
+ assumes "\<gamma> \<in> qbs_Mx (monadM_qbs X)"
+ obtains \<alpha> k where "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+proof -
+ have "\<And>\<alpha> r k. \<alpha> \<in> qbs_Mx X \<Longrightarrow> s_finite_kernel borel borel k \<Longrightarrow> qbs_s_finite X \<alpha> (k r)"
+ by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def s_finite_kernel.image_s_finite_measure) (auto simp: s_finite_kernel_def measure_kernel_def)
+ thus ?thesis
+ using that assms by(fastforce simp: monadM_qbs_Mx)
+qed
+
+lemma qbs_l_measurable[measurable]:"qbs_l \<in> qbs_to_measure (monadM_qbs X) \<rightarrow>\<^sub>M s_finite_measure_algebra (qbs_to_measure X)"
+proof(rule qbs_morphism_dest[OF qbs_morphismI])
+ fix \<gamma>
+ assume "\<gamma> \<in> qbs_Mx (monadM_qbs X)"
+ from rep_qbs_Mx_monadM[OF this] obtain \<alpha> k where h:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ show "qbs_l \<circ> \<gamma> \<in> qbs_Mx (measure_to_qbs (s_finite_measure_algebra (qbs_to_measure X)))"
+ by(auto simp add: qbs_Mx_R comp_def h(1) qbs_s_finite.qbs_l[OF h(4)] h(2,3) intro!: s_finite_kernel.kernel_measurable_s_finite s_finite_kernel.distr_s_finite_kernel[where Y=borel])
+qed
+
+lemma qbs_l_measure_kernel: "measure_kernel (qbs_to_measure (monadM_qbs X)) (qbs_to_measure X) qbs_l"
+proof(cases "qbs_space X = {}")
+ case True
+ with monadM_qbs_empty_iff[of X,simplified this] show ?thesis
+ by(auto intro!: measure_kernel_empty_trivial simp: space_L)
+next
+ case 1:False
+ show ?thesis
+ proof
+ show "\<And>x. x \<in> space (qbs_to_measure (monadM_qbs X)) \<Longrightarrow> sets (qbs_l x) = sets (qbs_to_measure X)"
+ using qbs_l_sets by(auto simp: space_L monadM_qbs_space)
+ next
+ show "space (qbs_to_measure X) \<noteq> {}"
+ by(simp add: space_L 1)
+ qed (rule measurable_emeasure_kernel_s_finite_measure_algebra[OF qbs_l_measurable])
+qed
+
+lemma qbs_l_inj: "inj_on qbs_l (qbs_space (monadM_qbs X))"
+ by standard (auto simp: monadM_qbs_space, transfer,auto simp: qbs_s_finite_eq_def)
+
+lemma qbs_l_morphism:
+ assumes [measurable]:"A \<in> sets (qbs_to_measure X)"
+ shows "(\<lambda>s. qbs_l s A) \<in> monadM_qbs X \<rightarrow>\<^sub>Q qbs_borel"
+proof(rule qbs_morphismI)
+ fix \<gamma>
+ assume h:"\<gamma> \<in> qbs_Mx (monadM_qbs X)"
+ hence [qbs]: "\<gamma> \<in> qbs_borel \<rightarrow>\<^sub>Q monadM_qbs X"
+ by(simp_all add: qbs_Mx_is_morphisms)
+ from rep_qbs_Mx_monadM[OF h(1)] obtain \<alpha> k where hk:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ then interpret a: in_Mx X \<alpha> by(simp add: in_Mx_def)
+ have k[measurable_cong]:"sets (k r) = sets borel" for r
+ using hk(3) by(auto simp: s_finite_kernel_def measure_kernel_def)
+ show "(\<lambda>s. emeasure (qbs_l s) A) \<circ> \<gamma> \<in> qbs_Mx qbs_borel"
+ by(auto simp: hk(1) qbs_s_finite.qbs_l[OF hk(4)] comp_def qbs_Mx_qbs_borel emeasure_distr sets_eq_imp_space_eq[OF k] intro!: s_finite_kernel.emeasure_measurable'[OF hk(3)] measurable_sets_borel[OF _ assms])
+qed
+
+lemma qbs_l_finite_pred: "qbs_pred (monadM_qbs X) (\<lambda>s. finite_measure (qbs_l s))"
+proof -
+ have "qbs_space X \<in> sets (qbs_to_measure X)"
+ by (metis sets.top space_L)
+ note qbs_l_morphism[OF this,qbs]
+ have [simp]:"finite_measure (qbs_l s) \<longleftrightarrow> qbs_l s X \<noteq> \<infinity>" if "s \<in> monadM_qbs X" for s
+ by(auto intro!: finite_measureI dest: finite_measure.emeasure_finite simp: space_qbs_l_in[OF that])
+ show ?thesis
+ by(simp cong: qbs_morphism_cong)
+qed
+
+lemma qbs_l_subprob_pred: "qbs_pred (monadM_qbs X) (\<lambda>s. subprob_space (qbs_l s))"
+proof -
+ have "qbs_space X \<in> sets (qbs_to_measure X)"
+ by (metis sets.top space_L)
+ note qbs_l_morphism[OF this,qbs]
+ have [simp]:"subprob_space (qbs_l s) \<longleftrightarrow> qbs_l s X \<le> 1" if "s \<in> monadM_qbs X" for s
+ by(auto intro!: subprob_spaceI dest: subprob_space.subprob_emeasure_le_1 simp: space_qbs_l_ne) (simp add: space_qbs_l_in[OF that])
+ show ?thesis
+ by(simp cong: qbs_morphism_cong)
+qed
+
+lemma qbs_l_prob_pred: "qbs_pred (monadM_qbs X) (\<lambda>s. prob_space (qbs_l s))"
+proof -
+ have "qbs_space X \<in> sets (qbs_to_measure X)"
+ by (metis sets.top space_L)
+ note qbs_l_morphism[OF this,qbs]
+ have [simp]:"prob_space (qbs_l s) \<longleftrightarrow> qbs_l s X = 1" if "s \<in> monadM_qbs X" for s
+ by(auto intro!: prob_spaceI simp: space_qbs_l_ne) (auto simp add: space_qbs_l_in[OF that] dest: prob_space.emeasure_space_1)
+ show ?thesis
+ by(simp cong: qbs_morphism_cong)
+qed
+
+subsubsection \<open> Return \<close>
+definition return_qbs :: "'a quasi_borel \<Rightarrow> 'a \<Rightarrow> 'a qbs_measure" where
+"return_qbs X x \<equiv> \<lbrakk>X, \<lambda>r. x, SOME \<mu>. real_distribution \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+
+lemma(in real_distribution)
+ assumes "x \<in> qbs_space X"
+ shows return_qbs:"return_qbs X x = \<lbrakk>X, \<lambda>r. x, M\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and return_qbs_prob:"qbs_prob X (\<lambda>r. x) M"
+ and return_qbs_s_finite:"qbs_s_finite X (\<lambda>r. x) M"
+proof -
+ interpret qs1: qbs_prob X "\<lambda>r. x" M
+ by(auto simp: qbs_prob_def in_Mx_def real_distribution_axioms intro!: qbs_closed2_dest assms)
+ show "return_qbs X x = \<lbrakk>X, \<lambda>r. x, M\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ unfolding return_qbs_def
+ proof(rule someI2)
+ show "real_distribution (return borel 0)" by (auto simp: real_distribution_def real_distribution_axioms_def,rule prob_space_return) simp
+ next
+ fix N
+ assume "real_distribution N"
+ then interpret qs2: qbs_s_finite X "\<lambda>r. x" N
+ by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def real_distribution_def real_distribution_axioms_def intro!: qbs_closed2_dest assms sigma_finite_measure.s_finite_measure prob_space_imp_sigma_finite)
+ interpret pair_qbs_s_finite X "\<lambda>r. x" N "\<lambda>r. x" M
+ by standard
+ show "\<lbrakk>X, \<lambda>r. x, N\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X, \<lambda>r. x, M\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto intro!: qbs_s_finite_measure_eq measure_eqI simp: emeasure_distr) (metis \<open>real_distribution N\<close> emeasure_space_1 prob_space.emeasure_space_1 qs2.mu_sets real_distribution.axioms(1) sets_eq_imp_space_eq space_borel space_eq_univ)
+ qed
+ show "qbs_prob X (\<lambda>r. x) M" "qbs_s_finite X (\<lambda>r. x) M"
+ by(simp_all add: qs1.qbs_prob_axioms qs1.qbs_s_finite_axioms)
+qed
+
+lemma return_qbs_comp:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ shows "(return_qbs X \<circ> \<alpha>) = (\<lambda>r. \<lbrakk>X, \<alpha>, return borel r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+proof
+ fix r
+ interpret pqp: pair_qbs_prob X "\<lambda>k. \<alpha> r" "return borel 0" \<alpha> "return borel r"
+ by(simp add: assms qbs_Mx_to_X[OF assms] pair_qbs_prob_def qbs_prob_def in_Mx_def real_distribution_def real_distribution_axioms_def prob_space_return)
+ show "(return_qbs X \<circ> \<alpha>) r = \<lbrakk>X, \<alpha>, return borel r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto simp: pqp.pq1.return_qbs[OF qbs_Mx_to_X[OF assms]] distr_return intro!: pqp.qbs_s_finite_measure_eq)
+qed
+
+corollary return_qbs_morphism[qbs]: "return_qbs X \<in> X \<rightarrow>\<^sub>Q monadM_qbs X"
+proof(rule qbs_morphismI)
+ interpret rr : real_distribution "return borel 0"
+ by(simp add: real_distribution_def real_distribution_axioms_def prob_space_return)
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ then have 1:"return_qbs X \<circ> \<alpha> = (\<lambda>r. \<lbrakk>X, \<alpha>, return borel r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(rule return_qbs_comp)
+ show "return_qbs X \<circ> \<alpha> \<in> qbs_Mx (monadM_qbs X)"
+ by(auto simp: 1 monadM_qbs_Mx h prob_kernel_def' intro!: exI[where x=\<alpha>] exI[where x="return borel"] prob_kernel.s_finite_kernel_prob_kernel)
+qed
+
+subsubsection \<open>Bind\<close>
+definition bind_qbs :: "['a qbs_measure, 'a \<Rightarrow> 'b qbs_measure] \<Rightarrow> 'b qbs_measure" where
+"bind_qbs s f \<equiv> (let (X, \<alpha>, \<mu>) = rep_qbs_measure s;
+ Y = qbs_space_of (f (\<alpha> undefined));
+ (\<beta>, k) = (SOME (\<beta>, k). f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<beta> \<in> qbs_Mx Y \<and> s_finite_kernel borel borel k) in
+ \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+
+adhoc_overloading Monad_Syntax.bind bind_qbs
+
+lemma(in qbs_s_finite)
+ assumes "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ "\<beta> \<in> qbs_Mx Y"
+ "s_finite_kernel borel borel k"
+ and "(f \<circ> \<alpha>) = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows bind_qbs_s_finite:"qbs_s_finite Y \<beta> (\<mu> \<bind>\<^sub>k k)"
+ and bind_qbs: "s \<bind> f = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+proof -
+ interpret k: s_finite_kernel borel borel k by fact
+ interpret s_fin: qbs_s_finite Y \<beta> "\<mu> \<bind>\<^sub>k k"
+ by(auto simp: qbs_s_finite_def in_Mx_def assms(3) mu_sets qbs_s_finite_axioms_def k.sets_bind_kernel[OF _ mu_sets] intro!:k.comp_s_finite_measure s_finite_measure_axioms)
+ show "s \<bind> f = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof -
+ {
+ fix X' \<alpha>' \<mu>'
+ assume "(X',\<alpha>',\<mu>') \<in> Rep_qbs_measure \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ then have h: "X' = X" "qbs_s_finite X' \<alpha>' \<mu>'" "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X',\<alpha>',\<mu>')"
+ by(simp_all add: if_in_Rep_qbs_measure)
+ then interpret s_fin_pq1: pair_qbs_s_finite X \<alpha> \<mu> \<alpha>' \<mu>'
+ by(auto simp: pair_qbs_s_finite_def qbs_s_finite_axioms)
+ have [simp]: "qbs_space_of (f (\<alpha>' r)) = Y" for r
+ using qbs_Mx_to_X[OF qbs_morphism_Mx[OF assms(2) s_fin_pq1.pq2.in_Mx],of r]
+ by(auto simp: monadM_qbs_space)
+ have "(let Y = qbs_space_of (f (\<alpha>' undefined)) in case SOME (\<beta>, k). (\<lambda>r. f (\<alpha>' r)) = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<beta> \<in> qbs_Mx Y \<and> s_finite_kernel borel borel k of
+ (\<beta>, k) \<Rightarrow> \<lbrakk>Y, \<beta>, \<mu>' \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof -
+ have "(case SOME (\<beta>, k). (\<lambda>r. f (\<alpha>' r)) = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<beta> \<in> qbs_Mx Y \<and> s_finite_kernel borel borel k of (\<beta>, k) \<Rightarrow> \<lbrakk>Y, \<beta>, \<mu>' \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof(rule someI2_ex)
+ show "\<exists>a. case a of (\<beta>, k) \<Rightarrow> (\<lambda>r. f (\<alpha>' r)) = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<beta> \<in> qbs_Mx Y \<and> s_finite_kernel borel borel k"
+ using qbs_morphism_Mx[OF assms(2) s_fin_pq1.pq2.in_Mx]
+ by(auto simp: comp_def monadM_qbs_Mx)
+ next
+ show "\<And>x. (case x of (\<beta>, k) \<Rightarrow> (\<lambda>r. f (\<alpha>' r)) = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<beta> \<in> qbs_Mx Y \<and> s_finite_kernel borel borel k) \<Longrightarrow> (case x of (\<beta>, k) \<Rightarrow> \<lbrakk>Y, \<beta>, \<mu>' \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof safe
+ fix \<beta>' k'
+ assume h':"(\<lambda>r. f (\<alpha>' r)) = (\<lambda>r. \<lbrakk>Y, \<beta>', k' r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta>' \<in> qbs_Mx Y" "s_finite_kernel borel borel k'"
+ interpret k': s_finite_kernel borel borel k' by fact
+ have "qbs_s_finite Y \<beta>' (\<mu>' \<bind>\<^sub>k k')"
+ by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def h'(2) k'.sets_bind_kernel[OF _ s_fin_pq1.pq2.mu_sets] s_fin_pq1.pq2.mu_sets intro!:k'.comp_s_finite_measure s_fin_pq1.pq2.s_finite_measure_axioms)
+ then interpret s_fin_pq2: pair_qbs_s_finite Y \<beta>' "\<mu>' \<bind>\<^sub>k k'" \<beta> "\<mu> \<bind>\<^sub>k k"
+ by(auto simp: pair_qbs_s_finite_def s_fin.qbs_s_finite_axioms)
+ show "\<lbrakk>Y, \<beta>', \<mu>' \<bind>\<^sub>k k'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>Y, \<beta>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof(rule s_fin_pq2.qbs_s_finite_measure_eq)
+ show "distr (\<mu>' \<bind>\<^sub>k k') (qbs_to_measure Y) \<beta>' = distr (\<mu> \<bind>\<^sub>k k) (qbs_to_measure Y) \<beta>" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = \<mu>' \<bind>\<^sub>k (\<lambda>r. distr (k' r) (qbs_to_measure Y) \<beta>')"
+ by(simp add: k'.distr_bind_kernel[OF _ s_fin_pq1.pq2.mu_sets])
+ also have "... = \<mu>' \<bind>\<^sub>k (\<lambda>r. qbs_l \<lbrakk>Y, \<beta>', k' r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(rule bind_kernel_cong_All,rule qbs_s_finite.qbs_l[symmetric,OF qbs_s_finite_All[where k=k' and M=borel]]) (auto simp: k'.s_finite_kernel_axioms)
+ also have "... = \<mu>' \<bind>\<^sub>k (\<lambda>r. qbs_l (f (\<alpha>' r)))"
+ by(auto simp: fun_cong[OF h'(1)])
+ also have "... = distr \<mu>' (qbs_to_measure X) \<alpha>' \<bind>\<^sub>k (\<lambda>x. qbs_l (f x))"
+ by(simp add: measure_kernel.bind_kernel_distr[OF measure_kernel.measure_kernel_comp[OF qbs_l_measure_kernel set_mp[OF l_preserves_morphisms assms(2)]]] sets_eq_imp_space_eq[OF s_fin_pq1.pq2.mu_sets])
+ also have "... = distr \<mu> (qbs_to_measure X) \<alpha> \<bind>\<^sub>k (\<lambda>x. qbs_l (f x))"
+ by(simp add: qbs_s_finite_eq_dest(4)[OF h(3)])
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. qbs_l (f (\<alpha> r)))"
+ by(simp add: measure_kernel.bind_kernel_distr[OF measure_kernel.measure_kernel_comp[OF qbs_l_measure_kernel set_mp[OF l_preserves_morphisms assms(2)]]] sets_eq_imp_space_eq[OF mu_sets])
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. qbs_l \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(simp add: fun_cong[OF assms(5),simplified comp_def])
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. distr (k r) (qbs_to_measure Y) \<beta>)"
+ by(rule bind_kernel_cong_All,rule qbs_s_finite.qbs_l[OF qbs_s_finite_All[where k=k and M=borel]]) (auto simp: k.s_finite_kernel_axioms)
+ also have "... = ?rhs"
+ by(simp add: k.distr_bind_kernel[OF _ mu_sets])
+ finally show ?thesis .
+ qed
+ qed
+ qed
+ qed
+ thus ?thesis by simp
+ qed
+ }
+ show ?thesis
+ unfolding bind_qbs_def rep_qbs_measure_def qbs_measure.rep_def assms(1)
+ by(rule someI2, rule in_Rep_qbs_measure, auto) fact
+ qed
+ show "qbs_s_finite Y \<beta> (\<mu> \<bind>\<^sub>k k)"
+ by(rule s_fin.qbs_s_finite_axioms)
+qed
+
+
+lemma bind_qbs_morphism':
+ assumes "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ shows "(\<lambda>x. x \<bind> f) \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs Y"
+proof(rule qbs_morphismI)
+ fix \<gamma>
+ assume "\<gamma> \<in> qbs_Mx (monadM_qbs X)"
+ from rep_qbs_Mx_monadM[OF this] obtain \<alpha> k where h:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms this(2)]] obtain \<alpha>' k' where h':
+ "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<alpha>', k' r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha>' \<in> qbs_Mx Y" "s_finite_kernel borel borel k'" "\<And>r. qbs_s_finite Y \<alpha>' (k' r)"
+ by metis
+ have [simp]:"(\<lambda>x. x \<bind> f) \<circ> \<gamma> = (\<lambda>r. \<lbrakk>Y, \<alpha>', k r \<bind>\<^sub>k k'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by standard (simp add: h(1) qbs_s_finite.bind_qbs[OF h(4) _ assms h'(2,3,1)])
+ show "(\<lambda>x. x \<bind> f) \<circ> \<gamma> \<in> qbs_Mx (monadM_qbs Y)"
+ using h'(2) by(auto simp: s_finite_kernel.bind_kernel_s_finite_kernel[OF h(3) h'(3)] monadM_qbs_Mx intro!: exI[where x=\<alpha>'])
+qed
+
+lemma bind_qbs_return':
+ assumes "x \<in> qbs_space (monadM_qbs X)"
+ shows "x \<bind> return_qbs X = x"
+proof -
+ obtain \<alpha> \<mu> where h:"qbs_s_finite X \<alpha> \<mu>" "x = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using rep_qbs_space_monadM[OF assms] by blast
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ interpret prob_kernel borel borel "return borel"
+ by(simp add: prob_kernel_def')
+ show ?thesis
+ by(simp add: qs.bind_qbs[OF h(2) return_qbs_morphism _ _ return_qbs_comp] s_finite_kernel_axioms bind_kernel_return''[OF qs.mu_sets] h(2)[symmetric])
+qed
+
+lemma bind_qbs_return:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ and "x \<in> qbs_space X"
+ shows "return_qbs X x \<bind> f = f x"
+proof -
+ from rep_qbs_space_monadM[OF qbs_morphism_space[OF assms]] obtain \<alpha> \<mu> where h:
+ "f x = \<lbrakk>Y, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<alpha> \<mu>" by auto
+ then interpret qs:qbs_s_finite Y \<alpha> \<mu> by simp
+ interpret sk: s_finite_kernel borel borel "\<lambda>r. \<mu>"
+ by(auto intro!: s_finite_measure.s_finite_kernel_const simp: s_finite_kernel_cong_sets[OF refl qs.mu_sets[symmetric]] qs.s_finite_measure_axioms qs.mu_not_empty)
+ interpret rd: real_distribution "return borel 0"
+ by(simp add: real_distribution_def prob_space_return real_distribution_axioms_def)
+ interpret qbs_prob X "\<lambda>r. x" "return borel 0"
+ by(rule rd.return_qbs_prob[OF assms(2)])
+ show ?thesis
+ using bind_qbs[OF rd.return_qbs[OF assms(2)] assms(1) qs.in_Mx sk.s_finite_kernel_axioms]
+ by(simp add: h(1) sk.bind_kernel_return)
+qed
+
+lemma bind_qbs_assoc:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ and "g \<in> Y \<rightarrow>\<^sub>Q monadM_qbs Z"
+ shows "s \<bind> (\<lambda>x. f x \<bind> g) = (s \<bind> f) \<bind> g" (is "?lhs = ?rhs")
+proof -
+ obtain \<alpha> \<mu> where h:"s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ using rep_qbs_space_monadM[OF assms(1)] by blast
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(2) qs.in_Mx]] obtain \<beta> k where h':
+ "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite Y \<beta> (k r)"
+ by metis
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(3) h'(2)]] obtain \<gamma> k' where h'':
+ "g \<circ> \<beta> = (\<lambda>r. \<lbrakk>Z, \<gamma>, k' r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<gamma> \<in> qbs_Mx Z" "s_finite_kernel borel borel k'" "\<And>r. qbs_s_finite Z \<gamma> (k' r)"
+ by metis
+ have 1:"(\<lambda>x. f x \<bind> g) \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Z, \<gamma>, k r \<bind>\<^sub>k k'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by standard (simp add: qbs_s_finite.bind_qbs[OF h'(4) fun_cong[OF h'(1),simplified] assms(3) h''(2,3,1)])
+
+ have "?lhs = \<lbrakk>Z, \<gamma>, \<mu> \<bind>\<^sub>k (\<lambda>r. k r \<bind>\<^sub>k k')\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(rule qs.bind_qbs[OF h(1) qbs_morphism_compose[OF assms(2) bind_qbs_morphism'[OF assms(3)]] h''(2) s_finite_kernel.bind_kernel_s_finite_kernel[OF h'(3) h''(3)] 1])
+ also have "... = \<lbrakk>Z, \<gamma>, \<mu> \<bind>\<^sub>k k \<bind>\<^sub>k k'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(simp add: s_finite_kernel.bind_kernel_assoc[OF h'(3) h''(3) qs.mu_sets])
+ also have "... = ?rhs"
+ by(simp add: qbs_s_finite.bind_qbs[OF qs.bind_qbs_s_finite[OF h(1) assms(2) h'(2,3,1)] qs.bind_qbs[OF h(1) assms(2) h'(2,3,1)] assms(3) h''(2,3,1)])
+ finally show ?thesis .
+qed
+
+lemma bind_qbs_cong:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)"
+ "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ and [qbs]:"f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ shows "s \<bind> f = s \<bind> g"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu> where h:
+ "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by auto
+ interpret qbs_s_finite X \<alpha> \<mu> by fact
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(3) in_Mx]] obtain \<beta> k where h':
+ "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" by metis
+ have g: "g \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y" "g \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ using qbs_Mx_to_X[OF in_Mx] assms(2) fun_cong[OF h'(1)]
+ by(auto simp: assms(2)[symmetric] cong: qbs_morphism_cong)
+ show ?thesis
+ by(simp add: bind_qbs[OF h(1) assms(3) h'(2,3,1)] bind_qbs[OF h(1) g(1) h'(2,3) g(2)])
+qed
+
+subsubsection \<open> The Functorial Action \<close>
+definition distr_qbs :: "['a quasi_borel, 'b quasi_borel,'a \<Rightarrow> 'b,'a qbs_measure] \<Rightarrow> 'b qbs_measure" where
+"distr_qbs _ Y f sx \<equiv> sx \<bind> return_qbs Y \<circ> f"
+
+lemma distr_qbs_morphism':
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "distr_qbs X Y f \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ unfolding distr_qbs_def
+ by(rule bind_qbs_morphism'[OF qbs_morphism_comp[OF assms return_qbs_morphism]])
+
+lemma(in qbs_s_finite)
+ assumes "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows distr_qbs_s_finite:"qbs_s_finite Y (f \<circ> \<alpha>) \<mu>"
+ and distr_qbs: "distr_qbs X Y f s = \<lbrakk>Y, f \<circ> \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto intro!: bind_qbs[OF assms(1) qbs_morphism_comp[OF assms(2) return_qbs_morphism],of "f \<circ> \<alpha>" "return borel" ,simplified bind_kernel_return''[OF mu_sets]] bind_qbs_s_finite[OF assms(1) qbs_morphism_comp[OF assms(2) return_qbs_morphism],of "f \<circ> \<alpha>" "return borel" ,simplified bind_kernel_return''[OF mu_sets]]
+ simp: distr_qbs_def return_qbs_comp[OF qbs_morphism_Mx[OF assms(2) in_Mx],simplified comp_assoc[symmetric]] qbs_morphism_Mx[OF assms(2) in_Mx] prob_kernel.s_finite_kernel_prob_kernel[of borel borel "return borel",simplified prob_kernel_def'])
+
+lemma(in qbs_prob)
+ assumes "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows distr_qbs_prob:"qbs_prob Y (f \<circ> \<alpha>) \<mu>"
+ by(auto simp: distr_qbs_def prob_space_axioms intro!: qbs_s_finite.qbs_probI[OF distr_qbs_s_finite[OF assms]])
+
+text \<open> We show that $M$ is a functor i.e. $M$ preserve identity and composition.\<close>
+lemma distr_qbs_id:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "distr_qbs X X id s = s"
+ using bind_qbs_return'[OF assms] by(simp add: distr_qbs_def)
+
+lemma distr_qbs_comp:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ "f \<in> X \<rightarrow>\<^sub>Q Y"
+ and "g \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "((distr_qbs Y Z g) \<circ> (distr_qbs X Y f)) s = distr_qbs X Z (g \<circ> f) s"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu> where h:
+ "qbs_s_finite X \<alpha> \<mu>" "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" by metis
+ have "qbs_s_finite Y (f \<circ> \<alpha>) \<mu>" "distr_qbs X Y f s = \<lbrakk>Y, f \<circ> \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(simp_all add: qbs_s_finite.distr_qbs_s_finite[OF h assms(2)] qbs_s_finite.distr_qbs[OF h assms(2)])
+ from qbs_s_finite.distr_qbs[OF this assms(3)] qbs_s_finite.distr_qbs[OF h qbs_morphism_comp[OF assms(2,3)]]
+ show ?thesis
+ by(simp add: comp_assoc)
+qed
+
+subsubsection \<open> Join \<close>
+definition join_qbs :: "'a qbs_measure qbs_measure \<Rightarrow> 'a qbs_measure" where
+"join_qbs \<equiv> (\<lambda>sst. sst \<bind> id)"
+
+lemma join_qbs_morphism[qbs]: "join_qbs \<in> monadM_qbs (monadM_qbs X) \<rightarrow>\<^sub>Q monadM_qbs X"
+ by(simp add: join_qbs_def bind_qbs_morphism'[OF qbs_morphism_ident])
+
+lemma
+ assumes "qbs_s_finite (monadM_qbs X) \<beta> \<mu>"
+ "ssx = \<lbrakk>monadM_qbs X, \<beta>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ "\<alpha> \<in> qbs_Mx X"
+ "s_finite_kernel borel borel k"
+ and "\<beta> =(\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows qbs_s_finite_join_qbs_s_finite: "qbs_s_finite X \<alpha> (\<mu> \<bind>\<^sub>k k)"
+ and qbs_s_finite_join_qbs: "join_qbs ssx = \<lbrakk>X, \<alpha>, \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite.bind_qbs[OF assms(1,2) qbs_morphism_ident assms(3,4)] qbs_s_finite.bind_qbs_s_finite[OF assms(1,2) qbs_morphism_ident assms(3,4)]
+ by(auto simp: assms(5) join_qbs_def)
+
+subsubsection \<open> Strength \<close>
+definition strength_qbs :: "['a quasi_borel,'b quasi_borel,'a \<times> 'b qbs_measure] \<Rightarrow> ('a \<times> 'b) qbs_measure" where
+"strength_qbs W X = (\<lambda>(w,sx). let (_,\<alpha>,\<mu>) = rep_qbs_measure sx
+ in \<lbrakk>W \<Otimes>\<^sub>Q X, \<lambda>r. (w,\<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+
+lemma(in qbs_s_finite)
+ assumes "w \<in> qbs_space W"
+ and "sx = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ shows strength_qbs_s_finite: "qbs_s_finite (W \<Otimes>\<^sub>Q X) (\<lambda>r. (w,\<alpha> r)) \<mu>"
+ and strength_qbs: "strength_qbs W X (w,sx) = \<lbrakk>W \<Otimes>\<^sub>Q X, \<lambda>r. (w,\<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+proof -
+ interpret qs: qbs_s_finite "W \<Otimes>\<^sub>Q X" "\<lambda>r. (w,\<alpha> r)" \<mu>
+ by(auto simp: qbs_s_finite_def s_finite_measure_axioms qbs_s_finite_axioms_def mu_sets in_Mx_def assms(1) intro!: pair_qbs_MxI)
+ show "qbs_s_finite (W \<Otimes>\<^sub>Q X) (\<lambda>r. (w,\<alpha> r)) \<mu>" by (rule qs.qbs_s_finite_axioms)
+ show "strength_qbs W X (w,sx) = \<lbrakk>W \<Otimes>\<^sub>Q X, \<lambda>r. (w,\<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof -
+ {
+ fix X' \<alpha>' \<mu>'
+ assume "(X',\<alpha>',\<mu>') \<in> Rep_qbs_measure \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ then have h: "X' = X" "qbs_s_finite X' \<alpha>' \<mu>'" "qbs_s_finite_eq (X,\<alpha>,\<mu>) (X',\<alpha>',\<mu>')"
+ by(simp_all add: if_in_Rep_qbs_measure)
+ then interpret qs': qbs_s_finite "W \<Otimes>\<^sub>Q X" "\<lambda>r. (w,\<alpha>' r)" \<mu>'
+ by(auto simp: qbs_s_finite_def in_Mx_def assms(1) intro!: pair_qbs_MxI)
+ interpret pq: pair_qbs_s_finite "W \<Otimes>\<^sub>Q X" "\<lambda>r. (w,\<alpha> r)" \<mu> "\<lambda>r. (w,\<alpha>' r)" \<mu>'
+ by(auto simp: qs.qbs_s_finite_axioms qs'.qbs_s_finite_axioms pair_qbs_s_finite_def)
+ have "\<lbrakk>W \<Otimes>\<^sub>Q X, \<lambda>r. (w, \<alpha>' r), \<mu>'\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>W \<Otimes>\<^sub>Q X, \<lambda>r. (w, \<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof(rule pq.qbs_s_finite_measure_eq'[symmetric])
+ fix f :: "_ \<Rightarrow> ennreal"
+ assume "f \<in> W \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q qbs_borel"
+ then have f: "curry f w \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by (metis assms(1) qbs_morphism_curry qbs_morphism_space)
+ show "(\<integral>\<^sup>+ x. f (w, \<alpha> x) \<partial>\<mu>) = (\<integral>\<^sup>+ x. f (w, \<alpha>' x) \<partial>\<mu>')" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+ x. curry f w (\<alpha> x) \<partial>\<mu>)" by simp
+ also have "... = (\<integral>\<^sup>+ x. curry f w (\<alpha>' x) \<partial>\<mu>')"
+ using h(3) f by(auto simp: qbs_s_finite_eq_equiv qbs_s_finite_eq'_def h(1))
+ also have "... = ?rhs" by simp
+ finally show ?thesis .
+ qed
+ qed
+ }
+ show ?thesis
+ by(simp add: strength_qbs_def rep_qbs_measure_def qbs_measure.rep_def assms(2)) (rule someI2, rule in_Rep_qbs_measure, auto, fact)
+ qed
+qed
+
+lemma(in qbs_prob)
+ assumes "w \<in> qbs_space W"
+ and "sx = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ shows strength_qbs_prob: "qbs_prob (W \<Otimes>\<^sub>Q X) (\<lambda>r. (w,\<alpha> r)) \<mu>"
+ by(auto intro!: qbs_s_finite.qbs_probI[OF strength_qbs_s_finite[OF assms]] prob_space_axioms)
+
+lemma strength_qbs_natural:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q X'"
+ "g \<in> Y \<rightarrow>\<^sub>Q Y'"
+ "x \<in> qbs_space X"
+ and "sy \<in> qbs_space (monadM_qbs Y)"
+ shows "(distr_qbs (X \<Otimes>\<^sub>Q Y) (X' \<Otimes>\<^sub>Q Y') (map_prod f g) \<circ> strength_qbs X Y) (x,sy) = (strength_qbs X' Y' \<circ> map_prod f (distr_qbs Y Y' g)) (x,sy)"
+ (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms(4)] obtain \<alpha> \<mu>
+ where h:"sy = \<lbrakk>Y, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<alpha> \<mu>" by metis
+ have "?lhs = (distr_qbs (X \<Otimes>\<^sub>Q Y) (X' \<Otimes>\<^sub>Q Y') (map_prod f g)) (\<lbrakk>X \<Otimes>\<^sub>Q Y, \<lambda>r. (x,\<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(simp add: qbs_s_finite.strength_qbs[OF h(2) assms(3) h(1)])
+ also have "... = \<lbrakk>X' \<Otimes>\<^sub>Q Y', map_prod f g \<circ> (\<lambda>r. (x, \<alpha> r)), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using assms by(simp add: qbs_s_finite.distr_qbs[OF qbs_s_finite.strength_qbs_s_finite[OF h(2) assms(3) h(1)] refl ])
+ also have "... = \<lbrakk>X' \<Otimes>\<^sub>Q Y',\<lambda>r. (f x, (g \<circ> \<alpha>) r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" by (simp add: comp_def)
+ also have "... = ?rhs"
+ by(simp add: qbs_s_finite.strength_qbs[OF qbs_s_finite.distr_qbs_s_finite[OF h(2,1) assms(2)] qbs_morphism_space[OF assms(1,3)] qbs_s_finite.distr_qbs[OF h(2,1) assms(2)]])
+ finally show ?thesis .
+qed
+
+context
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+declare rr.from_real_to_real[simplified space_pair_measure,simplified,simp]
+
+lemma rr_from_real_to_real_id[simp]: "rr.from_real \<circ> rr.to_real = id"
+ by(auto simp: comp_def)
+
+lemma
+ assumes "\<alpha> \<in> qbs_Mx X"
+ "\<beta> \<in> qbs_Mx (monadM_qbs Y)"
+ "\<gamma> \<in> qbs_Mx Y"
+ "s_finite_kernel borel borel k"
+ and "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows strength_qbs_ab_r_s_finite: "qbs_s_finite (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<gamma> \<circ> rr.from_real) (distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real)"
+ and strength_qbs_ab_r: "strength_qbs X Y (\<alpha> r, \<beta> r) = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<gamma> \<circ> rr.from_real, distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is ?goal2)
+proof -
+ interpret k: s_finite_kernel borel borel k by fact
+ note 1[measurable_cong] = sets_return[of borel r] k.kernel_sets[of r,simplified]
+ show "qbs_s_finite (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<gamma> \<circ> rr.from_real) (distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real)"
+ using assms(1,3) by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def qbs_Mx_is_morphisms r_preserves_product[symmetric] standard_borel_ne.standard_borel intro!: s_finite_measure.s_finite_measure_distr[OF pair_measure_s_finite_measure[OF prob_space.s_finite_measure_prob[OF prob_space_return[of r borel]] k.image_s_finite_measure[of r]]] qbs_morphism_comp[where Y="qbs_borel \<Otimes>\<^sub>Q qbs_borel"] qbs_morphism_space[OF qbs_morphism_space[OF qbs_morphism_map_prod]] standard_borel.qbs_morphism_measurable_intro[of "borel :: real measure"])
+ then interpret qs: qbs_s_finite "X \<Otimes>\<^sub>Q Y" "map_prod \<alpha> \<gamma> \<circ> rr.from_real" "distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real" .
+ interpret qs2: qbs_s_finite Y \<gamma> "k r"
+ by(auto simp: qbs_s_finite_def k.image_s_finite_measure in_Mx_def assms qbs_s_finite_axioms_def k.kernel_sets)
+ interpret pq: pair_qbs_s_finite "X \<Otimes>\<^sub>Q Y" "\<lambda>l. (\<alpha> r, \<gamma> l)" "k r" "map_prod \<alpha> \<gamma> \<circ> rr.from_real" "distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real"
+ by (auto simp: pair_qbs_s_finite_def qs.qbs_s_finite_axioms qs2.strength_qbs_s_finite[OF qbs_Mx_to_X[OF assms(1),of r] fun_cong[OF assms(5)]])
+ have [measurable]: "map_prod \<alpha> \<gamma> \<in> borel \<Otimes>\<^sub>M borel \<rightarrow>\<^sub>M qbs_to_measure (X \<Otimes>\<^sub>Q Y)"
+ proof -
+ have "map_prod \<alpha> \<gamma> \<in> qbs_borel \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q X \<Otimes>\<^sub>Q Y"
+ using assms by(auto intro!: qbs_morphism_map_prod simp: qbs_Mx_is_morphisms)
+ also have "... \<subseteq> qbs_to_measure (qbs_borel \<Otimes>\<^sub>Q qbs_borel) \<rightarrow>\<^sub>M qbs_to_measure (X \<Otimes>\<^sub>Q Y)"
+ by(rule l_preserves_morphisms)
+ also have "... = borel \<Otimes>\<^sub>M borel \<rightarrow>\<^sub>M qbs_to_measure (X \<Otimes>\<^sub>Q Y)"
+ using rr.lr_sets_ident l_preserves_morphisms by(auto simp add: r_preserves_product[symmetric])
+ finally show ?thesis .
+ qed
+ show ?goal2
+ unfolding qs2.strength_qbs[OF qbs_Mx_to_X[OF assms(1),of r] fun_cong[OF assms(5)]]
+ proof(rule pq.qbs_s_finite_measure_eq)
+ show "distr (k r) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (\<lambda>l. (\<alpha> r, \<gamma> l)) = distr (distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (map_prod \<alpha> \<gamma> \<circ> rr.from_real)"
+ (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = distr (k r) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (map_prod \<alpha> \<gamma> \<circ> Pair r)"
+ by(simp add: comp_def)
+ also have "... = distr (distr (k r) (borel \<Otimes>\<^sub>M borel) (Pair r)) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (map_prod \<alpha> \<gamma>)"
+ by(auto intro!: distr_distr[symmetric])
+ also have "... = distr (return borel r \<Otimes>\<^sub>M k r) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (map_prod \<alpha> \<gamma>)"
+ proof -
+ have "return borel r \<Otimes>\<^sub>M k r = distr (k r) (borel \<Otimes>\<^sub>M borel) (\<lambda>l. (r,l))"
+ by(auto intro!: measure_eqI simp: sets_pair_measure_cong[OF refl 1(2)] qs2.emeasure_pair_measure_alt' emeasure_distr nn_integral_return[OF _ qs2.measurable_emeasure_Pair'])
+ thus ?thesis by simp
+ qed
+ also have "... = ?rhs"
+ by(simp add: distr_distr comp_def)
+ finally show ?thesis .
+ qed
+ qed
+qed
+
+lemma strength_qbs_morphism[qbs]: "strength_qbs X Y \<in> X \<Otimes>\<^sub>Q monadM_qbs Y \<rightarrow>\<^sub>Q monadM_qbs (X \<Otimes>\<^sub>Q Y)"
+proof(rule pair_qbs_morphismI)
+ fix \<alpha> \<beta>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ "\<beta> \<in> qbs_Mx (monadM_qbs Y)"
+ from rep_qbs_Mx_monadM[OF this(2)] obtain \<gamma> k where hb:
+ "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<gamma> \<in> qbs_Mx Y" "s_finite_kernel borel borel k"
+ by metis
+ have "s_finite_kernel borel borel (\<lambda>r. distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real)"
+ by(auto intro!: s_finite_kernel.distr_s_finite_kernel[where Y="borel \<Otimes>\<^sub>M borel"] s_finite_kernel_pair_measure[OF prob_kernel.s_finite_kernel_prob_kernel] simp:hb prob_kernel_def')
+ thus "(\<lambda>r. strength_qbs X Y (\<alpha> r, \<beta> r)) \<in> qbs_Mx (monadM_qbs (X \<Otimes>\<^sub>Q Y))"
+ using strength_qbs_ab_r[OF h hb(2,3,1)] strength_qbs_ab_r_s_finite[OF h hb(2,3,1)]
+ by(auto simp: monadM_qbs_Mx qbs_s_finite_def in_Mx_def intro!: exI[where x="map_prod \<alpha> \<gamma> \<circ> rr.from_real"] exI[where x="\<lambda>r. distr (return borel r \<Otimes>\<^sub>M k r) borel rr.to_real"])
+qed
+
+lemma bind_qbs_morphism[qbs]: "(\<bind>) \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q monadM_qbs Y) \<Rightarrow>\<^sub>Q monadM_qbs Y"
+proof -
+ {
+ fix f s
+ assume h:"f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y" "s \<in> qbs_space (monadM_qbs X)"
+ from rep_qbs_space_monadM[OF this(2)] obtain \<alpha> \<mu> where h':
+ "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qbs_s_finite X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF h(1) in_Mx]] obtain \<beta> k
+ where hb:"f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" by metis
+ have "join_qbs (distr_qbs ((X \<Rightarrow>\<^sub>Q monadM_qbs Y) \<Otimes>\<^sub>Q X) (monadM_qbs Y) (\<lambda>fx. fst fx (snd fx)) (strength_qbs (X \<Rightarrow>\<^sub>Q monadM_qbs Y) X (f, s))) = s \<bind> f"
+ using qbs_s_finite_join_qbs[OF qbs_s_finite.distr_qbs_s_finite[OF strength_qbs_s_finite[of f "X \<Rightarrow>\<^sub>Q monadM_qbs Y",OF h(1) h'(1)] strength_qbs[of f "X \<Rightarrow>\<^sub>Q monadM_qbs Y",OF h(1) h'(1)] qbs_morphism_eval] qbs_s_finite.distr_qbs[OF strength_qbs_s_finite[of f "X \<Rightarrow>\<^sub>Q monadM_qbs Y",OF h(1) h'(1)] strength_qbs[of f "X \<Rightarrow>\<^sub>Q monadM_qbs Y",OF h(1) h'(1)] qbs_morphism_eval] hb(2,3)] hb(1)
+ by(simp add: bind_qbs[OF h'(1) h(1) hb(2,3,1)] comp_def)
+ }
+ thus ?thesis
+ by(auto intro!: arg_swap_morphism[OF curry_preserves_morphisms[OF qbs_morphism_cong'[of _ "join_qbs \<circ> (distr_qbs (exp_qbs X (monadM_qbs Y) \<Otimes>\<^sub>Q X) (monadM_qbs Y) (\<lambda>fx. (fst fx) (snd fx))) \<circ> (strength_qbs (exp_qbs X (monadM_qbs Y)) X)"]]] qbs_morphism_comp distr_qbs_morphism' strength_qbs_morphism join_qbs_morphism qbs_morphism_eval simp: pair_qbs_space)
+qed
+
+lemma strength_qbs_law1:
+ assumes "x \<in> qbs_space (unit_quasi_borel \<Otimes>\<^sub>Q monadM_qbs X)"
+ shows "snd x = (distr_qbs (unit_quasi_borel \<Otimes>\<^sub>Q X) X snd \<circ> strength_qbs unit_quasi_borel X) x"
+proof -
+ obtain \<alpha> \<mu> where h:
+ "qbs_s_finite X \<alpha> \<mu>" "(snd x) = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using rep_qbs_space_monadM[of "snd x" X] assms by (auto simp: pair_qbs_space) metis
+ have [simp]: "((),snd x) = x"
+ using SigmaE assms by (auto simp: pair_qbs_space)
+ show ?thesis
+ using qbs_s_finite.distr_qbs[OF qbs_s_finite.strength_qbs_s_finite[OF h(1) _ h(2),of "fst x" unit_quasi_borel] qbs_s_finite.strength_qbs[OF h(1) _ h(2)] snd_qbs_morphism]
+ by(auto simp: comp_def,simp add: h(2))
+qed
+
+lemma strength_qbs_law2:
+ assumes "x \<in> qbs_space ((X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q monadM_qbs Z)"
+ shows "(strength_qbs X (Y \<Otimes>\<^sub>Q Z) \<circ> (map_prod id (strength_qbs Y Z)) \<circ> (\<lambda>((x,y),z). (x,(y,z)))) x =
+ (distr_qbs ((X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q Z) (X \<Otimes>\<^sub>Q (Y \<Otimes>\<^sub>Q Z)) (\<lambda>((x,y),z). (x,(y,z))) \<circ> strength_qbs (X \<Otimes>\<^sub>Q Y) Z) x"
+ (is "?lhs = ?rhs")
+proof -
+ obtain \<alpha> \<mu> where h:
+ "qbs_s_finite Z \<alpha> \<mu>" "snd x = \<lbrakk>Z, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using rep_qbs_space_monadM[of "snd x" Z] assms by (auto simp: pair_qbs_space) metis
+ then have "?lhs = \<lbrakk>X \<Otimes>\<^sub>Q Y \<Otimes>\<^sub>Q Z, \<lambda>r. (fst (fst x), snd (fst x), \<alpha> r), \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using assms qbs_s_finite.strength_qbs_s_finite[OF h(1) _ h(2),of "snd (fst x)" Y]
+ by(auto intro!: qbs_s_finite.strength_qbs simp: pair_qbs_space)
+ also have "... = ?rhs"
+ using qbs_s_finite.distr_qbs[OF qbs_s_finite.strength_qbs_s_finite[OF h(1) _ h(2),of "fst x" "X \<Otimes>\<^sub>Q Y"] qbs_s_finite.strength_qbs[OF h(1) _ h(2),of "fst x" "X \<Otimes>\<^sub>Q Y"] qbs_morphism_pair_assoc1] assms
+ by(auto simp: comp_def pair_qbs_space)
+ finally show ?thesis .
+qed
+
+lemma strength_qbs_law3:
+ assumes "x \<in> qbs_space (X \<Otimes>\<^sub>Q Y)"
+ shows "return_qbs (X \<Otimes>\<^sub>Q Y) x = (strength_qbs X Y \<circ> (map_prod id (return_qbs Y))) x"
+proof -
+ interpret qp: qbs_prob Y "\<lambda>r. snd x" "return borel 0"
+ using assms by(auto simp: prob_space_return pair_qbs_space qbs_prob_def in_Mx_def real_distribution_def real_distribution_axioms_def)
+ show ?thesis
+ using qp.strength_qbs[OF _ qp.return_qbs[of "snd x" Y],of "fst x" X] qp.return_qbs[OF assms] assms
+ by(auto simp: pair_qbs_space)
+qed
+
+lemma strength_qbs_law4:
+ assumes "x \<in> qbs_space (X \<Otimes>\<^sub>Q monadM_qbs (monadM_qbs Y))"
+ shows "(strength_qbs X Y \<circ> map_prod id join_qbs) x = (join_qbs \<circ> distr_qbs (X \<Otimes>\<^sub>Q monadM_qbs Y) (monadM_qbs (X \<Otimes>\<^sub>Q Y)) (strength_qbs X Y) \<circ> strength_qbs X (monadM_qbs Y)) x"
+ (is "?lhs = ?rhs")
+proof -
+ from assms rep_qbs_space_monadM[of "snd x" "monadM_qbs Y"] obtain \<beta> \<mu>
+ where h:"qbs_s_finite (monadM_qbs Y) \<beta> \<mu>" "snd x = \<lbrakk>monadM_qbs Y, \<beta>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by (auto simp: pair_qbs_space) metis
+ with rep_qbs_Mx_monadM[of \<beta> Y] obtain \<gamma> k
+ where h': "\<gamma> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ and h'': "\<And>r. qbs_s_finite Y \<gamma> (k r)"
+ by(auto simp: qbs_s_finite_def in_Mx_def) metis
+ have "?lhs = \<lbrakk>X \<Otimes>\<^sub>Q Y, \<lambda>r. (fst x, \<gamma> r), \<mu> \<bind>\<^sub>k k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite.strength_qbs[OF qbs_s_finite_join_qbs_s_finite[OF h h'] _ qbs_s_finite_join_qbs[OF h h'],of "fst x" X] assms
+ by(auto simp: pair_qbs_space)
+ also have "... = ?rhs"
+ using qbs_s_finite_join_qbs[OF qbs_s_finite.distr_qbs_s_finite[OF qbs_s_finite.strength_qbs_s_finite[OF h(1) _ h(2),of "fst x" X] qbs_s_finite.strength_qbs[OF h(1) _ h(2),of "fst x"] strength_qbs_morphism] qbs_s_finite.distr_qbs[OF qbs_s_finite.strength_qbs_s_finite[OF h(1) _ h(2),of "fst x" X] qbs_s_finite.strength_qbs[OF h(1) _ h(2),of "fst x"] strength_qbs_morphism] pair_qbs_MxI h'(2),of "\<lambda>r. (fst x, \<gamma> r)",simplified comp_def qbs_s_finite.strength_qbs[OF h'' _ fun_cong[OF h'(3)],of "fst x" X]] assms h'(1)
+ by(auto simp: pair_qbs_space qbs_s_finite_def in_Mx_def)
+ finally show ?thesis .
+qed
+
+lemma distr_qbs_morphism[qbs]: "distr_qbs X Y \<in> (X \<Rightarrow>\<^sub>Q Y) \<rightarrow>\<^sub>Q (monadM_qbs X \<Rightarrow>\<^sub>Q monadM_qbs Y)"
+proof -
+ have [simp]: "distr_qbs X Y = (\<lambda>f sx. sx \<bind> return_qbs Y \<circ> f)"
+ by standard+ (auto simp: distr_qbs_def)
+ show ?thesis
+ by simp
+qed
+
+lemma
+ assumes "\<alpha> \<in> qbs_Mx X" "\<beta> \<in> qbs_Mx Y"
+ shows return_qbs_pair_Mx: "return_qbs (X \<Otimes>\<^sub>Q Y) (\<alpha> r, \<beta> k) = \<lbrakk>X \<Otimes>\<^sub>Q Y,map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (return borel r \<Otimes>\<^sub>M return borel k) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and return_qbs_pair_Mx_prob: "qbs_prob (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<beta> \<circ> rr.from_real) (distr (return borel r \<Otimes>\<^sub>M return borel k) borel rr.to_real)"
+proof -
+ note [measurable_cong] = sets_return[of borel]
+ interpret qp: qbs_prob "X \<Otimes>\<^sub>Q Y" "map_prod \<alpha> \<beta> \<circ> rr.from_real" "distr (return borel r \<Otimes>\<^sub>M return borel k) borel rr.to_real"
+ using qbs_closed1_dest[OF assms(1)] qbs_closed1_dest[OF assms(2)]
+ by(auto intro!: prob_space.prob_space_distr prob_space_pair simp: comp_def prob_space_return pair_qbs_Mx qbs_prob_def in_Mx_def real_distribution_def real_distribution_axioms_def)
+ show "qbs_prob (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<beta> \<circ> rr.from_real) (distr (return borel r \<Otimes>\<^sub>M return borel k) borel rr.to_real)"
+ by standard
+ show "return_qbs (X \<Otimes>\<^sub>Q Y) (\<alpha> r, \<beta> k) = \<lbrakk>X \<Otimes>\<^sub>Q Y,map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (return borel r \<Otimes>\<^sub>M return borel k) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (strength_qbs X Y \<circ> map_prod id (return_qbs Y)) (\<alpha> r, \<beta> k)"
+ by(rule strength_qbs_law3[of "(\<alpha> r, \<beta> k)" X Y], insert assms) (auto simp: qbs_Mx_to_X pair_qbs_space)
+ also have "... = strength_qbs X Y (\<alpha> r, \<lbrakk>Y, \<beta>, return borel k\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ using fun_cong[OF return_qbs_comp[OF assms(2)]] by simp
+ also have "... = ?rhs"
+ by(rule strength_qbs_ab_r[OF assms(1) _ assms(2)]) (auto intro!: qbs_closed2_dest qbs_s_finite.in_space_monadM s_finite_measure.s_finite_kernel_const[of "return borel k",simplified s_finite_kernel_cong_sets[OF _ sets_return]] prob_space.s_finite_measure_prob simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def assms(2) prob_space_return)
+ finally show ?thesis .
+ qed
+qed
+
+lemma bind_bind_return_distr:
+ assumes "s_finite_measure \<mu>"
+ and "s_finite_measure \<nu>"
+ and [measurable_cong]: "sets \<mu> = sets borel" "sets \<nu> = sets borel"
+ shows "\<mu> \<bind>\<^sub>k (\<lambda>r. \<nu> \<bind>\<^sub>k (\<lambda>l. distr (return borel r \<Otimes>\<^sub>M return borel l) borel rr.to_real))
+ = distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real"
+ (is "?lhs = ?rhs")
+proof -
+ interpret rd1: s_finite_measure \<mu> by fact
+ interpret rd2: s_finite_measure \<nu> by fact
+ have ne: "space \<mu> \<noteq> {}" "space \<nu> \<noteq> {}"
+ by(auto simp: sets_eq_imp_space_eq assms(3,4))
+
+ have "?lhs = \<mu> \<bind>\<^sub>k (\<lambda>r. \<nu> \<bind>\<^sub>k (\<lambda>l. distr (return (borel \<Otimes>\<^sub>M borel) (r,l)) borel rr.to_real))"
+ by(simp add: pair_measure_return)
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. \<nu> \<bind>\<^sub>k (\<lambda>l. distr (return (\<mu> \<Otimes>\<^sub>M \<nu>) (r, l)) borel rr.to_real))"
+ proof -
+ have "return (borel \<Otimes>\<^sub>M borel) = return (\<mu> \<Otimes>\<^sub>M \<nu>)"
+ by(auto intro!: return_sets_cong sets_pair_measure_cong simp: assms(3,4))
+ thus ?thesis by simp
+ qed
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. distr (\<nu> \<bind>\<^sub>k (\<lambda>l. (return (\<mu> \<Otimes>\<^sub>M \<nu>) (r, l)))) borel rr.to_real)"
+ by(auto intro!: bind_kernel_cong_All measure_kernel.distr_bind_kernel[of \<nu> "\<mu> \<Otimes>\<^sub>M \<nu>",symmetric] simp: ne measure_kernel_def space_pair_measure)
+ also have "... = distr (\<mu> \<bind>\<^sub>k (\<lambda>r. \<nu> \<bind>\<^sub>k (\<lambda>l. return (\<mu> \<Otimes>\<^sub>M \<nu>) (r, l)))) borel rr.to_real"
+ by(auto intro!: measure_kernel.distr_bind_kernel[of \<mu> "\<mu> \<Otimes>\<^sub>M \<nu>",symmetric] s_finite_kernel.axioms(1) s_finite_kernel.bind_kernel_s_finite_kernel'[where Y=\<nu>] s_finite_measure.s_finite_kernel_const[OF assms(2)] prob_kernel.s_finite_kernel_prob_kernel[of "\<mu> \<Otimes>\<^sub>M \<nu>"] simp: ne prob_kernel_def')
+ also have "... = ?rhs"
+ by(simp add: pair_measure_eq_bind_s_finite[OF assms(1,2),symmetric])
+ finally show ?thesis .
+qed
+
+end
+
+context
+begin
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+lemma from_real_rr_qbs_morphism[qbs]: "rr.from_real \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel \<Otimes>\<^sub>Q qbs_borel"
+ by (metis borel_prod qbs_Mx_R qbs_Mx_is_morphisms qbs_borel_prod rr.from_real_measurable)
+
+end
+
+context pair_qbs_s_finites
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+sublocale qbs_s_finite "X \<Otimes>\<^sub>Q Y" "map_prod \<alpha> \<beta> \<circ> rr.from_real" "distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real"
+ by(auto simp: qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def qbs_Mx_is_morphisms pq1.s_finite_measure_axioms pq2.s_finite_measure_axioms intro!: s_finite_measure.s_finite_measure_distr[OF pair_measure_s_finite_measure])
+
+lemma qbs_bind_bind_return_qp:
+ "\<lbrakk>Y,\<beta>,\<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>y. \<lbrakk>X,\<alpha>,\<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, \<nu> \<bind>\<^sub>k (\<lambda>l. \<mu> \<bind>\<^sub>k (\<lambda>r. distr (return borel r \<Otimes>\<^sub>M return borel l) borel rr.to_real))\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto intro!: pq2.bind_qbs[OF refl] s_finite_kernel.bind_kernel_s_finite_kernel'[where Y=\<mu>] s_finite_measure.s_finite_kernel_const s_finite_kernel.distr_s_finite_kernel[where Y="borel \<Otimes>\<^sub>M borel"] prob_kernel.s_finite_kernel_prob_kernel[of "borel \<Otimes>\<^sub>M \<mu>"] simp: sets_eq_imp_space_eq[OF pq1.mu_sets] pq1.s_finite_measure_axioms split_beta' pair_measure_return[of _ "snd _"] prob_kernel_def')
+ (auto intro!: pq1.bind_qbs prob_kernel.s_finite_kernel_prob_kernel simp: comp_def return_qbs_pair_Mx qbs_Mx_is_morphisms prob_kernel_def')
+ also have "... = ?rhs"
+ proof -
+ have "\<nu> \<bind>\<^sub>k (\<lambda>l. \<mu> \<bind>\<^sub>k (\<lambda>r. distr (return borel r \<Otimes>\<^sub>M return borel l) borel rr.to_real)) = distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real"
+ by(auto simp: bind_bind_return_distr[OF pq1.s_finite_measure_axioms pq2.s_finite_measure_axioms pq1.mu_sets pq2.mu_sets,symmetric] pq1.s_finite_measure_axioms pq2.s_finite_measure_axioms prob_kernel_def' intro!: bind_kernel_rotate[where Z=borel] prob_kernel.s_finite_kernel_prob_kernel)
+ thus ?thesis by simp
+ qed
+ finally show ?thesis .
+qed
+
+lemma qbs_bind_bind_return_pq:
+ "\<lbrakk>X,\<alpha>,\<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>x. \<lbrakk>Y,\<beta>,\<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, \<mu> \<bind>\<^sub>k (\<lambda>r. \<nu> \<bind>\<^sub>k (\<lambda>l. distr (return borel r \<Otimes>\<^sub>M return borel l) borel rr.to_real))\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto intro!: pq1.bind_qbs[OF refl]s_finite_kernel.bind_kernel_s_finite_kernel'[where Y=\<nu>] s_finite_measure.s_finite_kernel_const s_finite_kernel.distr_s_finite_kernel[where Y="borel \<Otimes>\<^sub>M borel"] prob_kernel.s_finite_kernel_prob_kernel[of "borel \<Otimes>\<^sub>M \<nu>"] simp: sets_eq_imp_space_eq[OF pq2.mu_sets] pq2.s_finite_measure_axioms split_beta' pair_measure_return[of _ "fst _"] prob_kernel_def')
+ (auto intro!: pq2.bind_qbs prob_kernel.s_finite_kernel_prob_kernel simp: comp_def return_qbs_pair_Mx qbs_Mx_is_morphisms prob_kernel_def')
+ also have "... = ?rhs"
+ by(simp add: bind_bind_return_distr[OF pq1.s_finite_measure_axioms pq2.s_finite_measure_axioms pq1.mu_sets pq2.mu_sets])
+ finally show ?thesis .
+qed
+
+end
+
+lemma bind_qbs_return_rotate:
+ assumes "p \<in> qbs_space (monadM_qbs X)"
+ and "q \<in> qbs_space (monadM_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] rep_qbs_space_monadM[OF assms(2)]
+ obtain \<alpha> \<mu> \<beta> \<nu> where h: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" "qbs_s_finite Y \<beta> \<nu>"
+ by metis
+ then interpret pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ by(simp add: pair_qbs_s_finites_def)
+ show ?thesis
+ by(simp add: h(1,2) qbs_bind_bind_return_pq qbs_bind_bind_return_qp)
+qed
+
+lemma qbs_bind_bind_return1:
+ assumes [qbs]: "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadM_qbs Z"
+ "p \<in> qbs_space (monadM_qbs X)"
+ "q \<in> qbs_space (monadM_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f (x,y))) = (q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> f"
+ (is "?lhs = ?rhs")
+proof -
+ have "?lhs = q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y) \<bind> f))"
+ by(auto intro!: bind_qbs_cong[OF assms(3),where Y=Z] bind_qbs_cong[OF assms(2),where Y=Z] simp: bind_qbs_return[OF assms(1),simplified pair_qbs_space])
+ also have "... = q \<bind> (\<lambda>y. (p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) \<bind> f)"
+ by(auto intro!: bind_qbs_cong[OF assms(3),where Y=Z] bind_qbs_assoc[OF assms(2) _ assms(1)] simp: )
+ also have "... = ?rhs"
+ by(simp add: bind_qbs_assoc[OF assms(3) _ assms(1)])
+ finally show ?thesis .
+qed
+
+lemma qbs_bind_bind_return2:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadM_qbs Z"
+ "p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs Y)"
+ shows "p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f (x,y))) = (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> f"
+ (is "?lhs = ?rhs")
+proof -
+ have "?lhs = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y) \<bind> f))"
+ by(auto intro!: bind_qbs_cong[OF assms(2),where Y=Z] bind_qbs_cong[OF assms(3),where Y=Z] simp: bind_qbs_return[OF assms(1),simplified pair_qbs_space])
+ also have "... = p \<bind> (\<lambda>x. (q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) \<bind> f)"
+ by(auto intro!: bind_qbs_cong[OF assms(2),where Y=Z] bind_qbs_assoc[OF assms(3) _ assms(1)])
+ also have "... = ?rhs"
+ by(simp add: bind_qbs_assoc[OF assms(2) _ assms(1)])
+ finally show ?thesis .
+qed
+
+corollary bind_qbs_rotate:
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadM_qbs Z"
+ "p \<in> qbs_space (monadM_qbs X)"
+ and "q \<in> qbs_space (monadM_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f (x,y))) = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f (x,y)))"
+ by(simp add: qbs_bind_bind_return1[OF assms] qbs_bind_bind_return2[OF assms] bind_qbs_return_rotate assms)
+
+context pair_qbs_s_finites
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+lemma
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ shows qbs_bind_bind_return:"\<lbrakk>X,\<alpha>,\<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>x. \<lbrakk>Y,\<beta>,\<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>y. return_qbs Z (f (x,y)))) = \<lbrakk>Z, f \<circ> (map_prod \<alpha> \<beta> \<circ> rr.from_real), distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is "?lhs = ?rhs")
+ and qbs_bind_bind_return_s_finite: "qbs_s_finite Z (f \<circ> (map_prod \<alpha> \<beta> \<circ> rr.from_real)) (distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real)"
+proof -
+ show "qbs_s_finite Z (f \<circ> (map_prod \<alpha> \<beta> \<circ> rr.from_real)) (distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real)"
+ using qbs_s_finite_axioms by(auto simp: qbs_s_finite_def in_Mx_def qbs_Mx_is_morphisms)
+ have "?lhs = \<lbrakk>X,\<alpha>,\<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>x. \<lbrakk>Y,\<beta>,\<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) \<bind> return_qbs Z \<circ> f"
+ by(auto simp: comp_def intro!: qbs_bind_bind_return2[of "return_qbs Z \<circ> f" _ _ Z,simplified comp_def])
+ also have "... = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<bind> return_qbs Z \<circ> f"
+ by(simp add: qbs_bind_bind_return_pq)
+ also have "... = ?rhs"
+ by(rule distr_qbs[OF refl assms,simplified distr_qbs_def])
+ finally show "?lhs = ?rhs" .
+qed
+
+end
+
+subsubsection \<open>The Probability Monad\<close>
+
+definition "monadP_qbs X \<equiv> sub_qbs (monadM_qbs X) {s. prob_space (qbs_l s)}"
+
+lemma
+ shows qbs_space_monadPM: "s \<in> qbs_space (monadP_qbs X) \<Longrightarrow> s \<in> qbs_space (monadM_qbs X)"
+ and qbs_Mx_monadPM: "f \<in> qbs_Mx (monadP_qbs X) \<Longrightarrow> f \<in> qbs_Mx (monadM_qbs X)"
+ by(simp_all add: monadP_qbs_def sub_qbs_space sub_qbs_Mx)
+
+lemma monadP_qbs_space: "qbs_space (monadP_qbs X) = {s. qbs_space_of s = X \<and> prob_space (qbs_l s)}"
+ by(auto simp: monadP_qbs_def sub_qbs_space monadM_qbs_space)
+
+lemma rep_qbs_space_monadP:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ obtains \<alpha> \<mu> where "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob X \<alpha> \<mu>"
+proof -
+ obtain \<alpha> \<mu> where h:"s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ using assms rep_qbs_space_monadM[of s X] by(auto simp: monadP_qbs_def sub_qbs_space)
+ interpret qbs_s_finite X \<alpha> \<mu> by fact
+ have "prob_space \<mu>"
+ by(rule prob_space_distrD[of \<alpha> _ "qbs_to_measure X"]) (insert assms, auto simp: qbs_l[symmetric] h(1)[symmetric] monadP_qbs_space)
+ thus ?thesis
+ by (simp add: h(1) in_Mx_axioms mu_sets qbs_prob.intro real_distribution_axioms_def real_distribution_def that)
+qed
+
+lemma qbs_l_prob_space:
+ "s \<in> qbs_space (monadP_qbs X) \<Longrightarrow> prob_space (qbs_l s)"
+ by(auto simp: monadP_qbs_space)
+
+lemma monadP_qbs_empty_iff:
+ "(qbs_space X = {}) = (qbs_space (monadP_qbs X) = {})"
+proof
+ show "qbs_space X = {} \<Longrightarrow> qbs_space (monadP_qbs X) = {}"
+ using qbs_s_space_of_not_empty by(auto simp add: monadP_qbs_space)
+next
+ assume "qbs_space (monadP_qbs X) = {}"
+ then have h:"\<And>s. qbs_space_of s = X \<Longrightarrow> \<not> prob_space (qbs_l s)"
+ by(simp add: monadP_qbs_space)
+ show "qbs_space X = {}"
+ proof(rule ccontr)
+ assume "qbs_space X \<noteq> {}"
+ then obtain a where a:"a \<in> qbs_Mx X" by (auto simp: qbs_empty_equiv)
+ then interpret qbs_prob X a "return borel 0"
+ by(auto simp: qbs_prob_def in_Mx_def real_distribution_axioms_def real_distribution_def prob_space_return)
+ have "qbs_space_of \<lbrakk>X, a, return borel 0\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = X" "prob_space (qbs_l \<lbrakk>X, a, return borel 0\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(auto simp: qbs_l intro!: prob_space_distr)
+ with h show False by simp
+ qed
+qed
+
+lemma in_space_monadP_qbs_pred: "qbs_pred (monadM_qbs X) (\<lambda>s. s \<in> monadP_qbs X)"
+ by(rule qbs_morphism_cong'[where f="\<lambda>s. prob_space (qbs_l s)"],auto simp: qbs_l_prob_pred)
+ (auto simp: monadP_qbs_def sub_qbs_space)
+
+lemma(in qbs_prob) in_space_monadP[qbs]: "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<in> qbs_space (monadP_qbs X)"
+ by(auto simp: monadP_qbs_space qbs_l prob_space_distr)
+
+lemma qbs_morphism_monadPD: "f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y \<Longrightarrow> f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ unfolding monadP_qbs_def by(rule qbs_morphism_subD)
+
+lemma qbs_morphism_monadPD': "f \<in> monadM_qbs X \<rightarrow>\<^sub>Q Y \<Longrightarrow> f \<in> monadP_qbs X \<rightarrow>\<^sub>Q Y"
+ unfolding monadP_qbs_def by(rule qbs_morphism_subI2)
+
+lemma qbs_morphism_monadPI:
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> prob_space (qbs_l (f x))" "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ shows "f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ using assms by(auto simp: monadP_qbs_def intro!:qbs_morphism_subI1)
+
+lemma qbs_morphism_monadPI':
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x \<in> qbs_space (monadP_qbs Y)" "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ shows "f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ using assms by(auto intro!: qbs_morphism_monadPI simp: monadP_qbs_space)
+
+lemma qbs_morphism_monadPI'':
+ assumes "f \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs Y" "\<And>s. s \<in> qbs_space (monadP_qbs X) \<Longrightarrow> f s \<in> qbs_space (monadP_qbs Y)"
+ shows "f \<in> monadP_qbs X \<rightarrow>\<^sub>Q monadP_qbs Y"
+proof -
+ have 1:"\<And>X. monadP_qbs X = sub_qbs (monadM_qbs X) {s. qbs_space_of s = X \<and> prob_space (qbs_l s)}" (is "\<And>X. ?l X = ?r X")
+ proof -
+ fix X
+ have "?l X = sub_qbs (sub_qbs (monadM_qbs X) (qbs_space (monadM_qbs X))) {s. prob_space (qbs_l s)}"
+ by(simp add: sub_qbs_ident monadP_qbs_def)
+ also have "... = ?r X"
+ by(auto simp: sub_qbs_sub_qbs monadM_qbs_space Collect_conj_eq)
+ finally show "?l X = ?r X" .
+ qed
+ show ?thesis
+ unfolding 1 using assms(2) by(auto intro!: qbs_morphism_subsubI[OF assms(1),of " {s. qbs_space_of s = X \<and> prob_space (qbs_l s)}" " {s. qbs_space_of s = Y \<and> prob_space (qbs_l s)}"] simp: 1 sub_qbs_space monadM_qbs_space)
+qed
+
+lemma monadP_qbs_Mx: "qbs_Mx (monadP_qbs X) = {\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n |\<alpha> k. \<alpha> \<in> qbs_Mx X \<and> k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel}"
+proof safe
+ fix \<gamma>
+ assume h:"\<gamma> \<in> qbs_Mx (monadP_qbs X)"
+ then obtain \<alpha> k where h1:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ using rep_qbs_Mx_monadM[of \<gamma> X] by(simp add: monadP_qbs_def sub_qbs_Mx) metis
+ interpret s_finite_kernel borel borel k by fact
+ have "\<gamma> \<in> UNIV \<rightarrow> {s. qbs_space_of s = X \<and> prob_space (qbs_l s)}"
+ using h qbs_Mx_to_X[OF h] by(auto simp: monadP_qbs_def sub_qbs_Mx monadM_qbs_space sub_qbs_space)
+ hence "\<And>r. prob_space (k r)"
+ using h1(2) by(auto simp add: h1(1) Pi_iff qbs_s_finite.qbs_l[OF h1(4)] intro!: prob_space_distrD[of \<alpha> _ "qbs_to_measure X"])
+ hence "prob_kernel borel borel k"
+ by(auto simp: prob_kernel_def prob_kernel_axioms_def measure_kernel_axioms)
+ with h1(1,2) show "\<exists>\<alpha> k. \<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<and> \<alpha> \<in> qbs_Mx X \<and> k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ by(auto intro!: exI[where x=\<alpha>] exI[where x=k] simp: prob_kernel_def')
+next
+ fix \<alpha> and k :: "real \<Rightarrow> real measure"
+ assume h:"\<alpha> \<in> qbs_Mx X" "k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ then interpret pk: prob_kernel borel borel k
+ by(simp add: prob_kernel_def'[symmetric])
+ have qp: "qbs_prob X \<alpha> (k r)" for r
+ using h by(auto simp: qbs_prob_def in_Mx_def pk.kernel_sets pk.prob_spaces real_distribution_axioms_def real_distribution_def)
+ show "(\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<in> qbs_Mx (monadP_qbs X)"
+ using h(1) qp by(auto simp: monadP_qbs_def sub_qbs_Mx monadM_qbs_space qbs_s_finite.qbs_l[OF qbs_prob.qbs_s_finite[OF qp]] qbs_s_finite.qbs_space_of[OF qbs_prob.qbs_s_finite[OF qp]] monadM_qbs_Mx qbs_prob_def real_distribution_def intro!: exI[where x=\<alpha>] exI[where x=k] h pk.s_finite_kernel_axioms prob_space.prob_space_distr)
+qed
+
+lemma rep_qbs_Mx_monadP:
+ assumes "\<gamma> \<in> qbs_Mx (monadP_qbs X)"
+ obtains \<alpha> k where "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel" "\<And>r. qbs_prob X \<alpha> (k r)"
+proof -
+ have "\<And>\<alpha> r k. \<alpha> \<in> qbs_Mx X \<Longrightarrow> k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel \<Longrightarrow> qbs_prob X \<alpha> (k r)"
+ by(auto simp: qbs_prob_def in_Mx_def real_distribution_def real_distribution_axioms_def prob_kernel_def'[symmetric] prob_kernel_def prob_kernel_axioms_def measure_kernel_def)
+ thus ?thesis
+ using assms that by(fastforce simp: monadP_qbs_Mx)
+qed
+
+lemma qbs_l_monadP_le1:"s \<in> qbs_space (monadP_qbs X) \<Longrightarrow> qbs_l s A \<le> 1"
+ by(auto simp: monadP_qbs_space intro!: prob_space.emeasure_le_1)
+
+lemma qbs_l_inj_P: "inj_on qbs_l (qbs_space (monadP_qbs X))"
+ by(auto intro!: inj_on_subset[OF qbs_l_inj] simp: monadP_qbs_def sub_qbs_space)
+
+lemma qbs_l_measurable_prob[measurable]:"qbs_l \<in> qbs_to_measure (monadP_qbs X) \<rightarrow>\<^sub>M prob_algebra (qbs_to_measure X)"
+proof(rule qbs_morphism_dest[OF qbs_morphismI])
+ fix \<gamma>
+ assume "\<gamma> \<in> qbs_Mx (monadP_qbs X)"
+ from rep_qbs_Mx_monadP[OF this] obtain \<alpha> k where h[measurable]:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "k \<in> borel \<rightarrow>\<^sub>M prob_algebra borel" "\<And>r. qbs_prob X \<alpha> (k r)"
+ by metis
+ show "qbs_l \<circ> \<gamma> \<in> qbs_Mx (measure_to_qbs (prob_algebra (qbs_to_measure X)))"
+ by(auto simp: qbs_Mx_R comp_def h(1) qbs_s_finite.qbs_l[OF qbs_prob.qbs_s_finite[OF h(4)]])
+qed
+
+lemma return_qbs_morphismP: "return_qbs X \<in> X \<rightarrow>\<^sub>Q monadP_qbs X"
+proof(rule qbs_morphismI)
+ interpret rr : real_distribution "return borel 0"
+ by(simp add: real_distribution_def real_distribution_axioms_def prob_space_return)
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ then have 1:"return_qbs X \<circ> \<alpha> = (\<lambda>r. \<lbrakk>X, \<alpha>, return borel r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(rule return_qbs_comp)
+ show "return_qbs X \<circ> \<alpha> \<in> qbs_Mx (monadP_qbs X)"
+ by(auto simp: 1 monadP_qbs_Mx h intro!: exI[where x=\<alpha>] exI[where x="return borel"])
+qed
+
+lemma(in qbs_prob)
+ assumes "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ "f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ "\<beta> \<in> qbs_Mx Y"
+ and g[measurable]:"g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ and "(f \<circ> \<alpha>) = (\<lambda>r. \<lbrakk>Y, \<beta>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows bind_qbs_prob:"qbs_prob Y \<beta> (\<mu> \<bind> g)"
+ and bind_qbs': "s \<bind> f = \<lbrakk>Y, \<beta>, \<mu> \<bind> g\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+proof -
+ interpret prob_kernel borel borel g
+ using assms(4) by(simp add: prob_kernel_def')
+ have "prob_space (\<mu> \<bind> g)"
+ by(auto intro!: prob_space_bind'[OF _ g] simp: space_prob_algebra prob_space_axioms)
+ thus "qbs_prob Y \<beta> (\<mu> \<bind> g)" "s \<bind> f = \<lbrakk>Y, \<beta>, \<mu> \<bind> g\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite.qbs_probI[OF bind_qbs_s_finite[OF assms(1) qbs_morphism_monadPD[OF assms(2)] assms(3) s_finite_kernel_axioms assms(5)]]
+ by(simp_all add: bind_qbs[OF assms(1) qbs_morphism_monadPD[OF assms(2)] assms(3) s_finite_kernel_axioms assms(5)] bind_kernel_bind[of g \<mu> borel])
+qed
+
+lemma bind_qbs_morphism'P:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ shows "(\<lambda>x. x \<bind> f) \<in> monadP_qbs X \<rightarrow>\<^sub>Q monadP_qbs Y"
+proof(safe intro!: qbs_morphism_monadPI')
+ fix x
+ assume "x \<in> qbs_space (monadP_qbs X)"
+ from rep_qbs_space_monadP[OF this] obtain \<alpha> \<mu> where h:"x = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob X \<alpha> \<mu>"
+ by metis
+ then interpret qbs_prob X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadP[OF qbs_morphism_Mx[OF assms in_Mx]] obtain \<beta> g where h'[measurable]:
+ "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel" by metis
+ show "x \<bind> f \<in> qbs_space (monadP_qbs Y)"
+ using sets_bind[of \<mu> g] measurable_space[OF h'(3),simplified space_prob_algebra]
+ by(auto simp: qbs_prob.bind_qbs'[OF h(2,1) assms h'(2,3,1)] qbs_prob_def in_Mx_def h'(2) real_distribution_def real_distribution_axioms_def intro!: qbs_prob.in_space_monadP prob_space_bind[where S=borel] measurable_prob_algebraD)
+qed(auto intro!: qbs_morphism_monadPD' bind_qbs_morphism'[OF qbs_morphism_monadPD[OF assms]])
+
+lemma distr_qbs_morphismP':
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "distr_qbs X Y f \<in> monadP_qbs X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ unfolding distr_qbs_def
+ by(rule bind_qbs_morphism'P[OF qbs_morphism_comp[OF assms return_qbs_morphismP]])
+
+lemma join_qbs_morphismP: "join_qbs \<in> monadP_qbs (monadP_qbs X) \<rightarrow>\<^sub>Q monadP_qbs X"
+ by(simp add: join_qbs_def bind_qbs_morphism'P[OF qbs_morphism_ident])
+
+lemma
+ assumes "qbs_prob (monadP_qbs X) \<beta> \<mu>"
+ "ssx = \<lbrakk>monadP_qbs X, \<beta>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ "\<alpha> \<in> qbs_Mx X"
+ "g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ and "\<beta> =(\<lambda>r. \<lbrakk>X, \<alpha>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows qbs_prob_join_qbs_s_finite: "qbs_prob X \<alpha> (\<mu> \<bind> g)"
+ and qbs_prob_join_qbs: "join_qbs ssx = \<lbrakk>X, \<alpha>, \<mu> \<bind> g\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_prob.bind_qbs'[OF assms(1,2) qbs_morphism_ident assms(3,4)] qbs_prob.bind_qbs_prob[OF assms(1,2) qbs_morphism_ident assms(3,4)]
+ by(auto simp: assms(5) join_qbs_def)
+
+context
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+lemma strength_qbs_ab_r_prob:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ "\<beta> \<in> qbs_Mx (monadP_qbs Y)"
+ "\<gamma> \<in> qbs_Mx Y"
+ and [measurable]:"g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ and "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ shows "qbs_prob (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<gamma> \<circ> rr.from_real) (distr (return borel r \<Otimes>\<^sub>M g r) borel rr.to_real)"
+ using measurable_space[OF assms(4),of r] sets_return[of borel r]
+ by(auto intro!: qbs_s_finite.qbs_probI strength_qbs_ab_r_s_finite[OF assms(1) qbs_Mx_monadPM[OF assms(2)] assms(3) prob_kernel.s_finite_kernel_prob_kernel assms(5),simplified prob_kernel_def',OF assms(4)] prob_space.prob_space_distr prob_space_pair prob_space_return simp: space_prob_algebra simp del: sets_return)
+
+lemma strength_qbs_morphismP: "strength_qbs X Y \<in> X \<Otimes>\<^sub>Q monadP_qbs Y \<rightarrow>\<^sub>Q monadP_qbs (X \<Otimes>\<^sub>Q Y)"
+proof(rule pair_qbs_morphismI)
+ fix \<alpha> \<beta>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ "\<beta> \<in> qbs_Mx (monadP_qbs Y)"
+ from rep_qbs_Mx_monadP[OF this(2)] obtain \<gamma> g where hb[measurable]:
+ "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<gamma> \<in> qbs_Mx Y" "g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel"
+ by metis
+ show "(\<lambda>r. strength_qbs X Y (\<alpha> r, \<beta> r)) \<in> qbs_Mx (monadP_qbs (X \<Otimes>\<^sub>Q Y))"
+ using strength_qbs_ab_r_prob[OF h hb(2,3,1)] strength_qbs_ab_r[OF h(1) qbs_Mx_monadPM[OF h(2)] hb(2) prob_kernel.s_finite_kernel_prob_kernel hb(1),simplified prob_kernel_def',OF hb(3)]
+ by(auto simp: monadP_qbs_Mx qbs_prob_def in_Mx_def intro!: exI[where x="map_prod \<alpha> \<gamma> \<circ> rr.from_real"] exI[where x="\<lambda>r. distr (return borel r \<Otimes>\<^sub>M g r) borel rr.to_real"])
+qed
+
+end
+
+lemma bind_qbs_morphismP: "(\<bind>) \<in> monadP_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q monadP_qbs Y) \<Rightarrow>\<^sub>Q monadP_qbs Y"
+proof -
+ {
+ fix f s
+ assume h:"f \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y" "s \<in> qbs_space (monadP_qbs X)"
+ from rep_qbs_space_monadP[OF this(2)] obtain \<alpha> \<mu> where h':
+ "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob X \<alpha> \<mu>" by metis
+ then interpret qbs_prob X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadP[OF qbs_morphism_Mx[OF h(1) in_Mx]] obtain \<beta> g
+ where hb[measurable]:"f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel" by metis
+ have "join_qbs (distr_qbs ((X \<Rightarrow>\<^sub>Q monadP_qbs Y) \<Otimes>\<^sub>Q X) (monadP_qbs Y) (\<lambda>fx. fst fx (snd fx)) (strength_qbs (X \<Rightarrow>\<^sub>Q monadP_qbs Y) X (f, s))) = s \<bind> f"
+ using qbs_prob_join_qbs[OF qbs_prob.distr_qbs_prob[OF strength_qbs_prob[of f "X \<Rightarrow>\<^sub>Q monadP_qbs Y",OF h(1) h'(1)] strength_qbs[of f "X \<Rightarrow>\<^sub>Q monadP_qbs Y",OF h(1) h'(1)] qbs_morphism_eval] qbs_s_finite.distr_qbs[OF strength_qbs_s_finite[of f "X \<Rightarrow>\<^sub>Q monadP_qbs Y",OF h(1) h'(1)] strength_qbs[of f "X \<Rightarrow>\<^sub>Q monadP_qbs Y",OF h(1) h'(1)] qbs_morphism_eval] hb(2,3)] hb(1)
+ by(simp add: bind_qbs[OF h'(1) qbs_morphism_monadPD[OF h(1)] hb(2) prob_kernel.s_finite_kernel_prob_kernel hb(1),simplified prob_kernel_def',OF hb(3)] comp_def bind_kernel_bind[of g \<mu> borel,OF measurable_prob_algebraD])
+ }
+ thus ?thesis
+ by(auto intro!: arg_swap_morphism[OF curry_preserves_morphisms [OF qbs_morphism_cong'[of _ "join_qbs \<circ> (distr_qbs (exp_qbs X (monadP_qbs Y) \<Otimes>\<^sub>Q X) (monadP_qbs Y) (\<lambda>fx. (fst fx) (snd fx))) \<circ> (strength_qbs (exp_qbs X (monadP_qbs Y)) X)"]]] qbs_morphism_comp distr_qbs_morphismP' strength_qbs_morphismP join_qbs_morphismP qbs_morphism_eval simp: pair_qbs_space)
+qed
+
+corollary strength_qbs_law1P:
+ assumes "x \<in> qbs_space (unit_quasi_borel \<Otimes>\<^sub>Q monadP_qbs X)"
+ shows "snd x = (distr_qbs (unit_quasi_borel \<Otimes>\<^sub>Q X) X snd \<circ> strength_qbs unit_quasi_borel X) x"
+ by(rule strength_qbs_law1, insert assms) (auto simp: pair_qbs_space qbs_space_monadPM)
+
+corollary strength_qbs_law2P:
+ assumes "x \<in> qbs_space ((X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q monadP_qbs Z)"
+ shows "(strength_qbs X (Y \<Otimes>\<^sub>Q Z) \<circ> (map_prod id (strength_qbs Y Z)) \<circ> (\<lambda>((x,y),z). (x,(y,z)))) x =
+ (distr_qbs ((X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q Z) (X \<Otimes>\<^sub>Q (Y \<Otimes>\<^sub>Q Z)) (\<lambda>((x,y),z). (x,(y,z))) \<circ> strength_qbs (X \<Otimes>\<^sub>Q Y) Z) x"
+ by(rule strength_qbs_law2, insert assms) (auto simp: pair_qbs_space qbs_space_monadPM)
+
+lemma strength_qbs_law4P:
+ assumes "x \<in> qbs_space (X \<Otimes>\<^sub>Q monadP_qbs (monadP_qbs Y))"
+ shows "(strength_qbs X Y \<circ> map_prod id join_qbs) x = (join_qbs \<circ> distr_qbs (X \<Otimes>\<^sub>Q monadP_qbs Y) (monadP_qbs (X \<Otimes>\<^sub>Q Y)) (strength_qbs X Y) \<circ> strength_qbs X (monadP_qbs Y)) x"
+ (is "?lhs = ?rhs")
+proof -
+ from assms rep_qbs_space_monadP[of "snd x" "monadP_qbs Y"] obtain \<beta> \<mu>
+ where h:"qbs_prob (monadP_qbs Y) \<beta> \<mu>" "snd x = \<lbrakk>monadP_qbs Y, \<beta>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by (auto simp: pair_qbs_space) metis
+ then interpret qp: qbs_prob "monadP_qbs Y" \<beta> \<mu> by simp
+ from rep_qbs_Mx_monadP[OF qp.in_Mx] obtain \<gamma> g
+ where h': "\<gamma> \<in> qbs_Mx Y" "g \<in> borel \<rightarrow>\<^sub>M prob_algebra borel" "\<beta> = (\<lambda>r. \<lbrakk>Y, \<gamma>, g r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ and h'': "\<And>r. qbs_prob Y \<gamma> (g r)"
+ by metis
+ have "?lhs = \<lbrakk>X \<Otimes>\<^sub>Q Y, \<lambda>r. (fst x, \<gamma> r), \<mu> \<bind> g\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite.strength_qbs[OF qbs_prob.qbs_s_finite[OF qbs_prob_join_qbs_s_finite[OF h h']] _ qbs_prob_join_qbs[OF h h'],of "fst x" X] assms
+ by (auto simp: pair_qbs_space)
+ also have "... = ?rhs"
+ using qbs_prob_join_qbs[OF qbs_prob.distr_qbs_prob[OF qp.strength_qbs_prob[OF _ h(2),of "fst x" X] qp.strength_qbs[OF _ h(2)] strength_qbs_morphismP] qbs_s_finite.distr_qbs[OF qp.strength_qbs_s_finite[OF _ h(2),of "fst x" X] qp.strength_qbs[OF _ h(2)] strength_qbs_morphismP] pair_qbs_MxI h'(2),of "\<lambda>r. (fst x, \<gamma> r)",simplified comp_def qbs_s_finite.strength_qbs[OF qbs_prob.qbs_s_finite[OF h''] _ fun_cong[OF h'(3)]]] assms
+ by(auto simp: pair_qbs_space h')
+ finally show ?thesis .
+qed
+
+lemma distr_qbs_morphismP: "distr_qbs X Y \<in> X \<Rightarrow>\<^sub>Q Y \<rightarrow>\<^sub>Q monadP_qbs X \<Rightarrow>\<^sub>Q monadP_qbs Y"
+proof -
+ note [qbs] = bind_qbs_morphismP return_qbs_morphismP
+ have [simp]: "distr_qbs X Y = (\<lambda>f sx. sx \<bind> return_qbs Y \<circ> f)"
+ by standard+ (auto simp: distr_qbs_def)
+ show ?thesis
+ by simp
+qed
+
+lemma bind_qbs_return_rotateP:
+ assumes "p \<in> qbs_space (monadP_qbs X)"
+ and "q \<in> qbs_space (monadP_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y))) = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))"
+ by(auto intro!: bind_qbs_return_rotate qbs_space_monadPM assms)
+
+lemma qbs_bind_bind_return1P:
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadP_qbs Z"
+ "p \<in> qbs_space (monadP_qbs X)"
+ "q \<in> qbs_space (monadP_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f (x,y))) = (q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> f"
+ by(auto intro!: qbs_bind_bind_return1 assms qbs_space_monadPM qbs_morphism_monadPD)
+
+corollary qbs_bind_bind_return1P':
+ assumes [qbs]:"f \<in> qbs_space (X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q monadP_qbs Z)"
+ "p \<in> qbs_space (monadP_qbs X)"
+ "q \<in> qbs_space (monadP_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f x y)) = (q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> (case_prod f)"
+ by(auto intro!: qbs_bind_bind_return1P[where f="case_prod f" and Z=Z,simplified])
+
+lemma qbs_bind_bind_return2P:
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadP_qbs Z"
+ "p \<in> qbs_space (monadP_qbs X)" "q \<in> qbs_space (monadP_qbs Y)"
+ shows "p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f (x,y))) = (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> f"
+ by(auto intro!: qbs_bind_bind_return2 assms qbs_space_monadPM qbs_morphism_monadPD)
+
+corollary qbs_bind_bind_return2P':
+ assumes [qbs]:"f \<in> qbs_space (X \<Rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q monadP_qbs Z)"
+ "p \<in> qbs_space (monadP_qbs X)"
+ "q \<in> qbs_space (monadP_qbs Y)"
+ shows "p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f x y)) = (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))) \<bind> (case_prod f)"
+ by(auto intro!: qbs_bind_bind_return2P[where f="case_prod f" and Z=Z,simplified])
+
+corollary bind_qbs_rotateP:
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadP_qbs Z"
+ "p \<in> qbs_space (monadP_qbs X)"
+ and "q \<in> qbs_space (monadP_qbs Y)"
+ shows "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f (x,y))) = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f (x,y)))"
+ by(auto intro!: bind_qbs_rotate assms qbs_space_monadPM qbs_morphism_monadPD)
+
+context pair_qbs_probs
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+sublocale qbs_prob "X \<Otimes>\<^sub>Q Y" "map_prod \<alpha> \<beta> \<circ> rr.from_real" "distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real"
+ by(auto simp: qbs_prob_def in_Mx_def real_distribution_def qbs_Mx_is_morphisms real_distribution_axioms_def pq1.prob_space_axioms pq2.prob_space_axioms intro!: prob_space.prob_space_distr prob_space_pair)
+
+lemma qbs_bind_bind_return_prob:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ shows "qbs_prob Z (f \<circ> (map_prod \<alpha> \<beta> \<circ> rr.from_real)) (distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real)"
+ using qbs_prob_axioms by(auto simp: qbs_prob_def in_Mx_def qbs_Mx_is_morphisms)
+
+end
+
+subsubsection \<open> Almost Everywhere \<close>
+lift_definition qbs_almost_everywhere :: "['a qbs_measure, 'a \<Rightarrow> bool] \<Rightarrow> bool"
+is "\<lambda>(X,\<alpha>,\<mu>). almost_everywhere (distr \<mu> (qbs_to_measure X) \<alpha>)"
+ by(auto simp: qbs_s_finite_eq_def) metis
+
+syntax
+ "_qbs_almost_everywhere" :: "pttrn \<Rightarrow> 'a \<Rightarrow> bool \<Rightarrow> bool" ("AE\<^sub>Q _ in _. _" [0,0,10] 10)
+
+translations
+ "AE\<^sub>Q x in p. P" \<rightleftharpoons> "CONST qbs_almost_everywhere p (\<lambda>x. P)"
+
+lemma AEq_qbs_l: "(AE\<^sub>Q x in p. P x) = (AE x in qbs_l p. P x)"
+ by transfer (simp add: case_prod_beta')
+
+lemma(in qbs_s_finite) AEq_def:
+ "(AE\<^sub>Q x in \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n . P x) = (AE x in (distr \<mu> (qbs_to_measure X) \<alpha>). P x)"
+ by(simp add: qbs_almost_everywhere.abs_eq)
+
+lemma(in qbs_s_finite) AEq_AE: "(AE\<^sub>Q x in \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n . P x) \<Longrightarrow> (AE x in \<mu>. P (\<alpha> x))"
+ by(auto simp: AEq_def intro!:AE_distrD[of \<alpha>])
+
+lemma(in qbs_s_finite) AEq_AE_iff:
+ assumes [qbs]:"qbs_pred X P"
+ shows "(AE\<^sub>Q x in \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n . P x) \<longleftrightarrow> (AE x in \<mu>. P (\<alpha> x))"
+ by(auto simp: AEq_AE AEq_def qbs_pred_iff_sets intro!: AE_distr_iff[THEN iffD2])
+
+lemma AEq_qbs_pred[qbs]: "qbs_almost_everywhere \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q qbs_count_space UNIV) \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+proof(rule curry_preserves_morphisms[OF pair_qbs_morphismI])
+ fix \<gamma> \<beta>
+ assume h:"\<gamma> \<in> qbs_Mx (monadM_qbs X)" "\<beta> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q qbs_count_space (UNIV :: bool set))"
+ from rep_qbs_Mx_monadM[OF h(1)] obtain \<alpha> k where hk:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ interpret s:standard_borel_ne "borel :: real measure" by simp
+ interpret s2: standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure" by(simp add: borel_prod)
+ have [measurable]:"Measurable.pred (borel \<Otimes>\<^sub>M borel) (\<lambda>(x, y). \<beta> x (\<alpha> y))"
+ using h(2) hk(2) by(simp add: s2.qbs_pred_iff_measurable_pred[symmetric] r_preserves_product qbs_Mx_is_morphisms)
+ show "(\<lambda>r. qbs_almost_everywhere (fst (\<gamma> r, \<beta> r)) (snd (\<gamma> r, \<beta> r))) \<in> qbs_Mx (qbs_count_space UNIV)"
+ using h(2) hk(2) by(simp add: hk(1) qbs_Mx_is_morphisms qbs_s_finite.AEq_AE_iff[OF hk(4)])
+ (auto simp add: s.qbs_pred_iff_measurable_pred intro!: s_finite_kernel.AE_pred[OF hk(3)])
+qed
+
+lemma AEq_I2[simp]:
+ assumes "p \<in> qbs_space (monadM_qbs X)" "\<And>x. x \<in> qbs_space X \<Longrightarrow> P x"
+ shows "AE\<^sub>Q x in p. P x"
+ by(auto simp: space_qbs_l_in[OF assms(1)] assms(2) AEq_qbs_l)
+
+lemma AEq_mp[elim!]:
+ assumes "AE\<^sub>Q x in s. P x" "AE\<^sub>Q x in s. P x \<longrightarrow> Q x"
+ shows "AE\<^sub>Q x in s. Q x"
+ using assms by(auto simp: AEq_qbs_l)
+
+lemma
+ shows AEq_iffI: "AE\<^sub>Q x in s. P x \<Longrightarrow> AE\<^sub>Q x in s. P x \<longleftrightarrow> Q x \<Longrightarrow> AE\<^sub>Q x in s. Q x"
+ and AEq_disjI1: "AE\<^sub>Q x in s. P x \<Longrightarrow> AE\<^sub>Q x in s. P x \<or> Q x"
+ and AEq_disjI2: "AE\<^sub>Q x in s. Q x \<Longrightarrow> AE\<^sub>Q x in s. P x \<or> Q x"
+ and AEq_conjI: "AE\<^sub>Q x in s. P x \<Longrightarrow> AE\<^sub>Q x in s. Q x \<Longrightarrow> AE\<^sub>Q x in s. P x \<and> Q x"
+ and AEq_conj_iff[simp]: "(AE\<^sub>Q x in s. P x \<and> Q x) \<longleftrightarrow> (AE\<^sub>Q x in s. P x) \<and> (AE\<^sub>Q x in s. Q x)"
+ by(auto simp: AEq_qbs_l)
+
+lemma AEq_symmetric:
+ assumes "AE\<^sub>Q x in s. P x = Q x"
+ shows "AE\<^sub>Q x in s. Q x = P x"
+ using assms by(auto simp: AEq_qbs_l)
+
+lemma AEq_impI: "(P \<Longrightarrow> AE\<^sub>Q x in M. Q x) \<Longrightarrow> AE\<^sub>Q x in M. P \<longrightarrow> Q x"
+ by(auto simp: AEq_qbs_l AE_impI)
+
+lemma AEq_Ball_mp:
+ "s \<in> qbs_space (monadM_qbs X) \<Longrightarrow> (\<And>x. x\<in>qbs_space X \<Longrightarrow> P x) \<Longrightarrow> AE\<^sub>Q x in s. P x \<longrightarrow> Q x \<Longrightarrow> AE\<^sub>Q x in s. Q x"
+ by auto
+
+lemma AEq_cong:
+ "s \<in> qbs_space (monadM_qbs X) \<Longrightarrow> (\<And>x. x \<in> qbs_space X \<Longrightarrow> P x \<longleftrightarrow> Q x) \<Longrightarrow> (AE\<^sub>Q x in s. P x) \<longleftrightarrow> (AE\<^sub>Q x in s. Q x)"
+ by auto
+
+lemma AEq_cong_simp: "s \<in> qbs_space (monadM_qbs X) \<Longrightarrow> (\<And>x. x \<in> qbs_space X =simp=> P x = Q x) \<Longrightarrow> (AE\<^sub>Q x in s. P x) \<longleftrightarrow> (AE\<^sub>Q x in s. Q x)"
+ by (auto simp: simp_implies_def)
+
+lemma AEq_all_countable: "(AE\<^sub>Q x in s. \<forall>i. P i x) \<longleftrightarrow> (\<forall>i::'i::countable. AE\<^sub>Q x in s. P i x)"
+ by(simp add: AEq_qbs_l AE_all_countable)
+
+lemma AEq_ball_countable: "countable X \<Longrightarrow> (AE\<^sub>Q x in s. \<forall>y\<in>X. P x y) \<longleftrightarrow> (\<forall>y\<in>X. AE\<^sub>Q x in s. P x y)"
+ by(simp add: AEq_qbs_l AE_ball_countable)
+
+lemma AEq_ball_countable': "(\<And>N. N \<in> I \<Longrightarrow> AE\<^sub>Q x in s. P N x) \<Longrightarrow> countable I \<Longrightarrow> AE\<^sub>Q x in s. \<forall>N \<in> I. P N x"
+ unfolding AEq_ball_countable by simp
+
+lemma AEq_pairwise: "countable F \<Longrightarrow> pairwise (\<lambda>A B. AE\<^sub>Q x in s. R x A B) F \<longleftrightarrow> (AE\<^sub>Q x in s. pairwise (R x) F)"
+ unfolding pairwise_alt by (simp add: AEq_ball_countable)
+
+lemma AEq_finite_all: "finite S \<Longrightarrow> (AE\<^sub>Q x in s. \<forall>i\<in>S. P i x) \<longleftrightarrow> (\<forall>i\<in>S. AE\<^sub>Q x in s. P i x)"
+ by(simp add: AEq_qbs_l AE_finite_all)
+
+lemma AE_finite_allI:"finite S \<Longrightarrow> (\<And>s. s \<in> S \<Longrightarrow> AE\<^sub>Q x in M. Q s x) \<Longrightarrow> AE\<^sub>Q x in M. \<forall>s\<in>S. Q s x"
+ by(simp add: AEq_qbs_l AE_finite_all)
+
+subsubsection \<open> Integral \<close>
+lift_definition qbs_nn_integral :: "['a qbs_measure, 'a \<Rightarrow> ennreal] \<Rightarrow> ennreal"
+is "\<lambda>(X,\<alpha>,\<mu>) f.(\<integral>\<^sup>+x. f x \<partial>distr \<mu> (qbs_to_measure X) \<alpha>)"
+ by(auto simp: qbs_s_finite_eq_def)
+
+lift_definition qbs_integral :: "['a qbs_measure, 'a \<Rightarrow> ('b :: {banach,second_countable_topology})] \<Rightarrow> 'b"
+is "\<lambda>p f. if f \<in> (fst p) \<rightarrow>\<^sub>Q qbs_borel then (\<integral>x. f (fst (snd p) x) \<partial> (snd (snd p))) else 0"
+ using qbs_s_finite_eq_dest(3) qbs_s_finite_eq_1_imp_2 by fastforce
+
+syntax
+ "_qbs_nn_integral" :: "pttrn \<Rightarrow> ennreal \<Rightarrow> 'a qbs_measure \<Rightarrow> ennreal" ("\<integral>\<^sup>+\<^sub>Q((2 _./ _)/ \<partial>_)" [60,61] 110)
+
+translations
+ "\<integral>\<^sup>+\<^sub>Q x. f \<partial>p" \<rightleftharpoons> "CONST qbs_nn_integral p (\<lambda>x. f)"
+
+syntax
+ "_qbs_integral" :: "pttrn \<Rightarrow> _ \<Rightarrow> 'a qbs_measure \<Rightarrow> _" ("\<integral>\<^sub>Q((2 _./ _)/ \<partial>_)" [60,61] 110)
+
+translations
+ "\<integral>\<^sub>Q x. f \<partial>p" \<rightleftharpoons> "CONST qbs_integral p (\<lambda>x. f)"
+
+lemma(in qbs_s_finite)
+ shows qbs_nn_integral_def: "f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = (\<integral>\<^sup>+x. f (\<alpha> x) \<partial> \<mu>)"
+ and qbs_nn_integral_def2:"(\<integral>\<^sup>+\<^sub>Q x. f x \<partial>\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = (\<integral>\<^sup>+x. f x \<partial>(distr \<mu> (qbs_to_measure X) \<alpha>))"
+ by(simp_all add: qbs_nn_integral.abs_eq nn_integral_distr lr_adjunction_correspondence)
+
+lemma(in qbs_s_finite) qbs_integral_def:
+ "f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sub>Q x. f x \<partial>\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = (\<integral>x. f (\<alpha> x) \<partial> \<mu>)"
+ by(simp add: qbs_integral.abs_eq)
+
+lemma(in qbs_s_finite) qbs_integral_def2: "(\<integral>\<^sub>Q x. f x \<partial>\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = (\<integral>x. f x \<partial>(distr \<mu> (qbs_to_measure X) \<alpha>))"
+proof -
+ consider "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" | "f \<notin> X \<rightarrow>\<^sub>Q qbs_borel" by auto
+ thus ?thesis
+ proof cases
+ case h:2
+ then have "\<not> integrable (qbs_l \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) f"
+ by (metis borel_measurable_integrable measurable_distr_eq1 qbs_l qbs_morphism_measurable_intro)
+ thus ?thesis
+ using h by(simp add: qbs_l qbs_integral.abs_eq lr_adjunction_correspondence not_integrable_integral_eq)
+ qed(simp add: qbs_integral.abs_eq lr_adjunction_correspondence integral_distr)
+qed
+
+lemma qbs_measure_eqI:
+ assumes [qbs]:"p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs X)"
+ and "\<And>f. f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>p) = (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>q)"
+ shows "p = q"
+proof -
+ obtain \<alpha> \<mu> \<beta> \<nu> where h:"p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "q = \<lbrakk>X, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" "qbs_s_finite X \<beta> \<nu>"
+ by (metis rep_qbs_space_monadM assms(1,2))
+ then interpret pq:pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ by(auto simp: pair_qbs_s_finite_def)
+ show ?thesis
+ using assms(3) by(auto simp: h(1,2) pq.pq1.qbs_nn_integral_def pq.pq2.qbs_nn_integral_def intro!: pq.qbs_s_finite_measure_eq')
+qed
+
+lemma qbs_nn_integral_def2_l: "qbs_nn_integral s f = integral\<^sup>N (qbs_l s) f"
+ by transfer auto
+
+lemma qbs_integral_def2_l: "qbs_integral s f = integral\<^sup>L (qbs_l s) f"
+ by (metis in_qbs_space_of qbs_s_finite.qbs_integral_def2 qbs_s_finite.qbs_l rep_qbs_space_monadM)
+
+lift_definition qbs_integrable :: "'a qbs_measure \<Rightarrow> ('a \<Rightarrow> 'b::{second_countable_topology,banach}) \<Rightarrow> bool"
+is "\<lambda>p f. f \<in> fst p \<rightarrow>\<^sub>Q qbs_borel \<and> integrable (snd (snd p)) (f \<circ> (fst (snd p)))"
+proof safe
+ have 0:"f \<in> Y \<rightarrow>\<^sub>Q qbs_borel" "integrable \<nu> (\<lambda>x. f (\<beta> x))" if "qbs_s_finite_eq (X,\<alpha>,\<mu>) (Y,\<beta>,\<nu>)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "integrable \<mu> (\<lambda>x. f (\<alpha> x))" for X :: "'a quasi_borel" and Y \<alpha> \<beta> \<mu> \<nu> and f :: "_ \<Rightarrow> 'b"
+ proof -
+ interpret pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ using qbs_s_finite_eq_dest[OF that(1)] by(auto simp: pair_qbs_s_finite_def)
+ show "f \<in> Y \<rightarrow>\<^sub>Q qbs_borel" "integrable \<nu> (\<lambda>x. f (\<beta> x))"
+ using that qbs_s_finite_eq_dest(3)[OF that(1)] by(simp_all add: integrable_distr_eq[symmetric,of \<alpha> \<mu> "qbs_to_measure X" f] integrable_distr_eq[symmetric,of \<beta> \<nu> "qbs_to_measure X" f] lr_adjunction_correspondence qbs_s_finite_eq_dest(4)[OF that(1)])
+ qed
+ {
+ fix X Y :: "'a quasi_borel"
+ fix \<alpha> \<beta> \<mu> \<nu> and f :: "_ \<Rightarrow> 'b"
+ assume 1:"qbs_s_finite_eq (X, \<alpha>, \<mu>) (Y, \<beta>, \<nu>)"
+ then have 2:"qbs_s_finite_eq (Y, \<beta>, \<nu>) (X, \<alpha>, \<mu>)" by(auto simp: qbs_s_finite_eq_def)
+ have "f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<and> integrable \<mu> (f \<circ> \<alpha>) \<longleftrightarrow> f \<in> Y \<rightarrow>\<^sub>Q qbs_borel \<and> integrable \<nu> (f \<circ> \<beta>)"
+ unfolding comp_def using 0[OF 1,of f] 0[OF 2,of f] by blast
+ }
+ thus "\<And>prod1 prod2 :: 'a qbs_s_finite_t. qbs_s_finite_eq prod1 prod2 \<Longrightarrow> (\<lambda>f:: _ \<Rightarrow> 'b. f \<in> fst prod1 \<rightarrow>\<^sub>Q borel\<^sub>Q \<and> integrable (snd (snd prod1)) (f \<circ> fst (snd prod1))) = (\<lambda>f. f \<in> fst prod2 \<rightarrow>\<^sub>Q borel\<^sub>Q \<and> integrable (snd (snd prod2)) (f \<circ> fst (snd prod2)))"
+ by fastforce
+qed
+
+lemma(in qbs_s_finite) qbs_integrable_def:
+ "qbs_integrable \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n f \<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<and> integrable \<mu> (\<lambda>x. f (\<alpha> x))"
+ by(simp add: qbs_integrable.abs_eq comp_def)
+
+lemma qbs_integrable_morphism_dest:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ and "qbs_integrable s f"
+ shows "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by (metis assms qbs_s_finite.qbs_integrable_def rep_qbs_space_monadM)
+
+lemma qbs_integrable_morphismP:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ and "qbs_integrable s f"
+ shows "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(auto intro!: qbs_integrable_morphism_dest assms qbs_space_monadPM)
+
+lemma(in qbs_s_finite) qbs_integrable_measurable[simp]:
+ assumes "qbs_integrable \<lbrakk>X,\<alpha>,\<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n f"
+ shows "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M borel"
+ by(auto intro!: qbs_integrable_morphism_dest assms simp: lr_adjunction_correspondence[symmetric])
+
+lemma qbs_integrable_iff_integrable:
+ "(qbs_integrable (s::'a qbs_measure) (f :: 'a \<Rightarrow> 'b::{second_countable_topology,banach})) = (integrable (qbs_l s) f)"
+proof transfer
+ fix f ::" 'a \<Rightarrow> 'b::{second_countable_topology,banach}"
+ show "qbs_s_finite_eq s s \<Longrightarrow> (f \<in> fst s \<rightarrow>\<^sub>Q borel\<^sub>Q \<and> integrable (snd (snd s)) (f \<circ> fst (snd s))) = integrable (distr (snd (snd s)) (qbs_to_measure (fst s)) (fst (snd s))) f" for s
+ proof(rule prod_cases3[of s])
+ fix X :: "'a quasi_borel"
+ fix \<alpha> \<mu>
+ assume "qbs_s_finite_eq s s" and s: "s = (X,\<alpha>,\<mu>)"
+ then interpret qbs_s_finite X \<alpha> \<mu> by(simp add: qbs_s_finite_eq_def)
+ show "f \<in> fst s \<rightarrow>\<^sub>Q qbs_borel \<and> integrable (snd (snd s)) (\<lambda>x. (f \<circ> fst (snd s)) x) \<longleftrightarrow> integrable (distr (snd (snd s)) (qbs_to_measure (fst s)) (fst (snd s))) f"
+ using integrable_distr_eq[of \<alpha> \<mu> "qbs_to_measure X" f,simplified]
+ by(auto simp add: lr_adjunction_correspondence s)
+ qed
+qed
+
+corollary(in qbs_s_finite) qbs_integrable_distr: "qbs_integrable \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n f = integrable (distr \<mu> (qbs_to_measure X) \<alpha>) f"
+ by(simp add: qbs_integrable_iff_integrable qbs_l)
+
+lemma qbs_integrable_morphism[qbs]: "qbs_integrable \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q (qbs_borel :: ('a :: {banach, second_countable_topology}) quasi_borel)) \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+proof(rule curry_preserves_morphisms[OF pair_qbs_morphismI])
+ fix \<gamma> \<beta>
+ assume h:"\<gamma> \<in> qbs_Mx (monadM_qbs X)" "\<beta> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q (qbs_borel :: 'a quasi_borel))"
+ from rep_qbs_Mx_monadM[OF this(1)] obtain \<alpha> k
+ where hk:"\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ then interpret ina: in_Mx X \<alpha> by (simp add: in_Mx_def)
+ interpret standard_borel_ne "borel :: real measure" by simp
+ have [measurable]: "\<beta> r \<in> qbs_to_measure X \<rightarrow>\<^sub>M borel" for r
+ using h(2) by(simp add: qbs_Mx_is_morphisms lr_adjunction_correspondence[symmetric])
+ have [measurable_cong]: "sets (k r) = sets borel" for r
+ using hk(4) qbs_s_finite.mu_sets by blast
+ have 1: "borel_measurable (borel \<Otimes>\<^sub>M borel) = (qbs_borel \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q qbs_borel :: (real \<times> real \<Rightarrow> 'a) set)"
+ by (metis borel_prod pair_standard_borel qbs_borel_prod standard_borel.standard_borel_r_full_faithful standard_borel_axioms)
+ show "(\<lambda>r. qbs_integrable (fst (\<gamma> r, \<beta> r)) (snd (\<gamma> r, \<beta> r))) \<in> qbs_Mx (qbs_count_space UNIV)"
+ by(auto simp: fun_cong[OF hk(1)] qbs_s_finite.qbs_integrable_distr[OF hk(4)] integrable_distr_eq qbs_Mx_is_morphisms qbs_pred_iff_measurable_pred intro!: s_finite_kernel.integrable_measurable_pred[OF hk(3)]) (insert h(2), simp add: 1 qbs_Mx_is_morphisms split_beta')
+qed
+
+lemma(in qbs_s_finite) qbs_integrable_iff_integrable:
+ assumes "f \<in> qbs_to_measure X \<rightarrow>\<^sub>M borel"
+ shows "qbs_integrable \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n f = integrable \<mu> (\<lambda>x. f (\<alpha> x))"
+ by(auto intro!: integrable_distr_eq[of \<alpha> \<mu> "qbs_to_measure X" f] simp: assms qbs_integrable_distr)
+
+lemma qbs_integrable_iff_bounded:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows "qbs_integrable s f \<longleftrightarrow> f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<and> (\<integral>\<^sup>+\<^sub>Q x. ennreal (norm (f x)) \<partial>s) < \<infinity>"
+ (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms] obtain \<alpha> \<mu> where hs:
+ "qbs_s_finite X \<alpha> \<mu>" "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by metis
+ then interpret qs:qbs_s_finite X \<alpha> \<mu> by simp
+ have "?lhs = integrable (distr \<mu> (qbs_to_measure X) \<alpha>) f"
+ by (simp add: hs(2) qbs_integrable_iff_integrable qs.qbs_l)
+ also have "... = (f \<in> borel_measurable (distr \<mu> (qbs_to_measure X) \<alpha>) \<and> ((\<integral>\<^sup>+ x. ennreal (norm (f x)) \<partial>(distr \<mu> (qbs_to_measure X) \<alpha>)) < \<infinity>))"
+ by(rule integrable_iff_bounded)
+ also have "... = ?rhs"
+ by(auto simp add: hs(2) qs.qbs_nn_integral_def2 lr_adjunction_correspondence)
+ finally show ?thesis .
+qed
+
+lemma not_qbs_integrable_qbs_integral: "\<not> qbs_integrable s f \<Longrightarrow> qbs_integral s f = 0"
+ by(simp add: qbs_integral_def2_l qbs_integrable_iff_integrable not_integrable_integral_eq)
+
+lemma qbs_integrable_cong_AE:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ "AE\<^sub>Q x in s. f x = g x"
+ and "qbs_integrable s f" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "qbs_integrable s g"
+ using assms(2,4) by(auto intro!: qbs_integrable_iff_integrable[THEN iffD2] Bochner_Integration.integrable_cong_AE[of g _ f,THEN iffD2] qbs_integrable_iff_integrable[THEN iffD1,OF assms(3)] qbs_integrable_morphism_dest[OF assms(1),of f] simp: AEq_qbs_l measurable_qbs_l[OF assms(1)])
+
+lemma qbs_integrable_cong:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ and "qbs_integrable s f"
+ shows "qbs_integrable s g"
+ by(auto intro!: qbs_integrable_iff_integrable[THEN iffD2] Bochner_Integration.integrable_cong[OF refl,of _ g f,THEN iffD2] qbs_integrable_iff_integrable[THEN iffD1,OF assms(3)] simp: space_qbs_l_in[OF assms(1)] assms(2))
+
+lemma qbs_integrable_zero[simp, intro]: "qbs_integrable s (\<lambda>x. 0)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_const:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ shows "qbs_integrable s (\<lambda>x. c)"
+ using assms by(auto intro!: qbs_integrable_iff_integrable[THEN iffD2] finite_measure.integrable_const simp: monadP_qbs_space prob_space_def)
+
+lemma qbs_integrable_add[simp,intro!]:
+ assumes "qbs_integrable s f"
+ and "qbs_integrable s g"
+ shows "qbs_integrable s (\<lambda>x. f x + g x)"
+ by(rule qbs_integrable_iff_integrable[THEN iffD2,OF Bochner_Integration.integrable_add[OF qbs_integrable_iff_integrable[THEN iffD1,OF assms(1)] qbs_integrable_iff_integrable[THEN iffD1,OF assms(2)]]])
+
+lemma qbs_integrable_diff[simp,intro!]:
+ assumes "qbs_integrable s f"
+ and "qbs_integrable s g"
+ shows "qbs_integrable s (\<lambda>x. f x - g x)"
+ by(rule qbs_integrable_iff_integrable[THEN iffD2,OF Bochner_Integration.integrable_diff[OF qbs_integrable_iff_integrable[THEN iffD1,OF assms(1)] qbs_integrable_iff_integrable[THEN iffD1,OF assms(2)]]])
+
+lemma qbs_integrable_sum[simp, intro!]: "(\<And>i. i \<in> I \<Longrightarrow> qbs_integrable s (f i)) \<Longrightarrow> qbs_integrable s (\<lambda>x. \<Sum>i\<in>I. f i x)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_scaleR_left[simp, intro!]: "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. f x *\<^sub>R (c :: 'a :: {second_countable_topology,banach}))"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_scaleR_right[simp, intro!]: "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. c *\<^sub>R (f x :: 'a :: {second_countable_topology,banach}) )"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_mult_iff:
+ fixes f :: "'a \<Rightarrow> real"
+ shows "(qbs_integrable s (\<lambda>x. c * f x)) = (c = 0 \<or> qbs_integrable s f)"
+ using qbs_integrable_iff_integrable[of s "\<lambda>x. c * f x"] integrable_mult_left_iff[of _ c f] qbs_integrable_iff_integrable[of s f]
+ by simp
+
+lemma
+ fixes c :: "_::{real_normed_algebra,second_countable_topology}"
+ assumes "qbs_integrable s f"
+ shows qbs_integrable_mult_right:"qbs_integrable s (\<lambda>x. c * f x)"
+ and qbs_integrable_mult_left: "qbs_integrable s (\<lambda>x. f x * c)"
+ using assms by(auto simp: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_divide_zero[simp, intro!]:
+ fixes c :: "_::{real_normed_field, field, second_countable_topology}"
+ shows "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. f x / c)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_inner_left[simp, intro!]:
+ "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. f x \<bullet> c)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_inner_right[simp, intro!]:
+ "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. c \<bullet> f x)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_minus[simp, intro!]:
+ "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. - f x)"
+ by(simp add: qbs_integrable_iff_integrable)
+
+lemma [simp, intro]:
+ assumes "qbs_integrable s f"
+ shows qbs_integrable_Re: "qbs_integrable s (\<lambda>x. Re (f x))"
+ and qbs_integrable_Im: "qbs_integrable s (\<lambda>x. Im (f x))"
+ and qbs_integrable_cnj: "qbs_integrable s (\<lambda>x. cnj (f x))"
+ using assms by(simp_all add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_of_real[simp, intro!]:
+ "qbs_integrable s f \<Longrightarrow> qbs_integrable s (\<lambda>x. of_real (f x))"
+ by(simp_all add: qbs_integrable_iff_integrable)
+
+lemma [simp, intro]:
+ assumes "qbs_integrable s f"
+ shows qbs_integrable_fst: "qbs_integrable s (\<lambda>x. fst (f x))"
+ and qbs_integrable_snd: "qbs_integrable s (\<lambda>x. snd (f x))"
+ using assms by(simp_all add: qbs_integrable_iff_integrable)
+
+lemma qbs_integrable_norm:
+ assumes "qbs_integrable s f"
+ shows "qbs_integrable s (\<lambda>x. norm (f x))"
+ by(rule qbs_integrable_iff_integrable[THEN iffD2,OF integrable_norm[OF qbs_integrable_iff_integrable[THEN iffD1,OF assms]]])
+
+lemma qbs_integrable_abs:
+ fixes f :: "_ \<Rightarrow> real"
+ assumes "qbs_integrable s f"
+ shows "qbs_integrable s (\<lambda>x. \<bar>f x\<bar>)"
+ by(rule qbs_integrable_iff_integrable[THEN iffD2,OF integrable_abs[OF qbs_integrable_iff_integrable[THEN iffD1,OF assms]]])
+
+lemma qbs_integrable_sq:
+ fixes c :: "_::{real_normed_field,second_countable_topology}"
+ assumes "qbs_integrable s (\<lambda>x. c)" "qbs_integrable s f"
+ and "qbs_integrable s (\<lambda>x. (f x)\<^sup>2)"
+ shows "qbs_integrable s (\<lambda>x. (f x - c)\<^sup>2)"
+ by(simp add: comm_ring_1_class.power2_diff,rule qbs_integrable_diff,rule qbs_integrable_add)
+ (simp_all add: comm_semiring_1_class.semiring_normalization_rules(16)[of 2] assms qbs_integrable_mult_right power2_eq_square[of c])
+
+lemma qbs_nn_integral_eq_integral_AEq:
+ assumes "qbs_integrable s f" "AE\<^sub>Q x in s. 0 \<le> f x"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. ennreal (f x) \<partial>s) = ennreal (\<integral>\<^sub>Q x. f x \<partial>s)"
+ using nn_integral_eq_integral[OF qbs_integrable_iff_integrable[THEN iffD1,OF assms(1)] ] qbs_integrable_morphism_dest[OF in_qbs_space_of assms(1)] assms(2)
+ by(simp add: qbs_integral_def2_l qbs_nn_integral_def2_l AEq_qbs_l)
+
+lemma qbs_nn_integral_eq_integral:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "qbs_integrable s f"
+ and "\<And>x. x \<in> qbs_space X \<Longrightarrow> 0 \<le> f x"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. ennreal (f x) \<partial>s) = ennreal (\<integral>\<^sub>Q x. f x \<partial>s)"
+ using qbs_nn_integral_eq_integral_AEq[OF assms(2) AEq_I2[OF assms(1,3)]] by simp
+
+lemma qbs_nn_integral_cong_AEq:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "AE\<^sub>Q x in s. f x = g x"
+ shows "qbs_nn_integral s f = qbs_nn_integral s g"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ show ?thesis
+ using assms(2) by(auto simp: qs.qbs_nn_integral_def2 hs(1) qs.AEq_def intro!: nn_integral_cong_AE)
+qed
+
+lemma qbs_nn_integral_cong:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ shows "qbs_nn_integral s f = qbs_nn_integral s g"
+ using qbs_nn_integral_cong_AEq[OF assms(1) AEq_I2[OF assms]] by simp
+
+lemma qbs_nn_integral_const:
+ "(\<integral>\<^sup>+\<^sub>Q x. c \<partial>s) = c * qbs_l s (qbs_space (qbs_space_of s))"
+ by(simp add: qbs_nn_integral_def2_l space_qbs_l)
+
+lemma qbs_nn_integral_const_prob:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. c \<partial>s) = c"
+ using assms by(simp add: qbs_nn_integral_const prob_space.emeasure_space_1 qbs_l_prob_space space_qbs_l)
+
+lemma qbs_nn_integral_add:
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ and [qbs]:"f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. f x + g x \<partial>s) = (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>s) + (\<integral>\<^sup>+\<^sub>Q x. g x \<partial>s)"
+ by(auto simp: qbs_nn_integral_def2_l measurable_qbs_l[OF assms(1)] intro!: nn_integral_add measurable_qbs_l)
+
+lemma qbs_nn_integral_cmult:
+ assumes "s \<in> qbs_space (monadM_qbs X)" and [qbs]:"f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. c * f x \<partial>s) = c * (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>s)"
+ by(auto simp: qbs_nn_integral_def2_l measurable_qbs_l[OF assms(1)] intro!: nn_integral_cmult)
+
+lemma qbs_integral_cong_AEq:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ and "AE\<^sub>Q x in s. f x = g x"
+ shows "qbs_integral s f = qbs_integral s g"
+ using assms(4) by(auto simp: qbs_integral_def2_l AEq_qbs_l measurable_qbs_l[OF assms(1)] intro!: integral_cong_AE )
+
+lemma qbs_integral_cong:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ shows "qbs_integral s f = qbs_integral s g"
+ by(auto simp: qbs_integral_def2_l space_qbs_l_in[OF assms(1)] assms(2) intro!: Bochner_Integration.integral_cong)
+
+lemma qbs_integral_nonneg_AEq:
+ fixes f :: "_ \<Rightarrow> real"
+ shows "AE\<^sub>Q x in s. 0 \<le> f x \<Longrightarrow> 0 \<le> qbs_integral s f"
+ by(auto simp: qbs_integral_def2_l AEq_qbs_l intro!: integral_nonneg_AE )
+
+lemma qbs_integral_nonneg:
+ fixes f :: "_ \<Rightarrow> real"
+ assumes "s \<in> qbs_space (monadM_qbs X)" "\<And>x. x \<in> qbs_space X \<Longrightarrow> 0 \<le> f x"
+ shows "0 \<le> qbs_integral s f"
+ by(auto simp: qbs_integral_def2_l space_qbs_l_in[OF assms(1)] assms(2) intro!: Bochner_Integration.integral_nonneg)
+
+lemma qbs_integral_mono_AEq:
+ fixes f :: "_ \<Rightarrow> real"
+ assumes "qbs_integrable s f" "qbs_integrable s g" "AE\<^sub>Q x in s. f x \<le> g x"
+ shows "qbs_integral s f \<le> qbs_integral s g"
+ using assms by(auto simp: qbs_integral_def2_l AEq_qbs_l qbs_integrable_iff_integrable intro!: integral_mono_AE)
+
+lemma qbs_integral_mono:
+ fixes f :: "_ \<Rightarrow> real"
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ and "qbs_integrable s f" "qbs_integrable s g" "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x \<le> g x"
+ shows "qbs_integral s f \<le> qbs_integral s g"
+ by(auto simp: qbs_integral_def2_l space_qbs_l_in[OF assms(1)] qbs_integrable_iff_integrable[symmetric] assms intro!: integral_mono)
+
+lemma qbs_integral_const_prob:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ shows "(\<integral>\<^sub>Q x. c \<partial>s) = c"
+ using assms by(simp add: qbs_integral_def2_l monadP_qbs_space prob_space.prob_space)
+
+lemma
+ assumes "qbs_integrable s f" "qbs_integrable s g"
+ shows qbs_integral_add:"(\<integral>\<^sub>Q x. f x + g x \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) + (\<integral>\<^sub>Q x. g x \<partial>s)"
+ and qbs_integral_diff: "(\<integral>\<^sub>Q x. f x - g x \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) - (\<integral>\<^sub>Q x. g x \<partial>s)"
+ using assms by(auto simp: qbs_integral_def2_l qbs_integrable_iff_integrable[symmetric] intro!: Bochner_Integration.integral_add Bochner_Integration.integral_diff)
+
+lemma [simp]:
+ fixes c :: "_::{real_normed_field,second_countable_topology}"
+ shows qbs_integral_mult_right_zero:"(\<integral>\<^sub>Q x. c * f x \<partial>s) = c * (\<integral>\<^sub>Q x. f x \<partial>s)"
+ and qbs_integral_mult_left_zero:"(\<integral>\<^sub>Q x. f x * c \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) * c"
+ and qbs_integral_divide_zero: "(\<integral>\<^sub>Q x. f x / c \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) / c"
+ by(auto simp: qbs_integral_def2_l)
+
+lemma qbs_integral_minus[simp]: "(\<integral>\<^sub>Q x. - f x \<partial>s) = - (\<integral>\<^sub>Q x. f x \<partial>s)"
+ by(auto simp: qbs_integral_def2_l)
+
+lemma [simp]:
+ shows qbs_integral_scaleR_right:"(\<integral>\<^sub>Q x. c *\<^sub>R f x \<partial>s) = c *\<^sub>R (\<integral>\<^sub>Q x. f x \<partial>s)"
+ and qbs_integral_scaleR_left: "(\<integral>\<^sub>Q x. f x *\<^sub>R c \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) *\<^sub>R c"
+ by(auto simp: qbs_integral_def2_l)
+
+lemma [simp]:
+ shows qbs_integral_inner_left: "qbs_integrable s f \<Longrightarrow> (\<integral>\<^sub>Q x. f x \<bullet> c \<partial>s) = (\<integral>\<^sub>Q x. f x \<partial>s) \<bullet> c"
+ and qbs_integral_inner_right: "qbs_integrable s f \<Longrightarrow> (\<integral>\<^sub>Q x. c \<bullet> f x \<partial>s) = c \<bullet> (\<integral>\<^sub>Q x. f x \<partial>s) "
+ by(auto simp: qbs_integral_def2_l qbs_integrable_iff_integrable)
+
+lemma integral_complex_of_real[simp]: "(\<integral>\<^sub>Q x. complex_of_real (f x) \<partial>s)= of_real (\<integral>\<^sub>Q x. f x \<partial>s)"
+ by(simp add: qbs_integral_def2_l)
+
+lemma integral_cnj[simp]: "(\<integral>\<^sub>Q x. cnj (f x) \<partial>s) = cnj (\<integral>\<^sub>Q x. f x \<partial>s)"
+ by(simp add: qbs_integral_def2_l)
+
+lemma [simp]:
+ assumes "qbs_integrable s f"
+ shows qbs_integral_Im: "(\<integral>\<^sub>Q x. Im (f x) \<partial>s) = Im (\<integral>\<^sub>Q x. f x \<partial>s)"
+ and qbs_integral_Re: "(\<integral>\<^sub>Q x. Re (f x) \<partial>s) = Re (\<integral>\<^sub>Q x. f x \<partial>s)"
+ using assms by(auto simp: qbs_integral_def2_l qbs_integrable_iff_integrable)
+
+lemma qbs_integral_of_real[simp]:"qbs_integrable s f \<Longrightarrow> (\<integral>\<^sub>Q x. of_real (f x) \<partial>s) = of_real (\<integral>\<^sub>Q x. f x \<partial>s)"
+ by(auto simp: qbs_integral_def2_l qbs_integrable_iff_integrable)
+
+lemma [simp]:
+ assumes "qbs_integrable s f"
+ shows qbs_integral_fst: "(\<integral>\<^sub>Q x. fst (f x) \<partial>s) = fst (\<integral>\<^sub>Q x. f x \<partial>s)"
+ and qbs_integral_snd: "(\<integral>\<^sub>Q x. snd (f x) \<partial>s) = snd (\<integral>\<^sub>Q x. f x \<partial>s)"
+ using assms by(auto simp: qbs_integral_def2_l qbs_integrable_iff_integrable)
+
+lemma real_qbs_integral_def:
+ assumes "qbs_integrable s f"
+ shows "qbs_integral s f = enn2real (\<integral>\<^sup>+\<^sub>Q x. ennreal (f x) \<partial>s) - enn2real (\<integral>\<^sup>+\<^sub>Q x. ennreal (- f x) \<partial>s)"
+ using qbs_integrable_morphism_dest[OF in_qbs_space_of assms] assms
+ by(auto simp: qbs_integral_def2_l qbs_nn_integral_def2_l qbs_integrable_iff_integrable[symmetric] intro!: real_lebesgue_integral_def)
+
+lemma Markov_inequality_qbs_prob:
+ "qbs_integrable s f \<Longrightarrow> AE\<^sub>Q x in s. 0 \<le> f x \<Longrightarrow> 0 < c \<Longrightarrow> \<P>(x in qbs_l s. c \<le> f x) \<le> (\<integral>\<^sub>Q x. f x \<partial>s) / c"
+ by(auto simp: qbs_integral_def2_l AEq_qbs_l qbs_integrable_iff_integrable intro!: integral_Markov_inequality_measure[where A="{}"])
+
+lemma Chebyshev_inequality_qbs_prob:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ and "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "qbs_integrable s (\<lambda>x. (f x)\<^sup>2)"
+ and "0 < e"
+ shows "\<P>(x in qbs_l s. e \<le> \<bar>f x - (\<integral>\<^sub>Q x. f x \<partial>s)\<bar>) \<le> (\<integral>\<^sub>Q x. (f x - (\<integral>\<^sub>Q x. f x \<partial>s))\<^sup>2 \<partial>s) / e\<^sup>2"
+ using prob_space.Chebyshev_inequality[OF qbs_l_prob_space[OF assms(1)] _ _ assms(4),of f] assms(2,3)
+ by(simp add: qbs_integral_def2_l qbs_integrable_iff_integrable lr_adjunction_correspondence measurable_qbs_l'[OF qbs_space_monadPM[OF assms(1)]])
+
+lemma qbs_l_return_qbs:
+ assumes "x \<in> qbs_space X"
+ shows "qbs_l (return_qbs X x) = return (qbs_to_measure X) x"
+proof -
+ interpret qp: qbs_prob X "\<lambda>r. x" "return borel 0"
+ by(auto simp: qbs_prob_def prob_space_return assms in_Mx_def real_distribution_def real_distribution_axioms_def)
+ show ?thesis
+ by(simp add: qp.return_qbs[OF assms] distr_return qp.qbs_l)
+qed
+
+lemma qbs_l_bind_qbs:
+ assumes [qbs]: "s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ shows "qbs_l (s \<bind> f) = qbs_l s \<bind>\<^sub>k qbs_l \<circ> f" (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(2) qs.in_Mx]] obtain \<beta> k where
+ hk: "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite Y \<beta> (k r )"
+ by metis
+ then interpret sk: s_finite_kernel borel borel k by simp
+ interpret im: in_Mx Y \<beta> using hk(2) by(simp add: in_Mx_def)
+
+ have "?lhs = distr (\<mu> \<bind>\<^sub>k k) (qbs_to_measure Y) \<beta>"
+ by(simp add: qs.bind_qbs[OF hs(1) assms(2) hk(2,3,1)] qbs_s_finite.qbs_l[OF qs.bind_qbs_s_finite[OF hs(1) assms(2) hk(2,3,1)]])
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>x. distr (k x) (qbs_to_measure Y) \<beta>)"
+ by(auto intro!: sk.distr_bind_kernel simp: qs.mu_sets)
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. qbs_l ((f \<circ> \<alpha>) r))"
+ by(simp add: qbs_s_finite.qbs_l[OF hk(4)] hk(1))
+ also have "... = \<mu> \<bind>\<^sub>k (\<lambda>r. (\<lambda>x. qbs_l (f x)) (\<alpha> r))" by simp
+ also have "... = distr \<mu> (qbs_to_measure X) \<alpha> \<bind>\<^sub>k (\<lambda>x. qbs_l (f x))"
+ using l_preserves_morphisms[of X "monadM_qbs Y"] assms(2)
+ by(auto intro!: measure_kernel.bind_kernel_distr[OF measure_kernel.measure_kernel_comp[OF qbs_l_measure_kernel],symmetric] simp: sets_eq_imp_space_eq[OF qs.mu_sets])
+ also have "... = ?rhs"
+ by(simp add: hs(1) qs.qbs_l comp_def)
+ finally show ?thesis .
+qed
+
+lemma qbs_integrable_return[simp, intro]:
+ assumes "x \<in> qbs_space X" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "qbs_integrable (return_qbs X x) f"
+ using assms by(auto simp: qbs_integrable_iff_integrable qbs_l_return_qbs[OF assms(1)] lr_adjunction_correspondence nn_integral_return space_L intro!: integrableI_bounded)
+
+lemma qbs_integrable_bind_return:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "f \<in> Y \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "qbs_integrable (s \<bind> (\<lambda>x. return_qbs Y (g x))) f = qbs_integrable s (f \<circ> g)" (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+
+ have 1:"return_qbs Y \<circ> (g \<circ> \<alpha>) = (\<lambda>r. \<lbrakk>Y, g \<circ> \<alpha>, return borel r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ by(auto intro!: return_qbs_comp qbs_morphism_Mx[OF assms(3)])
+ have hb: "qbs_s_finite Y (g \<circ> \<alpha>) \<mu>" "s \<bind> (\<lambda>x. return_qbs Y (g x)) = \<lbrakk>Y, g \<circ> \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qbs_s_finite.bind_qbs[OF hs(2,1) qbs_morphism_comp[OF assms(3) return_qbs_morphism] qbs_morphism_Mx[OF assms(3)] prob_kernel.s_finite_kernel_prob_kernel 1[simplified comp_assoc[symmetric]]]
+ qbs_s_finite.bind_qbs_s_finite[OF hs(2,1) qbs_morphism_comp[OF assms(3) return_qbs_morphism] qbs_morphism_Mx[OF assms(3)] prob_kernel.s_finite_kernel_prob_kernel 1[simplified comp_assoc[symmetric]]]
+ by(auto simp: prob_kernel_def' comp_def bind_kernel_return''[OF qs.mu_sets])
+ have "?lhs = integrable \<mu> (f \<circ> (g \<circ> \<alpha>))"
+ by(auto simp: hb(2) intro!: qbs_s_finite.qbs_integrable_iff_integrable[OF hb(1),simplified comp_def] simp: comp_def lr_adjunction_correspondence[symmetric])
+ also have "... = ?rhs"
+ by(auto simp: hs(1) comp_def lr_adjunction_correspondence[symmetric] intro!: qs.qbs_integrable_iff_integrable[symmetric])
+ finally show ?thesis .
+qed
+
+lemma qbs_nn_integral_morphism[qbs]: "qbs_nn_integral \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q qbs_borel"
+proof(rule curry_preserves_morphisms[OF pair_qbs_morphismI])
+ fix \<alpha> \<beta>
+ assume h:"\<alpha> \<in> qbs_Mx (monadM_qbs X)" "\<beta> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q (qbs_borel :: ennreal quasi_borel))"
+ from rep_qbs_Mx_monadM[OF h(1)] obtain a k
+ where ak: "\<alpha> = (\<lambda>r. \<lbrakk>X, a, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "a \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X a (k r)"
+ by metis
+ have 1:"borel_measurable ((borel :: real measure) \<Otimes>\<^sub>M (borel :: real measure)) = qbs_borel \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q (qbs_borel :: ennreal quasi_borel)"
+ by (metis borel_prod qbs_borel_prod standard_borel.standard_borel_r_full_faithful standard_borel_ne_borel standard_borel_ne_def)
+ show "(\<lambda>r. qbs_nn_integral (fst (\<alpha> r, \<beta> r)) (snd (\<alpha> r, \<beta> r))) \<in> qbs_Mx qbs_borel"
+ unfolding qbs_Mx_qbs_borel
+ by(rule measurable_cong[where f="\<lambda>r. \<integral>\<^sup>+ x. \<beta> r (a x) \<partial>k r",THEN iffD1], insert h ak(2))
+ (auto simp: qbs_s_finite.qbs_nn_integral_def[OF ak(4)] qbs_Mx_is_morphisms ak(1) 1 intro!: s_finite_kernel.nn_integral_measurable_f[OF ak(3)])
+qed
+
+lemma qbs_nn_integral_return:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ and "x \<in> qbs_space X"
+ shows "qbs_nn_integral (return_qbs X x) f = f x"
+ using assms by(auto intro!: nn_integral_return simp: qbs_nn_integral_def2_l qbs_l_return_qbs space_L lr_adjunction_correspondence)
+
+lemma qbs_nn_integral_bind:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)"
+ "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y" "g \<in> Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "qbs_nn_integral (s \<bind> f) g = qbs_nn_integral s (\<lambda>y. (qbs_nn_integral (f y) g))" (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(2) qs.in_Mx]] obtain \<beta> k
+ where hk: "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite Y \<beta> (k r)"
+ by metis
+ note sf = qs.bind_qbs[OF hs(1) assms(2) hk(2,3,1)] qs.bind_qbs_s_finite[OF hs(1) assms(2) hk(2,3,1)]
+ have "?lhs = (\<integral>\<^sup>+ x. g (\<beta> x) \<partial>(\<mu> \<bind>\<^sub>k k))"
+ by(simp add: sf(1) qbs_s_finite.qbs_nn_integral_def[OF sf(2)])
+ also have "... = (\<integral>\<^sup>+ r. (\<integral>\<^sup>+ y. g (\<beta> y) \<partial>(k r)) \<partial>\<mu>)"
+ using assms(3) hk(2) by(auto intro!: s_finite_kernel.nn_integral_bind_kernel[OF hk(3)] qs.mu_sets simp: s_finite_kernel_cong_sets[OF qs.mu_sets] lr_adjunction_correspondence)
+ also have "... = ?rhs"
+ using fun_cong[OF hk(1)] by(auto simp: hs(1) qs.qbs_nn_integral_def qbs_s_finite.qbs_nn_integral_def[OF hk(4),symmetric] intro!: nn_integral_cong)
+ finally show ?thesis .
+qed
+
+lemma qbs_nn_integral_bind_return:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs Y)" "f \<in> Z \<rightarrow>\<^sub>Q qbs_borel" "g \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "qbs_nn_integral (s \<bind> (\<lambda>y. return_qbs Z (g y))) f = qbs_nn_integral s (f \<circ> g)"
+ by(auto simp: qbs_nn_integral_bind[OF assms(1) _ assms(2)] qbs_nn_integral_return intro!: qbs_nn_integral_cong[OF assms(1)])
+
+lemma qbs_integral_morphism[qbs]:
+ "qbs_integral \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q (qbs_borel :: ('b :: {second_countable_topology,banach}) quasi_borel)"
+proof(rule curry_preserves_morphisms[OF pair_qbs_morphismI])
+ fix \<alpha> and \<gamma> :: "_ \<Rightarrow> _ \<Rightarrow> 'b"
+ assume h:"\<alpha> \<in> qbs_Mx (monadM_qbs X)" "\<gamma> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q qbs_borel)"
+ from rep_qbs_Mx_monadM[OF this(1)] obtain \<beta> k
+ where hk: "\<alpha> = (\<lambda>r. \<lbrakk>X, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<beta> (k r)"
+ by metis
+ have 1:"borel_measurable ((borel :: real measure) \<Otimes>\<^sub>M (borel :: real measure)) = qbs_borel \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q (qbs_borel :: (_ :: {second_countable_topology,banach}) quasi_borel)"
+ by (metis borel_prod qbs_borel_prod standard_borel.standard_borel_r_full_faithful standard_borel_ne_borel standard_borel_ne_def)
+ show "(\<lambda>r. qbs_integral (fst (\<alpha> r,\<gamma> r)) (snd (\<alpha> r,\<gamma> r))) \<in> qbs_Mx borel\<^sub>Q"
+ unfolding qbs_Mx_R
+ by(rule measurable_cong[where f="\<lambda>r. \<integral> x. \<gamma> r (\<beta> x) \<partial>k r",THEN iffD1], insert h hk(2))
+ (auto simp: qbs_s_finite.qbs_integral_def[OF hk(4)] qbs_Mx_is_morphisms hk(1) 1 intro!: s_finite_kernel.integral_measurable_f[OF hk(3)])
+qed
+
+lemma qbs_integral_return:
+ assumes [qbs]:"f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "x \<in> qbs_space X"
+ shows "qbs_integral (return_qbs X x) f = f x"
+ by(auto simp: qbs_integral_def2_l qbs_l_return_qbs lr_adjunction_correspondence[symmetric] space_L integral_return)
+
+lemma
+ assumes [qbs]: "s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y" "g \<in> Y \<rightarrow>\<^sub>Q qbs_borel"
+ and "qbs_integrable s (\<lambda>x. \<integral>\<^sub>Q y. norm (g y) \<partial>f x)" "AE\<^sub>Q x in s. qbs_integrable (f x) g"
+ shows qbs_integrable_bind: "qbs_integrable (s \<bind> f) g" (is ?goal1)
+ and qbs_integral_bind:"(\<integral>\<^sub>Q y. g y \<partial>(s \<bind> f)) = (\<integral>\<^sub>Q x. \<integral>\<^sub>Q y. g y \<partial>f x \<partial>s)" (is "?lhs = ?rhs")
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite X \<alpha> \<mu> by simp
+ from rep_qbs_Mx_monadM[OF qbs_morphism_Mx[OF assms(2) qs.in_Mx]] obtain \<beta> k
+ where hk: "f \<circ> \<alpha> = (\<lambda>r. \<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<beta> \<in> qbs_Mx Y" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite Y \<beta> (k r)"
+ by metis
+ note sf = qs.bind_qbs[OF hs(1) assms(2) hk(2,3,1)]
+ have g[measurable]: "\<And>h M. h \<in> M \<rightarrow>\<^sub>M qbs_to_measure Y \<Longrightarrow> (\<lambda>x. g (h x)) \<in> M \<rightarrow>\<^sub>M borel"
+ using assms(3) by(auto simp: lr_adjunction_correspondence)
+ interpret qs2: qbs_s_finite Y \<beta> "\<mu> \<bind>\<^sub>k k"
+ by(rule qs.bind_qbs_s_finite[OF hs(1) assms(2) hk(2,3,1)])
+ show ?goal1
+ by(auto simp: sf qs2.qbs_integrable_def intro!: s_finite_kernel.integrable_bind_kernel[OF hk(3) qs.mu_sets])
+ (insert qs.AEq_AE[OF assms(5)[simplified hs(1)],simplified fun_cong[OF hk(1),simplified] qbs_s_finite.qbs_integrable_def[OF hk(4)]] assms(4)[simplified hs(1) qs.qbs_integrable_def fun_cong[OF hk(1),simplified]],auto simp: hs(1) qs.qbs_integrable_def qbs_s_finite.qbs_integral_def[OF hk(4)])
+ have "?lhs = (\<integral>r. g (\<beta> r) \<partial>(\<mu> \<bind>\<^sub>k k))"
+ by(simp add: sf qs2.qbs_integral_def)
+ also have "... = (\<integral>r. (\<integral>l. g (\<beta> l)\<partial>k r) \<partial>\<mu>)"
+ using qs.AEq_AE[OF assms(5)[simplified hs(1)],simplified fun_cong[OF hk(1),simplified] qbs_s_finite.qbs_integrable_def[OF hk(4)]] assms(4)[simplified hs(1) qs.qbs_integrable_def fun_cong[OF hk(1),simplified]]
+ by(auto intro!: s_finite_kernel.integral_bind_kernel[OF hk(3) qs.mu_sets] simp: qbs_s_finite.qbs_integral_def[OF hk(4)])
+ also have "... = (\<integral>r. (\<integral>\<^sub>Q y. g y\<partial>\<lbrakk>Y, \<beta>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<partial>\<mu>)"
+ by(auto intro!: Bochner_Integration.integral_cong simp: qbs_s_finite.qbs_integral_def[OF hk(4)])
+ also have "... = ?rhs"
+ by(auto simp: hs(1) qs.qbs_integral_def fun_cong[OF hk(1),simplified comp_def])
+ finally show "?lhs = ?rhs" .
+qed
+
+lemma qbs_integral_bind_return:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs Y)" "f \<in> Z \<rightarrow>\<^sub>Q qbs_borel" "g \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "qbs_integral (s \<bind> (\<lambda>y. return_qbs Z (g y))) f = qbs_integral s (f \<circ> g)"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>Y, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<alpha> \<mu>" by metis
+ then interpret qs: qbs_s_finite Y \<alpha> \<mu> by simp
+
+ have hb: "qbs_s_finite Z (g \<circ> \<alpha>) \<mu>" "s \<bind> (\<lambda>y. return_qbs Z (g y)) = \<lbrakk>Z, g \<circ> \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ using qs.bind_qbs_s_finite[OF hs(1) _ qbs_morphism_Mx[OF assms(3) qs.in_Mx] prob_kernel.s_finite_kernel_prob_kernel return_qbs_comp[OF qbs_morphism_Mx[OF assms(3) qs.in_Mx],simplified comp_assoc[symmetric] comp_def[of _ g]],simplified prob_kernel_def']
+ by(auto simp: qs.bind_qbs[OF hs(1) _ qbs_morphism_Mx[OF assms(3) qs.in_Mx] prob_kernel.s_finite_kernel_prob_kernel return_qbs_comp[OF qbs_morphism_Mx[OF assms(3) qs.in_Mx],simplified comp_assoc[symmetric] comp_def[of _ g]],simplified prob_kernel_def'] bind_kernel_return''[OF qs.mu_sets])
+ show ?thesis
+ by(simp add: hb(2) qbs_s_finite.qbs_integral_def[OF hb(1)] qs.qbs_integral_def[simplified hs(1)[symmetric]])
+qed
+
+subsubsection \<open> Binary Product Measures\<close>
+definition qbs_pair_measure :: "['a qbs_measure, 'b qbs_measure] \<Rightarrow> ('a \<times> 'b) qbs_measure" (infix "\<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s" 80) where
+qbs_pair_measure_def':"qbs_pair_measure p q \<equiv> (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (qbs_space_of p \<Otimes>\<^sub>Q qbs_space_of q) (x, y))))"
+
+
+context pair_qbs_s_finites
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+lemma
+ shows qbs_pair_measure: "\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = \<lbrakk>X \<Otimes>\<^sub>Q Y, map_prod \<alpha> \<beta> \<circ> rr.from_real, distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and qbs_pair_measure_s_finite: "qbs_s_finite (X \<Otimes>\<^sub>Q Y) (map_prod \<alpha> \<beta> \<circ> rr.from_real) (distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel rr.to_real)"
+ by(simp_all add: qbs_pair_measure_def' pq1.qbs_l pq2.qbs_l qbs_bind_bind_return_pq qbs_s_finite_axioms)
+
+lemma qbs_l_qbs_pair_measure:
+ "qbs_l (\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) = distr (\<mu> \<Otimes>\<^sub>M \<nu>) (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (map_prod \<alpha> \<beta>)"
+ by(simp add: qbs_pair_measure qbs_s_finite.qbs_l[OF qbs_pair_measure_s_finite] distr_distr comp_assoc)
+
+lemma qbs_nn_integral_pair_measure:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q z. f z \<partial>(\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)) = (\<integral>\<^sup>+ z. (f \<circ> map_prod \<alpha> \<beta>) z \<partial>(\<mu> \<Otimes>\<^sub>M \<nu>))"
+ using assms by(simp add: qbs_nn_integral_def2 qbs_pair_measure distr_distr comp_assoc nn_integral_distr lr_adjunction_correspondence)
+
+lemma qbs_integral_pair_measure:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sub>Q z. f z \<partial>(\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)) = (\<integral> z. (f \<circ> map_prod \<alpha> \<beta>) z \<partial>(\<mu> \<Otimes>\<^sub>M \<nu>))"
+ using assms by(simp add: qbs_integral_def2 qbs_pair_measure distr_distr comp_assoc integral_distr lr_adjunction_correspondence)
+
+lemma qbs_pair_measure_integrable_eq:
+ "qbs_integrable (\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) f \<longleftrightarrow> f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel \<and> integrable (\<mu> \<Otimes>\<^sub>M \<nu>) (f \<circ> (map_prod \<alpha> \<beta>))" (is "?h \<longleftrightarrow> ?h1 \<and> ?h2")
+proof safe
+ assume h: ?h
+ show ?h1
+ by(auto intro!: qbs_integrable_morphism_dest[OF _ h] simp: qbs_pair_measure_def')
+ have 1:"integrable (distr (\<mu> \<Otimes>\<^sub>M \<nu>) borel (to_real_on (borel \<Otimes>\<^sub>M borel))) (f \<circ> (map_prod \<alpha> \<beta> \<circ> from_real_into (borel \<Otimes>\<^sub>M borel)))"
+ using h[simplified qbs_pair_measure] by(simp add: qbs_integrable_def[of f] comp_def[of f])
+ have "integrable (\<mu> \<Otimes>\<^sub>M \<nu>) (\<lambda>x. (f \<circ> (map_prod \<alpha> \<beta> \<circ> from_real_into (borel \<Otimes>\<^sub>M borel))) (to_real_on (borel \<Otimes>\<^sub>M borel) x))"
+ by(intro integrable_distr[OF _ 1]) simp
+ thus ?h2
+ by(simp add: comp_def)
+next
+ assume h: ?h1 ?h2
+ then show ?h
+ by(simp add: qbs_pair_measure qbs_integrable_def) (simp add: lr_adjunction_correspondence integrable_distr_eq[of rr.to_real "\<mu> \<Otimes>\<^sub>M \<nu>" borel "\<lambda>x. f (map_prod \<alpha> \<beta> (rr.from_real x))"] comp_def)
+qed
+
+end
+
+lemmas(in pair_qbs_probs) qbs_pair_measure_prob = qbs_prob_axioms
+
+context
+ fixes X Y p q
+ assumes p[qbs]:"p \<in> qbs_space (monadM_qbs X)" and q[qbs]:"q \<in> qbs_space (monadM_qbs Y)"
+begin
+
+lemma qbs_pair_measure_def: "p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q = p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))"
+ by(simp add: qbs_space_of_in[OF p] qbs_space_of_in[OF q] qbs_pair_measure_def')
+
+lemma qbs_pair_measure_def2: "p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q = q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))"
+ by(simp add: bind_qbs_return_rotate qbs_pair_measure_def)
+
+lemma
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q monadM_qbs Z"
+ shows qbs_pair_bind_bind_return1':"q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f (x,y))) = p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q \<bind> f"
+ and qbs_pair_bind_bind_return2':"p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f (x,y))) = p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q \<bind> f"
+ by(simp_all add: qbs_bind_bind_return1[OF assms] qbs_bind_bind_return2[OF assms] bind_qbs_return_rotate qbs_pair_measure_def)
+
+lemma
+ assumes [qbs]:"f \<in> X \<rightarrow>\<^sub>Q exp_qbs Y (monadM_qbs Z)"
+ shows qbs_pair_bind_bind_return1'': "q \<bind> (\<lambda>y. p \<bind> (\<lambda>x. f x y)) = p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q \<bind> (\<lambda>x. f (fst x) (snd x))"
+ and qbs_pair_bind_bind_return2'': "p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. f x y)) = p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q \<bind> (\<lambda>x. f (fst x) (snd x))"
+ by(auto intro!: qbs_pair_bind_bind_return1'[where f="\<lambda>x. f (fst x) (snd x)",simplified] qbs_pair_bind_bind_return2'[where f="\<lambda>x. f (fst x) (snd x)",simplified] uncurry_preserves_morphisms) qbs
+
+lemma qbs_nn_integral_Fubini_fst:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. \<integral>\<^sup>+\<^sub>Q y. f (x,y) \<partial>q \<partial>p) = (\<integral>\<^sup>+\<^sub>Q z. f z \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))"
+ (is "?lhs = ?rhs")
+proof -
+ have "?lhs = (\<integral>\<^sup>+\<^sub>Q x. \<integral>\<^sup>+\<^sub>Q y. qbs_nn_integral (return_qbs (X \<Otimes>\<^sub>Q Y) (x, y)) f \<partial>q \<partial>p)"
+ by(auto intro!: qbs_nn_integral_cong p q simp: qbs_nn_integral_return)
+ also have "... = ?rhs"
+ by(auto intro!: qbs_nn_integral_cong[OF p] simp:qbs_nn_integral_bind[OF q _ assms] qbs_nn_integral_bind[OF p _ assms] qbs_pair_measure_def)
+ finally show ?thesis .
+qed
+
+lemma qbs_nn_integral_Fubini_snd:
+ assumes [qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q y. \<integral>\<^sup>+\<^sub>Q x. f (x,y) \<partial>p \<partial>q) = (\<integral>\<^sup>+\<^sub>Q z. f z \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = (\<integral>\<^sup>+\<^sub>Q y. \<integral>\<^sup>+\<^sub>Q x. qbs_nn_integral (return_qbs (X \<Otimes>\<^sub>Q Y) (x, y)) f \<partial>p \<partial>q)"
+ by(auto intro!: qbs_nn_integral_cong p q simp: qbs_nn_integral_return)
+ also have "... = ?rhs"
+ by(auto intro!: qbs_nn_integral_cong[OF q] simp:qbs_nn_integral_bind[OF q _ assms] qbs_nn_integral_bind[OF p _ assms] qbs_pair_measure_def2)
+ finally show ?thesis .
+qed
+
+lemma qbs_ennintegral_indep_mult:
+ assumes [qbs]: "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q z. f (fst z) * g (snd z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>p) * (\<integral>\<^sup>+\<^sub>Q y. g y \<partial>q)" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = (\<integral>\<^sup>+\<^sub>Q x. \<integral>\<^sup>+\<^sub>Q y .f x * g y \<partial>q \<partial>p)"
+ using qbs_nn_integral_Fubini_fst[where f="\<lambda>z. f (fst z) * g (snd z)"] by simp
+ also have "... = (\<integral>\<^sup>+\<^sub>Q x. f x * \<integral>\<^sup>+\<^sub>Q y . g y \<partial>q \<partial>p)"
+ by(simp add: qbs_nn_integral_cmult[OF q])
+ also have "... = ?rhs"
+ by(simp add: qbs_nn_integral_cmult[OF p] ab_semigroup_mult_class.mult.commute[where b="qbs_nn_integral q g"])
+ finally show ?thesis .
+qed
+
+end
+
+lemma qbs_l_qbs_pair_measure:
+ assumes "standard_borel M" "standard_borel N"
+ defines "X \<equiv> measure_to_qbs M" and "Y \<equiv> measure_to_qbs N"
+ assumes [qbs]: "p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs Y)"
+ shows "qbs_l (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) = qbs_l p \<Otimes>\<^sub>M qbs_l q"
+proof -
+ obtain \<alpha> \<mu> \<beta> \<nu>
+ where hp: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ and hq: "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<beta> \<nu>"
+ using rep_qbs_space_monadM assms(5,6) by meson
+ have 1:"sets (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) = sets (M \<Otimes>\<^sub>M N)"
+ by(auto simp: r_preserves_product[symmetric] X_def Y_def intro!: standard_borel.lr_sets_ident pair_standard_borel assms)
+ have "qbs_l (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) = qbs_l p \<bind>\<^sub>k qbs_l \<circ> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x,y)))"
+ by(auto simp: qbs_pair_measure_def[of p X q Y] intro!: qbs_l_bind_qbs[of _ X _ "X \<Otimes>\<^sub>Q Y"])
+ also have "... = qbs_l p \<bind>\<^sub>k (\<lambda>x. qbs_l (q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x, y))))"
+ by(simp add: comp_def)
+ also have "... = qbs_l p \<bind>\<^sub>k (\<lambda>x. qbs_l q \<bind>\<^sub>k qbs_l \<circ> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x, y)))"
+ by(auto intro!: bind_kernel_cong_All qbs_l_bind_qbs[of _ "Y" _ "X \<Otimes>\<^sub>Q Y"] simp: space_qbs_l_in[OF assms(5)])
+ also have "... = qbs_l p \<bind>\<^sub>k (\<lambda>x. qbs_l q \<bind>\<^sub>k (\<lambda>y. return (qbs_to_measure (X \<Otimes>\<^sub>Q Y)) (x, y)))"
+ by(auto simp: comp_def space_qbs_l_in[OF assms(6)] space_qbs_l_in[OF assms(5)] qbs_l_return_qbs intro!: bind_kernel_cong_All)
+ also have "... = qbs_l p \<bind>\<^sub>k (\<lambda>x. qbs_l q \<bind>\<^sub>k (\<lambda>y. return (M \<Otimes>\<^sub>M N) (x, y)))"
+ by(simp add: return_cong[OF 1])
+ also have "... = qbs_l p \<bind>\<^sub>k (\<lambda>x. qbs_l q \<bind>\<^sub>k (\<lambda>y. return (qbs_l p \<Otimes>\<^sub>M qbs_l q) (x, y)))"
+ by(auto cong: return_cong sets_pair_measure_cong simp: sets_qbs_l[OF assms(5)] standard_borel.lr_sets_ident[OF assms(1)] sets_qbs_l[OF assms(6)] standard_borel.lr_sets_ident[OF assms(2)] X_def Y_def)
+ also have "... = qbs_l p \<Otimes>\<^sub>M qbs_l q"
+ by(auto intro!: pair_measure_eq_bind_s_finite[symmetric] qbs_l_s_finite.s_finite_measure_axioms)
+ finally show ?thesis .
+qed
+
+lemma qbs_pair_measure_morphism[qbs]: "qbs_pair_measure \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs Y \<Rightarrow>\<^sub>Q monadM_qbs (X \<Otimes>\<^sub>Q Y)"
+ by(rule curry_preserves_morphisms,rule qbs_morphism_cong'[where f="(\<lambda>(p,q). (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x, y)))))"]) (auto simp: pair_qbs_space qbs_pair_measure_def)
+
+lemma qbs_pair_measure_morphismP:
+ "qbs_pair_measure \<in> monadP_qbs X \<rightarrow>\<^sub>Q monadP_qbs Y \<Rightarrow>\<^sub>Q monadP_qbs (X \<Otimes>\<^sub>Q Y)"
+proof -
+ note [qbs] = return_qbs_morphismP bind_qbs_morphismP
+ show ?thesis
+ by(rule curry_preserves_morphisms,rule qbs_morphism_cong'[where f="(\<lambda>(p,q). (p \<bind> (\<lambda>x. q \<bind> (\<lambda>y. return_qbs (X \<Otimes>\<^sub>Q Y) (x, y)))))"]) (auto simp: pair_qbs_space qbs_pair_measure_def[OF qbs_space_monadPM qbs_space_monadPM])
+qed
+
+lemma qbs_nn_integral_indep1:
+ assumes [qbs]:"p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadP_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q z. f (fst z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sup>+\<^sub>Q x. f x \<partial>p)"
+proof -
+ obtain Y \<beta> \<nu> where hq:
+ "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob Y \<beta> \<nu>"
+ using rep_qbs_space_monadP[OF assms(2)] by blast
+ then interpret qbs_prob Y \<beta> \<nu> by simp
+ show ?thesis
+ by(simp add: qbs_nn_integral_const_prob[OF in_space_monadP] qbs_nn_integral_Fubini_snd[OF assms(1) in_space_monadM,symmetric] hq(1))
+qed
+
+lemma qbs_nn_integral_indep2:
+ assumes [qbs]:"q \<in> qbs_space (monadM_qbs Y)" "p \<in> qbs_space (monadP_qbs X)" "f \<in> Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q z. f (snd z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sup>+\<^sub>Q y. f y \<partial>q)"
+proof -
+ obtain X \<alpha> \<mu> where hp:
+ "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob X \<alpha> \<mu>"
+ using rep_qbs_space_monadP[OF assms(2)] by metis
+ then interpret qbs_prob X \<alpha> \<mu> by simp
+ show ?thesis
+ by(simp add: qbs_nn_integral_const_prob[OF in_space_monadP] qbs_nn_integral_Fubini_snd[OF in_space_monadM assms(1),symmetric] hp(1))
+qed
+
+
+context
+begin
+
+interpretation rr : standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(auto intro!: pair_standard_borel_ne)
+
+lemma qbs_integrable_pair_swap:
+ assumes "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) f"
+ shows "qbs_integrable (q \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p) (\<lambda>(x,y). f (y,x))"
+proof -
+ obtain X \<alpha> \<mu> Y \<beta> \<nu>
+ where hp: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ and hq: "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<beta> \<nu>"
+ using rep_qbs_s_finite_measure by meson
+ interpret p1: pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ by(simp add: pair_qbs_s_finites_def hq hp)
+ interpret p2: pair_qbs_s_finites Y \<beta> \<nu> X \<alpha> \<mu>
+ by(simp add: pair_qbs_s_finites_def hq hp)
+ show ?thesis
+ using assms by(auto simp: hp(1) hq(1) p1.qbs_pair_measure p2.qbs_pair_measure p1.qbs_integrable_def p2.qbs_integrable_def)
+ (auto simp add: integrable_distr_eq lr_adjunction_correspondence qbs_Mx_is_morphisms map_prod_def split_beta' intro!:integrable_product_swap_iff_s_finite[OF p1.pq2.s_finite_measure_axioms p1.pq1.s_finite_measure_axioms,THEN iffD1])
+qed
+
+lemma qbs_integrable_pair1':
+ assumes [qbs]:"p \<in> qbs_space (monadM_qbs X)"
+ "q \<in> qbs_space (monadM_qbs Y)"
+ "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ "qbs_integrable p (\<lambda>x. \<integral>\<^sub>Q y. norm (f (x,y)) \<partial>q)"
+ and "AE\<^sub>Q x in p. qbs_integrable q (\<lambda>y. f (x,y))"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) f"
+proof -
+ obtain \<alpha> \<mu> \<beta> \<nu>
+ where hp: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ and hq: "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<beta> \<nu>"
+ using rep_qbs_space_monadM assms(1,2) by meson
+ then interpret pqs: pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ by(simp add: pair_qbs_s_finites_def)
+ have [measurable]: "f \<in> borel_measurable (qbs_to_measure (X \<Otimes>\<^sub>Q Y))"
+ by(simp add: lr_adjunction_correspondence[symmetric])
+ show ?thesis
+ using assms(4) pqs.pq1.AEq_AE[OF assms(5)[simplified hp(1)]]
+ by(auto simp add: pqs.qbs_integrable_def pqs.qbs_pair_measure hp(1) hq(1) integrable_distr_eq pqs.pq2.qbs_integrable_def pqs.pq1.qbs_integrable_def pqs.pq2.qbs_integral_def intro!: s_finite_measure.Fubini_integrable' pqs.pq2.s_finite_measure_axioms)
+qed
+
+lemma
+ assumes "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) f"
+ shows qbs_integrable_pair1D1': "qbs_integrable p (\<lambda>x. \<integral>\<^sub>Q y. f (x,y) \<partial>q)" (is ?g1)
+ and qbs_integrable_pair1D1_norm': "qbs_integrable p (\<lambda>x. \<integral>\<^sub>Q y. norm (f (x,y)) \<partial>q)" (is ?g2)
+ and qbs_integrable_pair1D2': "AE\<^sub>Q x in p. qbs_integrable q (\<lambda>y. f (x,y))" (is ?g3)
+ and qbs_integrable_pair2D1': "qbs_integrable q (\<lambda>y. \<integral>\<^sub>Q x. f (x,y) \<partial>p)" (is ?g4)
+ and qbs_integrable_pair2D1_norm': "qbs_integrable q (\<lambda>y. \<integral>\<^sub>Q x. norm (f (x,y)) \<partial>p)" (is ?g5)
+ and qbs_integrable_pair2D2': "AE\<^sub>Q y in q. qbs_integrable p (\<lambda>x. f (x,y))" (is ?g6)
+ and qbs_integral_Fubini_fst': "(\<integral>\<^sub>Q x. \<integral>\<^sub>Q y. f (x,y) \<partial>q \<partial>p) = (\<integral>\<^sub>Q z. f z \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))" (is ?g7)
+ and qbs_integral_Fubini_snd': "(\<integral>\<^sub>Q y. \<integral>\<^sub>Q x. f (x,y) \<partial>p \<partial>q) = (\<integral>\<^sub>Q z. f z \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))" (is ?g8)
+proof -
+ obtain X \<alpha> \<mu> Y \<beta> \<nu>
+ where hp: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ and hq: "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<beta> \<nu>"
+ by (meson rep_qbs_space_of)
+ then interpret pqs: pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ by(simp add: pair_qbs_s_finites_def)
+ have [qbs]:"p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs Y)"
+ by(simp_all add: hp hq)
+ note qbs_pair_measure_morphism[qbs]
+ have f[qbs]:"f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ by(auto intro!: qbs_integrable_morphism_dest[OF _ assms])
+ have [measurable]: "f \<in> borel_measurable (qbs_to_measure (X \<Otimes>\<^sub>Q Y))"
+ by(simp add: lr_adjunction_correspondence[symmetric])
+ show ?g1 ?g2 ?g4 ?g5
+ using assms
+ by(auto simp: hp(1) hq(1) pqs.qbs_integrable_def pqs.qbs_pair_measure integrable_distr_eq pqs.pq1.qbs_integrable_def pqs.pq2.qbs_integrable_def pqs.pq2.qbs_integral_def pqs.pq1.qbs_integral_def intro!: Bochner_Integration.integrable_cong[where g="\<lambda>r. \<integral>\<^sub>Q y. f (\<alpha> r, y) \<partial>\<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" and f="\<lambda>x. \<integral> y. f (\<alpha> x, \<beta> y) \<partial>\<nu>" and N0=\<mu>,THEN iffD1] Bochner_Integration.integrable_cong[where g="\<lambda>r. \<integral>\<^sub>Q x. f (x, \<beta> r) \<partial>\<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" and f="\<lambda>y. \<integral> x. f (\<alpha> x, \<beta> y) \<partial>\<mu>" and N0=\<nu>,THEN iffD1])
+ (auto intro!: pqs.pq2.integrable_fst''[of \<mu>] integrable_snd_s_finite[OF pqs.pq1.s_finite_measure_axioms pqs.pq2.s_finite_measure_axioms] simp: map_prod_def split_beta')
+ show ?g3 ?g6
+ using assms
+ by(auto simp: hp(1) pqs.pq1.AEq_AE_iff hq(1) pqs.pq2.AEq_AE_iff pqs.qbs_integrable_def pqs.qbs_pair_measure integrable_distr_eq)
+ (auto simp: pqs.pq1.qbs_integrable_def pqs.pq2.qbs_integrable_def map_prod_def split_beta' intro!: pqs.pq2.AE_integrable_fst'' AE_integrable_snd_s_finite[OF pqs.pq1.s_finite_measure_axioms pqs.pq2.s_finite_measure_axioms])
+ show ?g7 ?g8
+ using assms
+ by(auto simp: hp(1) hq(1) pqs.qbs_integrable_def pqs.qbs_pair_measure pqs.qbs_integral_def pqs.pq1.qbs_integral_def pqs.pq2.qbs_integral_def integral_distr integrable_distr_eq)
+ (auto simp: map_prod_def split_beta' intro!: pqs.pq2.integral_fst'''[of \<mu> "\<lambda>x. f (\<alpha> (fst x),\<beta> (snd x))",simplified] integral_snd_s_finite[OF pqs.pq1.s_finite_measure_axioms pqs.pq2.s_finite_measure_axioms,of "\<lambda>x y. f (\<alpha> x, \<beta> y)",simplified split_beta'])
+qed
+
+end
+
+lemma
+ assumes h:"qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (case_prod f)"
+ shows qbs_integrable_pair1D1: "qbs_integrable p (\<lambda>x. \<integral>\<^sub>Q y. f x y \<partial>q)"
+ and qbs_integrable_pair1D1_norm: "qbs_integrable p (\<lambda>x. \<integral>\<^sub>Q y. norm (f x y) \<partial>q)"
+ and qbs_integrable_pair1D2: "AE\<^sub>Q x in p. qbs_integrable q (\<lambda>y. f x y)"
+ and qbs_integrable_pair2D1: "qbs_integrable q (\<lambda>y. \<integral>\<^sub>Q x. f x y \<partial>p)"
+ and qbs_integrable_pair2D1_norm: "qbs_integrable q (\<lambda>y. \<integral>\<^sub>Q x. norm (f x y) \<partial>p)"
+ and qbs_integrable_pair2D2: "AE\<^sub>Q y in q. qbs_integrable p (\<lambda>x. f x y)"
+ and qbs_integral_Fubini_fst: "(\<integral>\<^sub>Q x. \<integral>\<^sub>Q y. f x y \<partial>q \<partial>p) = (\<integral>\<^sub>Q (x,y). f x y \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))" (is ?g7)
+ and qbs_integral_Fubini_snd: "(\<integral>\<^sub>Q y. \<integral>\<^sub>Q x. f x y \<partial>p \<partial>q) = (\<integral>\<^sub>Q (x,y). f x y \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q))" (is ?g8)
+ using qbs_integrable_pair1D1'[OF h] qbs_integrable_pair1D1_norm'[OF h] qbs_integrable_pair1D2'[OF h] qbs_integral_Fubini_fst'[OF h]
+ qbs_integrable_pair2D1'[OF h] qbs_integrable_pair2D1_norm'[OF h] qbs_integrable_pair2D2'[OF h] qbs_integral_Fubini_snd'[OF h]
+ by simp_all
+
+lemma qbs_integrable_pair2':
+ assumes "p \<in> qbs_space (monadM_qbs X)"
+ "q \<in> qbs_space (monadM_qbs Y)"
+ "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q qbs_borel"
+ "qbs_integrable q (\<lambda>y. \<integral>\<^sub>Q x. norm (f (x,y)) \<partial>p)"
+ and "AE\<^sub>Q y in q. qbs_integrable p (\<lambda>x. f (x,y))"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) f"
+ using qbs_integrable_pair_swap[OF qbs_integrable_pair1'[OF assms(2,1) qbs_morphism_pair_swap[OF assms(3)],simplified],OF assms(4,5)]
+ by simp
+
+lemma qbs_integrable_indep_mult:
+ fixes f :: "_ \<Rightarrow> _::{real_normed_div_algebra,second_countable_topology}"
+ assumes "qbs_integrable p f" "qbs_integrable q g"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>x. f (fst x) * g (snd x))"
+proof -
+ obtain X \<alpha> \<mu> Y \<beta> \<nu>
+ where hp: "p = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ and hq: "q = \<lbrakk>Y, \<beta>, \<nu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite Y \<beta> \<nu>"
+ by (meson rep_qbs_space_of)
+ then interpret pqs: pair_qbs_s_finites X \<alpha> \<mu> Y \<beta> \<nu>
+ by(simp add: pair_qbs_s_finites_def)
+ have [qbs]:"f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> Y \<rightarrow>\<^sub>Q qbs_borel" "p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs Y)"
+ by(auto intro!: qbs_integrable_morphism_dest assms simp:hp hq)
+ show ?thesis
+ by(auto intro!: qbs_integrable_pair1'[of _ X _ Y] qbs_integrable_mult_left qbs_integrable_norm assms(1) AEq_I2[of _ X] simp: norm_mult qbs_integrable_mult_right[OF assms(2)])
+qed
+
+lemma qbs_integrable_indep1:
+ fixes f :: "_ \<Rightarrow> _::{real_normed_div_algebra,second_countable_topology}"
+ assumes "qbs_integrable p f" "q \<in> qbs_space (monadP_qbs Y)"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>x. f (fst x))"
+ using qbs_integrable_indep_mult[OF assms(1) qbs_integrable_const[OF assms(2),of 1]] by simp
+
+lemma qbs_integral_indep1:
+ fixes f :: "_ \<Rightarrow> _::{real_normed_div_algebra,second_countable_topology}"
+ assumes "qbs_integrable p f" "q \<in> qbs_space (monadP_qbs Y)"
+ shows "(\<integral>\<^sub>Q z. f (fst z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sub>Q x. f x \<partial>p)"
+ using qbs_integral_Fubini_snd'[OF qbs_integrable_indep1[OF assms]]
+ by(simp add: qbs_integral_const_prob[OF assms(2)])
+
+lemma qbs_integrable_indep2:
+ fixes g :: "_ \<Rightarrow> _::{real_normed_div_algebra,second_countable_topology}"
+ assumes "qbs_integrable q g" "p \<in> qbs_space (monadP_qbs X)"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>x. g (snd x))"
+ using qbs_integrable_pair_swap[OF qbs_integrable_indep1[OF assms]]
+ by(simp add: split_beta')
+
+lemma qbs_integral_indep2:
+ fixes g :: "_ \<Rightarrow> _::{real_normed_div_algebra,second_countable_topology}"
+ assumes "qbs_integrable q g" "p \<in> qbs_space (monadP_qbs X)"
+ shows "(\<integral>\<^sub>Q z. g (snd z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sub>Q y. g y \<partial>q)"
+ using qbs_integral_Fubini_fst'[OF qbs_integrable_indep2[OF assms]]
+ by(simp add: qbs_integral_const_prob[OF assms(2)])
+
+lemma qbs_integral_indep_mult1:
+ fixes f and g:: "_ \<Rightarrow> _::{real_normed_field,second_countable_topology}"
+ assumes "p \<in> qbs_space (monadP_qbs X)" "q \<in> qbs_space (monadP_qbs Y)"
+ and "qbs_integrable p f" "qbs_integrable q g"
+ shows "(\<integral>\<^sub>Q z. f (fst z) * g (snd z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sub>Q x. f x \<partial>p) * (\<integral>\<^sub>Q y. g y \<partial>q)"
+ using qbs_integral_Fubini_fst'[OF qbs_integrable_indep_mult[OF assms(3,4)]]
+ by simp
+
+lemma qbs_integral_indep_mult2:
+ fixes f and g:: "_ \<Rightarrow> _::{real_normed_field,second_countable_topology}"
+ assumes "p \<in> qbs_space (monadP_qbs X)" "q \<in> qbs_space (monadP_qbs Y)"
+ and "qbs_integrable p f" "qbs_integrable q g"
+ shows "(\<integral>\<^sub>Q z. g (snd z) * f (fst z) \<partial>(p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q)) = (\<integral>\<^sub>Q y. g y \<partial>q) * (\<integral>\<^sub>Q x. f x \<partial>p)"
+ using qbs_integral_indep_mult1[OF assms] by(simp add: mult.commute)
+
+subsubsection \<open> The Inverse Function of $l$\<close>
+definition qbs_l_inverse :: "'a measure \<Rightarrow> 'a qbs_measure" where
+ "qbs_l_inverse M \<equiv> \<lbrakk>measure_to_qbs M, from_real_into M, distr M borel (to_real_on M)\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+
+context standard_borel_ne
+begin
+
+lemma qbs_l_inverse_def2:
+ assumes [measurable_cong]: "sets \<mu> = sets M"
+ and "s_finite_measure \<mu>"
+ shows "qbs_l_inverse \<mu> = \<lbrakk>measure_to_qbs M, from_real, distr \<mu> borel to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+proof -
+ interpret s: standard_borel_ne \<mu>
+ using assms standard_borel_ne_axioms standard_borel_ne_sets by blast
+ have [measurable]: "s.from_real \<in> borel \<rightarrow>\<^sub>M M"
+ using assms(1) measurable_cong_sets s.from_real_measurable by blast
+ show ?thesis
+ by(auto simp: distr_distr qbs_l_inverse_def qbs_s_finite_eq_def qbs_s_finite_def in_Mx_def qbs_Mx_R qbs_s_finite_axioms_def intro!: qbs_s_finite_measure_eq s_finite_measure.s_finite_measure_distr assms cong: measure_to_qbs_cong_sets[OF assms(1)]) (auto intro!: distr_cong simp: sets_eq_imp_space_eq[OF assms(1)])
+qed
+
+lemma
+ assumes [measurable_cong]:"sets \<mu> = sets M"
+ shows qbs_l_inverse_s_finite: "s_finite_measure \<mu> \<Longrightarrow> qbs_s_finite (measure_to_qbs M) from_real (distr \<mu> borel to_real)"
+ and qbs_l_inverse_qbs_prob: "prob_space \<mu> \<Longrightarrow> qbs_prob (measure_to_qbs M) from_real (distr \<mu> borel to_real)"
+ by(auto simp: qbs_s_finite_def qbs_prob_def in_Mx_def qbs_s_finite_axioms_def real_distribution_def real_distribution_axioms_def qbs_Mx_R intro!: s_finite_measure.s_finite_measure_distr prob_space.prob_space_distr)
+
+corollary
+ assumes [measurable_cong]:"sets \<mu> = sets M"
+ shows qbs_l_inverse_in_space_monadM: "s_finite_measure \<mu> \<Longrightarrow> qbs_l_inverse \<mu> \<in> qbs_space (monadM_qbs M)"
+ and qbs_l_inverse_in_space_monadP: "prob_space \<mu> \<Longrightarrow> qbs_l_inverse \<mu> \<in> qbs_space (monadP_qbs M)"
+ by(auto simp: qbs_l_inverse_def2[OF assms(1)] qbs_l_inverse_def2[OF assms(1) prob_space.s_finite_measure_prob] assms intro!: qbs_s_finite.in_space_monadM[OF qbs_l_inverse_s_finite] qbs_prob.in_space_monadP[OF qbs_l_inverse_qbs_prob])
+
+lemma qbs_l_qbs_l_inverse:
+ assumes [measurable_cong]: "sets \<mu> = sets M" "s_finite_measure \<mu>"
+ shows "qbs_l (qbs_l_inverse \<mu>) = \<mu>"
+proof -
+ interpret qbs_s_finite "measure_to_qbs M" from_real "distr \<mu> borel to_real"
+ by(auto intro!: qbs_l_inverse_s_finite assms)
+ show ?thesis
+ using distr_id'[OF assms(1),simplified sets_eq_imp_space_eq[OF assms(1)]]
+ by(auto simp: qbs_l qbs_l_inverse_def2[OF assms] distr_distr cong: distr_cong)
+qed
+
+corollary qbs_l_qbs_l_inverse_prob:
+ "sets \<mu> = sets M \<Longrightarrow> prob_space \<mu> \<Longrightarrow> qbs_l (qbs_l_inverse \<mu>) = \<mu>"
+ by(auto intro!: qbs_l_qbs_l_inverse prob_space.s_finite_measure_prob)
+
+lemma qbs_l_inverse_qbs_l:
+ assumes "s \<in> qbs_space (monadM_qbs (measure_to_qbs M))"
+ shows "qbs_l_inverse (qbs_l s) = s"
+proof -
+ from rep_qbs_space_monadM[OF assms] obtain \<alpha> \<mu> where h:
+ "s = \<lbrakk>measure_to_qbs M, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite (measure_to_qbs M) \<alpha> \<mu>"
+ by metis
+ then interpret qs:qbs_s_finite "measure_to_qbs M" \<alpha> \<mu> by simp
+ have [simp]: "distr \<mu> (qbs_to_measure (measure_to_qbs M)) \<alpha> = distr \<mu> M \<alpha>"
+ by(simp cong: distr_cong)
+ interpret s: standard_borel_ne "distr \<mu> M \<alpha>"
+ by(rule standard_borel_ne_sets[of M]) (auto simp: standard_borel_ne_axioms)
+ have [measurable]: "s.from_real \<in> borel \<rightarrow>\<^sub>M M" "\<alpha> \<in> \<mu> \<rightarrow>\<^sub>M M"
+ using qs.\<alpha>_measurable[simplified measurable_cong_sets[OF refl lr_sets_ident]]
+ by(auto simp: s.from_real_measurable[simplified measurable_cong_sets[OF refl sets_distr]])
+ interpret pqs:pair_qbs_s_finite "measure_to_qbs M" s.from_real "distr \<mu> borel (s.to_real \<circ> \<alpha>)" \<alpha> \<mu>
+ by(auto simp: pair_qbs_s_finite_def h) (auto simp: qbs_s_finite_def in_Mx_def qs.s_finite_measure_axioms qbs_s_finite_axioms_def qbs_Mx_R intro!: s_finite_measure.s_finite_measure_distr)
+ show ?thesis
+ by(auto simp add: h(1) qs.qbs_l qbs_l_inverse_def distr_distr cong: measure_to_qbs_cong_sets intro!: pqs.qbs_s_finite_measure_eq)
+ (insert qbs_Mx_to_X[of _ "measure_to_qbs M"], auto simp: comp_def qbs_space_R)
+qed
+
+corollary qbs_l_inverse_qbs_l_prob:
+ assumes "s \<in> qbs_space (monadP_qbs (measure_to_qbs M))"
+ shows "qbs_l_inverse (qbs_l s) = s"
+ by(auto intro!: qbs_l_inverse_qbs_l qbs_space_monadPM assms)
+
+lemma s_finite_kernel_qbs_morphism:
+ assumes "s_finite_kernel N M k"
+ shows "(\<lambda>x. qbs_l_inverse (k x)) \<in> measure_to_qbs N \<rightarrow>\<^sub>Q monadM_qbs (measure_to_qbs M)"
+proof -
+ interpret sfin: s_finite_kernel N M k by fact
+ have "\<lbrakk>measure_to_qbs M, from_real, distr (k x) borel to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n = qbs_l_inverse (k x)" if x:"x \<in> space N" for x
+ proof -
+ note sfin.kernel_sets[OF x,simp, measurable_cong]
+ then interpret skx: standard_borel_ne "k x"
+ using standard_borel_ne_axioms standard_borel_ne_sets by blast
+ interpret pqs: pair_qbs_s_finite "measure_to_qbs M" from_real "distr (k x) borel to_real" skx.from_real "distr (k x) borel skx.to_real"
+ using skx.from_real_measurable[simplified measurable_cong_sets[OF refl sfin.kernel_sets[OF x]]]
+ by(auto simp: pair_qbs_s_finite_def qbs_s_finite_def in_Mx_def qbs_Mx_R qbs_s_finite_axioms_def sfin.image_s_finite_measure[OF x] intro!: s_finite_measure.s_finite_measure_distr)
+ show ?thesis
+ by(auto simp: qbs_l_inverse_def distr_distr cong: measure_to_qbs_cong_sets intro!: pqs.qbs_s_finite_measure_eq) (auto intro!: distr_cong simp: sfin.kernel_space[OF x])
+ qed
+ moreover have "(\<lambda>x. \<lbrakk>measure_to_qbs M, from_real, distr (k x) borel to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<in> measure_to_qbs N \<rightarrow>\<^sub>Q monadM_qbs (measure_to_qbs M)"
+ proof(rule qbs_morphismI)
+ fix \<alpha> :: "real \<Rightarrow> _"
+ assume "\<alpha> \<in> qbs_Mx (measure_to_qbs N)"
+ then have [measurable]: "\<alpha> \<in> borel \<rightarrow>\<^sub>M N"
+ by(simp add: qbs_Mx_R)
+ show "(\<lambda>x. \<lbrakk>measure_to_qbs M, from_real, distr (k x) borel to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n) \<circ> \<alpha> \<in> qbs_Mx (monadM_qbs (measure_to_qbs M))"
+ by(auto simp: monadM_qbs_Mx qbs_Mx_R intro!: exI[where x=from_real] exI[where x="\<lambda>x. distr (k (\<alpha> x)) borel to_real"] s_finite_kernel.comp_measurable[OF sfin.distr_s_finite_kernel])
+ qed
+ ultimately show ?thesis
+ by(rule qbs_morphism_cong'[of "measure_to_qbs N",simplified qbs_space_R])
+qed
+
+lemma prob_kernel_qbs_morphism:
+ assumes [measurable]:"k \<in> N \<rightarrow>\<^sub>M prob_algebra M"
+ shows "(\<lambda>x. qbs_l_inverse (k x)) \<in> measure_to_qbs N \<rightarrow>\<^sub>Q monadP_qbs (measure_to_qbs M)"
+proof(safe intro!: qbs_morphism_monadPI' s_finite_kernel_qbs_morphism prob_kernel.s_finite_kernel_prob_kernel)
+ fix x
+ assume "x \<in> qbs_space (measure_to_qbs N)"
+ then have "x \<in> space N" by(simp add: qbs_space_R)
+ from measurable_space[OF assms this]
+ have [measurable_cong, simp]: "sets (k x) = sets M" and p:"prob_space (k x)"
+ by(auto simp: space_prob_algebra)
+ then interpret s: standard_borel_ne "k x"
+ using standard_borel_ne_axioms standard_borel_ne_sets by blast
+ show "qbs_l_inverse (k x) \<in> qbs_space (monadP_qbs (measure_to_qbs M))"
+ using s.qbs_l_inverse_in_space_monadP[OF refl p] by(simp cong: measure_to_qbs_cong_sets)
+qed(simp add: prob_kernel_def')
+
+lemma qbs_l_inverse_return:
+ assumes "x \<in> space M"
+ shows "qbs_l_inverse (return M x) = return_qbs (measure_to_qbs M) x"
+proof -
+ interpret s: standard_borel_ne "return M x"
+ by(rule standard_borel_ne_sets[of M]) (auto simp: standard_borel_ne_axioms)
+ show ?thesis
+ using s.qbs_l_inverse_in_space_monadP[OF refl prob_space_return[OF assms]]
+ by(auto intro!: inj_onD[OF qbs_l_inj_P[of "measure_to_qbs M"]] return_cong qbs_l_inverse_in_space_monadP qbs_morphism_space[OF return_qbs_morphismP[of "measure_to_qbs M"]] assms simp: s.qbs_l_qbs_l_inverse_prob[OF refl prob_space_return[OF assms]] qbs_l_return_qbs[of _ M,simplified qbs_space_R,OF assms] qbs_space_R cong: measure_to_qbs_cong_sets)
+qed
+
+lemma qbs_l_inverse_bind_kernel:
+ assumes "standard_borel_ne N" "s_finite_measure M" "s_finite_kernel M N k"
+ shows "qbs_l_inverse (M \<bind>\<^sub>k k) = qbs_l_inverse M \<bind> (\<lambda>x. qbs_l_inverse (k x))" (is "?lhs = ?rhs")
+proof -
+ interpret sfin: s_finite_kernel M N k by fact
+ interpret s: standard_borel_ne N by fact
+ have sets[simp,measurable_cong]:"sets (M \<bind>\<^sub>k k) = sets N"
+ by(auto intro!: sets_bind_kernel[OF _ space_ne] simp: sfin.kernel_sets)
+ then interpret s2: standard_borel_ne "M \<bind>\<^sub>k k"
+ using s.standard_borel_ne_axioms standard_borel_ne_sets by blast
+ have [measurable]: "s2.from_real \<in> borel \<rightarrow>\<^sub>M N"
+ using measurable_cong_sets s2.from_real_measurable sets by blast
+ have comp1:"(\<lambda>x. qbs_l_inverse (k x)) \<circ> from_real = (\<lambda>r. \<lbrakk>measure_to_qbs N, s.from_real, distr (k (from_real r)) borel s.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)"
+ proof
+ fix r
+ have setskfr[measurable_cong, simp]: "sets (k (from_real r)) = sets N"
+ by(auto intro!: sfin.kernel_sets measurable_space[OF from_real_measurable])
+ then interpret s3: standard_borel_ne "k (from_real r)"
+ using s.standard_borel_ne_axioms standard_borel_ne_sets by blast
+ have [measurable]: "s3.from_real \<in> borel \<rightarrow>\<^sub>M N"
+ using measurable_cong_sets s3.from_real_measurable setskfr by blast
+ show "((\<lambda>x. qbs_l_inverse (k x)) \<circ> from_real) r = \<lbrakk>measure_to_qbs N, s.from_real, distr (k (from_real r)) borel s.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n "
+ by(auto simp: qbs_l_inverse_def qbs_s_finite_eq_def qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def qbs_Mx_R distr_distr measurable_space[OF from_real_measurable] cong: measure_to_qbs_cong_sets intro!: sfin.image_s_finite_measure s_finite_measure.s_finite_measure_distr qbs_s_finite_measure_eq) (auto intro!: distr_cong simp: sets_eq_imp_space_eq[OF setskfr])
+ qed
+ have "?lhs = \<lbrakk>measure_to_qbs (M \<bind>\<^sub>k k), s2.from_real, distr (M \<bind>\<^sub>k k) borel s2.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(simp add: qbs_l_inverse_def)
+ also have "... = \<lbrakk>measure_to_qbs N, s.from_real, distr (M \<bind>\<^sub>k k) borel s.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(auto cong: measure_to_qbs_cong_sets intro!: qbs_s_finite_measure_eq distr_cong s_finite_measure.s_finite_measure_distr sfin.comp_s_finite_measure assms(2) simp: qbs_s_finite_eq_def qbs_s_finite_def qbs_s_finite_axioms_def in_Mx_def qbs_Mx_R distr_distr sets_eq_imp_space_eq[OF sets])
+ also have "... = \<lbrakk>measure_to_qbs N, s.from_real, M \<bind>\<^sub>k (\<lambda>x. distr (k x) borel s.to_real)\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ by(simp add: sfin.distr_bind_kernel[OF space_ne refl])
+ also have "... = \<lbrakk>measure_to_qbs N, s.from_real, distr M borel to_real \<bind>\<^sub>k (\<lambda>r. distr (k (from_real r)) borel s.to_real)\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ proof -
+ have "M \<bind>\<^sub>k (\<lambda>x. distr (k x) borel s.to_real) = M \<bind>\<^sub>k (\<lambda>x. distr (k (from_real (to_real x))) borel s.to_real)"
+ by(auto intro!: bind_kernel_cong_All)
+ also have "... = distr M borel to_real \<bind>\<^sub>k (\<lambda>r. distr (k (from_real r)) borel s.to_real)"
+ by(auto intro!: measure_kernel.bind_kernel_distr[symmetric,where Y=borel] space_ne measure_kernel.distr_measure_kernel[where Y=N] sfin.measure_kernel_comp)
+ finally show ?thesis by simp
+ qed
+ also have "... = ?rhs"
+ by(auto intro!: qbs_s_finite.bind_qbs[OF qbs_l_inverse_s_finite[OF refl assms(2)] _ s.s_finite_kernel_qbs_morphism[OF assms(3)] _ _ comp1,symmetric] s_finite_kernel.distr_s_finite_kernel[OF sfin.comp_measurable] simp: qbs_Mx_R) (simp add: qbs_l_inverse_def)
+ finally show ?thesis .
+qed
+
+lemma qbs_l_inverse_bind:
+ assumes "standard_borel_ne N" "s_finite_measure M" "k \<in> M \<rightarrow>\<^sub>M prob_algebra N"
+ shows "qbs_l_inverse (M \<bind> k) = qbs_l_inverse M \<bind> (\<lambda>x. qbs_l_inverse (k x))"
+ by(auto simp: bind_kernel_bind[OF measurable_prob_algebraD[OF assms(3)],symmetric] prob_kernel_def' intro!: qbs_l_inverse_bind_kernel assms prob_kernel.s_finite_kernel_prob_kernel)
+
+end
+
+subsubsection \<open> PMF and SPMF \<close>
+definition "qbs_pmf \<equiv> (\<lambda>p. qbs_l_inverse (measure_pmf p))"
+definition "qbs_spmf \<equiv> (\<lambda>p. qbs_l_inverse (measure_spmf p))"
+
+declare [[coercion qbs_pmf]]
+
+lemma qbs_pmf_qbsP:
+ fixes p :: "(_ :: countable) pmf"
+ shows "qbs_pmf p \<in> qbs_space (monadP_qbs (count_space\<^sub>Q UNIV))"
+ by(auto simp: qbs_pmf_def measure_to_qbs_cong_sets[of "count_space UNIV" "measure_pmf p",simplified] intro!: standard_borel_ne.qbs_l_inverse_in_space_monadP measure_pmf.prob_space_axioms)
+
+lemma qbs_pmf_qbs[qbs]:
+ fixes p :: "(_ :: countable) pmf"
+ shows "qbs_pmf p \<in> qbs_space (monadM_qbs (count_space\<^sub>Q UNIV))"
+ by (simp add: qbs_pmf_qbsP qbs_space_monadPM)
+
+lemma qbs_spmf_qbs[qbs]:
+ fixes q :: "(_ :: countable) spmf"
+ shows "qbs_spmf q \<in> qbs_space (monadM_qbs (count_space\<^sub>Q UNIV))"
+ by(auto simp: qbs_spmf_def measure_to_qbs_cong_sets[of "count_space UNIV" "measure_spmf q",simplified] intro!: standard_borel_ne.qbs_l_inverse_in_space_monadM subprob_space.s_finite_measure_subprob)
+
+lemma [simp]:
+ fixes p :: "(_ :: countable) pmf" and q :: "(_ :: countable) spmf"
+ shows qbs_l_qbs_pmf: "qbs_l (qbs_pmf p) = measure_pmf p"
+ and qbs_l_qbs_spmf: "qbs_l (qbs_spmf q) = measure_spmf q"
+ by(auto simp: qbs_pmf_def qbs_spmf_def intro!: standard_borel_ne.qbs_l_qbs_l_inverse subprob_space.s_finite_measure_subprob measure_pmf.subprob_space_axioms)
+
+lemma qbs_pmf_return_pmf:
+ fixes x :: "_ :: countable"
+ shows "qbs_pmf (return_pmf x) = return_qbs (count_space\<^sub>Q UNIV) x"
+proof -
+ note return_qbs_morphismP[qbs]
+ show ?thesis
+ by(auto intro!: inj_onD[OF qbs_l_inj_P[where X="count_space\<^sub>Q UNIV"]] return_cong qbs_pmf_qbsP simp: qbs_l_return_qbs return_pmf.rep_eq)
+qed
+
+lemma qbs_pmf_bind_pmf:
+ fixes p :: "('a :: countable) pmf" and f :: "'a \<Rightarrow> ('b :: countable) pmf"
+ shows "qbs_pmf (p \<bind> f) = qbs_pmf p \<bind> (\<lambda>x. qbs_pmf (f x))"
+ by(auto simp: measure_pmf_bind qbs_pmf_def space_prob_algebra measure_pmf.prob_space_axioms intro!: standard_borel_ne.qbs_l_inverse_bind[where N="count_space UNIV"] prob_space.s_finite_measure_prob)
+
+lemma qbs_pair_pmf:
+ fixes p :: "('a :: countable) pmf" and q :: "('b :: countable) pmf"
+ shows "qbs_pmf p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s qbs_pmf q = qbs_pmf (pair_pmf p q)"
+proof(rule inj_onD[OF qbs_l_inj_P[of "count_space\<^sub>Q UNIV \<Otimes>\<^sub>Q count_space\<^sub>Q UNIV"]])
+ show "qbs_l (qbs_pmf p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s qbs_pmf q) = qbs_l (qbs_pmf (pair_pmf p q))"
+ by(simp add: measure_pair_pmf qbs_l_qbs_pair_measure[OF standard_borel_ne.standard_borel standard_borel_ne.standard_borel,of "count_space UNIV" "count_space UNIV"])
+next
+ note [qbs] = qbs_pmf_qbsP qbs_pair_measure_morphismP
+ show "qbs_pmf p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s qbs_pmf q \<in> qbs_space (monadP_qbs (count_space\<^sub>Q UNIV \<Otimes>\<^sub>Q count_space\<^sub>Q UNIV))" "qbs_pmf (pair_pmf p q) \<in> qbs_space (monadP_qbs (count_space\<^sub>Q UNIV \<Otimes>\<^sub>Q count_space\<^sub>Q UNIV))"
+ by auto (simp add: qbs_count_space_prod)
+qed
+
+subsubsection \<open> Density \<close>
+lift_definition density_qbs :: "['a qbs_measure, 'a \<Rightarrow> ennreal] \<Rightarrow> 'a qbs_measure"
+is "\<lambda>(X,\<alpha>,\<mu>) f. if f \<in> X \<rightarrow>\<^sub>Q qbs_borel then (X, \<alpha>, density \<mu> (f \<circ> \<alpha>)) else (X, SOME a. a \<in> qbs_Mx X, null_measure borel)"
+proof safe
+ fix X Y :: "'a quasi_borel"
+ fix \<alpha> \<beta> \<mu> \<nu> and f :: "_ \<Rightarrow> ennreal"
+ assume 1:"qbs_s_finite_eq (X, \<alpha>, \<mu>) (Y, \<beta>, \<nu>)"
+ then interpret qs: pair_qbs_s_finite X \<alpha> \<mu> \<beta> \<nu>
+ using qbs_s_finite_eq_dest[OF 1] by(simp add: pair_qbs_s_finite_def)
+ have [simp]:"(SOME a. a \<in> qbs_Mx X) \<in> qbs_Mx X" "(SOME a. a \<in> qbs_Mx Y) \<in> qbs_Mx X"
+ using qs.pq1.in_Mx by(simp_all only: some_in_eq qbs_s_finite_eq_dest[OF 1]) blast+
+ {
+ assume "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ then have "qbs_s_finite_eq (X, \<alpha>, density \<mu> (f \<circ> \<alpha>)) (Y, \<beta>, density \<nu> (f \<circ> \<beta>))"
+ by(auto simp: qbs_s_finite_eq_def lr_adjunction_correspondence density_distr[symmetric] comp_def qbs_s_finite_eq_dest[OF 1] qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def qs.pq1.mu_sets qs.pq2.mu_sets AE_distr_iff intro!: qs.pq1.s_finite_measure_density qs.pq2.s_finite_measure_density)
+ }
+ moreover have "f \<in> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> f \<notin> Y \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> qbs_s_finite_eq (X, \<alpha>, density \<mu> (f \<circ> \<alpha>)) (Y, (SOME a. a \<in> qbs_Mx Y), null_measure borel)"
+ "f \<notin> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> f \<in> Y \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> qbs_s_finite_eq (X, (SOME a. a \<in> qbs_Mx X), null_measure borel) (Y, \<beta>, density \<nu> (f \<circ> \<beta>))"
+ "f \<notin> X \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> f \<notin> Y \<rightarrow>\<^sub>Q qbs_borel \<Longrightarrow> qbs_s_finite_eq (X, (SOME a. a \<in> qbs_Mx X), null_measure borel) (Y, (SOME a. a \<in> qbs_Mx Y), null_measure borel)"
+ by(auto simp: qbs_s_finite_eq_dest[OF 1] qbs_s_finite_eq_def qbs_s_finite_def in_Mx_def qbs_s_finite_axioms_def distr_return null_measure_distr intro!: subprob_space.s_finite_measure_subprob subprob_spaceI)
+ ultimately show "qbs_s_finite_eq (if f \<in> X \<rightarrow>\<^sub>Q borel\<^sub>Q then (X, \<alpha>, density \<mu> (f \<circ> \<alpha>)) else (X, SOME aa. aa \<in> qbs_Mx X, null_measure borel)) (if f \<in> Y \<rightarrow>\<^sub>Q borel\<^sub>Q then (Y, \<beta>, density \<nu> (f \<circ> \<beta>)) else (Y, SOME a. a \<in> qbs_Mx Y, null_measure borel))"
+ by auto
+qed
+
+lemma(in qbs_s_finite)
+ assumes "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows density_qbs:"density_qbs \<lbrakk>X,\<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n f = \<lbrakk>X, \<alpha>, density \<mu> (f \<circ> \<alpha>)\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n"
+ and density_qbs_s_finite: "qbs_s_finite X \<alpha> (density \<mu> (f \<circ> \<alpha>))"
+ using assms by(auto simp: density_qbs.abs_eq qbs_s_finite_def in_Mx_def lr_adjunction_correspondence qbs_s_finite_axioms_def mu_sets AE_distr_iff intro!: s_finite_measure_density)
+
+lemma density_qbs_density_qbs_eq:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "density_qbs (density_qbs s f) g = density_qbs s (\<lambda>x. f x * g x)"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)] obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>" by metis
+ then interpret qbs_s_finite X \<alpha> \<mu> by simp
+ show ?thesis
+ using assms(2,3) by(simp add: hs(1) density_qbs[OF assms(2)] qbs_s_finite.density_qbs[OF density_qbs_s_finite[OF assms(2)] assms(3)] density_qbs lr_adjunction_correspondence density_density_eq) (simp add: comp_def)
+qed
+
+lemma qbs_l_density_qbs:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "qbs_l (density_qbs s f) = density (qbs_l s) f"
+proof -
+ from rep_qbs_space_monadM[OF assms(1)]
+ obtain \<alpha> \<mu> where s: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ by metis
+ then interpret qbs_s_finite X \<alpha> \<mu> by simp
+ show ?thesis
+ using assms(2) by(simp add: s(1) qbs_l qbs_s_finite.density_qbs[OF s(2) assms(2)] qbs_s_finite.qbs_l[OF qbs_s_finite.density_qbs_s_finite[OF s(2) assms(2)]] density_distr lr_adjunction_correspondence) (simp add: comp_def)
+qed
+
+corollary qbs_l_density_qbs_indicator:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "qbs_pred X P"
+ shows "qbs_l (density_qbs s (indicator {x\<in>qbs_space X. P x})) (qbs_space X) = qbs_l s {x\<in>qbs_space X. P x} "
+proof -
+ have 1[measurable]: "{x \<in> qbs_space X. P x} \<in> sets (qbs_to_measure X)"
+ by (metis qbs_pred_iff_sets space_L assms(2))
+ have 2[qbs]: "indicator {x \<in> qbs_space X. P x} \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ by(rule indicator_qbs_morphism'') qbs
+ show ?thesis
+ using assms(2) by(auto simp: qbs_l_density_qbs[of _ X] emeasure_density[of "indicator {x\<in>space (qbs_to_measure X). P x}" "qbs_l s",OF _ sets.top,simplified measurable_qbs_l'[OF assms(1)],OF borel_measurable_indicator[OF predE],simplified space_L space_qbs_l_in[OF assms(1)]] qbs_pred_iff_measurable_pred nn_set_integral_space[of "qbs_l s",simplified space_qbs_l_in[OF assms(1)]] nn_integral_indicator[of _ "qbs_l s",simplified sets_qbs_l[OF assms(1)]])
+qed
+
+lemma qbs_nn_integral_density_qbs:
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. g x \<partial>(density_qbs s f)) = (\<integral>\<^sup>+\<^sub>Q x. f x * g x \<partial>s)"
+ by(auto simp: qbs_nn_integral_def2_l qbs_l_density_qbs[of _ X] measurable_qbs_l'[OF assms(1)] lr_adjunction_correspondence[symmetric] intro!:nn_integral_density)
+
+lemma qbs_integral_density_qbs:
+ fixes g :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}" and f :: "'a \<Rightarrow> real"
+ assumes [qbs]:"s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ and "AE\<^sub>Q x in s. f x \<ge> 0"
+ shows "(\<integral>\<^sub>Q x. g x \<partial>(density_qbs s f)) = (\<integral>\<^sub>Q x. f x *\<^sub>R g x \<partial>s)"
+ using assms(4) by(auto simp: qbs_integral_def2_l qbs_l_density_qbs[of _ X] measurable_qbs_l'[OF assms(1)] lr_adjunction_correspondence[symmetric] AEq_qbs_l intro!: integral_density)
+
+lemma density_qbs_morphism[qbs]: "density_qbs \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q monadM_qbs X"
+proof(rule curry_preserves_morphisms[OF pair_qbs_morphismI])
+ fix \<gamma> and \<beta> :: "_ \<Rightarrow> _ \<Rightarrow> ennreal"
+ assume h:"\<gamma> \<in> qbs_Mx (monadM_qbs X)" "\<beta> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q qbs_borel)"
+ hence [qbs]: "\<gamma> \<in> qbs_borel \<rightarrow>\<^sub>Q monadM_qbs X" "\<beta> \<in> qbs_borel \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q qbs_borel"
+ by(simp_all add: qbs_Mx_is_morphisms)
+ from rep_qbs_Mx_monadM[OF h(1)] obtain \<alpha> k where hk:
+ "\<gamma> = (\<lambda>r. \<lbrakk>X, \<alpha>, k r\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n)" "\<alpha> \<in> qbs_Mx X" "s_finite_kernel borel borel k" "\<And>r. qbs_s_finite X \<alpha> (k r)"
+ by metis
+ then interpret a: in_Mx X \<alpha> by(simp add: in_Mx_def)
+ have [measurable]: "(\<lambda>(x, y). \<beta> x (\<alpha> y)) \<in> borel_measurable (borel \<Otimes>\<^sub>M borel)"
+ proof -
+ have "(\<lambda>(x, y). \<beta> x (\<alpha> y)) \<in> qbs_borel \<Otimes>\<^sub>Q qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ by simp
+ thus ?thesis
+ by(simp add: lr_adjunction_correspondence qbs_borel_prod borel_prod)
+ qed
+ have [simp]:"density_qbs (\<gamma> r) (\<beta> r) = \<lbrakk>X, \<alpha>, density (k r) (\<beta> r \<circ> \<alpha>)\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n " for r
+ using hk(4) by(auto simp add: hk(1) density_qbs.abs_eq[OF qbs_s_finite.qbs_s_finite_eq_refl[OF hk(4)]])
+ show "(\<lambda>r. density_qbs (fst (\<gamma> r,\<beta> r)) (snd (\<gamma> r,\<beta> r))) \<in> qbs_Mx (monadM_qbs X)"
+ by(auto simp: monadM_qbs_Mx comp_def intro!: exI[where x=\<alpha>] exI[where x="\<lambda>r. density (k r) (\<beta> r \<circ> \<alpha>)"] s_finite_kernel.density_s_finite_kernel[OF hk(3)])
+qed
+
+lemma density_qbs_cong_AE:
+ assumes [qbs]: "s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ and "AE\<^sub>Q x in s. f x = g x"
+ shows "density_qbs s f = density_qbs s g"
+proof(rule inj_onD[OF qbs_l_inj[of X]])
+ show "qbs_l (density_qbs s f) = qbs_l (density_qbs s g)"
+ using assms(4) by(auto simp: qbs_l_density_qbs[of _ X] measurable_qbs_l'[OF assms(1)] AEq_qbs_l lr_adjunction_correspondence[symmetric] intro!: density_cong)
+qed simp_all
+
+corollary density_qbs_cong:
+ assumes [qbs]: "s \<in> qbs_space (monadM_qbs X)" "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> X \<rightarrow>\<^sub>Q qbs_borel"
+ and "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ shows "density_qbs s f = density_qbs s g"
+ by(auto intro!: density_qbs_cong_AE[of _ X] AEq_I2[of _ X] assms(4))
+
+lemma density_qbs_1[simp]: "density_qbs s (\<lambda>x. 1) = s"
+proof -
+ obtain X where s[qbs]: "s \<in> qbs_space (monadM_qbs X)"
+ using in_qbs_space_of by blast
+ show ?thesis
+ by(auto intro!: inj_onD[OF qbs_l_inj _ _ s] simp: qbs_l_density_qbs[of _ X] density_1)
+qed
+
+lemma pair_density_qbs:
+ assumes [qbs]: "p \<in> qbs_space (monadM_qbs X)" "q \<in> qbs_space (monadM_qbs Y)"
+ and [qbs]: "f \<in> X \<rightarrow>\<^sub>Q qbs_borel" "g \<in> Y \<rightarrow>\<^sub>Q qbs_borel"
+ shows "density_qbs p f \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s density_qbs q g = density_qbs (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>(x,y). f x * g y)"
+proof(safe intro!: qbs_measure_eqI[of _ "X \<Otimes>\<^sub>Q Y"])
+ fix h :: "_ \<Rightarrow> ennreal"
+ assume h[qbs]:"h \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q borel\<^sub>Q"
+ show "(\<integral>\<^sup>+\<^sub>Q z. h z \<partial>(density_qbs p f \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s density_qbs q g)) = (\<integral>\<^sup>+\<^sub>Q z. h z \<partial>(density_qbs (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>(x, y). f x * g y)))" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+\<^sub>Q x. \<integral>\<^sup>+\<^sub>Q y. h (x, y) \<partial>density_qbs q g \<partial>density_qbs p f)"
+ by(simp add: qbs_nn_integral_Fubini_fst[of _ X _ Y])
+ also have "... = (\<integral>\<^sup>+\<^sub>Q x. \<integral>\<^sup>+\<^sub>Q y. g y * h (x, y) \<partial>q \<partial>density_qbs p f)"
+ by(auto intro!: qbs_nn_integral_cong[of _ X] simp: qbs_nn_integral_density_qbs[of _ Y])
+ also have "... = ?rhs"
+ by(auto simp add: qbs_nn_integral_density_qbs[of _ X] qbs_nn_integral_density_qbs[of _ "X \<Otimes>\<^sub>Q Y"] split_beta' qbs_nn_integral_Fubini_fst[of _ X _ Y,symmetric] qbs_nn_integral_cmult[of _ Y] mult.assoc intro!: qbs_nn_integral_cong[of _ X])
+ finally show ?thesis .
+ qed
+qed simp_all
+
+subsubsection \<open> Normalization \<close>
+definition normalize_qbs :: "'a qbs_measure \<Rightarrow> 'a qbs_measure" where
+"normalize_qbs s \<equiv> (let X = qbs_space_of s;
+ r = qbs_l s (qbs_space X) in
+ if r \<noteq> 0 \<and> r \<noteq> \<infinity> then density_qbs s (\<lambda>x. 1 / r)
+ else qbs_null_measure X)"
+
+lemma
+ assumes "s \<in> qbs_space (monadM_qbs X)"
+ shows normalize_qbs: "qbs_l s (qbs_space X) \<noteq> 0 \<Longrightarrow> qbs_l s (qbs_space X) \<noteq> \<infinity> \<Longrightarrow> normalize_qbs s = density_qbs s (\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X))"
+ and normalize_qbs0: "qbs_l s (qbs_space X) = 0 \<Longrightarrow> normalize_qbs s = qbs_null_measure X"
+ and normalize_qbsinfty: "qbs_l s (qbs_space X) = \<infinity> \<Longrightarrow> normalize_qbs s = qbs_null_measure X"
+ by(auto simp: qbs_space_of_in[OF assms(1)] normalize_qbs_def)
+
+lemma normalize_qbs_prob:
+ assumes "s \<in> qbs_space (monadM_qbs X)" "qbs_l s (qbs_space X) \<noteq> 0" "qbs_l s (qbs_space X) \<noteq> \<infinity>"
+ shows "normalize_qbs s \<in> qbs_space (monadP_qbs X)"
+ unfolding normalize_qbs[OF assms]
+proof -
+ obtain \<alpha> \<mu>
+ where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_s_finite X \<alpha> \<mu>"
+ using rep_qbs_space_monadM assms(1) by meson
+ interpret qs: qbs_s_finite X \<alpha> \<mu> by fact
+ have "density_qbs s (\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X)) = density_qbs \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n (\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X))"
+ by(simp add: hs)
+ also have "... \<in> qbs_space (monadP_qbs X)"
+ by(auto simp add: qs.density_qbs monadP_qbs_space qbs_s_finite.qbs_l[OF qs.density_qbs_s_finite,of "\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X)",simplified] qbs_s_finite.qbs_space_of[OF qs.density_qbs_s_finite,of "\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X)",simplified] intro!: prob_space.prob_space_distr, auto intro!: prob_spaceI simp: emeasure_density)
+ (insert assms(2,3),auto simp: hs qs.qbs_l emeasure_distr emeasure_distr[of _ _ "qbs_to_measure X",OF _ sets.top,simplified space_L] divide_eq_1_ennreal ennreal_divide_times)
+ finally show "density_qbs s (\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X)) \<in> qbs_space (monadP_qbs X)" .
+qed
+
+lemma normalize_qbs_morphism[qbs]: "normalize_qbs \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs X"
+proof -
+ have "(if emeasure (qbs_l s) (qbs_space X) \<noteq> 0 \<and> emeasure (qbs_l s) (qbs_space X) \<noteq> \<infinity> then density_qbs s (\<lambda>x. 1 / emeasure (qbs_l s) (qbs_space X)) else qbs_null_measure X) = normalize_qbs s" (is "?f s = _") if s:"s \<in> qbs_space (monadM_qbs X)" for s
+ by(simp add: qbs_space_of_in[OF s] normalize_qbs_def)
+ moreover have "(\<lambda>s. ?f s) \<in> monadM_qbs X \<rightarrow>\<^sub>Q monadM_qbs X"
+ proof(cases "qbs_space X = {}")
+ case True
+ then show ?thesis
+ by(simp add: qbs_morphism_from_empty monadM_qbs_empty_iff[of X])
+ next
+ case X:False
+ have [qbs]:"(\<lambda>s. emeasure (qbs_l s) (qbs_space X)) \<in> monadM_qbs X \<rightarrow>\<^sub>Q qbs_borel"
+ by(rule qbs_l_morphism[OF sets.top[of "qbs_to_measure X",simplified space_L]])
+ have [qbs]: "qbs_null_measure X \<in> qbs_space (monadM_qbs X)"
+ by(auto intro!: qbs_null_measure_in_Mx X)
+ have [qbs]: "(\<lambda>s x. 1 / emeasure (qbs_l s) (qbs_space X)) \<in> monadM_qbs X \<rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q qbs_borel"
+ by(rule arg_swap_morphism) simp
+ show ?thesis
+ by qbs
+ qed
+ ultimately show ?thesis
+ by(simp cong: qbs_morphism_cong)
+qed
+
+lemma normalize_qbs_morphismP:
+ assumes [qbs]:"s \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ and "\<And>x. x \<in> qbs_space X \<Longrightarrow> qbs_l (s x) (qbs_space Y) \<noteq> 0" "\<And>x. x \<in> qbs_space X \<Longrightarrow> qbs_l (s x) (qbs_space Y) \<noteq> \<infinity>"
+ shows "(\<lambda>x. normalize_qbs (s x)) \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ by(rule qbs_morphism_monadPI'[OF normalize_qbs_prob]) (use assms(2,3) qbs_morphism_space[OF assms(1)] in auto)
+
+lemma normalize_qbs_monadP_ident:
+ assumes "s \<in> qbs_space (monadP_qbs X)"
+ shows "normalize_qbs s = s"
+ using normalize_qbs[OF qbs_space_monadPM[OF assms]] prob_space.emeasure_space_1[OF qbs_l_prob_space[OF assms]]
+ by(auto simp: space_qbs_l_in[OF qbs_space_monadPM[OF assms]] intro!: inj_onD[OF qbs_l_inj_P _ _ assms])
+
+corollary normalize_qbs_idenpotent: "normalize_qbs (normalize_qbs s) = normalize_qbs s"
+proof -
+ obtain X where s[qbs]: "s \<in> qbs_space (monadM_qbs X)"
+ using in_qbs_space_of by blast
+ then have X: "qbs_space X \<noteq> {}"
+ by (metis qbs_s_space_of_not_empty qbs_space_of_in)
+ then obtain x where x:"x \<in> qbs_space X" by auto
+ consider "qbs_l s (qbs_space X) = 0" | "qbs_l s (qbs_space X) = \<top>" | "qbs_l s (qbs_space X) \<noteq> 0" "qbs_l s (qbs_space X) \<noteq> \<top>"
+ by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ using normalize_qbs0[OF qbs_null_measure_in_Mx[OF X]]
+ by(simp add: normalize_qbs0[OF s] qbs_null_measure_null_measure[OF X])
+ next
+ case 2
+ then show ?thesis
+ using normalize_qbs0[OF qbs_null_measure_in_Mx[OF X]]
+ by(simp add: normalize_qbsinfty[OF s] qbs_null_measure_null_measure[OF X])
+ next
+ case 3
+ have "normalize_qbs s \<in> qbs_space (monadP_qbs X)"
+ by(rule qbs_morphism_space[OF normalize_qbs_morphismP[of "\<lambda>x. s"],of X X x]) (auto simp: 3 x)
+ then show ?thesis
+ by(simp add: normalize_qbs_monadP_ident)
+ qed
+qed
+
+subsubsection \<open> Product Measures \<close>
+definition PiQ_measure :: "['a set, 'a \<Rightarrow> 'b qbs_measure] \<Rightarrow> ('a \<Rightarrow> 'b) qbs_measure" where
+"PiQ_measure \<equiv> (\<lambda>I si. if (\<forall>i\<in>I. \<exists>Mi. standard_borel_ne Mi \<and> si i \<in> qbs_space (monadM_qbs (measure_to_qbs Mi)))
+ then if countable I \<and> (\<forall>i\<in>I. prob_space (qbs_l (si i))) then qbs_l_inverse (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))
+ else if finite I \<and> (\<forall>i\<in>I. sigma_finite_measure (qbs_l (si i))) then qbs_l_inverse (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))
+ else qbs_null_measure (\<Pi>\<^sub>Q i\<in>I. qbs_space_of (si i))
+ else qbs_null_measure (\<Pi>\<^sub>Q i\<in>I. qbs_space_of (si i)))"
+
+syntax
+ "_PiQ_measure" :: "pttrn \<Rightarrow> 'i set \<Rightarrow> 'a qbs_measure \<Rightarrow> ('i => 'a) qbs_measure" ("(3\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s _\<in>_./ _)" 10)
+translations
+ "\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s x\<in>I. X" == "CONST PiQ_measure I (\<lambda>x. X)"
+
+context
+ fixes I and Mi
+ assumes standard_borel_ne:"\<And>i. i \<in> I \<Longrightarrow> standard_borel_ne (Mi i)"
+begin
+
+context
+ assumes countableI:"countable I"
+begin
+
+interpretation sb:standard_borel_ne "\<Pi>\<^sub>M i\<in>I. (borel :: real measure)"
+ by (simp add: countableI product_standard_borel_ne)
+
+interpretation sbM: standard_borel_ne "\<Pi>\<^sub>M i\<in>I. Mi i"
+ by (simp add: countableI standard_borel_ne product_standard_borel_ne)
+
+lemma
+ assumes "\<And>i. i \<in> I \<Longrightarrow> si i \<in> qbs_space (monadP_qbs (measure_to_qbs (Mi i)))"
+ and "\<And>i. i \<in> I \<Longrightarrow> si i = \<lbrakk>measure_to_qbs (Mi i), \<alpha> i, \<mu> i\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "\<And>i. i \<in> I \<Longrightarrow> qbs_prob (measure_to_qbs (Mi i)) (\<alpha> i) (\<mu> i)"
+ shows PiQ_measure_prob_eq: "(\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = \<lbrakk>measure_to_qbs (\<Pi>\<^sub>M i\<in>I. Mi i), sbM.from_real, distr (\<Pi>\<^sub>M i\<in>I. qbs_l (si i)) borel sbM.to_real\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" (is "_ = ?rhs")
+ and PiQ_measure_qbs_prob: "qbs_prob (measure_to_qbs (\<Pi>\<^sub>M i\<in>I. Mi i)) sbM.from_real (distr (\<Pi>\<^sub>M i\<in>I. qbs_l (si i)) borel sbM.to_real)" (is "?qbsprob")
+proof -
+ have [measurable_cong,simp]: "prob_space (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))" "sets (\<Pi>\<^sub>M i\<in>I. qbs_l (si i)) = sets (\<Pi>\<^sub>M i\<in>I. Mi i)"
+ using sets_qbs_l[OF assms(1)[THEN qbs_space_monadPM]] standard_borel.lr_sets_ident[OF standard_borel_ne.standard_borel[OF standard_borel_ne]]
+ by(auto cong: sets_PiM_cong intro!: prob_space_PiM qbs_l_prob_space assms(1))
+ show ?qbsprob
+ by(auto simp: pair_qbs_s_finite_def intro!: qbs_prob.qbs_s_finite sbM.qbs_l_inverse_qbs_prob)
+ have "(\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = qbs_l_inverse (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+ using countableI assms(1)[THEN qbs_space_monadPM] qbs_l_prob_space[OF assms(1)] standard_borel_ne by(auto simp: PiQ_measure_def)
+ also have "... = ?rhs"
+ by(auto intro!: sbM.qbs_l_inverse_def2 prob_space.s_finite_measure_prob cong: sets_PiM_cong[OF refl])
+ finally show "(\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = ?rhs" .
+qed
+
+lemma qbs_l_PiQ_measure_prob:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> si i \<in> qbs_space (monadP_qbs (measure_to_qbs (Mi i)))"
+ shows "qbs_l (\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+proof -
+ have "qbs_l (\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = qbs_l (qbs_l_inverse (\<Pi>\<^sub>M i\<in>I. qbs_l (si i)))"
+ using countableI assms(1)[THEN qbs_space_monadPM] qbs_l_prob_space[OF assms(1)] standard_borel_ne by(auto simp: PiQ_measure_def)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+ using sets_qbs_l[OF assms(1)[THEN qbs_space_monadPM]] standard_borel.lr_sets_ident[OF standard_borel_ne.standard_borel[OF standard_borel_ne]]
+ by(auto intro!: sbM.qbs_l_qbs_l_inverse_prob prob_space_PiM qbs_l_prob_space[OF assms(1)] cong: sets_PiM_cong)
+ finally show ?thesis .
+qed
+
+end
+
+context
+ assumes finI: "finite I"
+begin
+
+interpretation sb:standard_borel_ne "\<Pi>\<^sub>M i\<in>I. (borel :: real measure)"
+ by (simp add: finI product_standard_borel_ne countable_finite)
+
+interpretation sbM: standard_borel_ne "\<Pi>\<^sub>M i\<in>I. Mi i"
+ by (simp add: countable_finite finI standard_borel_ne product_standard_borel_ne)
+
+lemma qbs_l_PiQ_measure:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> si i \<in> qbs_space (monadM_qbs (measure_to_qbs (Mi i)))"
+ and "\<And>i. i \<in> I \<Longrightarrow> sigma_finite_measure (qbs_l (si i))"
+ shows "qbs_l (\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+proof -
+ have [simp]: "s_finite_measure (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+ proof -
+ have "(\<Pi>\<^sub>M i\<in>I. qbs_l (si i)) = (\<Pi>\<^sub>M i\<in>I. if i \<in> I then qbs_l (si i) else null_measure (count_space UNIV))"
+ by(simp cong: PiM_cong)
+ also have "s_finite_measure ..."
+ by(auto intro!: sigma_finite_measure.s_finite_measure product_sigma_finite.sigma_finite finI simp: product_sigma_finite_def assms(2)) (auto intro!: finite_measure.sigma_finite_measure finite_measureI)
+ finally show ?thesis .
+ qed
+ have "qbs_l (\<Pi>\<^sub>Q\<^sub>m\<^sub>e\<^sub>a\<^sub>s i\<in>I. si i) = qbs_l (qbs_l_inverse (\<Pi>\<^sub>M i\<in>I. qbs_l (si i)))"
+ using finI assms(1) assms(2) standard_borel_ne by(fastforce simp: PiQ_measure_def)
+ also have "... = (\<Pi>\<^sub>M i\<in>I. qbs_l (si i))"
+ using sets_qbs_l[OF assms(1)] standard_borel.lr_sets_ident[OF standard_borel_ne.standard_borel[OF standard_borel_ne]]
+ by(auto intro!: sbM.qbs_l_qbs_l_inverse prob_space_PiM cong: sets_PiM_cong)
+ finally show ?thesis .
+qed
+
+
+end
+
+end
+subsection \<open>Measures\<close>
+subsubsection \<open> The Lebesgue Measure \<close>
+definition lborel_qbs ("lborel\<^sub>Q") where "lborel_qbs \<equiv> qbs_l_inverse lborel"
+
+lemma lborel_qbs_qbs[qbs]: "lborel_qbs \<in> qbs_space (monadM_qbs qbs_borel)"
+ by(auto simp: lborel_qbs_def measure_to_qbs_cong_sets[OF sets_lborel,symmetric] intro!: standard_borel_ne.qbs_l_inverse_in_space_monadM lborel.s_finite_measure_axioms)
+
+lemma qbs_l_lborel_qbs[simp]: "qbs_l lborel\<^sub>Q = lborel"
+ by(auto intro!: standard_borel_ne.qbs_l_qbs_l_inverse lborel.s_finite_measure_axioms simp: lborel_qbs_def)
+
+corollary
+ shows qbs_integral_lborel: "(\<integral>\<^sub>Q x. f x \<partial>lborel_qbs) = (\<integral>x. f x \<partial>lborel)"
+ and qbs_nn_integral_lborel: "(\<integral>\<^sup>+\<^sub>Q x. f x \<partial>lborel_qbs) = (\<integral>\<^sup>+x. f x \<partial>lborel)"
+ by(simp_all add: qbs_integral_def2_l qbs_nn_integral_def2_l)
+
+
+lemma(in standard_borel_ne) measure_with_args_morphism:
+ assumes "s_finite_kernel X M k"
+ shows "qbs_l_inverse \<circ> k \<in> measure_to_qbs X \<rightarrow>\<^sub>Q monadM_qbs (measure_to_qbs M)"
+proof(safe intro!: qbs_morphismI)
+ fix \<alpha> :: "real \<Rightarrow> _"
+ assume "\<alpha> \<in> qbs_Mx (measure_to_qbs X)"
+ then have h[measurable]:"\<alpha> \<in> borel \<rightarrow>\<^sub>M X"
+ by(simp add: qbs_Mx_R)
+ interpret s:s_finite_kernel X M k by fact
+ have 1: "\<And>r. sets (k (\<alpha> r)) = sets M" "\<And>r. s_finite_measure (k (\<alpha> r))"
+ using measurable_space[OF h] s.kernel_sets by(auto intro!: s.image_s_finite_measure)
+ show "qbs_l_inverse \<circ> k \<circ> \<alpha> \<in> qbs_Mx (monadM_qbs (measure_to_qbs M))"
+ by(auto intro!: exI[where x=from_real] exI[where x="(\<lambda>r. distr (k (\<alpha> r)) borel to_real)"] s_finite_kernel.comp_measurable[OF s_finite_kernel.distr_s_finite_kernel[OF assms]] simp: monadM_qbs_Mx qbs_Mx_R qbs_l_inverse_def2[OF 1] comp_def)
+qed
+
+lemma(in standard_borel_ne) measure_with_args_morphismP:
+ assumes [measurable]:"\<mu> \<in> X \<rightarrow>\<^sub>M prob_algebra M"
+ shows "qbs_l_inverse \<circ> \<mu> \<in> measure_to_qbs X \<rightarrow>\<^sub>Q monadP_qbs (measure_to_qbs M)"
+ by(rule qbs_morphism_monadPI'[OF _ measure_with_args_morphism])
+ (insert measurable_space[OF assms], auto simp: qbs_space_R space_prob_algebra prob_kernel_def' intro!: qbs_l_inverse_in_space_monadP prob_kernel.s_finite_kernel_prob_kernel)
+
+subsubsection \<open> Counting Measure \<close>
+abbreviation "counting_measure_qbs A \<equiv> qbs_l_inverse (count_space A)"
+
+lemma qbs_nn_integral_count_space_nat:
+ fixes f :: "nat \<Rightarrow> ennreal"
+ shows "(\<integral>\<^sup>+\<^sub>Q i. f i \<partial>counting_measure_qbs UNIV) = (\<Sum>i. f i)"
+ by(simp add: standard_borel_ne.qbs_l_qbs_l_inverse[OF _ refl sigma_finite_measure.s_finite_measure[OF sigma_finite_measure_count_space]] qbs_nn_integral_def2_l nn_integral_count_space_nat)
+
+subsubsection \<open> Normal Distribution \<close>
+lemma qbs_normal_distribution_qbs: "(\<lambda>\<mu> \<sigma>. density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>)) \<in> qbs_borel \<Rightarrow>\<^sub>Q qbs_borel \<Rightarrow>\<^sub>Q monadM_qbs qbs_borel"
+ by simp
+
+lemma qbs_l_qbs_normal_distribution[simp]: "qbs_l (density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>)) = density lborel (normal_density \<mu> \<sigma>)"
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel])
+
+lemma qbs_normal_distribution_P: "\<sigma> > 0 \<Longrightarrow> density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>) \<in> qbs_space (monadP_qbs qbs_borel)"
+ by(auto simp: monadP_qbs_def sub_qbs_space prob_space_normal_density)
+
+lemma qbs_normal_distribution_integral:
+ "(\<integral>\<^sub>Q x. f x \<partial> (density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>))) = (\<integral> x. f x \<partial> (density lborel (\<lambda>x. ennreal (normal_density \<mu> \<sigma> x))))"
+ by(auto simp: qbs_integral_def2_l)
+
+lemma qbs_normal_distribution_expectation:
+ assumes [measurable]:"f \<in> borel_measurable borel" and [arith]: "\<sigma> > 0"
+ shows "(\<integral>\<^sub>Q x. f x \<partial> (density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>))) = (\<integral> x. normal_density \<mu> \<sigma> x * f x \<partial> lborel)"
+ by(simp add: qbs_normal_distribution_integral integral_real_density integral_density)
+
+lemma qbs_normal_posterior:
+ assumes [arith]: "\<sigma> > 0" "\<sigma>' > 0"
+ shows "normalize_qbs (density_qbs (density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>)) (normal_density \<mu>' \<sigma>')) = density_qbs lborel\<^sub>Q (normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)))" (is "?lhs = ?rhs")
+proof -
+ have 0: "\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2) > 0" "sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) > 0"
+ by (simp_all add: power2_eq_square sum_squares_gt_zero_iff)
+ have 1:"qbs_l (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) * exp (- ((\<mu> - \<mu>')\<^sup>2 / (2 * \<sigma>\<^sup>2 + 2 * \<sigma>'\<^sup>2))) * normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x))) UNIV = ennreal (exp (- ((\<mu> - \<mu>')\<^sup>2 / (2 * \<sigma>\<^sup>2 + 2 * \<sigma>'\<^sup>2))) / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)))"
+ using prob_space.emeasure_space_1[OF prob_space_normal_density[OF 0(1)]] by(auto simp add: qbs_l_density_qbs[of _ qbs_borel] emeasure_density ennreal_mult' nn_integral_cmult simp del: times_divide_eq_left) (simp add: ennreal_mult'[symmetric])
+ have "?lhs = normalize_qbs (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) * exp (- ((\<mu> - \<mu>')\<^sup>2 / (2 * \<sigma>\<^sup>2 + 2 * \<sigma>'\<^sup>2))) * normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x)))"
+ by(simp add: density_qbs_density_qbs_eq[of _ qbs_borel] ennreal_mult'[symmetric] normal_density_times del: times_divide_eq_left)
+ also have "... = density_qbs (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) * exp (- ((\<mu> - \<mu>')\<^sup>2 / (2 * \<sigma>\<^sup>2 + 2 * \<sigma>'\<^sup>2))) * normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x))) (\<lambda>x. 1 / emeasure (qbs_l (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (1 / sqrt (2 * pi * (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) * exp (- ((\<mu> - \<mu>')\<^sup>2 / (2 * \<sigma>\<^sup>2 + 2 * \<sigma>'\<^sup>2))) * normal_density ((\<mu> * \<sigma>'\<^sup>2 + \<mu>' * \<sigma>\<^sup>2) / (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) (\<sigma> * \<sigma>' / sqrt (\<sigma>\<^sup>2 + \<sigma>'\<^sup>2)) x)))) (qbs_space borel\<^sub>Q))"
+ by(rule normalize_qbs) (simp_all add: 1 del: times_divide_eq_left)
+ also have "... = ?rhs"
+ by(simp add: 1 density_qbs_density_qbs_eq[of _ qbs_borel] del: times_divide_eq_left, auto intro!: density_qbs_cong[of _ qbs_borel])
+ (insert 0, auto simp: ennreal_1[symmetric] ennreal_mult'[symmetric] divide_ennreal normal_density_def simp del: ennreal_1)
+ finally show ?thesis .
+qed
+
+subsubsection \<open> Uniform Distribution \<close>
+definition uniform_qbs :: "'a qbs_measure \<Rightarrow> 'a set \<Rightarrow> 'a qbs_measure" where
+"uniform_qbs \<equiv> (\<lambda>s A. qbs_l_inverse (uniform_measure (qbs_l s) A))"
+
+lemma(in standard_borel_ne) qbs_l_uniform_qbs':
+ assumes "sets \<mu> = sets M" "s_finite_measure \<mu>" "\<mu> A \<noteq> 0"
+ shows "qbs_l (uniform_qbs (qbs_l_inverse \<mu>) A) = uniform_measure \<mu> A" (is "?lhs = ?rhs")
+proof -
+ have "?lhs = qbs_l (qbs_l_inverse (uniform_measure \<mu> A))"
+ by(simp add: qbs_l_qbs_l_inverse[OF assms(1,2)] uniform_qbs_def)
+ also have "... = ?rhs"
+ proof(rule qbs_l_qbs_l_inverse)
+ consider "\<mu> A = \<infinity>" | "\<mu> A \<noteq> \<infinity>" by auto
+ then show "s_finite_measure (uniform_measure \<mu> A)"
+ proof cases
+ case 1
+ have A[measurable]: "A \<in> sets \<mu>"
+ using assms(3) emeasure_notin_sets by blast
+ have "uniform_measure \<mu> A = density \<mu> (\<lambda>x. 0)"
+ by(auto simp: uniform_measure_def 1 intro!: density_cong)
+ also have "... = null_measure \<mu>"
+ by(simp add: null_measure_eq_density)
+ finally show ?thesis
+ by(auto intro!: finite_measure.s_finite_measure_finite_measure finite_measureI)
+ next
+ case 2
+ show ?thesis
+ by(rule prob_space.s_finite_measure_prob[OF prob_space_uniform_measure[OF assms(3) 2]])
+ qed
+ qed(simp add: assms)
+ finally show ?thesis .
+qed
+
+corollary(in standard_borel_ne) qbs_l_uniform_qbs:
+ assumes "s \<in> qbs_space (monadM_qbs (measure_to_qbs M))" "qbs_l s A \<noteq> 0"
+ shows "qbs_l (uniform_qbs s A) = uniform_measure (qbs_l s) A"
+ by(simp add: qbs_l_uniform_qbs'[OF sets_qbs_l[OF assms(1),simplified lr_sets_ident] qbs_l_s_finite.s_finite_measure_axioms assms(2),symmetric] qbs_l_inverse_qbs_l[OF assms(1)])
+
+lemma interval_uniform_qbs: "(\<lambda>a b. uniform_qbs lborel\<^sub>Q {a<..<b::real}) \<in> borel\<^sub>Q \<Rightarrow>\<^sub>Q borel\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs borel\<^sub>Q"
+proof(rule curry_preserves_morphisms)
+ have "(\<lambda>xy. uniform_qbs lborel\<^sub>Q {fst xy<..<snd xy::real}) = qbs_l_inverse \<circ> (\<lambda>xy. uniform_measure lborel {fst xy<..<snd xy})"
+ by(auto simp: uniform_qbs_def)
+ also have "... \<in> measure_to_qbs (borel \<Otimes>\<^sub>M borel) \<rightarrow>\<^sub>Q monadM_qbs borel\<^sub>Q"
+ proof(safe intro!: standard_borel_ne.measure_with_args_morphism measure_kernel.s_finite_kernel_finite_bounded)
+ show "measure_kernel (borel \<Otimes>\<^sub>M borel) borel (\<lambda>xy. uniform_measure lborel {fst xy<..<snd xy :: real})"
+ proof
+ fix B :: "real set"
+ assume [measurable]:"B \<in> sets borel"
+ have [simp]:"emeasure lborel ({fst x<..<snd x} \<inter> B) / emeasure lborel {fst x<..<snd x} = (if fst x \<le> snd x then emeasure lborel ({fst x<..<snd x} \<inter> B) / ennreal (snd x - fst x) else 0)" for x
+ by auto
+ show "(\<lambda>x. emeasure (uniform_measure lborel {fst x<..<snd x}) B) \<in> borel_measurable (borel \<Otimes>\<^sub>M borel)"
+ by (simp, measurable) auto
+ qed auto
+ next
+ show "(a, b) \<in> space (borel \<Otimes>\<^sub>M borel) \<Longrightarrow> emeasure (uniform_measure lborel {fst (a, b)<..<snd (a, b)}) (space borel) < \<infinity>" for a b :: real
+ by(cases "a \<le> b") (use ennreal_divide_eq_top_iff top.not_eq_extremum in auto)
+ qed simp
+ finally show "(\<lambda>xy. uniform_qbs lborel\<^sub>Q {fst xy<..<snd xy::real}) \<in> borel\<^sub>Q \<Otimes>\<^sub>Q borel\<^sub>Q \<rightarrow>\<^sub>Q monadM_qbs borel\<^sub>Q"
+ by (simp add: borel_prod qbs_borel_prod)
+qed
+
+context
+ fixes a b :: real
+ assumes [arith]:"a < b"
+begin
+
+lemma qbs_uniform_distribution_expectation:
+ assumes "f \<in> qbs_borel \<rightarrow>\<^sub>Q qbs_borel"
+ shows "(\<integral>\<^sup>+\<^sub>Q x. f x \<partial>uniform_qbs lborel\<^sub>Q {a<..<b}) = (\<integral>\<^sup>+x \<in> {a<..<b}. f x \<partial>lborel) / (b - a)"
+proof -
+ have [measurable]: "f \<in> borel_measurable borel"
+ using assms qbs_Mx_is_morphisms qbs_Mx_qbs_borel by blast
+ show ?thesis
+ by(auto simp: qbs_nn_integral_def2_l standard_borel_ne.qbs_l_uniform_qbs[of borel lborel_qbs] nn_integral_uniform_measure)
+qed
+
+end
+
+subsubsection \<open> Bernoulli Distribution \<close>
+abbreviation qbs_bernoulli :: "real \<Rightarrow> bool qbs_measure" where
+"qbs_bernoulli \<equiv> (\<lambda>x. qbs_pmf (bernoulli_pmf x))"
+
+lemma bernoulli_measurable:
+ "(\<lambda>x. measure_pmf (bernoulli_pmf x)) \<in> borel \<rightarrow>\<^sub>M prob_algebra (count_space UNIV)"
+proof(rule measurable_prob_algebra_generated[where \<Omega>=UNIV and G=UNIV])
+ fix A :: "bool set"
+ have "A \<subseteq> {True,False}"
+ by auto
+ then consider "A = {}" | "A = {True}" | "A = {False}" | "A = {False,True}"
+ by auto
+ thus "(\<lambda>a. emeasure (measure_pmf (bernoulli_pmf a)) A) \<in> borel_measurable borel"
+ by(cases,simp_all add: emeasure_measure_pmf_finite bernoulli_pmf.rep_eq UNIV_bool[symmetric])
+qed (auto simp add: sets_borel_eq_count_space Int_stable_def measure_pmf.prob_space_axioms)
+
+lemma qbs_bernoulli_morphism: "qbs_bernoulli \<in> qbs_borel \<rightarrow>\<^sub>Q monadP_qbs (qbs_count_space UNIV)"
+ using standard_borel_ne.measure_with_args_morphismP[OF _ bernoulli_measurable]
+ by (simp add: qbs_pmf_def comp_def)
+
+lemma qbs_bernoulli_expectation:
+ assumes [simp]: "0 \<le> p" "p \<le> 1"
+ shows "(\<integral>\<^sub>Q x. f x \<partial>qbs_bernoulli p) = f True * p + f False * (1 - p)"
+ by(simp add: qbs_integral_def2_l)
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/Montecarlo.thy b/thys/S_Finite_Measure_Monad/Montecarlo.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Montecarlo.thy
@@ -0,0 +1,182 @@
+(* Title: Montecarlo.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+section \<open> Examples\<close>
+subsection \<open>Montecarlo Approximation\<close>
+
+theory Montecarlo
+ imports "Monad_QuasiBorel"
+begin
+
+declare [[coercion qbs_l]]
+
+abbreviation real_quasi_borel :: "real quasi_borel" ("\<real>\<^sub>Q") where
+"real_quasi_borel \<equiv> qbs_borel"
+abbreviation nat_quasi_borel :: "nat quasi_borel" ("\<nat>\<^sub>Q") where
+"nat_quasi_borel \<equiv> qbs_count_space UNIV"
+
+
+primrec montecarlo :: "'a qbs_measure \<Rightarrow> ('a \<Rightarrow> real) \<Rightarrow> nat \<Rightarrow> real qbs_measure" where
+"montecarlo _ _ 0 = return_qbs \<real>\<^sub>Q 0" |
+"montecarlo d h (Suc n) = do { m \<leftarrow> montecarlo d h n;
+ x \<leftarrow> d;
+ return_qbs \<real>\<^sub>Q ((h x + m * (real n)) / (real (Suc n)))}"
+
+declare
+ bind_qbs_morphismP[qbs]
+ return_qbs_morphismP[qbs]
+ qbs_pair_measure_morphismP[qbs]
+
+lemma montecarlo_qbs_morphism[qbs]: "montecarlo \<in> qbs_space (monadP_qbs X \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q \<nat>\<^sub>Q \<Rightarrow>\<^sub>Q monadP_qbs \<real>\<^sub>Q)"
+ by(simp add: montecarlo_def)
+
+(* integrability *)
+lemma qbs_integrable_indep_mult2[simp, intro!]:
+ fixes f :: "_ \<Rightarrow> real"
+ assumes "qbs_integrable p f"
+ and "qbs_integrable q g"
+ shows "qbs_integrable (p \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s q) (\<lambda>x. g (snd x) * f (fst x))"
+ using qbs_integrable_indep_mult[OF assms] by (simp add: mult.commute)
+
+
+lemma montecarlo_integrable:
+ assumes [qbs]:"p \<in> qbs_space (monadP_qbs X)" "h \<in> X \<rightarrow>\<^sub>Q \<real>\<^sub>Q" "qbs_integrable p h" "qbs_integrable p (\<lambda>x. h x * h x)"
+ shows "qbs_integrable (montecarlo p h n) (\<lambda>x. x)" "qbs_integrable (montecarlo p h n) (\<lambda>x. x * x)"
+proof -
+ have "qbs_integrable (montecarlo p h n) (\<lambda>x. x) \<and> qbs_integrable (montecarlo p h n) (\<lambda>x. x * x)"
+ proof(induction n)
+ case 0
+ then show ?case
+ by simp
+ next
+ case (Suc n)
+ hence 1[intro,simp]:"qbs_integrable (montecarlo p h n) (\<lambda>x. x)" "qbs_integrable (montecarlo p h n) (\<lambda>x. x * x)"
+ by simp_all
+ have 2[intro,simp]: "\<And>q f. qbs_integrable q (\<lambda>x. f x * f x) \<Longrightarrow> qbs_integrable q (\<lambda>x. f x * a * (f x * b))" for a b :: real
+ by(auto simp: mult.commute[of _ a] mult.assoc intro!: qbs_integrable_scaleR_left[where 'a=real,simplified] qbs_integrable_scaleR_right[where 'a=real,simplified]) (auto simp: mult.assoc[of _ _ b,symmetric] intro!: qbs_integrable_scaleR_left[where 'a=real,simplified])
+ show ?case
+ by(auto simp add: qbs_bind_bind_return2P'[of _ "\<real>\<^sub>Q" X "\<real>\<^sub>Q"] split_beta' qbs_pair_measure_def[OF qbs_space_monadPM qbs_space_monadPM,symmetric] qbs_integrable_bind_return[OF qbs_space_monadPM,of _ "\<real>\<^sub>Q \<Otimes>\<^sub>Q X" _ "\<real>\<^sub>Q"] comp_def distrib_right distrib_left intro!: qbs_integrable_indep_mult qbs_integrable_indep1[OF 1(1),of _ X] qbs_integrable_indep2[OF assms(3),of _ "\<real>\<^sub>Q"] qbs_integrable_indep1[OF 1(2),of _ X] qbs_integrable_indep2[OF assms(4),of _ "\<real>\<^sub>Q"] qbs_integrable_const[OF assms(1)] qbs_integrable_scaleR_left[where 'a=real,simplified] assms(3,4))
+ qed
+ thus "qbs_integrable (montecarlo p h n) (\<lambda>x. x)" "qbs_integrable (montecarlo p h n) (\<lambda>x. x * x)"
+ by simp_all
+qed
+
+lemma
+ fixes n :: nat
+ assumes [qbs]:"p \<in> qbs_space (monadP_qbs X)" "h \<in> X \<rightarrow>\<^sub>Q \<real>\<^sub>Q" "qbs_integrable p h" "qbs_integrable p (\<lambda>x. h x * h x)"
+ and e:"e > 0"
+ and "(\<integral>\<^sub>Q x. h x \<partial>p) = \<mu>" "(\<integral>\<^sub>Q x. (h x - \<mu>)\<^sup>2 \<partial>p) = \<sigma>\<^sup>2"
+ and n:"n > 0"
+ shows "\<P>(y in montecarlo p h n. \<bar>y - \<mu>\<bar> \<ge> e) \<le> \<sigma>\<^sup>2 / (real n * e\<^sup>2)" (is "?P \<le> _")
+proof -
+ note [intro!] = montecarlo_integrable[OF assms(1-4)] qbs_integrable_indep_mult qbs_integrable_indep1[OF montecarlo_integrable(1)[OF assms(1-4)],of _ X] qbs_integrable_indep2[OF assms(3),of _ "\<real>\<^sub>Q"] qbs_integrable_indep1[OF montecarlo_integrable(2)[OF assms(1-4)],of _ X] qbs_integrable_indep2[OF assms(4),of _ "\<real>\<^sub>Q"] qbs_integrable_const[OF assms(1)] qbs_integrable_scaleR_right[where 'a=real,simplified] qbs_integrable_scaleR_left[where 'a=real,simplified] assms(3,4) qbs_integrable_sq qbs_integrable_const[of "montecarlo p h _ \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p" "\<real>\<^sub>Q \<Otimes>\<^sub>Q X"] qbs_integrable_const[of "montecarlo p h _" "\<real>\<^sub>Q"]
+ have integrable[intro,simp]: "\<And>q f. qbs_integrable q (\<lambda>x. f x * f x) \<Longrightarrow> qbs_integrable q (\<lambda>x. f x * a * (f x * b))" for a b :: real
+ by(auto simp: mult.commute[of _ a] mult.assoc) (auto simp: mult.assoc[of _ _ b,symmetric])
+ have exp:"(\<integral>\<^sub>Q y. y \<partial>(montecarlo p h n)) = \<mu>" (is "?e n") and var:"(\<integral>\<^sub>Q y. (y - \<mu>)\<^sup>2 \<partial>(montecarlo p h n)) = \<sigma>\<^sup>2 / n" (is "?v n")
+ proof -
+ have "?e n \<and> ?v n"
+ using n
+ proof(induction n)
+ case 0
+ then show ?case
+ by simp
+ next
+ case ih:(Suc n)
+ consider "n = 0" | "n > 0" by auto
+ then show ?case
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto simp: qbs_integral_indep2[OF qbs_integrable_sq[OF qbs_integrable_const[OF assms(1)] assms(3)],simplified power2_eq_square,OF assms(4),of _ qbs_borel] power2_eq_square qbs_bind_bind_return2P'[of _ "\<real>\<^sub>Q" X "\<real>\<^sub>Q"] split_beta' qbs_pair_measure_def[OF qbs_space_monadPM qbs_space_monadPM,symmetric] qbs_integral_bind_return[OF qbs_space_monadPM,of _ "\<real>\<^sub>Q \<Otimes>\<^sub>Q X" _ "\<real>\<^sub>Q"] comp_def qbs_integral_indep2[OF assms(3),of _ "\<real>\<^sub>Q"] qbs_integral_indep2[OF assms(4),of _ "\<real>\<^sub>Q"] assms(6,7)[simplified power2_eq_square])
+ next
+ case n[arith]:2
+ with ih have eq: "(\<integral>\<^sub>Q y. y \<partial>montecarlo p h n) = \<mu> " "(\<integral>\<^sub>Q y. (y - \<mu>)\<^sup>2 \<partial>montecarlo p h n) = \<sigma>\<^sup>2 / real n"
+ by simp_all
+
+ have 1:"?e (Suc n)"
+ proof -
+ have "(\<integral>\<^sub>Q x. h (snd x) + fst x * real n \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = ((\<integral>\<^sub>Q x. h (snd x) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) + (\<integral>\<^sub>Q x. fst x * real n \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)))"
+ by(rule qbs_integral_add) auto
+ also have "... = \<mu> + \<mu> * n"
+ proof -
+ have "(\<integral>\<^sub>Q x. h (snd x) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = (\<integral>\<^sub>Q x. h x \<partial>p)"
+ by(auto intro!: qbs_integral_indep2[of _ _ _ "\<real>\<^sub>Q"])
+ moreover have "(\<integral>\<^sub>Q x. fst x \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = (\<integral>\<^sub>Q y. y \<partial>montecarlo p h n)"
+ by(auto intro!: qbs_integral_indep1[of _ _ _ X])
+ ultimately show ?thesis
+ by(simp add: eq assms)
+ qed
+ finally have "( \<integral>\<^sub>Q y. y \<partial>montecarlo p h (Suc n)) = 1 / (Suc n) * (\<mu> + \<mu> * n)"
+ by(auto simp: qbs_bind_bind_return2P'[of _ "\<real>\<^sub>Q" X "\<real>\<^sub>Q"] split_beta' qbs_pair_measure_def[OF qbs_space_monadPM qbs_space_monadPM,symmetric] qbs_integral_bind_return[OF qbs_space_monadPM,of _ "\<real>\<^sub>Q \<Otimes>\<^sub>Q X" _ "\<real>\<^sub>Q"] comp_def)
+ also have "... = 1 / (Suc n) * (\<mu> * (1 + real n))"
+ by(simp add: distrib_left)
+ also have "... = \<mu>"
+ by simp
+ finally show ?thesis .
+ qed
+ have 2: "?v (Suc n)"
+ proof -
+ have "(\<integral>\<^sub>Q y. (y - \<mu>)\<^sup>2 \<partial>montecarlo p h (Suc n)) = (\<integral>\<^sub>Q x. ((h (snd x) + fst x * real n) / real (Suc n) - \<mu>)\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(auto simp: qbs_bind_bind_return2P'[of _ "\<real>\<^sub>Q" X "\<real>\<^sub>Q"] split_beta' qbs_pair_measure_def[OF qbs_space_monadPM qbs_space_monadPM,symmetric] qbs_integral_bind_return[OF qbs_space_monadPM,of _ "\<real>\<^sub>Q \<Otimes>\<^sub>Q X" _ "\<real>\<^sub>Q"] comp_def)
+ also have "... = (\<integral>\<^sub>Q x. ((h (snd x) + fst x * real n) / real (Suc n) - (Suc n) * \<mu> / Suc n)\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by simp
+ also have "... = (\<integral>\<^sub>Q x. ((h (snd x) + fst x * real n - (Suc n) * \<mu>) / Suc n)\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(simp only: diff_divide_distrib[symmetric])
+ also have "... = (\<integral>\<^sub>Q x. ((h (snd x) - \<mu> + (fst x * real n - real n * \<mu>)) / Suc n)\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by (simp add: add_diff_add distrib_left mult.commute)
+ also have "... = (\<integral>\<^sub>Q x. (1 / real (Suc n) * (h (snd x) - \<mu>) + n / real (Suc n) * (fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(auto simp: add_divide_distrib[symmetric] pair_qbs_space mult.commute[of _ "real n"]) (simp add: right_diff_distrib)
+ also have "... = (\<integral>\<^sub>Q x. (1 / real (Suc n) * (h (snd x) - \<mu>))\<^sup>2 + (n / real (Suc n) * (fst x - \<mu>))\<^sup>2 + 2 * (1 / real (Suc n) * (h (snd x) - \<mu>)) * (n / real (Suc n) * (fst x - \<mu>)) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(simp add: power2_sum)
+ also have "... = (\<integral>\<^sub>Q x. 1 / (real (Suc n))\<^sup>2 * ((h (snd x) - \<mu>))\<^sup>2 + (n / real (Suc n))\<^sup>2 * ((fst x - \<mu>))\<^sup>2 + 2 * (1 / real (Suc n) * (h (snd x) - \<mu>)) * (n / real (Suc n) * (fst x - \<mu>)) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(simp only: power_mult_distrib) (simp add: power2_eq_square)
+ also have "... = (\<integral>\<^sub>Q x. 1 / (real (Suc n))\<^sup>2 * ((h (snd x) - \<mu>))\<^sup>2 + (n / real (Suc n))\<^sup>2 * ((fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) + (\<integral>\<^sub>Q x. 2 * (1 / real (Suc n) * (h (snd x) - \<mu>)) * (n / real (Suc n) * (fst x - \<mu>)) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(rule qbs_integral_add, auto) (auto simp: power2_eq_square)
+ also have "... = (\<integral>\<^sub>Q x. 1 / (real (Suc n))\<^sup>2 * ((h (snd x) - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) + (\<integral>\<^sub>Q x. (n / real (Suc n))\<^sup>2 * ((fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) + (\<integral>\<^sub>Q x. 2 * (1 / real (Suc n) * (h (snd x) - \<mu>)) * (n / real (Suc n) * (fst x - \<mu>)) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ proof -
+ have "(\<integral>\<^sub>Q x. 1 / (real (Suc n))\<^sup>2 * ((h (snd x) - \<mu>))\<^sup>2 + (n / real (Suc n))\<^sup>2 * ((fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = (\<integral>\<^sub>Q x. 1 / (real (Suc n))\<^sup>2 * ((h (snd x) - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) + (\<integral>\<^sub>Q x. (n / real (Suc n))\<^sup>2 * ((fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p))"
+ by(rule qbs_integral_add, auto) (auto simp: power2_eq_square)
+ thus ?thesis by simp
+ qed
+ also have "... = 1 / (real (Suc n))\<^sup>2 * \<sigma>\<^sup>2 + (n / real (Suc n))\<^sup>2 * (\<sigma>\<^sup>2 / n)"
+ proof -
+ have 1: "(\<integral>\<^sub>Q x. ((h (snd x) - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = (\<integral>\<^sub>Q x. (h x - \<mu>)\<^sup>2 \<partial>p)"
+ by(auto intro!: qbs_integral_indep2[of _ _ _ "\<real>\<^sub>Q"]) (auto simp: power2_eq_square)
+ have 2: "(\<integral>\<^sub>Q x. ((fst x - \<mu>))\<^sup>2 \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = (\<integral>\<^sub>Q y. (y - \<mu>)\<^sup>2 \<partial>montecarlo p h n)"
+ by(auto intro!: qbs_integral_indep1[of _ _ _ X]) (auto simp: power2_eq_square)
+ have 3: "(\<integral>\<^sub>Q x. 2 * (1 / real (Suc n) * (h (snd x) - \<mu>)) * (n / real (Suc n) * (fst x - \<mu>)) \<partial>(montecarlo p h n \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s p)) = 0" (is "?l = _")
+ proof -
+ have "?l = (\<integral>\<^sub>Q x. 2 * (1 / real (Suc n) * (h x - \<mu>)) \<partial>p) * (\<integral>\<^sub>Q x. (n / real (Suc n) * (x - \<mu>)) \<partial>montecarlo p h n)"
+ by(rule qbs_integral_indep_mult2[of _ "\<real>\<^sub>Q" _ X]) auto
+ also have "... = 0"
+ by(simp add: qbs_integral_diff[OF montecarlo_integrable(1)[OF assms(1-4)] qbs_integrable_const[of _ "\<real>\<^sub>Q"]] eq qbs_integral_const_prob[of _ "\<real>\<^sub>Q"])
+ finally show ?thesis .
+ qed
+ show ?thesis
+ unfolding 3 by(simp add: 1 2 eq assms)
+ qed
+ also have "... = 1 / (real (Suc n))\<^sup>2 * \<sigma>\<^sup>2 + real n / (real (Suc n))\<^sup>2 * \<sigma>\<^sup>2"
+ by(auto simp: power2_eq_square)
+ also have "... = (1 + real n) * \<sigma>\<^sup>2 / (real (Suc n))\<^sup>2"
+ by (simp add: add_divide_distrib ring_class.ring_distribs(2))
+ also have "... = \<sigma>\<^sup>2 / real (Suc n)"
+ by(auto simp: power2_eq_square)
+ finally show ?thesis .
+ qed
+ show ?thesis
+ by(simp only: 1 2)
+ qed
+ qed
+ thus "?e n" "?v n" by simp_all
+ qed
+
+
+ have "?P \<le> (\<integral>\<^sub>Q x. (x - \<mu>)\<^sup>2 \<partial>montecarlo p h n) / e\<^sup>2"
+ unfolding exp[symmetric] by(rule Chebyshev_inequality_qbs_prob[of "montecarlo p h n" qbs_borel "\<lambda>x. x"]) (auto simp: power2_eq_square e)
+ also have "... = \<sigma>\<^sup>2 / (real n * e\<^sup>2)"
+ by(simp add: var)
+ finally show ?thesis .
+qed
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/QBS_Morphism.thy b/thys/S_Finite_Measure_Monad/QBS_Morphism.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/QBS_Morphism.thy
@@ -0,0 +1,427 @@
+(* Title: QBS_Morphism.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+subsection \<open> Morphisms of Quasi-Borel Spaces \<close>
+theory QBS_Morphism
+
+imports
+ "QuasiBorel"
+
+begin
+
+abbreviation qbs_morphism :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> ('a \<Rightarrow> 'b) set" (infixr "\<rightarrow>\<^sub>Q" 60) where
+ "X \<rightarrow>\<^sub>Q Y \<equiv> qbs_space (X \<Rightarrow>\<^sub>Q Y)"
+
+lemma qbs_morphismI: "(\<And>\<alpha>. \<alpha> \<in> qbs_Mx X \<Longrightarrow> f \<circ> \<alpha> \<in> qbs_Mx Y) \<Longrightarrow> f \<in> X \<rightarrow>\<^sub>Q Y"
+ by(auto simp: exp_qbs_space)
+
+lemma qbs_morphism_def: "X \<rightarrow>\<^sub>Q Y = {f\<in>qbs_space X \<rightarrow> qbs_space Y. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}"
+ unfolding exp_qbs_space
+proof safe
+ fix f x
+ assume h:"x \<in> qbs_space X " "\<forall>\<alpha>\<in>qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y"
+ then have "(\<lambda>r. x) \<in> qbs_Mx X"
+ by simp
+ hence "f \<circ> (\<lambda>r. x) \<in> qbs_Mx Y"
+ using h by blast
+ with qbs_Mx_to_X show "f x \<in> qbs_space Y"
+ by auto
+qed auto
+
+lemma qbs_morphism_Mx:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "\<alpha> \<in> qbs_Mx X"
+ shows "f \<circ> \<alpha> \<in> qbs_Mx Y"
+ using assms by(auto simp: qbs_morphism_def)
+
+lemma qbs_morphism_space:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "x \<in> qbs_space X"
+ shows "f x \<in> qbs_space Y"
+ using assms by(auto simp: qbs_morphism_def)
+
+lemma qbs_morphism_ident[simp]:
+ "id \<in> X \<rightarrow>\<^sub>Q X"
+ by(auto intro: qbs_morphismI)
+
+lemma qbs_morphism_ident'[simp]:
+ "(\<lambda>x. x) \<in> X \<rightarrow>\<^sub>Q X"
+ using qbs_morphism_ident by(simp add: id_def)
+
+lemma qbs_morphism_comp:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "g \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "g \<circ> f \<in> X \<rightarrow>\<^sub>Q Z"
+ using assms by (simp add: comp_assoc Pi_def qbs_morphism_def)
+
+lemma qbs_morphism_compose_rev:
+ assumes "f \<in> Y \<rightarrow>\<^sub>Q Z" and "g \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>x. f (g x)) \<in> X \<rightarrow>\<^sub>Q Z"
+ using qbs_morphism_comp[OF assms(2,1)] by(simp add: comp_def)
+
+lemma qbs_morphism_compose:
+ assumes "g \<in> X \<rightarrow>\<^sub>Q Y" and "f \<in> Y \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>x. f (g x)) \<in> X \<rightarrow>\<^sub>Q Z"
+ using qbs_morphism_compose_rev[OF assms(2,1)] .
+
+lemma qbs_morphism_cong':
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ and "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "g \<in> X \<rightarrow>\<^sub>Q Y"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume 1:"\<alpha> \<in> qbs_Mx X"
+ have "g \<circ> \<alpha> = f \<circ> \<alpha>"
+ proof
+ fix x
+ have "\<alpha> x \<in> qbs_space X"
+ using 1 qbs_decomp[of X] qbs_Mx_to_X by auto
+ thus "(g \<circ> \<alpha>) x = (f \<circ> \<alpha>) x"
+ using assms(1) by simp
+ qed
+ thus "g \<circ> \<alpha> \<in> qbs_Mx Y"
+ using 1 assms(2) by(simp add: qbs_morphism_def)
+qed
+
+lemma qbs_morphism_cong:
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x = g x"
+ shows "f \<in> X \<rightarrow>\<^sub>Q Y \<longleftrightarrow> g \<in> X \<rightarrow>\<^sub>Q Y"
+ using assms by(auto simp: qbs_morphism_cong'[of _ f g] qbs_morphism_cong'[of _ g f])
+
+lemma qbs_morphism_const:
+ assumes "y \<in> qbs_space Y"
+ shows "(\<lambda>x. y) \<in> X \<rightarrow>\<^sub>Q Y"
+ using assms by (auto intro: qbs_morphismI)
+
+lemma qbs_morphism_from_empty: "qbs_space X = {} \<Longrightarrow> f \<in> X \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphismI simp: qbs_empty_equiv)
+
+lemma unit_quasi_borel_terminal: "\<exists>! f. f \<in> X \<rightarrow>\<^sub>Q unit_quasi_borel"
+ by(fastforce simp: qbs_morphism_def)
+
+definition to_unit_quasi_borel :: "'a \<Rightarrow> unit" ("!\<^sub>Q") where
+"to_unit_quasi_borel \<equiv> (\<lambda>r.())"
+
+lemma to_unit_quasi_borel_morphism:
+ "!\<^sub>Q \<in> X \<rightarrow>\<^sub>Q unit_quasi_borel"
+ by(auto simp add: to_unit_quasi_borel_def qbs_morphism_def)
+
+lemma qbs_morphism_subD:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q sub_qbs Y A"
+ shows "f \<in> X \<rightarrow>\<^sub>Q Y"
+ using qbs_morphism_Mx[OF assms] by(auto intro!: qbs_morphismI simp: sub_qbs_Mx)
+
+lemma qbs_morphism_subI1:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "\<And>x. x \<in> qbs_space X \<Longrightarrow> f x \<in> A"
+ shows "f \<in> X \<rightarrow>\<^sub>Q sub_qbs Y A"
+ using qbs_morphism_space[OF assms(1)] qbs_morphism_Mx[OF assms(1)] assms(2) qbs_Mx_to_X[of _ X]
+ by(auto intro!: qbs_morphismI simp: sub_qbs_Mx)
+
+lemma qbs_morphism_subI2:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "f \<in> sub_qbs X A \<rightarrow>\<^sub>Q Y"
+ using qbs_morphism_Mx[OF assms] by(auto intro!: qbs_morphismI simp: sub_qbs_Mx)
+
+corollary qbs_morphism_subsubI:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q Y" "\<And>x. x \<in> A \<Longrightarrow> f x \<in> B"
+ shows "f \<in> sub_qbs X A \<rightarrow>\<^sub>Q sub_qbs Y B"
+ by(rule qbs_morphism_subI1) (auto intro!: qbs_morphism_subI2 assms simp: sub_qbs_space)
+
+lemma map_qbs_morphism_f: "f \<in> X \<rightarrow>\<^sub>Q map_qbs f X"
+ by(auto intro!: qbs_morphismI simp: map_qbs_Mx)
+
+lemma map_qbs_morphism_inverse_f:
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> g (f x) = x"
+ shows "g \<in> map_qbs f X \<rightarrow>\<^sub>Q X"
+proof -
+ {
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx X"
+ from qbs_Mx_to_X[OF this] assms have "g \<circ> (f \<circ> \<alpha>) = \<alpha>"
+ by auto
+ with h have "g \<circ> (f \<circ> \<alpha>) \<in> qbs_Mx X" by simp
+ }
+ thus ?thesis
+ by(auto intro!: qbs_morphismI simp: map_qbs_Mx)
+qed
+
+lemma pair_qbs_morphismI:
+ assumes "\<And>\<alpha> \<beta>. \<alpha> \<in> qbs_Mx X \<Longrightarrow> \<beta> \<in> qbs_Mx Y
+ \<Longrightarrow> (\<lambda>r. f (\<alpha> r, \<beta> r)) \<in> qbs_Mx Z"
+ shows "f \<in> (X \<Otimes>\<^sub>Q Y) \<rightarrow>\<^sub>Q Z"
+ using assms by(fastforce intro!: qbs_morphismI simp: pair_qbs_Mx comp_def)
+
+lemma pair_qbs_MxD:
+ assumes "\<gamma> \<in> qbs_Mx (X \<Otimes>\<^sub>Q Y)"
+ obtains \<alpha> \<beta> where "\<alpha> \<in> qbs_Mx X" "\<beta> \<in> qbs_Mx Y" "\<gamma> = (\<lambda>x. (\<alpha> x, \<beta> x))"
+ using assms by(auto simp: pair_qbs_Mx)
+
+lemma pair_qbs_MxI:
+ assumes "(\<lambda>x. fst (\<gamma> x)) \<in> qbs_Mx X" and "(\<lambda>x. snd (\<gamma> x)) \<in> qbs_Mx Y"
+ shows "\<gamma> \<in> qbs_Mx (X \<Otimes>\<^sub>Q Y)"
+ using assms by(auto simp: pair_qbs_Mx comp_def)
+
+lemma
+ shows fst_qbs_morphism: "fst \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q X"
+ and snd_qbs_morphism: "snd \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: pair_qbs_morphismI simp: comp_def)
+
+lemma qbs_morphism_pair_iff:
+ "f \<in> X \<rightarrow>\<^sub>Q Y \<Otimes>\<^sub>Q Z \<longleftrightarrow> fst \<circ> f \<in> X \<rightarrow>\<^sub>Q Y \<and> snd \<circ> f \<in> X \<rightarrow>\<^sub>Q Z"
+ by(auto intro!: qbs_morphism_comp fst_qbs_morphism snd_qbs_morphism)
+ (auto dest: qbs_morphism_Mx intro!: qbs_morphismI simp: pair_qbs_Mx comp_assoc[symmetric])
+
+lemma qbs_morphism_Pair:
+ assumes "f \<in> Z \<rightarrow>\<^sub>Q X"
+ and "g \<in> Z \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>z. (f z, g z)) \<in> Z \<rightarrow>\<^sub>Q X \<Otimes>\<^sub>Q Y"
+ unfolding qbs_morphism_pair_iff
+ using assms by (auto simp: comp_def)
+
+lemma qbs_morphism_curry: "curry \<in> exp_qbs (X \<Otimes>\<^sub>Q Y) Z \<rightarrow>\<^sub>Q exp_qbs X (exp_qbs Y Z)"
+ by(auto intro!: qbs_morphismI simp: pair_qbs_Mx exp_qbs_Mx comp_def)
+
+corollary curry_preserves_morphisms:
+ assumes "(\<lambda>xy. f (fst xy) (snd xy)) \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ shows "f \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Z"
+ using qbs_morphism_space[OF qbs_morphism_curry assms] by (auto simp: curry_def)
+
+lemma qbs_morphism_eval:
+ "(\<lambda>fx. (fst fx) (snd fx)) \<in> (X \<Rightarrow>\<^sub>Q Y) \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q Y"
+ by(auto intro!: qbs_morphismI simp: pair_qbs_Mx exp_qbs_Mx comp_def)
+
+corollary qbs_morphism_app:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q (Y \<Rightarrow>\<^sub>Q Z)" "g \<in> X \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>x. (f x) (g x)) \<in> X \<rightarrow>\<^sub>Q Z"
+ by(rule qbs_morphism_cong'[where f="(\<lambda>fx. (fst fx) (snd fx)) \<circ> (\<lambda>x. (f x, g x))",OF _ qbs_morphism_comp[OF qbs_morphism_Pair[OF assms] qbs_morphism_eval]]) auto
+
+ML_file \<open>qbs.ML\<close>
+
+attribute_setup qbs = \<open>
+ Attrib.add_del Qbs.qbs_add Qbs.qbs_del\<close>
+ "declaration of qbs rule"
+
+method_setup qbs = \<open> Scan.lift (Scan.succeed (METHOD o Qbs.qbs_tac))\<close>
+
+simproc_setup qbs ("x \<in> qbs_space X") = \<open>K Qbs.simproc\<close>
+
+declare
+ fst_qbs_morphism[qbs]
+ snd_qbs_morphism[qbs]
+ qbs_morphism_const[qbs]
+ qbs_morphism_ident[qbs]
+ qbs_morphism_ident'[qbs]
+ qbs_morphism_curry[qbs]
+
+lemma [qbs]:
+ shows qbs_morphism_Pair1: "Pair \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q (X \<Otimes>\<^sub>Q Y)"
+ by(auto intro!: qbs_morphismI simp: exp_qbs_Mx pair_qbs_Mx comp_def)
+
+lemma qbs_morphism_case_prod[qbs]: "case_prod \<in> exp_qbs X (exp_qbs Y Z) \<rightarrow>\<^sub>Q exp_qbs (X \<Otimes>\<^sub>Q Y) Z"
+ by(fastforce intro!: qbs_morphismI simp: exp_qbs_Mx pair_qbs_Mx comp_def split_beta')
+
+lemma uncurry_preserves_morphisms:
+ assumes [qbs]:"(\<lambda>x y. f (x,y)) \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q Z"
+ shows "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ by(rule qbs_morphism_cong'[where f="case_prod (\<lambda>x y. f (x,y))"],simp) qbs
+
+lemma qbs_morphism_comp'[qbs]:"comp \<in> Y \<Rightarrow>\<^sub>Q Z \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q X \<Rightarrow>\<^sub>Q Z"
+ by(auto intro!: qbs_morphismI simp: exp_qbs_Mx)
+
+lemma arg_swap_morphism:
+ assumes "f \<in> X \<rightarrow>\<^sub>Q exp_qbs Y Z"
+ shows "(\<lambda>y x. f x y) \<in> Y \<rightarrow>\<^sub>Q exp_qbs X Z"
+ using assms by simp
+
+lemma exp_qbs_comp_morphism:
+ assumes "f \<in> W \<rightarrow>\<^sub>Q exp_qbs X Y"
+ and "g \<in> W \<rightarrow>\<^sub>Q exp_qbs Y Z"
+ shows "(\<lambda>w. g w \<circ> f w) \<in> W \<rightarrow>\<^sub>Q exp_qbs X Z"
+ using assms by qbs
+
+lemma arg_swap_morphism_map_qbs1:
+ assumes "g \<in> exp_qbs W (exp_qbs X Y) \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>k. g (k \<circ> f)) \<in> exp_qbs (map_qbs f W) (exp_qbs X Y) \<rightarrow>\<^sub>Q Z"
+ using assms map_qbs_morphism_f by qbs
+
+lemma qbs_morphism_map_prod[qbs]: "map_prod \<in> X \<Rightarrow>\<^sub>Q Y \<rightarrow>\<^sub>Q (W \<Rightarrow>\<^sub>Q Z) \<Rightarrow>\<^sub>Q (X \<Otimes>\<^sub>Q W) \<Rightarrow>\<^sub>Q (Y \<Otimes>\<^sub>Q Z)"
+ by(auto intro!: qbs_morphismI simp: exp_qbs_Mx pair_qbs_Mx map_prod_def comp_def case_prod_beta')
+
+lemma qbs_morphism_pair_swap:
+ assumes "f \<in> X \<Otimes>\<^sub>Q Y \<rightarrow>\<^sub>Q Z"
+ shows "(\<lambda>(x,y). f (y,x)) \<in> Y \<Otimes>\<^sub>Q X \<rightarrow>\<^sub>Q Z"
+ using assms by simp
+
+lemma
+ shows qbs_morphism_pair_assoc1: "(\<lambda>((x,y),z). (x,(y,z))) \<in> (X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q Z \<rightarrow>\<^sub>Q X \<Otimes>\<^sub>Q (Y \<Otimes>\<^sub>Q Z)"
+ and qbs_morphism_pair_assoc2: "(\<lambda>(x,(y,z)). ((x,y),z)) \<in> X \<Otimes>\<^sub>Q (Y \<Otimes>\<^sub>Q Z) \<rightarrow>\<^sub>Q (X \<Otimes>\<^sub>Q Y) \<Otimes>\<^sub>Q Z"
+ by simp_all
+
+lemma Inl_qbs_morphism[qbs]: "Inl \<in> X \<rightarrow>\<^sub>Q X \<Oplus>\<^sub>Q Y"
+ by(auto intro!: qbs_morphismI bexI[where x="{}"] simp: copair_qbs_Mx copair_qbs_Mx_def comp_def)
+
+lemma Inr_qbs_morphism[qbs]: "Inr \<in> Y \<rightarrow>\<^sub>Q X \<Oplus>\<^sub>Q Y"
+ by(auto intro!: qbs_morphismI bexI[where x="UNIV"] simp: copair_qbs_Mx copair_qbs_Mx_def comp_def)
+
+lemma case_sum_qbs_morphism[qbs]: "case_sum \<in> X \<Rightarrow>\<^sub>Q Z \<rightarrow>\<^sub>Q (Y \<Rightarrow>\<^sub>Q Z) \<Rightarrow>\<^sub>Q (X \<Oplus>\<^sub>Q Y \<Rightarrow>\<^sub>Q Z)"
+ by(auto intro!: qbs_morphismI qbs_Mx_indicat simp: copair_qbs_Mx copair_qbs_Mx_def exp_qbs_Mx case_sum_if)
+
+lemma map_sum_qbs_morphism[qbs]: "map_sum \<in> X \<Rightarrow>\<^sub>Q Y \<rightarrow>\<^sub>Q (X' \<Rightarrow>\<^sub>Q Y') \<Rightarrow>\<^sub>Q (X \<Oplus>\<^sub>Q X' \<Rightarrow>\<^sub>Q Y \<Oplus>\<^sub>Q Y')"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx (X \<Rightarrow>\<^sub>Q Y)"
+ then have ha[measurable]: "\<forall>(k :: real \<Rightarrow> real)\<in>borel_measurable borel. \<forall>a\<in>qbs_Mx X. (\<lambda>r. \<alpha> (k r) (a r)) \<in> qbs_Mx Y"
+ by (auto simp: exp_qbs_Mx)
+ show "map_sum \<circ> \<alpha> \<in> qbs_Mx ((X' \<Rightarrow>\<^sub>Q Y') \<Rightarrow>\<^sub>Q X \<Oplus>\<^sub>Q X' \<Rightarrow>\<^sub>Q Y \<Oplus>\<^sub>Q Y')"
+ unfolding exp_qbs_Mx
+ proof safe
+ fix \<beta> b and f g :: "real \<Rightarrow> real"
+ assume h[measurable]: "\<forall>(k :: real \<Rightarrow> real)\<in>borel_measurable borel. \<forall>b\<in>qbs_Mx X'. (\<lambda>r. \<beta> (k r) (b r)) \<in> qbs_Mx Y'"
+ "f \<in> borel_measurable borel" "g \<in> borel_measurable borel"
+ and b: "b \<in> qbs_Mx (X \<Oplus>\<^sub>Q X')"
+ show "(\<lambda>r. (map_sum \<circ> \<alpha>) (f (g r)) (\<beta> (g r)) (b r)) \<in> qbs_Mx (Y \<Oplus>\<^sub>Q Y')"
+ proof(rule copair_qbs_MxD[OF b])
+ fix a
+ assume "a \<in> qbs_Mx X" "b = (\<lambda>r. Inl (a r))"
+ with ha show "(\<lambda>r. (map_sum \<circ> \<alpha>) (f (g r)) (\<beta> (g r)) (b r)) \<in> qbs_Mx (Y \<Oplus>\<^sub>Q Y')"
+ by(auto simp: copair_qbs_Mx copair_qbs_Mx_def intro!: bexI[where x="{}"])
+ next
+ fix a
+ assume "a \<in> qbs_Mx X'" "b = (\<lambda>r. Inr (a r))"
+ with h(1) show "(\<lambda>r. (map_sum \<circ> \<alpha>) (f (g r)) (\<beta> (g r)) (b r)) \<in> qbs_Mx (Y \<Oplus>\<^sub>Q Y')"
+ by(auto simp: copair_qbs_Mx copair_qbs_Mx_def intro!: bexI[where x="UNIV"])
+ next
+ fix S a a'
+ assume "S \<in> sets borel" "S \<noteq> {}" "S \<noteq> UNIV" "a \<in> qbs_Mx X" "a' \<in> qbs_Mx X'" "b = (\<lambda>r. if r \<in> S then Inl (a r) else Inr (a' r))"
+ with h ha show "(\<lambda>r. (map_sum \<circ> \<alpha>) (f (g r)) (\<beta> (g r)) (b r)) \<in> qbs_Mx (Y \<Oplus>\<^sub>Q Y')"
+ by simp (fastforce simp: copair_qbs_Mx copair_qbs_Mx_def intro!: bexI[where x=S])
+ qed
+ qed
+qed
+
+lemma qbs_morphism_component_singleton[qbs]:
+ assumes "i \<in> I"
+ shows "(\<lambda>x. x i) \<in> (\<Pi>\<^sub>Q i\<in>I. (M i)) \<rightarrow>\<^sub>Q M i"
+ by(auto intro!: qbs_morphismI simp: comp_def assms PiQ_Mx)
+
+lemma qbs_morphism_component_singleton':
+ assumes "f \<in> Y \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>I. X i)" "g \<in> Z \<rightarrow>\<^sub>Q Y" "i \<in> I"
+ shows "(\<lambda>x. f (g x) i) \<in> Z \<rightarrow>\<^sub>Q X i"
+ by(auto intro!: qbs_morphism_compose[OF assms(2)] qbs_morphism_compose[OF assms(1)] qbs_morphism_component_singleton assms)
+
+lemma product_qbs_canonical1:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> f i \<in> Y \<rightarrow>\<^sub>Q X i"
+ and "\<And>i. i \<notin> I \<Longrightarrow> f i = (\<lambda>y. undefined)"
+ shows "(\<lambda>y i. f i y) \<in> Y \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>I. X i)"
+ using assms qbs_morphism_Mx[OF assms(1)] by(auto intro!: qbs_morphismI simp: PiQ_Mx comp_def)
+
+lemma product_qbs_canonical2:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> f i \<in> Y \<rightarrow>\<^sub>Q X i"
+ "\<And>i. i \<notin> I \<Longrightarrow> f i = (\<lambda>y. undefined)"
+ "g \<in> Y \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>I. X i)"
+ "\<And>i. i \<in> I \<Longrightarrow> f i = (\<lambda>x. x i) \<circ> g"
+ and "y \<in> qbs_space Y"
+ shows "g y = (\<lambda>i. f i y)"
+proof(intro ext)
+ fix i
+ show "g y i = f i y"
+ proof(cases "i \<in> I")
+ case True
+ then show ?thesis
+ using assms(4)[of i] by simp
+ next
+ case False
+ with qbs_morphism_space[OF assms(3)] assms(2,3,5) show ?thesis
+ by(auto simp: PiQ_Mx PiQ_space)
+ qed
+qed
+
+lemma merge_qbs_morphism:
+ "merge I J \<in> (\<Pi>\<^sub>Q i\<in>I. (M i)) \<Otimes>\<^sub>Q (\<Pi>\<^sub>Q j\<in>J. (M j)) \<rightarrow>\<^sub>Q (\<Pi>\<^sub>Q i\<in>I\<union>J. (M i))"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume h:"\<alpha> \<in> qbs_Mx ((\<Pi>\<^sub>Q i\<in>I. (M i)) \<Otimes>\<^sub>Q (\<Pi>\<^sub>Q j\<in>J. (M j)))"
+ show "merge I J \<circ> \<alpha> \<in> qbs_Mx (\<Pi>\<^sub>Q i\<in>I\<union>J. (M i))"
+ proof -
+ {
+ fix i
+ assume "i \<in> I \<union> J"
+ then consider "i \<in> I" | "i \<in> I \<and> i \<in> J" | "i \<notin> I \<and> i \<in> J"
+ by auto
+ hence "(\<lambda>r. (merge I J \<circ> \<alpha>) r i) \<in> qbs_Mx (M i)"
+ by cases (insert h, auto simp: merge_def split_beta' pair_qbs_Mx PiQ_Mx)
+ }
+ thus ?thesis
+ by(auto simp: PiQ_Mx) (auto simp: merge_def split_beta')
+ qed
+qed
+
+lemma ini_morphism[qbs]:
+ assumes "j \<in> I"
+ shows "(\<lambda>x. (j,x)) \<in> X j \<rightarrow>\<^sub>Q (\<amalg>\<^sub>Q i\<in>I. X i)"
+ by(fastforce intro!: qbs_morphismI exI[where x="\<lambda>r. j"] simp: coprod_qbs_Mx_def comp_def assms coprod_qbs_Mx)
+
+lemma coprod_qbs_canonical1:
+ assumes "countable I"
+ and "\<And>i. i \<in> I \<Longrightarrow> f i \<in> X i \<rightarrow>\<^sub>Q Y"
+ shows "(\<lambda>(i,x). f i x) \<in> (\<amalg>\<^sub>Q i \<in>I. X i) \<rightarrow>\<^sub>Q Y"
+proof(rule qbs_morphismI)
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx (coprod_qbs I X)"
+ then obtain \<beta> g where ha:
+ "\<And>i. i \<in> range g \<Longrightarrow> \<beta> i \<in> qbs_Mx (X i)" "\<alpha> = (\<lambda>r. (g r, \<beta> (g r) r))" and hg[measurable]:"g \<in> borel \<rightarrow>\<^sub>M count_space I"
+ by(fastforce simp: coprod_qbs_Mx_def coprod_qbs_Mx)
+ define f' where "f' \<equiv> (\<lambda>i r. f i (\<beta> i r))"
+ have "range g \<subseteq> I"
+ using measurable_space[OF hg] by auto
+ hence 1:"(\<And>i. i \<in> range g \<Longrightarrow> f' i \<in> qbs_Mx Y)"
+ using qbs_morphism_Mx[OF assms(2) ha(1),simplified comp_def]
+ by(auto simp: f'_def)
+ have "(\<lambda>(i, x). f i x) \<circ> \<alpha> = (\<lambda>r. f' (g r) r)"
+ by(auto simp: ha(2) f'_def)
+ also have "... \<in> qbs_Mx Y"
+ by(auto intro!: qbs_closed3_dest2'[OF assms(1) hg,of f',OF 1])
+ finally show "(\<lambda>(i, x). f i x) \<circ> \<alpha> \<in> qbs_Mx Y " .
+qed
+
+lemma coprod_qbs_canonical1':
+ assumes "countable I"
+ and "\<And>i. i \<in> I \<Longrightarrow> (\<lambda>x. f (i,x)) \<in> X i \<rightarrow>\<^sub>Q Y"
+ shows "f \<in> (\<amalg>\<^sub>Q i \<in>I. X i) \<rightarrow>\<^sub>Q Y"
+ using coprod_qbs_canonical1[where f="curry f"] assms by(auto simp: curry_def)
+
+lemma None_qbs[qbs]: "None \<in> qbs_space (option_qbs X)"
+ by(simp add: option_qbs_space)
+
+lemma Some_qbs[qbs]: "Some \<in> X \<rightarrow>\<^sub>Q option_qbs X"
+proof -
+ have 1: "Some = (\<lambda>x. case x of Inl y \<Rightarrow> Some y | Inr y \<Rightarrow> None) \<circ> Inl"
+ by standard auto
+ show ?thesis
+ unfolding option_qbs_def
+ by(rule qbs_morphism_cong'[OF _ qbs_morphism_comp[OF Inl_qbs_morphism map_qbs_morphism_f]]) (simp add: 1)
+qed
+
+lemma case_option_qbs_morphism[qbs]: "case_option \<in> qbs_space (Y \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q option_qbs X \<Rightarrow>\<^sub>Q Y)"
+proof(rule curry_preserves_morphisms[OF arg_swap_morphism])
+ have "(\<lambda>x y. case x of None \<Rightarrow> fst y | Some z \<Rightarrow> snd y z) = (\<lambda>x y. case x of Inr _ \<Rightarrow> fst y | Inl z \<Rightarrow> snd y z) \<circ> (\<lambda>z. case z of Some x \<Rightarrow> Inl x | None \<Rightarrow> Inr ())"
+ by standard+ (simp add: option.case_eq_if)
+ also have "... \<in> option_qbs X \<rightarrow>\<^sub>Q Y \<Otimes>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q Y"
+ unfolding option_qbs_def by(rule qbs_morphism_comp[OF map_qbs_morphism_inverse_f]) (auto simp: copair_qbs_space)
+ finally show " (\<lambda>x y. case x of None \<Rightarrow> fst y | Some x \<Rightarrow> snd y x) \<in> option_qbs X \<rightarrow>\<^sub>Q Y \<Otimes>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q Y" .
+qed
+
+lemma rec_option_qbs_morphism[qbs]: "rec_option \<in> qbs_space (Y \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q option_qbs X \<Rightarrow>\<^sub>Q Y)"
+proof -
+ have [simp]: "rec_option = case_option"
+ by standard+ (metis option.case_eq_if option.exhaust_sel option.simps(6) option.simps(7))
+ show ?thesis by simp
+qed
+
+lemma bind_option_qbs_morphism[qbs]: "(\<bind>) \<in> qbs_space (option_qbs X \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q option_qbs Y) \<Rightarrow>\<^sub>Q option_qbs Y)"
+ by(simp add: Option.bind_def)
+
+lemma Let_qbs_morphism[qbs]: "Let \<in> X \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q Y) \<Rightarrow>\<^sub>Q Y"
+proof -
+ have [simp]:"Let = (\<lambda>x f. f x)" by standard+ auto
+ show ?thesis by simp
+qed
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/QuasiBorel.thy b/thys/S_Finite_Measure_Monad/QuasiBorel.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/QuasiBorel.thy
@@ -0,0 +1,1465 @@
+(* Title: QuasiBorel.thy
+ Author: Michikazu Hirata, Yasuhiko Minamide Tokyo Institute of Technology
+*)
+
+section \<open>Quasi-Borel Spaces\<close>
+theory QuasiBorel
+imports "HOL-Probability.Probability"
+begin
+
+subsection \<open> Definitions \<close>
+
+subsubsection \<open> Quasi-Borel Spaces\<close>
+definition qbs_closed1 :: "(real \<Rightarrow> 'a) set \<Rightarrow> bool"
+ where "qbs_closed1 Mx \<equiv> (\<forall>a \<in> Mx. \<forall>f \<in> (borel :: real measure) \<rightarrow>\<^sub>M (borel :: real measure). a \<circ> f \<in> Mx)"
+
+definition qbs_closed2 :: "['a set, (real \<Rightarrow> 'a) set] \<Rightarrow> bool"
+ where "qbs_closed2 X Mx \<equiv> (\<forall>x \<in> X. (\<lambda>r. x) \<in> Mx)"
+
+definition qbs_closed3 :: "(real \<Rightarrow> 'a) set \<Rightarrow> bool"
+ where "qbs_closed3 Mx \<equiv> (\<forall>P::real \<Rightarrow> nat. \<forall>Fi::nat \<Rightarrow> real \<Rightarrow> 'a.
+ (P \<in> borel \<rightarrow>\<^sub>M count_space UNIV) \<longrightarrow> (\<forall>i. Fi i \<in> Mx) \<longrightarrow> (\<lambda>r. Fi (P r) r) \<in> Mx)"
+
+lemma separate_measurable:
+ fixes P :: "real \<Rightarrow> nat"
+ assumes "\<And>i. P -` {i} \<in> sets borel"
+ shows "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ by (auto simp add: assms measurable_count_space_eq_countable)
+
+lemma measurable_separate:
+ fixes P :: "real \<Rightarrow> nat"
+ assumes "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ shows "P -` {i} \<in> sets borel"
+ by (metis assms borel_singleton measurable_sets_borel sets.empty_sets sets_borel_eq_count_space)
+
+definition "is_quasi_borel X Mx \<longleftrightarrow> Mx \<subseteq> UNIV \<rightarrow> X \<and> qbs_closed1 Mx \<and> qbs_closed2 X Mx \<and> qbs_closed3 Mx"
+
+lemma is_quasi_borel_intro[simp]:
+ assumes "Mx \<subseteq> UNIV \<rightarrow> X"
+ and "qbs_closed1 Mx" "qbs_closed2 X Mx" "qbs_closed3 Mx"
+ shows "is_quasi_borel X Mx"
+ using assms by(simp add: is_quasi_borel_def)
+
+typedef 'a quasi_borel = "{(X::'a set, Mx). is_quasi_borel X Mx}"
+proof
+ show "(UNIV, UNIV) \<in> {(X::'a set, Mx). is_quasi_borel X Mx}"
+ by (simp add: is_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def)
+qed
+
+definition qbs_space :: "'a quasi_borel \<Rightarrow> 'a set" where
+ "qbs_space X \<equiv> fst (Rep_quasi_borel X)"
+
+definition qbs_Mx :: "'a quasi_borel \<Rightarrow> (real \<Rightarrow> 'a) set" where
+ "qbs_Mx X \<equiv> snd (Rep_quasi_borel X)"
+
+declare [[coercion qbs_space]]
+
+lemma qbs_decomp : "(qbs_space X,qbs_Mx X) \<in> {(X::'a set, Mx). is_quasi_borel X Mx}"
+ by (simp add: qbs_space_def qbs_Mx_def Rep_quasi_borel[simplified])
+
+lemma qbs_Mx_to_X:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ shows "\<alpha> r \<in> qbs_space X"
+ using qbs_decomp assms by(auto simp: is_quasi_borel_def)
+
+lemma qbs_closed1I:
+ assumes "\<And>\<alpha> f. \<alpha> \<in> Mx \<Longrightarrow> f \<in> borel \<rightarrow>\<^sub>M borel \<Longrightarrow> \<alpha> \<circ> f \<in> Mx"
+ shows "qbs_closed1 Mx"
+ using assms by(simp add: qbs_closed1_def)
+
+lemma qbs_closed1_dest[simp]:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ and "f \<in> borel \<rightarrow>\<^sub>M borel"
+ shows "\<alpha> \<circ> f \<in> qbs_Mx X"
+ using assms qbs_decomp by (auto simp add: is_quasi_borel_def qbs_closed1_def)
+
+lemma qbs_closed1_dest'[simp]:
+ assumes "\<alpha> \<in> qbs_Mx X"
+ and "f \<in> borel \<rightarrow>\<^sub>M borel"
+ shows "(\<lambda>r. \<alpha> (f r)) \<in> qbs_Mx X"
+ using qbs_closed1_dest[OF assms] by (simp add: comp_def)
+
+lemma qbs_closed2I:
+ assumes "\<And>x. x \<in> X \<Longrightarrow> (\<lambda>r. x) \<in> Mx"
+ shows "qbs_closed2 X Mx"
+ using assms by(simp add: qbs_closed2_def)
+
+lemma qbs_closed2_dest[simp]:
+ assumes "x \<in> qbs_space X"
+ shows "(\<lambda>r. x) \<in> qbs_Mx X"
+ using assms qbs_decomp[of X] by (auto simp add: is_quasi_borel_def qbs_closed2_def)
+
+lemma qbs_closed3I:
+ assumes "\<And>(P :: real \<Rightarrow> nat) Fi. P \<in> borel \<rightarrow>\<^sub>M count_space UNIV \<Longrightarrow> (\<And>i. Fi i \<in> Mx)
+ \<Longrightarrow> (\<lambda>r. Fi (P r) r) \<in> Mx"
+ shows "qbs_closed3 Mx"
+ using assms by(auto simp: qbs_closed3_def)
+
+lemma qbs_closed3I':
+ assumes "\<And>(P :: real \<Rightarrow> nat) Fi. (\<And>i. P -` {i} \<in> sets borel) \<Longrightarrow> (\<And>i. Fi i \<in> Mx)
+ \<Longrightarrow> (\<lambda>r. Fi (P r) r) \<in> Mx"
+ shows "qbs_closed3 Mx"
+ using assms by(auto intro!: qbs_closed3I dest: measurable_separate)
+
+lemma qbs_closed3_dest[simp]:
+ fixes P::"real \<Rightarrow> nat" and Fi :: "nat \<Rightarrow> real \<Rightarrow> _"
+ assumes "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ and "\<And>i. Fi i \<in> qbs_Mx X"
+ shows "(\<lambda>r. Fi (P r) r) \<in> qbs_Mx X"
+ using assms qbs_decomp[of X] by (auto simp add: is_quasi_borel_def qbs_closed3_def)
+
+lemma qbs_closed3_dest':
+ fixes P::"real \<Rightarrow> nat" and Fi :: "nat \<Rightarrow> real \<Rightarrow> _"
+ assumes "\<And>i. P -` {i} \<in> sets borel"
+ and "\<And>i. Fi i \<in> qbs_Mx X"
+ shows "(\<lambda>r. Fi (P r) r) \<in> qbs_Mx X"
+ using qbs_closed3_dest[OF separate_measurable[OF assms(1)] assms(2)] .
+
+lemma qbs_closed3_dest2:
+ assumes "countable I"
+ and [measurable]: "P \<in> borel \<rightarrow>\<^sub>M count_space I"
+ and "\<And>i. i \<in> I \<Longrightarrow> Fi i \<in> qbs_Mx X"
+ shows "(\<lambda>r. Fi (P r) r) \<in> qbs_Mx X"
+proof -
+ have 0:"I \<noteq> {}"
+ using measurable_empty_iff[of "count_space I" P borel] assms(2)
+ by fastforce
+ define P' where "P' \<equiv> to_nat_on I \<circ> P"
+ define Fi' where "Fi' \<equiv> Fi \<circ> (from_nat_into I)"
+ have 1:"P' \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ by(simp add: P'_def)
+ have 2:"\<And>i. Fi' i \<in> qbs_Mx X"
+ using assms(3) from_nat_into[OF 0] by(simp add: Fi'_def)
+ have "(\<lambda>r. Fi' (P' r) r) \<in> qbs_Mx X"
+ using 1 2 measurable_separate by auto
+ thus ?thesis
+ using from_nat_into_to_nat_on[OF assms(1)] measurable_space[OF assms(2)]
+ by(auto simp: Fi'_def P'_def)
+qed
+
+lemma qbs_closed3_dest2':
+ assumes "countable I"
+ and [measurable]: "P \<in> borel \<rightarrow>\<^sub>M count_space I"
+ and "\<And>i. i \<in> range P \<Longrightarrow> Fi i \<in> qbs_Mx X"
+ shows "(\<lambda>r. Fi (P r) r) \<in> qbs_Mx X"
+proof -
+ have 0:"range P \<inter> I = range P"
+ using measurable_space[OF assms(2)] by auto
+ have 1:"P \<in> borel \<rightarrow>\<^sub>M count_space (range P)"
+ using restrict_count_space[of I "range P"] measurable_restrict_space2[OF _ assms(2),of "range P"]
+ by(simp add: 0)
+ have 2:"countable (range P)"
+ using countable_Int2[OF assms(1),of "range P"]
+ by(simp add: 0)
+ show ?thesis
+ by(auto intro!: qbs_closed3_dest2[OF 2 1 assms(3)])
+qed
+
+lemma qbs_Mx_indicat:
+ assumes "S \<in> sets borel" "\<alpha> \<in> qbs_Mx X" "\<beta> \<in> qbs_Mx X"
+ shows "(\<lambda>r. if r \<in> S then \<alpha> r else \<beta> r) \<in> qbs_Mx X"
+proof -
+ have "(\<lambda>r::real. if r \<in> S then \<alpha> r else \<beta> r) = (\<lambda>r. (\<lambda>b. if b then \<alpha> else \<beta>) (r \<in> S) r)"
+ by(auto simp: indicator_def)
+ also have "... \<in> qbs_Mx X"
+ by(rule qbs_closed3_dest2[where I=UNIV and Fi="\<lambda>b. if b then \<alpha> else \<beta>"]) (use assms in auto)
+ finally show ?thesis .
+qed
+
+lemma qbs_space_Mx: "qbs_space X = {\<alpha> x |x \<alpha>. \<alpha> \<in> qbs_Mx X}"
+proof safe
+ fix x
+ assume 1:"x \<in> qbs_space X"
+ show "\<exists>xa \<alpha>. x = \<alpha> xa \<and> \<alpha> \<in> qbs_Mx X"
+ by(auto intro!: exI[where x=0] exI[where x="(\<lambda>r. x)"] simp: 1)
+qed(simp add: qbs_Mx_to_X)
+
+lemma qbs_space_eq_Mx:
+ assumes "qbs_Mx X = qbs_Mx Y"
+ shows "qbs_space X = qbs_space Y"
+ by(simp add: qbs_space_Mx assms)
+
+lemma qbs_eqI:
+ assumes "qbs_Mx X = qbs_Mx Y"
+ shows "X = Y"
+ by (metis Rep_quasi_borel_inverse prod.exhaust_sel qbs_Mx_def qbs_space_def assms qbs_space_eq_Mx[OF assms])
+
+subsubsection \<open> Empty Space \<close>
+definition empty_quasi_borel :: "'a quasi_borel" where
+"empty_quasi_borel \<equiv> Abs_quasi_borel ({},{})"
+
+lemma
+ shows eqb_space[simp]: "qbs_space empty_quasi_borel = ({} :: 'a set)"
+ and eqb_Mx[simp]: "qbs_Mx empty_quasi_borel = ({} :: (real \<Rightarrow> 'a) set)"
+proof -
+ have "Rep_quasi_borel empty_quasi_borel = ({} :: 'a set, {})"
+ using Abs_quasi_borel_inverse by(auto simp add: Abs_quasi_borel_inverse empty_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def is_quasi_borel_def)
+ thus "qbs_space empty_quasi_borel = ({} :: 'a set)" "qbs_Mx empty_quasi_borel = ({} :: (real \<Rightarrow> 'a) set)"
+ by(auto simp add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma qbs_empty_equiv :"qbs_space X = {} \<longleftrightarrow> qbs_Mx X = {}"
+proof safe
+ fix x
+ assume "qbs_Mx X = {}"
+ and h:"x \<in> qbs_space X"
+ have "(\<lambda>r. x) \<in> qbs_Mx X"
+ using h by simp
+ thus "x \<in> {}" using \<open>qbs_Mx X = {}\<close> by simp
+qed(use qbs_Mx_to_X in blast)
+
+lemma empty_quasi_borel_iff:
+ "qbs_space X = {} \<longleftrightarrow> X = empty_quasi_borel"
+ by(auto intro!: qbs_eqI simp: qbs_empty_equiv)
+
+subsubsection \<open> Unit Space \<close>
+definition unit_quasi_borel :: "unit quasi_borel" ("1\<^sub>Q") where
+"unit_quasi_borel \<equiv> Abs_quasi_borel (UNIV,UNIV)"
+
+lemma
+ shows unit_qbs_space[simp]: "qbs_space unit_quasi_borel = {()}"
+ and unit_qbs_Mx[simp]: "qbs_Mx unit_quasi_borel = {\<lambda>r. ()}"
+proof -
+ have "Rep_quasi_borel unit_quasi_borel = (UNIV,UNIV)"
+ using Abs_quasi_borel_inverse by(auto simp add: unit_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def is_quasi_borel_def)
+ thus "qbs_space unit_quasi_borel = {()}" "qbs_Mx unit_quasi_borel = {\<lambda>r. ()}"
+ by(auto simp add: qbs_space_def qbs_Mx_def UNIV_unit)
+qed
+
+subsubsection \<open> Sub-Spaces \<close>
+definition sub_qbs :: "['a quasi_borel, 'a set] \<Rightarrow> 'a quasi_borel" where
+"sub_qbs X U \<equiv> Abs_quasi_borel (qbs_space X \<inter> U,{\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)})"
+
+lemma
+ shows sub_qbs_space: "qbs_space (sub_qbs X U) = qbs_space X \<inter> U"
+ and sub_qbs_Mx: "qbs_Mx (sub_qbs X U) = {\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)}"
+proof -
+ have "qbs_closed1 {\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)}" "qbs_closed2 (qbs_space X \<inter> U) {\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)}"
+ "qbs_closed3 {\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)}"
+ unfolding qbs_closed1_def qbs_closed2_def qbs_closed3_def by auto
+ hence "Rep_quasi_borel (sub_qbs X U) = (qbs_space X \<inter> U,{\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)})"
+ by(auto simp: sub_qbs_def is_quasi_borel_def qbs_Mx_to_X intro!: Abs_quasi_borel_inverse)
+ thus "qbs_space (sub_qbs X U) = qbs_space X \<inter> U" "qbs_Mx (sub_qbs X U) = {\<alpha>. \<alpha> \<in> qbs_Mx X \<and> (\<forall>r. \<alpha> r \<in> U)}"
+ by(simp_all add: qbs_Mx_def qbs_space_def)
+qed
+
+lemma sub_qbs:
+ assumes "U \<subseteq> qbs_space X"
+ shows "(qbs_space (sub_qbs X U), qbs_Mx (sub_qbs X U)) = (U, {f \<in> UNIV \<rightarrow> U. f \<in> qbs_Mx X})"
+ using assms by (auto simp: sub_qbs_space sub_qbs_Mx)
+
+lemma sub_qbs_ident: "sub_qbs X (qbs_space X) = X"
+ by(auto intro!: qbs_eqI simp: sub_qbs_Mx qbs_Mx_to_X)
+
+lemma sub_qbs_sub_qbs: "sub_qbs (sub_qbs X A) B = sub_qbs X (A \<inter> B)"
+ by(auto intro!: qbs_eqI simp: sub_qbs_Mx sub_qbs_space)
+
+subsubsection \<open> Image Spaces \<close>
+definition map_qbs :: "['a \<Rightarrow> 'b] \<Rightarrow> 'a quasi_borel \<Rightarrow> 'b quasi_borel" where
+"map_qbs f X = Abs_quasi_borel (f ` (qbs_space X),{f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X})"
+
+lemma
+ shows map_qbs_space: "qbs_space (map_qbs f X) = f ` (qbs_space X)"
+ and map_qbs_Mx: "qbs_Mx (map_qbs f X) = {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+proof -
+ have "{f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X} \<subseteq> UNIV \<rightarrow> f ` (qbs_space X)"
+ using qbs_Mx_to_X by fastforce
+ moreover have "qbs_closed1 {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ unfolding qbs_closed1_def using qbs_closed1_dest by(fastforce simp: comp_def)
+ moreover have "qbs_closed2 (f ` (qbs_space X)) {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ unfolding qbs_closed2_def by fastforce
+ moreover have "qbs_closed3 {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ proof(rule qbs_closed3I')
+ fix P :: "real \<Rightarrow> nat" and Fi
+ assume h:"\<And>i::nat. P -` {i} \<in> sets borel"
+ "\<And>i::nat. Fi i \<in> {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ then obtain \<alpha>i where ha: "\<And>i::nat. \<alpha>i i \<in> qbs_Mx X" "\<And>i. Fi i = f \<circ> (\<alpha>i i)"
+ by auto metis
+ hence 1:"(\<lambda>r. \<alpha>i (P r) r) \<in> qbs_Mx X"
+ using h(1) qbs_closed3_dest' by blast
+ show "(\<lambda>r. Fi (P r) r) \<in> {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ by(auto intro!: bexI[where x="(\<lambda>r. \<alpha>i (P r) r)"] simp add: 1 ha comp_def)
+ qed
+ ultimately have "Rep_quasi_borel (map_qbs f X) = (f ` (qbs_space X),{f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X})"
+ unfolding map_qbs_def by(auto intro!: Abs_quasi_borel_inverse)
+ thus "qbs_space (map_qbs f X) = f ` (qbs_space X)" "qbs_Mx (map_qbs f X) = {f \<circ> \<alpha> |\<alpha>. \<alpha>\<in> qbs_Mx X}"
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+subsubsection \<open> Binary Product Spaces \<close>
+definition pair_qbs :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> ('a \<times> 'b) quasi_borel" (infixr "\<Otimes>\<^sub>Q" 80) where
+"pair_qbs X Y = Abs_quasi_borel (qbs_space X \<times> qbs_space Y, {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y})"
+
+lemma
+ shows pair_qbs_space: "qbs_space (X \<Otimes>\<^sub>Q Y) = qbs_space X \<times> qbs_space Y"
+ and pair_qbs_Mx: "qbs_Mx (X \<Otimes>\<^sub>Q Y) = {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+proof -
+ have "{f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y} \<subseteq> UNIV \<rightarrow> qbs_space X \<times> qbs_space Y"
+ by (auto simp: mem_Times_iff[of _ "qbs_space X" "qbs_space Y"]; use qbs_Mx_to_X in fastforce)
+ moreover have "qbs_closed1 {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ unfolding qbs_closed1_def by (metis (no_types, lifting) comp_assoc mem_Collect_eq qbs_closed1_dest)
+ moreover have "qbs_closed2 (qbs_space X \<times> qbs_space Y) {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ unfolding qbs_closed2_def by auto
+ moreover have "qbs_closed3 {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ proof(safe intro!: qbs_closed3I)
+ fix P :: "real \<Rightarrow> nat"
+ fix Fi :: "nat \<Rightarrow> real \<Rightarrow> 'a \<times> 'b"
+ define Fj :: "nat \<Rightarrow> real \<Rightarrow> 'a" where "Fj \<equiv> \<lambda>j.(fst \<circ> Fi j)"
+ assume "\<forall>i. Fi i \<in> {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ then have "\<And>i. Fj i \<in> qbs_Mx X" by (simp add: Fj_def)
+ moreover assume "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ ultimately have "(\<lambda>r. Fj (P r) r) \<in> qbs_Mx X"
+ by auto
+ moreover have "fst \<circ> (\<lambda>r. Fi (P r) r) = (\<lambda>r. Fj (P r) r)" by (auto simp add: Fj_def)
+ ultimately show "fst \<circ> (\<lambda>r. Fi (P r) r) \<in> qbs_Mx X" by simp
+ next
+ fix P :: "real \<Rightarrow> nat"
+ fix Fi :: "nat \<Rightarrow> real \<Rightarrow> 'a \<times> 'b"
+ define Fj :: "nat \<Rightarrow> real \<Rightarrow> 'b" where "Fj \<equiv> \<lambda>j.(snd \<circ> Fi j)"
+ assume "\<forall>i. Fi i \<in> {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ then have "\<And>i. Fj i \<in> qbs_Mx Y" by (simp add: Fj_def)
+ moreover assume "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ ultimately have "(\<lambda>r. Fj (P r) r) \<in> qbs_Mx Y"
+ by auto
+ moreover have "snd \<circ> (\<lambda>r. Fi (P r) r) = (\<lambda>r. Fj (P r) r)" by (auto simp add: Fj_def)
+ ultimately show "snd \<circ> (\<lambda>r. Fi (P r) r) \<in> qbs_Mx Y" by simp
+ qed
+ ultimately have "Rep_quasi_borel (X \<Otimes>\<^sub>Q Y) = (qbs_space X \<times> qbs_space Y, {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y})"
+ unfolding pair_qbs_def by(auto intro!: Abs_quasi_borel_inverse is_quasi_borel_intro)
+ thus "qbs_space (X \<Otimes>\<^sub>Q Y) = qbs_space X \<times> qbs_space Y" "qbs_Mx (X \<Otimes>\<^sub>Q Y) = {f. fst \<circ> f \<in> qbs_Mx X \<and> snd \<circ> f \<in> qbs_Mx Y}"
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma pair_qbs_fst:
+ assumes "qbs_space Y \<noteq> {}"
+ shows "map_qbs fst (X \<Otimes>\<^sub>Q Y) = X"
+proof(rule qbs_eqI)
+ obtain \<alpha>y where hy:"\<alpha>y \<in> qbs_Mx Y"
+ using qbs_empty_equiv[of Y] assms by auto
+ show "qbs_Mx (map_qbs fst (X \<Otimes>\<^sub>Q Y)) = qbs_Mx X"
+ by(auto simp: map_qbs_Mx pair_qbs_Mx hy comp_def intro!: exI[where x="\<lambda>r. (_ r, \<alpha>y r)"])
+qed
+
+lemma pair_qbs_snd:
+ assumes "qbs_space X \<noteq> {}"
+ shows "map_qbs snd (X \<Otimes>\<^sub>Q Y) = Y"
+proof(rule qbs_eqI)
+ obtain \<alpha>x where hx:"\<alpha>x \<in> qbs_Mx X"
+ using qbs_empty_equiv[of X] assms by auto
+ show "qbs_Mx (map_qbs snd (X \<Otimes>\<^sub>Q Y)) = qbs_Mx Y"
+ by(auto simp: map_qbs_Mx pair_qbs_Mx hx comp_def intro!: exI[where x="\<lambda>r. (\<alpha>x r, _ r)"])
+qed
+
+subsubsection \<open> Binary Coproduct Spaces \<close>
+definition copair_qbs_Mx :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> (real => 'a + 'b) set" where
+"copair_qbs_Mx X Y \<equiv>
+ {g. \<exists> S \<in> sets borel.
+ (S = {} \<longrightarrow> (\<exists> \<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r)))) \<and>
+ (S = UNIV \<longrightarrow> (\<exists> \<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r)))) \<and>
+ ((S \<noteq> {} \<and> S \<noteq> UNIV) \<longrightarrow>
+ (\<exists> \<alpha>1\<in> qbs_Mx X. \<exists> \<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))))}"
+
+
+definition copair_qbs :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> ('a + 'b) quasi_borel" (infixr "\<Oplus>\<^sub>Q" 65) where
+"copair_qbs X Y \<equiv> Abs_quasi_borel (qbs_space X <+> qbs_space Y, copair_qbs_Mx X Y)"
+
+
+text \<open> The following is an equivalent definition of @{term copair_qbs_Mx}. \<close>
+definition copair_qbs_Mx2 :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> (real => 'a + 'b) set" where
+"copair_qbs_Mx2 X Y \<equiv>
+ {g. (if qbs_space X = {} \<and> qbs_space Y = {} then False
+ else if qbs_space X \<noteq> {} \<and> qbs_space Y = {} then
+ (\<exists>\<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r)))
+ else if qbs_space X = {} \<and> qbs_space Y \<noteq> {} then
+ (\<exists>\<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r)))
+ else
+ (\<exists>S \<in> sets borel. \<exists>\<alpha>1\<in> qbs_Mx X. \<exists>\<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r))))) }"
+
+lemma copair_qbs_Mx_equiv :"copair_qbs_Mx (X :: 'a quasi_borel) (Y :: 'b quasi_borel) = copair_qbs_Mx2 X Y"
+proof safe
+(* \<subseteq> *)
+ fix g :: "real \<Rightarrow> 'a + 'b"
+ assume "g \<in> copair_qbs_Mx X Y"
+ then obtain S where hs:"S\<in> sets borel \<and>
+ (S = {} \<longrightarrow> (\<exists> \<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r)))) \<and>
+ (S = UNIV \<longrightarrow> (\<exists> \<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r)))) \<and>
+ ((S \<noteq> {} \<and> S \<noteq> UNIV) \<longrightarrow>
+ (\<exists> \<alpha>1\<in> qbs_Mx X.
+ \<exists> \<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))))"
+ by (auto simp add: copair_qbs_Mx_def)
+ consider "S = {}" | "S = UNIV" | "S \<noteq> {} \<and> S \<noteq> UNIV" by auto
+ then show "g \<in> copair_qbs_Mx2 X Y"
+ proof cases
+ assume "S = {}"
+ from hs this have "\<exists> \<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r))" by simp
+ then obtain \<alpha>1 where h1:"\<alpha>1\<in> qbs_Mx X \<and> g = (\<lambda>r. Inl (\<alpha>1 r))" by auto
+ have "qbs_space X \<noteq> {}"
+ using qbs_empty_equiv h1
+ by auto
+ then have "(qbs_space X \<noteq> {} \<and> qbs_space Y = {}) \<or> (qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {})"
+ by simp
+ then show "g \<in> copair_qbs_Mx2 X Y"
+ proof
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y = {}"
+ then show "g \<in> copair_qbs_Mx2 X Y"
+ by(simp add: copair_qbs_Mx2_def \<open>\<exists> \<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r))\<close>)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ then obtain \<alpha>2 where "\<alpha>2 \<in> qbs_Mx Y" using qbs_empty_equiv by force
+ define S' :: "real set"
+ where "S' \<equiv> UNIV"
+ define g' :: "real \<Rightarrow> 'a + 'b"
+ where "g' \<equiv> (\<lambda>r::real. (if (r \<in> S') then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))"
+ from \<open>qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}\<close> h1 \<open>\<alpha>2 \<in> qbs_Mx Y\<close>
+ have "g' \<in> copair_qbs_Mx2 X Y"
+ by(force simp add: S'_def g'_def copair_qbs_Mx2_def)
+ moreover have "g = g'"
+ using h1 by(simp add: g'_def S'_def)
+ ultimately show ?thesis
+ by simp
+ qed
+ next
+ assume "S = UNIV"
+ from hs this have "\<exists> \<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r))" by simp
+ then obtain \<alpha>2 where h2:"\<alpha>2\<in> qbs_Mx Y \<and> g = (\<lambda>r. Inr (\<alpha>2 r))" by auto
+ have "qbs_space Y \<noteq> {}"
+ using qbs_empty_equiv h2
+ by auto
+ then have "(qbs_space X = {} \<and> qbs_space Y \<noteq> {}) \<or> (qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {})"
+ by simp
+ then show "g \<in> copair_qbs_Mx2 X Y"
+ proof
+ assume "qbs_space X = {} \<and> qbs_space Y \<noteq> {}"
+ then show ?thesis
+ by(simp add: copair_qbs_Mx2_def \<open>\<exists> \<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r))\<close>)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ then obtain \<alpha>1 where "\<alpha>1 \<in> qbs_Mx X" using qbs_empty_equiv by force
+ define S' :: "real set"
+ where "S' \<equiv> {}"
+ define g' :: "real \<Rightarrow> 'a + 'b"
+ where "g' \<equiv> (\<lambda>r::real. (if (r \<in> S') then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))"
+ from \<open>qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}\<close> h2 \<open>\<alpha>1 \<in> qbs_Mx X\<close>
+ have "g' \<in> copair_qbs_Mx2 X Y"
+ by(force simp add: S'_def g'_def copair_qbs_Mx2_def)
+ moreover have "g = g'"
+ using h2 by(simp add: g'_def S'_def)
+ ultimately show ?thesis
+ by simp
+ qed
+ next
+ assume "S \<noteq> {} \<and> S \<noteq> UNIV"
+ then have
+ h: "\<exists> \<alpha>1\<in> qbs_Mx X.
+ \<exists> \<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))"
+ using hs by simp
+ then have "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ by (metis empty_iff qbs_empty_equiv)
+ thus ?thesis
+ using hs h by(auto simp add: copair_qbs_Mx2_def)
+ qed
+
+(* \<supseteq> *)
+next
+ fix g :: "real \<Rightarrow> 'a + 'b"
+ assume "g \<in> copair_qbs_Mx2 X Y"
+ then have
+ h: "if qbs_space X = {} \<and> qbs_space Y = {} then False
+ else if qbs_space X \<noteq> {} \<and> qbs_space Y = {} then
+ (\<exists>\<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r)))
+ else if qbs_space X = {} \<and> qbs_space Y \<noteq> {} then
+ (\<exists>\<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r)))
+ else
+ (\<exists>S \<in> sets borel. \<exists>\<alpha>1\<in> qbs_Mx X. \<exists>\<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r))))"
+ by(simp add: copair_qbs_Mx2_def)
+ consider "(qbs_space X = {} \<and> qbs_space Y = {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y = {})" |
+ "(qbs_space X = {} \<and> qbs_space Y \<noteq> {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {})" by auto
+ then show "g \<in> copair_qbs_Mx X Y"
+ proof cases
+ assume "qbs_space X = {} \<and> qbs_space Y = {}"
+ then show ?thesis
+ using \<open>g \<in> copair_qbs_Mx2 X Y\<close> by(simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y = {}"
+ from h this have "\<exists>\<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r))" by simp
+ thus ?thesis
+ by(auto simp add: copair_qbs_Mx_def)
+ next
+ assume "qbs_space X = {} \<and> qbs_space Y \<noteq> {}"
+ from h this have "\<exists>\<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r))" by simp
+ thus ?thesis
+ unfolding copair_qbs_Mx_def
+ by(force simp add: copair_qbs_Mx_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ from h this obtain S \<alpha>1 \<alpha>2 where Sag:
+ "S \<in> sets borel" "\<alpha>1 \<in> qbs_Mx X" "\<alpha>2 \<in> qbs_Mx Y" "g = (\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r))"
+ by auto
+ consider "S = {}" | "S = UNIV" | "S \<noteq> {}" "S \<noteq> UNIV" by auto
+ then show "g \<in> copair_qbs_Mx X Y"
+ proof cases
+ assume "S = {}"
+ then have [simp]: "(\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)) = (\<lambda>r. Inr (\<alpha>2 r))"
+ by simp
+ show ?thesis
+ using \<open>\<alpha>2 \<in> qbs_Mx Y\<close> unfolding copair_qbs_Mx_def
+ by(auto intro! : bexI[where x=UNIV] simp: Sag)
+ next
+ assume "S = UNIV"
+ then have "(\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)) = (\<lambda>r. Inl (\<alpha>1 r))"
+ by simp
+ then show ?thesis
+ using Sag by(auto simp add: copair_qbs_Mx_def)
+ next
+ assume "S \<noteq> {}" "S \<noteq> UNIV"
+ then show ?thesis
+ using Sag by(auto simp add: copair_qbs_Mx_def)
+ qed
+ qed
+qed
+
+lemma
+ shows copair_qbs_space: "qbs_space (X \<Oplus>\<^sub>Q Y) = qbs_space X <+> qbs_space Y" (is ?goal1)
+ and copair_qbs_Mx: "qbs_Mx (X \<Oplus>\<^sub>Q Y) = copair_qbs_Mx X Y" (is ?goal2)
+proof -
+ have "copair_qbs_Mx X Y \<subseteq> UNIV \<rightarrow> qbs_space X <+> qbs_space Y"
+ proof
+ fix g
+ assume "g \<in> copair_qbs_Mx X Y"
+ then obtain S where hs:"S\<in> sets borel \<and>
+ (S = {} \<longrightarrow> (\<exists> \<alpha>1\<in> qbs_Mx X. g = (\<lambda>r. Inl (\<alpha>1 r)))) \<and>
+ (S = UNIV \<longrightarrow> (\<exists> \<alpha>2\<in> qbs_Mx Y. g = (\<lambda>r. Inr (\<alpha>2 r)))) \<and>
+ ((S \<noteq> {} \<and> S \<noteq> UNIV) \<longrightarrow>
+ (\<exists> \<alpha>1\<in> qbs_Mx X.
+ \<exists> \<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))))"
+ by (auto simp add: copair_qbs_Mx_def)
+ consider "S = {}" | "S = UNIV" | "S \<noteq> {} \<and> S \<noteq> UNIV" by auto
+ then show "g \<in> UNIV \<rightarrow> qbs_space X <+> qbs_space Y"
+ proof cases
+ assume "S = {}"
+ then show ?thesis
+ using hs qbs_Mx_to_X by auto
+ next
+ assume "S = UNIV"
+ then show ?thesis
+ using hs qbs_Mx_to_X by auto
+ next
+ assume "S \<noteq> {} \<and> S \<noteq> UNIV"
+ then have "\<exists> \<alpha>1\<in> qbs_Mx X. \<exists> \<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))" using hs by simp
+ then show ?thesis
+ by(auto dest: qbs_Mx_to_X)
+ qed
+ qed
+ moreover have "qbs_closed1 (copair_qbs_Mx X Y)"
+ proof(rule qbs_closed1I)
+ fix g and f :: "real \<Rightarrow> real"
+ assume "g \<in> copair_qbs_Mx X Y" and [measurable]: "f \<in> borel \<rightarrow>\<^sub>M borel"
+ then have "g \<in> copair_qbs_Mx2 X Y" using copair_qbs_Mx_equiv by auto
+ consider "(qbs_space X = {} \<and> qbs_space Y = {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y = {})" |
+ "(qbs_space X = {} \<and> qbs_space Y \<noteq> {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {})" by auto
+ then have "g \<circ> f \<in> copair_qbs_Mx2 X Y"
+ proof cases
+ assume "qbs_space X = {} \<and> qbs_space Y = {}"
+ then show ?thesis
+ using \<open>g \<in> copair_qbs_Mx2 X Y\<close> qbs_empty_equiv by(simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y = {}"
+ then obtain \<alpha>1 where h1:"\<alpha>1\<in> qbs_Mx X \<and> g = (\<lambda>r. Inl (\<alpha>1 r))"
+ using \<open>g \<in> copair_qbs_Mx2 X Y\<close> by(auto simp add: copair_qbs_Mx2_def)
+ then have "\<alpha>1 \<circ> f \<in> qbs_Mx X"
+ by auto
+ moreover have "g \<circ> f = (\<lambda>r. Inl ((\<alpha>1 \<circ> f) r))"
+ using h1 by auto
+ ultimately show ?thesis
+ using \<open>qbs_space X \<noteq> {} \<and> qbs_space Y = {}\<close> by(force simp add: copair_qbs_Mx2_def)
+ next
+ assume "(qbs_space X = {} \<and> qbs_space Y \<noteq> {})"
+ then obtain \<alpha>2 where h2:"\<alpha>2\<in> qbs_Mx Y \<and> g = (\<lambda>r. Inr (\<alpha>2 r))"
+ using \<open>g \<in> copair_qbs_Mx2 X Y\<close> by(auto simp add: copair_qbs_Mx2_def)
+ then have "\<alpha>2 \<circ> f \<in> qbs_Mx Y"
+ by auto
+ moreover have "g \<circ> f = (\<lambda>r. Inr ((\<alpha>2 \<circ> f) r))"
+ using h2 by auto
+ ultimately show ?thesis
+ using \<open>(qbs_space X = {} \<and> qbs_space Y \<noteq> {})\<close> by(force simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ then have "\<exists>S \<in> sets borel. \<exists>\<alpha>1\<in> qbs_Mx X. \<exists>\<alpha>2\<in> qbs_Mx Y.
+ g = (\<lambda>r::real. (if (r \<in> S) then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)))"
+ using \<open>g \<in> copair_qbs_Mx2 X Y\<close> by(simp add: copair_qbs_Mx2_def)
+ then show ?thesis
+ proof safe
+ fix S \<alpha>1 \<alpha>2
+ assume [measurable]:"S \<in> sets borel" and "\<alpha>1\<in> qbs_Mx X" "\<alpha>2 \<in> qbs_Mx Y"
+ "g = (\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r))"
+ have "f -` S \<in> sets borel"
+ using \<open>S \<in> sets borel\<close> \<open>f \<in> borel_measurable borel\<close> measurable_sets_borel by blast
+ moreover have "\<alpha>1 \<circ> f \<in> qbs_Mx X"
+ using \<open>\<alpha>1\<in> qbs_Mx X\<close> by(auto simp add: qbs_closed1_def)
+ moreover have "\<alpha>2 \<circ> f \<in> qbs_Mx Y"
+ using \<open>\<alpha>2\<in> qbs_Mx Y\<close> by(auto simp add: qbs_closed1_def)
+ moreover have "(\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)) \<circ> f = (\<lambda>r. if r \<in> f -` S then Inl ((\<alpha>1 \<circ> f) r) else Inr ((\<alpha>2 \<circ> f) r))"
+ by auto
+ ultimately show "(\<lambda>r. if r \<in> S then Inl (\<alpha>1 r) else Inr (\<alpha>2 r)) \<circ> f \<in> copair_qbs_Mx2 X Y"
+ using \<open>qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}\<close> by(force simp add: copair_qbs_Mx2_def)
+ qed
+ qed
+ thus "g \<circ> f \<in> copair_qbs_Mx X Y"
+ using copair_qbs_Mx_equiv by auto
+ qed
+ moreover have "qbs_closed2 (qbs_space X <+> qbs_space Y) (copair_qbs_Mx X Y)"
+ proof(rule qbs_closed2I)
+ fix y
+ assume "y \<in> qbs_space X <+> qbs_space Y"
+ then consider "y \<in> Inl ` (qbs_space X)" | "y \<in> Inr ` (qbs_space Y)"
+ by auto
+ thus "(\<lambda>r. y) \<in> copair_qbs_Mx X Y"
+ proof cases
+ case 1
+ then obtain x where x: "y = Inl x" "x \<in> qbs_space X"
+ by auto
+ define \<alpha>1 :: "real \<Rightarrow> _" where "\<alpha>1 \<equiv> (\<lambda>r. x)"
+ have "\<alpha>1 \<in> qbs_Mx X" using \<open>x \<in> qbs_space X\<close> qbs_decomp
+ by(force simp add: qbs_closed2_def \<alpha>1_def)
+ moreover have "(\<lambda>r. Inl x) = (\<lambda>l. Inl (\<alpha>1 l))" by (simp add: \<alpha>1_def)
+ moreover have "{} \<in> sets borel" by auto
+ ultimately show "(\<lambda>r. y) \<in> copair_qbs_Mx X Y"
+ by(auto simp add: copair_qbs_Mx_def x)
+ next
+ case 2
+ then obtain x where x: "y = Inr x" "x \<in> qbs_space Y"
+ by auto
+ define \<alpha>2 :: "real \<Rightarrow> _" where "\<alpha>2 \<equiv> (\<lambda>r. x)"
+ have "\<alpha>2 \<in> qbs_Mx Y" using \<open>x \<in> qbs_space Y\<close> qbs_decomp
+ by(force simp add: qbs_closed2_def \<alpha>2_def)
+ moreover have "(\<lambda>r. Inr x) = (\<lambda>l. Inr (\<alpha>2 l))" by (simp add: \<alpha>2_def)
+ moreover have "UNIV \<in> sets borel" by auto
+ ultimately show "(\<lambda>r. y) \<in> copair_qbs_Mx X Y"
+ unfolding copair_qbs_Mx_def
+ by(auto intro!: bexI[where x=UNIV] simp: x)
+ qed
+ qed
+ moreover have "qbs_closed3 (copair_qbs_Mx X Y)"
+ proof(safe intro!: qbs_closed3I)
+ fix P :: "real \<Rightarrow> nat"
+ fix Fi :: "nat \<Rightarrow> real \<Rightarrow>_ + _"
+ assume "P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ "\<forall>i. Fi i \<in> copair_qbs_Mx X Y"
+ then have "\<forall>i. Fi i \<in> copair_qbs_Mx2 X Y" using copair_qbs_Mx_equiv by blast
+ consider "(qbs_space X = {} \<and> qbs_space Y = {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y = {})" |
+ "(qbs_space X = {} \<and> qbs_space Y \<noteq> {})" |
+ "(qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {})" by auto
+ then have "(\<lambda>r. Fi (P r) r) \<in> copair_qbs_Mx2 X Y"
+ proof cases
+ assume "qbs_space X = {} \<and> qbs_space Y = {}"
+ then show ?thesis
+ using \<open>\<forall>i. Fi i \<in> copair_qbs_Mx2 X Y\<close> qbs_empty_equiv
+ by(simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y = {}"
+ then have "\<forall>i. \<exists>\<alpha>i. \<alpha>i \<in> qbs_Mx X \<and> Fi i = (\<lambda>r. Inl (\<alpha>i r))"
+ using \<open>\<forall>i. Fi i \<in> copair_qbs_Mx2 X Y\<close> by(auto simp add: copair_qbs_Mx2_def)
+ then have "\<exists>\<alpha>1. \<forall>i. \<alpha>1 i \<in> qbs_Mx X \<and> Fi i = (\<lambda>r. Inl (\<alpha>1 i r))"
+ by(rule choice)
+ then obtain \<alpha>1 :: "nat \<Rightarrow> real \<Rightarrow> _"
+ where h1: "\<forall>i. \<alpha>1 i \<in> qbs_Mx X \<and> Fi i = (\<lambda>r. Inl (\<alpha>1 i r))" by auto
+ define \<beta> :: "real \<Rightarrow> _" where "\<beta> \<equiv> (\<lambda>r. \<alpha>1 (P r) r)"
+ from \<open>P \<in> borel \<rightarrow>\<^sub>M count_space UNIV\<close> h1
+ have "\<beta> \<in> qbs_Mx X" by (simp add: \<beta>_def)
+ moreover have "(\<lambda>r. Fi (P r) r) = (\<lambda>r. Inl (\<beta> r))"
+ using h1 by(simp add: \<beta>_def)
+ ultimately show ?thesis
+ using \<open>qbs_space X \<noteq> {} \<and> qbs_space Y = {}\<close> by (auto simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X = {} \<and> qbs_space Y \<noteq> {}"
+ then have "\<forall>i. \<exists>\<alpha>i. \<alpha>i \<in> qbs_Mx Y \<and> Fi i = (\<lambda>r. Inr (\<alpha>i r))"
+ using \<open>\<forall>i. Fi i \<in> copair_qbs_Mx2 X Y\<close> by(auto simp add: copair_qbs_Mx2_def)
+ then have "\<exists>\<alpha>2. \<forall>i. \<alpha>2 i \<in> qbs_Mx Y \<and> Fi i = (\<lambda>r. Inr (\<alpha>2 i r))"
+ by(rule choice)
+ then obtain \<alpha>2 :: "nat \<Rightarrow> real \<Rightarrow> _"
+ where h2: "\<forall>i. \<alpha>2 i \<in> qbs_Mx Y \<and> Fi i = (\<lambda>r. Inr (\<alpha>2 i r))" by auto
+ define \<beta> :: "real \<Rightarrow> _" where "\<beta> \<equiv> (\<lambda>r. \<alpha>2 (P r) r)"
+ from \<open>P \<in> borel \<rightarrow>\<^sub>M count_space UNIV\<close> h2
+ have "\<beta> \<in> qbs_Mx Y" by(simp add: \<beta>_def)
+ moreover have "(\<lambda>r. Fi (P r) r) = (\<lambda>r. Inr (\<beta> r))"
+ using h2 by(simp add: \<beta>_def)
+ ultimately show ?thesis
+ using \<open>qbs_space X = {} \<and> qbs_space Y \<noteq> {}\<close> by (auto simp add: copair_qbs_Mx2_def)
+ next
+ assume "qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}"
+ then have "\<forall>i. \<exists>Si. Si \<in> sets borel \<and> (\<exists>\<alpha>1i\<in> qbs_Mx X. \<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> Si) then Inl (\<alpha>1i r) else Inr (\<alpha>2i r))))"
+ using \<open>\<forall>i. Fi i \<in> copair_qbs_Mx2 X Y\<close> by (auto simp add: copair_qbs_Mx2_def)
+ then have "\<exists>S. \<forall>i. S i \<in> sets borel \<and> (\<exists>\<alpha>1i\<in> qbs_Mx X. \<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1i r) else Inr (\<alpha>2i r))))"
+ by(rule choice)
+ then obtain S :: "nat \<Rightarrow> real set"
+ where hs :"\<forall>i. S i \<in> sets borel \<and> (\<exists>\<alpha>1i\<in> qbs_Mx X. \<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1i r) else Inr (\<alpha>2i r))))"
+ by auto
+ then have "\<forall>i. \<exists>\<alpha>1i. \<alpha>1i \<in> qbs_Mx X \<and> (\<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1i r) else Inr (\<alpha>2i r))))"
+ by blast
+ then have "\<exists>\<alpha>1. \<forall>i. \<alpha>1 i \<in> qbs_Mx X \<and> (\<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1 i r) else Inr (\<alpha>2i r))))"
+ by(rule choice)
+ then obtain \<alpha>1 where h1: "\<forall>i. \<alpha>1 i \<in> qbs_Mx X \<and> (\<exists>\<alpha>2i\<in> qbs_Mx Y.
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1 i r) else Inr (\<alpha>2i r))))"
+ by auto
+ define \<beta>1 :: "real \<Rightarrow> _" where "\<beta>1 \<equiv> (\<lambda>r. \<alpha>1 (P r) r)"
+ from \<open>P \<in> borel \<rightarrow>\<^sub>M count_space UNIV\<close> h1
+ have "\<beta>1 \<in> qbs_Mx X" by(simp add: \<beta>1_def)
+ from h1 have "\<forall>i. \<exists>\<alpha>2i. \<alpha>2i\<in> qbs_Mx Y \<and>
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1 i r) else Inr (\<alpha>2i r)))"
+ by auto
+ then have "\<exists>\<alpha>2. \<forall>i. \<alpha>2 i\<in> qbs_Mx Y \<and>
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1 i r) else Inr (\<alpha>2 i r)))"
+ by(rule choice)
+ then obtain \<alpha>2
+ where h2: "\<forall>i. \<alpha>2 i\<in> qbs_Mx Y \<and>
+ Fi i = (\<lambda>r::real. (if (r \<in> S i) then Inl (\<alpha>1 i r) else Inr (\<alpha>2 i r)))"
+ by auto
+ define \<beta>2 :: "real \<Rightarrow> _" where "\<beta>2 \<equiv> (\<lambda>r. \<alpha>2 (P r) r)"
+ from \<open>P \<in> borel \<rightarrow>\<^sub>M count_space UNIV\<close> h2
+ have "\<beta>2 \<in> qbs_Mx Y" by(simp add: \<beta>2_def)
+ define A :: "nat \<Rightarrow> real set" where "A \<equiv> (\<lambda>i. S i \<inter> P -` {i})"
+ have [measurable]:"\<And>i. A i \<in> sets borel"
+ using A_def hs measurable_separate[OF \<open>P \<in> borel \<rightarrow>\<^sub>M count_space UNIV\<close>] by blast
+ define S' :: "real set" where "S' \<equiv> {r. r \<in> S (P r)}"
+ have "S' = (\<Union>i::nat. A i)"
+ by(auto simp add: S'_def A_def)
+ hence "S' \<in> sets borel" by auto
+ from h2 have "(\<lambda>r. Fi (P r) r) = (\<lambda>r. (if r \<in> S' then Inl (\<beta>1 r)
+ else Inr (\<beta>2 r)))"
+ by(auto simp add: \<beta>1_def \<beta>2_def S'_def)
+ thus "(\<lambda>r. Fi (P r) r) \<in> copair_qbs_Mx2 X Y"
+ using \<open>qbs_space X \<noteq> {} \<and> qbs_space Y \<noteq> {}\<close> \<open>S' \<in> sets borel\<close> \<open>\<beta>1 \<in> qbs_Mx X\<close> \<open>\<beta>2 \<in> qbs_Mx Y\<close>
+ by(auto simp add: copair_qbs_Mx2_def)
+ qed
+ thus "(\<lambda>r. Fi (P r) r) \<in> copair_qbs_Mx X Y"
+ using copair_qbs_Mx_equiv by auto
+ qed
+ ultimately have "Rep_quasi_borel (copair_qbs X Y) = (qbs_space X <+> qbs_space Y, copair_qbs_Mx X Y)"
+ unfolding copair_qbs_def by(auto intro!: Abs_quasi_borel_inverse)
+ thus ?goal1 ?goal2
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma copair_qbs_MxD:
+ assumes "g \<in> qbs_Mx (X \<Oplus>\<^sub>Q Y)"
+ and "\<And>\<alpha>. \<alpha> \<in> qbs_Mx X \<Longrightarrow> g = (\<lambda>r. Inl (\<alpha> r)) \<Longrightarrow> P g"
+ and "\<And>\<beta>. \<beta> \<in> qbs_Mx Y \<Longrightarrow> g = (\<lambda>r. Inr (\<beta> r)) \<Longrightarrow> P g"
+ and "\<And>S \<alpha> \<beta>. (S :: real set) \<in> sets borel \<Longrightarrow> S \<noteq> {} \<Longrightarrow> S \<noteq> UNIV \<Longrightarrow> \<alpha> \<in> qbs_Mx X \<Longrightarrow> \<beta> \<in> qbs_Mx Y \<Longrightarrow> g = (\<lambda>r. if r \<in> S then Inl (\<alpha> r) else Inr (\<beta> r)) \<Longrightarrow> P g"
+ shows "P g"
+ using assms by(fastforce simp: copair_qbs_Mx copair_qbs_Mx_def)
+
+subsubsection \<open> Product Spaces \<close>
+definition PiQ :: "'a set \<Rightarrow> ('a \<Rightarrow> 'b quasi_borel) \<Rightarrow> ('a \<Rightarrow> 'b) quasi_borel" where
+"PiQ I X \<equiv> Abs_quasi_borel (\<Pi>\<^sub>E i\<in>I. qbs_space (X i), {\<alpha>. \<forall>i. (i \<in> I \<longrightarrow> (\<lambda>r. \<alpha> r i) \<in> qbs_Mx (X i)) \<and> (i \<notin> I \<longrightarrow> (\<lambda>r. \<alpha> r i) = (\<lambda>r. undefined))})"
+
+syntax
+ "_PiQ" :: "pttrn \<Rightarrow> 'i set \<Rightarrow> 'a quasi_borel \<Rightarrow> ('i => 'a) quasi_borel" ("(3\<Pi>\<^sub>Q _\<in>_./ _)" 10)
+translations
+ "\<Pi>\<^sub>Q x\<in>I. X" == "CONST PiQ I (\<lambda>x. X)"
+
+lemma
+ shows PiQ_space: "qbs_space (PiQ I X) = (\<Pi>\<^sub>E i\<in>I. qbs_space (X i))" (is ?goal1)
+ and PiQ_Mx: "qbs_Mx (PiQ I X) = {\<alpha>. \<forall>i. (i \<in> I \<longrightarrow> (\<lambda>r. \<alpha> r i) \<in> qbs_Mx (X i)) \<and> (i \<notin> I \<longrightarrow> (\<lambda>r. \<alpha> r i) = (\<lambda>r. undefined))}" (is "_ = ?Mx")
+proof -
+ have "?Mx \<subseteq> UNIV \<rightarrow> (\<Pi>\<^sub>E i\<in>I. qbs_space (X i))"
+ using qbs_Mx_to_X[of _ "X _"] by auto metis
+ moreover have "qbs_closed1 ?Mx"
+ proof(safe intro!: qbs_closed1I)
+ fix \<alpha> i and f :: "real \<Rightarrow> real"
+ assume h[measurable]:"\<forall>i. (i \<in> I \<longrightarrow> (\<lambda>r. \<alpha> r i) \<in> qbs_Mx (X i)) \<and> (i \<notin> I \<longrightarrow> (\<lambda>r. \<alpha> r i) = (\<lambda>r. undefined))"
+ "f \<in> borel \<rightarrow>\<^sub>M borel"
+ show "(\<lambda>r. (\<alpha> \<circ> f) r i) \<in> qbs_Mx (X i)" if i:"i \<in> I"
+ proof -
+ have "(\<lambda>r. \<alpha> r i) \<circ> f \<in> qbs_Mx (X i)"
+ using h i by auto
+ thus "(\<lambda>r. (\<alpha> \<circ> f) r i) \<in> qbs_Mx (X i)"
+ by(simp add: comp_def)
+ qed
+ show "i \<notin> I \<Longrightarrow> (\<lambda>r. (\<alpha> \<circ> f) r i) = (\<lambda>r. undefined)"
+ by (metis comp_apply h(1))
+ qed
+ moreover have "qbs_closed2 (\<Pi>\<^sub>E i\<in>I. qbs_space (X i)) ?Mx"
+ by(rule qbs_closed2I) (auto simp: PiE_def extensional_def Pi_def)
+ moreover have "qbs_closed3 ?Mx"
+ proof(rule qbs_closed3I)
+ fix P :: "real \<Rightarrow> nat" and Fi
+ assume h:"P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ "\<And>i::nat. Fi i \<in> ?Mx"
+ show "(\<lambda>r. Fi (P r) r) \<in> ?Mx"
+ proof safe
+ fix i
+ assume hi:"i \<in> I"
+ then show "(\<lambda>r. Fi (P r) r i) \<in> qbs_Mx (X i)"
+ using h qbs_closed3_dest[OF h(1),of "\<lambda>j r. Fi j r i"]
+ by auto
+ next
+ show "\<And>i. i \<notin> I \<Longrightarrow> (\<lambda>r. Fi (P r) r i) = (\<lambda>r. undefined)"
+ using h by auto meson
+ qed
+ qed
+ ultimately have "Rep_quasi_borel (PiQ I X) = (\<Pi>\<^sub>E i\<in>I. qbs_space (X i), ?Mx)"
+ by(auto intro!: Abs_quasi_borel_inverse is_quasi_borel_intro simp: PiQ_def)
+ thus ?goal1 "qbs_Mx (PiQ I X) = ?Mx"
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma prod_qbs_MxI:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> (\<lambda>r. \<alpha> r i) \<in> qbs_Mx (X i)"
+ and "\<And>i. i \<notin> I \<Longrightarrow> (\<lambda>r. \<alpha> r i) = (\<lambda>r. undefined)"
+ shows "\<alpha> \<in> qbs_Mx (PiQ I X)"
+ using assms by(auto simp: PiQ_Mx)
+
+lemma prod_qbs_MxD:
+ assumes "\<alpha> \<in> qbs_Mx (PiQ I X)"
+ shows "\<And>i. i \<in> I \<Longrightarrow> (\<lambda>r. \<alpha> r i) \<in> qbs_Mx (X i)"
+ and "\<And>i. i \<notin> I \<Longrightarrow> (\<lambda>r. \<alpha> r i) = (\<lambda>r. undefined)"
+ and "\<And>i r. i \<notin> I \<Longrightarrow> \<alpha> r i = undefined"
+ using assms by(auto simp: PiQ_Mx dest: fun_cong[where g="(\<lambda>r. undefined)"])
+
+lemma PiQ_eqI:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> X i = Y i"
+ shows "PiQ I X = PiQ I Y"
+ by(auto intro!: qbs_eqI simp: PiQ_Mx assms)
+
+lemma PiQ_empty: "qbs_space (PiQ {} X) = {\<lambda>i. undefined}"
+ by(auto simp: PiQ_space)
+
+lemma PiQ_empty_Mx: "qbs_Mx (PiQ {} X) = {\<lambda>r i. undefined}"
+ by(auto simp: PiQ_Mx) meson
+
+subsubsection \<open> Coproduct Spaces \<close>
+definition coprod_qbs_Mx :: "['a set, 'a \<Rightarrow> 'b quasi_borel] \<Rightarrow> (real \<Rightarrow> 'a \<times> 'b) set" where
+"coprod_qbs_Mx I X \<equiv> { \<lambda>r. (f r, \<alpha> (f r) r) |f \<alpha>. f \<in> borel \<rightarrow>\<^sub>M count_space I \<and> (\<forall>i\<in>range f. \<alpha> i \<in> qbs_Mx (X i))}"
+
+definition coprod_qbs_Mx' :: "['a set, 'a \<Rightarrow> 'b quasi_borel] \<Rightarrow> (real \<Rightarrow> 'a \<times> 'b) set" where
+"coprod_qbs_Mx' I X \<equiv> { \<lambda>r. (f r, \<alpha> (f r) r) |f \<alpha>. f \<in> borel \<rightarrow>\<^sub>M count_space I \<and> (\<forall>i. (i \<in> range f \<or> qbs_space (X i) \<noteq> {}) \<longrightarrow> \<alpha> i \<in> qbs_Mx (X i))}"
+
+lemma coproduct_qbs_Mx_eq:
+ "coprod_qbs_Mx I X = coprod_qbs_Mx' I X"
+proof safe
+ fix \<alpha>
+ assume "\<alpha> \<in> coprod_qbs_Mx I X"
+ then obtain f \<beta> where hfb:
+ "f \<in> borel \<rightarrow>\<^sub>M count_space I" "\<And>i. i \<in> range f \<Longrightarrow> \<beta> i \<in> qbs_Mx (X i)" "\<alpha> = (\<lambda>r. (f r, \<beta> (f r) r))"
+ unfolding coprod_qbs_Mx_def by blast
+ define \<beta>' where "\<beta>' \<equiv> (\<lambda>i. if i \<in> range f then \<beta> i
+ else if qbs_space (X i) \<noteq> {} then (SOME \<gamma>. \<gamma> \<in> qbs_Mx (X i))
+ else \<beta> i)"
+ have 1:"\<alpha> = (\<lambda>r. (f r, \<beta>' (f r) r))"
+ by(simp add: hfb(3) \<beta>'_def)
+ have 2:"\<And>i. qbs_space (X i) \<noteq> {} \<Longrightarrow> \<beta>' i \<in> qbs_Mx (X i)"
+ proof -
+ fix i
+ assume hne:"qbs_space (X i) \<noteq> {}"
+ then obtain x where "x \<in> qbs_space (X i)" by auto
+ hence "(\<lambda>r. x) \<in> qbs_Mx (X i)" by auto
+ thus "\<beta>' i \<in> qbs_Mx (X i)"
+ by(cases "i \<in> range f") (auto simp: \<beta>'_def hfb(2) hne intro!: someI2[where a="\<lambda>r. x"])
+ qed
+ show "\<alpha> \<in> coprod_qbs_Mx' I X"
+ using hfb(1,2) 1 2 \<beta>'_def by(auto simp: coprod_qbs_Mx'_def intro!: exI[where x=f] exI[where x=\<beta>'])
+next
+ fix \<alpha>
+ assume "\<alpha> \<in> coprod_qbs_Mx' I X"
+ then obtain f \<beta> where hfb:
+ "f \<in> borel \<rightarrow>\<^sub>M count_space I" "\<And>i. qbs_space (X i) \<noteq> {} \<Longrightarrow> \<beta> i \<in> qbs_Mx (X i)"
+ "\<And>i. i \<in> range f \<Longrightarrow> \<beta> i \<in> qbs_Mx (X i)" "\<alpha> = (\<lambda>r. (f r, \<beta> (f r) r))"
+ unfolding coprod_qbs_Mx'_def by blast
+ show "\<alpha> \<in> coprod_qbs_Mx I X"
+ by(auto simp: hfb(4) coprod_qbs_Mx_def intro!: hfb(1) hfb(3))
+qed
+
+definition coprod_qbs :: "['a set, 'a \<Rightarrow> 'b quasi_borel] \<Rightarrow> ('a \<times> 'b) quasi_borel" where
+"coprod_qbs I X \<equiv> Abs_quasi_borel (SIGMA i:I. qbs_space (X i), coprod_qbs_Mx I X)"
+
+syntax
+ "_coprod_qbs" :: "pttrn \<Rightarrow> 'i set \<Rightarrow> 'a quasi_borel \<Rightarrow> ('i \<times> 'a) quasi_borel" ("(3\<amalg>\<^sub>Q _\<in>_./ _)" 10)
+translations
+ "\<amalg>\<^sub>Q x\<in>I. X" \<rightleftharpoons> "CONST coprod_qbs I (\<lambda>x. X)"
+
+lemma
+ shows coprod_qbs_space: "qbs_space (coprod_qbs I X) = (SIGMA i:I. qbs_space (X i))" (is ?goal1)
+ and coprod_qbs_Mx: "qbs_Mx (coprod_qbs I X) = coprod_qbs_Mx I X" (is ?goal2)
+proof -
+ have "coprod_qbs_Mx I X \<subseteq> UNIV \<rightarrow> (SIGMA i:I. qbs_space (X i))"
+ by(fastforce simp: coprod_qbs_Mx_def dest: measurable_space qbs_Mx_to_X)
+ moreover have "qbs_closed1 (coprod_qbs_Mx I X)"
+ proof(rule qbs_closed1I)
+ fix \<alpha> and f :: "real \<Rightarrow> real"
+ assume "\<alpha> \<in> coprod_qbs_Mx I X"
+ and 1[measurable]: "f \<in> borel \<rightarrow>\<^sub>M borel"
+ then obtain \<beta> g where ha:
+ "\<And>i. i \<in> range g \<Longrightarrow> \<beta> i \<in> qbs_Mx (X i)" "\<alpha> = (\<lambda>r. (g r, \<beta> (g r) r))" and [measurable]:"g \<in> borel \<rightarrow>\<^sub>M count_space I"
+ by(fastforce simp: coprod_qbs_Mx_def)
+ then have "\<And>i. i \<in> range g \<Longrightarrow> \<beta> i \<circ> f \<in> qbs_Mx (X i)"
+ by simp
+ thus "\<alpha> \<circ> f \<in> coprod_qbs_Mx I X"
+ unfolding coprod_qbs_Mx_def by (auto intro!: exI[where x="g \<circ> f"] exI[where x="\<lambda>i. \<beta> i \<circ> f"] simp: ha(2))
+ qed
+ moreover have "qbs_closed2 (SIGMA i:I. qbs_space (X i)) (coprod_qbs_Mx I X)"
+ proof(safe intro!: qbs_closed2I)
+ fix i x
+ assume "i \<in> I" "x \<in> qbs_space (X i)"
+ then show "(\<lambda>r. (i,x)) \<in> coprod_qbs_Mx I X"
+ by(auto simp: coprod_qbs_Mx_def intro!: exI[where x="\<lambda>r. i"])
+ qed
+ moreover have "qbs_closed3 (coprod_qbs_Mx I X)"
+ proof(rule qbs_closed3I)
+ fix P :: "real \<Rightarrow> nat" and Fi
+ assume h[measurable]:"P \<in> borel \<rightarrow>\<^sub>M count_space UNIV"
+ "\<And>i :: nat. Fi i \<in> coprod_qbs_Mx I X"
+ then have "\<forall>i. \<exists>fi \<alpha>i. Fi i = (\<lambda>r. (fi r, \<alpha>i (fi r) r)) \<and> fi \<in> borel \<rightarrow>\<^sub>M count_space I \<and> (\<forall>j. (j \<in> range fi \<or> qbs_space (X j) \<noteq> {}) \<longrightarrow> \<alpha>i j \<in> qbs_Mx (X j))"
+ by(auto simp: coproduct_qbs_Mx_eq coprod_qbs_Mx'_def)
+ then obtain fi where
+ "\<forall>i. \<exists>\<alpha>i. Fi i = (\<lambda>r. (fi i r, \<alpha>i (fi i r) r)) \<and> fi i \<in> borel \<rightarrow>\<^sub>M count_space I \<and> (\<forall>j. (j \<in> range (fi i) \<or> qbs_space (X j) \<noteq> {}) \<longrightarrow> \<alpha>i j \<in> qbs_Mx (X j))"
+ by(fastforce intro!: choice)
+ then obtain \<alpha>i where
+ "\<forall>i. Fi i = (\<lambda>r. (fi i r, \<alpha>i i (fi i r) r)) \<and> fi i \<in> borel \<rightarrow>\<^sub>M count_space I \<and> (\<forall>j. (j \<in> range (fi i) \<or> qbs_space (X j) \<noteq> {}) \<longrightarrow> \<alpha>i i j \<in> qbs_Mx (X j))"
+ by(fastforce intro!: choice)
+ then have hf[measurable]:
+ "\<And>i. Fi i = (\<lambda>r. (fi i r, \<alpha>i i (fi i r) r))" "\<And>i. fi i \<in> borel \<rightarrow>\<^sub>M count_space I" "\<And>i j. j \<in> range (fi i) \<Longrightarrow> \<alpha>i i j \<in> qbs_Mx (X j)" "\<And>i j. qbs_space (X j) \<noteq> {} \<Longrightarrow> \<alpha>i i j \<in> qbs_Mx (X j)"
+ by auto
+
+ define f' where "f' \<equiv> (\<lambda>r. fi (P r) r)"
+ define \<alpha>' where "\<alpha>' \<equiv> (\<lambda>i r. \<alpha>i (P r) i r)"
+ have 1:"(\<lambda>r. Fi (P r) r) = (\<lambda>r. (f' r, \<alpha>' (f' r) r))"
+ by(simp add: \<alpha>'_def f'_def hf)
+ have "f' \<in> borel \<rightarrow>\<^sub>M count_space I"
+ by(simp add: f'_def)
+ moreover have "\<And>i. i \<in> range f' \<Longrightarrow> \<alpha>' i \<in> qbs_Mx (X i)"
+ proof -
+ fix i
+ assume hi:"i \<in> range f'"
+ then obtain r where hr: "i = fi (P r) r" by(auto simp: f'_def)
+ hence "i \<in> range (fi (P r))" by simp
+ hence "\<alpha>i (P r) i \<in> qbs_Mx (X i)" by(simp add: hf)
+ hence "qbs_space (X i) \<noteq> {}"
+ by(auto simp: qbs_empty_equiv)
+ hence "\<And>j. \<alpha>i j i \<in> qbs_Mx (X i)"
+ by(simp add: hf(4))
+ then show "\<alpha>' i \<in> qbs_Mx (X i)"
+ by(auto simp: \<alpha>'_def h(1) intro!: qbs_closed3_dest[of P "\<lambda>j. \<alpha>i j i"])
+ qed
+ ultimately show "(\<lambda>r. Fi (P r) r) \<in> coprod_qbs_Mx I X"
+ by(auto simp: 1 coprod_qbs_Mx_def intro!: exI[where x=f'])
+ qed
+ ultimately have "Rep_quasi_borel (coprod_qbs I X) = (SIGMA i:I. qbs_space (X i), coprod_qbs_Mx I X)"
+ unfolding coprod_qbs_def by(fastforce intro!: Abs_quasi_borel_inverse)
+ thus ?goal1 ?goal2
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+lemma coprod_qbs_MxI:
+ assumes "f \<in> borel \<rightarrow>\<^sub>M count_space I"
+ and "\<And>i. i \<in> range f \<Longrightarrow> \<alpha> i \<in> qbs_Mx (X i)"
+ shows "(\<lambda>r. (f r, \<alpha> (f r) r)) \<in> qbs_Mx (coprod_qbs I X)"
+ using assms unfolding coprod_qbs_Mx_def coprod_qbs_Mx by blast
+
+lemma coprod_qbs_eqI:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> X i = Y i"
+ shows "coprod_qbs I X = coprod_qbs I Y"
+ using assms by(auto intro!: qbs_eqI simp: coprod_qbs_Mx coprod_qbs_Mx_def) (metis UNIV_I measurable_space space_borel space_count_space)+
+
+subsubsection \<open> List Spaces \<close>
+text \<open> We define the quasi-Borel spaces on list using the following isomorphism.
+ \begin{align*}
+ List(X) \cong \coprod_{n\in \mathbb{N}} \prod_{0\leq i < n} X
+ \end{align*}\<close>
+definition "list_of X \<equiv> \<amalg>\<^sub>Q n\<in>(UNIV :: nat set).\<Pi>\<^sub>Q i\<in>{..<n}. X"
+definition list_nil :: "nat \<times> (nat \<Rightarrow> 'a)" where
+"list_nil \<equiv> (0, \<lambda>n. undefined)"
+definition list_cons :: "['a, nat \<times> (nat \<Rightarrow> 'a)] \<Rightarrow> nat \<times> (nat \<Rightarrow> 'a)" where
+"list_cons x l \<equiv> (Suc (fst l), (\<lambda>n. if n = 0 then x else (snd l) (n - 1)))"
+
+fun from_list :: "'a list \<Rightarrow> nat \<times> (nat \<Rightarrow> 'a)" where
+ "from_list [] = list_nil" |
+ "from_list (a#l) = list_cons a (from_list l)"
+
+fun to_list' :: "nat \<Rightarrow> (nat \<Rightarrow> 'a) \<Rightarrow> 'a list" where
+ "to_list' 0 _ = []" |
+ "to_list' (Suc n) f = f 0 # to_list' n (\<lambda>n. f (Suc n))"
+
+definition to_list :: "nat \<times> (nat \<Rightarrow> 'a) \<Rightarrow> 'a list" where
+"to_list \<equiv> case_prod to_list'"
+
+text \<open> Definition \<close>
+definition list_qbs :: "'a quasi_borel \<Rightarrow> 'a list quasi_borel" where
+"list_qbs X \<equiv> map_qbs to_list (list_of X)"
+
+definition list_head :: "nat \<times> (nat \<Rightarrow> 'a) \<Rightarrow> 'a" where
+"list_head l = snd l 0"
+definition list_tail :: "nat \<times> (nat \<Rightarrow> 'a) \<Rightarrow> nat \<times> (nat \<Rightarrow> 'a)" where
+"list_tail l = (fst l - 1, \<lambda>m. (snd l) (Suc m))"
+
+lemma list_simp1: "list_nil \<noteq> list_cons x l"
+ by (simp add: list_nil_def list_cons_def)
+
+lemma list_simp2:
+ assumes "list_cons a al = list_cons b bl"
+ shows "a = b" "al = bl"
+proof -
+ have "a = snd (list_cons a al) 0" "b = snd (list_cons b bl) 0"
+ by (auto simp: list_cons_def)
+ thus "a = b"
+ by(simp add: assms)
+next
+ have "fst al = fst bl"
+ using assms by (simp add: list_cons_def)
+ moreover have "snd al = snd bl"
+ proof
+ fix n
+ have "snd al n = snd (list_cons a al) (Suc n)"
+ by (simp add: list_cons_def)
+ also have "... = snd (list_cons b bl) (Suc n)"
+ by (simp add: assms)
+ also have "... = snd bl n"
+ by (simp add: list_cons_def)
+ finally show "snd al n = snd bl n" .
+ qed
+ ultimately show "al = bl"
+ by (simp add: prod.expand)
+qed
+
+lemma
+ shows list_simp3:"list_head (list_cons a l) = a"
+ and list_simp4:"list_tail (list_cons a l) = l"
+ by(simp_all add: list_head_def list_cons_def list_tail_def)
+
+lemma list_decomp1:
+ assumes "l \<in> qbs_space (list_of X)"
+ shows "l = list_nil \<or>
+ (\<exists>a l'. a \<in> qbs_space X \<and> l' \<in> qbs_space (list_of X) \<and> l = list_cons a l')"
+proof(cases l)
+ case hl:(Pair n f)
+ show ?thesis
+ proof(cases n)
+ case 0
+ then show ?thesis
+ using assms hl by (simp add: list_of_def list_nil_def coprod_qbs_space PiQ_space)
+ next
+ case hn:(Suc n')
+ define f' where "f' \<equiv> \<lambda>m. f (Suc m)"
+ have "l = list_cons (f 0) (n',f')"
+ unfolding hl hn list_cons_def
+ proof safe
+ fix m
+ show "f = (\<lambda>m. if m = 0 then f 0 else snd (n', f') (m - 1))"
+ proof
+ fix m
+ show "f m = (if m = 0 then f 0 else snd (n', f') (m - 1))"
+ using assms hl by(cases m; fastforce simp: f'_def)
+ qed
+ qed simp
+ moreover have "(n', f') \<in> qbs_space (list_of X)"
+ proof -
+ have "\<And>x. x \<in> {..<n'} \<Longrightarrow> f' x \<in> qbs_space X"
+ using assms hl hn by(fastforce simp: f'_def list_of_def coprod_qbs_space PiQ_space)
+ moreover {
+ fix x
+ assume 1:"x \<notin> {..<n'}"
+ hence " f' x = undefined"
+ using hl assms hn by(auto simp: f'_def list_of_def coprod_qbs_space PiQ_space)
+ }
+ ultimately show ?thesis
+ by(auto simp add: list_of_def coprod_qbs_space PiQ_space)
+ qed
+ ultimately show ?thesis
+ using hl assms by(auto intro!: exI[where x="f 0"] exI[where x="(n',\<lambda>m. if m = 0 then undefined else f (Suc m))"] simp: list_cons_def list_of_def coprod_qbs_space PiQ_space)
+ qed
+qed
+
+lemma list_simp5:
+ assumes "l \<in> qbs_space (list_of X)"
+ and "l \<noteq> list_nil"
+ shows "l = list_cons (list_head l) (list_tail l)"
+proof -
+ obtain a l' where hl:
+ "a \<in> qbs_space X" "l' \<in> qbs_space (list_of X)" "l = list_cons a l'"
+ using list_decomp1[OF assms(1)] assms(2) by blast
+ hence "list_head l = a" "list_tail l = l'"
+ by(simp_all add: list_simp3 list_simp4)
+ thus ?thesis
+ using hl(3) list_simp2 by auto
+qed
+
+lemma list_simp6:
+ "list_nil \<in> qbs_space (list_of X)"
+ by (simp add: list_nil_def list_of_def coprod_qbs_space PiQ_space)
+
+lemma list_simp7:
+ assumes "a \<in> qbs_space X"
+ and "l \<in> qbs_space (list_of X)"
+ shows "list_cons a l \<in> qbs_space (list_of X)"
+ using assms by(fastforce simp: PiE_def extensional_def list_cons_def list_of_def coprod_qbs_space PiQ_space)
+
+lemma list_destruct_rule:
+ assumes "l \<in> qbs_space (list_of X)"
+ "P list_nil"
+ and "\<And>a l'. a \<in> qbs_space X \<Longrightarrow> l' \<in> qbs_space (list_of X) \<Longrightarrow> P (list_cons a l')"
+ shows "P l"
+ by(rule disjE[OF list_decomp1[OF assms(1)]]) (use assms in auto)
+
+lemma list_induct_rule:
+ assumes "l \<in> qbs_space (list_of X)"
+ "P list_nil"
+ and "\<And>a l'. a \<in> qbs_space X \<Longrightarrow> l' \<in> qbs_space (list_of X) \<Longrightarrow> P l' \<Longrightarrow> P (list_cons a l')"
+ shows "P l"
+proof(cases l)
+ case hl:(Pair n f)
+ then show ?thesis
+ using assms(1)
+ proof(induction n arbitrary: f l)
+ case 0
+ then show ?case
+ using assms(2) by (simp add: list_of_def coprod_qbs_space PiQ_space list_nil_def)
+ next
+ case ih:(Suc n)
+ then obtain a l' where hl:
+ "a \<in> qbs_space X" "l' \<in> qbs_space (list_of X)" "l = list_cons a l'"
+ using list_decomp1 by(simp add: list_nil_def) blast
+ have "P l'"
+ using ih hl(3)
+ by(auto intro!: ih(1)[OF _ hl(2),of "snd l'"] simp: list_of_def coprod_qbs_space PiQ_space list_cons_def)
+ from assms(3)[OF hl(1,2) this]
+ show ?case
+ by(simp add: hl(3))
+ qed
+qed
+
+lemma to_list_simp1: "to_list list_nil = []"
+ by(simp add: to_list_def list_nil_def)
+
+lemma to_list_simp2:
+ assumes "l \<in> qbs_space (list_of X)"
+ shows "to_list (list_cons a l) = a # to_list l"
+ using assms by(auto simp:PiE_def to_list_def list_cons_def list_of_def coprod_qbs_space PiQ_space)
+
+lemma to_list_set:
+ assumes "l \<in> qbs_space (list_of X)"
+ shows "set (to_list l) \<subseteq> qbs_space X"
+ by(rule list_induct_rule[OF assms]) (auto simp: to_list_simp1 to_list_simp2)
+
+lemma from_list_length: "fst (from_list l) = length l"
+ by(induction l, simp_all add: list_cons_def list_nil_def)
+
+lemma from_list_in_list_of:
+ assumes "set l \<subseteq> qbs_space X"
+ shows "from_list l \<in> qbs_space (list_of X)"
+ using assms by(induction l) (auto simp: PiE_def extensional_def Pi_def list_of_def coprod_qbs_space PiQ_space list_nil_def list_cons_def)
+
+lemma from_list_in_list_of': "from_list l \<in> qbs_space (list_of (Abs_quasi_borel (UNIV,UNIV)))"
+proof -
+ have "set l \<subseteq> qbs_space (Abs_quasi_borel (UNIV,UNIV))"
+ by(simp add: qbs_space_def Abs_quasi_borel_inverse[of "(UNIV,UNIV)",simplified is_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def,simplified])
+ thus ?thesis
+ using from_list_in_list_of by blast
+qed
+
+lemma list_cons_in_list_of:
+ assumes "set (a#l) \<subseteq> qbs_space X"
+ shows "list_cons a (from_list l) \<in> qbs_space (list_of X)"
+ using from_list_in_list_of[OF assms] by simp
+
+lemma from_list_to_list_ident:
+ "to_list (from_list l) = l"
+ by(induction l) (simp add: to_list_def list_nil_def,simp add: to_list_simp2[OF from_list_in_list_of'])
+
+lemma to_list_from_list_ident:
+ assumes "l \<in> qbs_space (list_of X)"
+ shows "from_list (to_list l) = l"
+proof(rule list_induct_rule[OF assms])
+ fix a l'
+ assume h: "l' \<in> qbs_space (list_of X)"
+ and ih:"from_list (to_list l') = l'"
+ show "from_list (to_list (list_cons a l')) = list_cons a l'"
+ by(auto simp add: to_list_simp2[OF h] ih[simplified])
+qed (simp add: to_list_simp1)
+
+definition rec_list' :: "'b \<Rightarrow> ('a \<Rightarrow> (nat \<times> (nat \<Rightarrow> 'a)) \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> (nat \<times> (nat \<Rightarrow> 'a)) \<Rightarrow> 'b" where
+"rec_list' t0 f l \<equiv> (rec_list t0 (\<lambda>x l'. f x (from_list l')) (to_list l))"
+
+lemma rec_list'_simp1:
+ "rec_list' t f list_nil = t"
+ by(simp add: rec_list'_def to_list_simp1)
+
+lemma rec_list'_simp2:
+ assumes "l \<in> qbs_space (list_of X)"
+ shows "rec_list' t f (list_cons x l) = f x l (rec_list' t f l)"
+ by(simp add: rec_list'_def to_list_simp2[OF assms] to_list_from_list_ident[OF assms,simplified])
+
+lemma list_qbs_space: "qbs_space (list_qbs X) = {l. set l \<subseteq> qbs_space X}"
+ using to_list_set by(auto simp: list_qbs_def map_qbs_space image_def from_list_to_list_ident from_list_in_list_of intro!: bexI[where x="from_list _"])
+
+subsubsection \<open> Option Spaces \<close>
+text \<open> The option spaces is defined using the following isomorphism.
+ \begin{align*}
+ Option(X) \cong X + 1
+ \end{align*}\<close>
+definition option_qbs :: "'a quasi_borel \<Rightarrow> 'a option quasi_borel" where
+"option_qbs X = map_qbs (\<lambda>x. case x of Inl y \<Rightarrow> Some y | Inr y \<Rightarrow> None) (X \<Oplus>\<^sub>Q 1\<^sub>Q)"
+
+lemma option_qbs_space: "qbs_space (option_qbs X) = {Some x|x. x \<in> qbs_space X} \<union> {None}"
+ by(auto simp: option_qbs_def map_qbs_space copair_qbs_space) (metis InrI image_eqI insert_iff old.sum.simps(6), metis InlI image_iff sum.case(1))
+
+subsubsection \<open> Function Spaces \<close>
+definition exp_qbs :: "['a quasi_borel, 'b quasi_borel] \<Rightarrow> ('a \<Rightarrow> 'b) quasi_borel" (infixr "\<Rightarrow>\<^sub>Q" 61) where
+"X \<Rightarrow>\<^sub>Q Y \<equiv> Abs_quasi_borel ({f. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}, {g. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y})"
+
+lemma
+ shows exp_qbs_space: "qbs_space (exp_qbs X Y) = {f. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}"
+ and exp_qbs_Mx: "qbs_Mx (exp_qbs X Y) = {g. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y}"
+proof -
+ have "{g:: real \<Rightarrow> _. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y} \<subseteq> UNIV \<rightarrow> {f. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}"
+ proof safe
+ fix g :: "real \<Rightarrow> _" and r :: real and \<alpha>
+ assume h:"\<forall>\<alpha>\<in>borel_measurable borel. \<forall>\<beta>\<in>qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y" "\<alpha> \<in> qbs_Mx X"
+ have [simp]: "g r \<circ> \<alpha> = (\<lambda>l. g r (\<alpha> l))" by (auto simp: comp_def)
+ thus "g r \<circ> \<alpha> \<in> qbs_Mx Y"
+ using h by auto
+ qed
+ moreover have "qbs_closed3 {g. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y}"
+ by(rule qbs_closed3I, auto) (rule qbs_closed3_dest,auto)
+ ultimately have "Rep_quasi_borel (exp_qbs X Y) = ({f. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}, {g. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y})"
+ unfolding exp_qbs_def by(auto intro!: Abs_quasi_borel_inverse is_quasi_borel_intro qbs_closed1I qbs_closed2I simp: comp_def)
+ thus "qbs_space (exp_qbs X Y) = {f. \<forall>\<alpha> \<in> qbs_Mx X. f \<circ> \<alpha> \<in> qbs_Mx Y}"
+ "qbs_Mx (exp_qbs X Y) = {g. \<forall>\<alpha>\<in> borel_measurable borel. \<forall>\<beta>\<in> qbs_Mx X. (\<lambda>r. g (\<alpha> r) (\<beta> r)) \<in> qbs_Mx Y}"
+ by(simp_all add: qbs_space_def qbs_Mx_def)
+qed
+
+subsubsection \<open> Ordering on Quasi-Borel Spaces \<close>
+
+inductive_set generating_Mx :: "'a set \<Rightarrow> (real \<Rightarrow> 'a) set \<Rightarrow> (real \<Rightarrow> 'a) set"
+ for X :: "'a set" and Mx :: "(real \<Rightarrow> 'a) set"
+ where
+ Basic: "\<alpha> \<in> Mx \<Longrightarrow> \<alpha> \<in> generating_Mx X Mx"
+ | Const: "x \<in> X \<Longrightarrow> (\<lambda>r. x) \<in> generating_Mx X Mx"
+ | Comp : "f \<in> (borel :: real measure) \<rightarrow>\<^sub>M (borel :: real measure) \<Longrightarrow> \<alpha> \<in> generating_Mx X Mx \<Longrightarrow> \<alpha> \<circ> f \<in> generating_Mx X Mx"
+ | Part : "(\<And>i. Fi i \<in> generating_Mx X Mx) \<Longrightarrow> P \<in> borel \<rightarrow>\<^sub>M count_space (UNIV :: nat set) \<Longrightarrow> (\<lambda>r. Fi (P r) r) \<in> generating_Mx X Mx"
+
+lemma generating_Mx_to_space:
+ assumes "Mx \<subseteq> UNIV \<rightarrow> X"
+ shows "generating_Mx X Mx \<subseteq> UNIV \<rightarrow> X"
+proof
+ fix \<alpha>
+ assume "\<alpha> \<in> generating_Mx X Mx"
+ then show "\<alpha> \<in> UNIV \<rightarrow> X"
+ by(induct rule: generating_Mx.induct) (use assms in auto)
+qed
+
+lemma generating_Mx_closed1:
+ "qbs_closed1 (generating_Mx X Mx)"
+ by (simp add: generating_Mx.Comp qbs_closed1I)
+
+lemma generating_Mx_closed2:
+ "qbs_closed2 X (generating_Mx X Mx)"
+ by (simp add: generating_Mx.Const qbs_closed2I)
+
+lemma generating_Mx_closed3:
+ "qbs_closed3 (generating_Mx X Mx)"
+ by(simp add: qbs_closed3I generating_Mx.Part)
+
+lemma generating_Mx_Mx:
+ "generating_Mx (qbs_space X) (qbs_Mx X) = qbs_Mx X"
+proof safe
+ fix \<alpha>
+ assume "\<alpha> \<in> generating_Mx (qbs_space X) (qbs_Mx X)"
+ then show "\<alpha> \<in> qbs_Mx X"
+ by(rule generating_Mx.induct) (auto intro!: qbs_closed1_dest[simplified comp_def] simp: qbs_closed3_dest')
+next
+ fix \<alpha>
+ assume "\<alpha> \<in> qbs_Mx X"
+ then show "\<alpha> \<in> generating_Mx (qbs_space X) (qbs_Mx X)" ..
+qed
+
+instantiation quasi_borel :: (type) order_bot
+begin
+
+inductive less_eq_quasi_borel :: "'a quasi_borel \<Rightarrow> 'a quasi_borel \<Rightarrow> bool" where
+ "qbs_space X \<subset> qbs_space Y \<Longrightarrow> less_eq_quasi_borel X Y"
+| "qbs_space X = qbs_space Y \<Longrightarrow> qbs_Mx Y \<subseteq> qbs_Mx X \<Longrightarrow> less_eq_quasi_borel X Y"
+
+lemma le_quasi_borel_iff:
+ "X \<le> Y \<longleftrightarrow> (if qbs_space X = qbs_space Y then qbs_Mx Y \<subseteq> qbs_Mx X else qbs_space X \<subset> qbs_space Y)"
+ by(auto elim: less_eq_quasi_borel.cases intro: less_eq_quasi_borel.intros)
+
+definition less_quasi_borel :: "'a quasi_borel \<Rightarrow> 'a quasi_borel \<Rightarrow> bool" where
+ "less_quasi_borel X Y \<longleftrightarrow> (X \<le> Y \<and> \<not> Y \<le> X)"
+
+definition bot_quasi_borel :: "'a quasi_borel" where
+ "bot_quasi_borel = empty_quasi_borel"
+
+instance
+proof
+ show "bot \<le> a" for a :: "'a quasi_borel"
+ using qbs_empty_equiv
+ by(auto simp add: le_quasi_borel_iff bot_quasi_borel_def)
+qed (auto simp: le_quasi_borel_iff less_quasi_borel_def split: if_split_asm intro: qbs_eqI)
+end
+
+definition inf_quasi_borel :: "['a quasi_borel, 'a quasi_borel] \<Rightarrow> 'a quasi_borel" where
+"inf_quasi_borel X X' = Abs_quasi_borel (qbs_space X \<inter> qbs_space X', qbs_Mx X \<inter> qbs_Mx X')"
+
+lemma inf_quasi_borel_correct: "Rep_quasi_borel (inf_quasi_borel X X') = (qbs_space X \<inter> qbs_space X', qbs_Mx X \<inter> qbs_Mx X')"
+ by(auto intro!: Abs_quasi_borel_inverse simp: inf_quasi_borel_def is_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def dest: qbs_Mx_to_X)
+
+lemma inf_qbs_space[simp]: "qbs_space (inf_quasi_borel X X') = qbs_space X \<inter> qbs_space X'"
+ by (simp add: qbs_space_def inf_quasi_borel_correct)
+
+lemma inf_qbs_Mx[simp]: "qbs_Mx (inf_quasi_borel X X') = qbs_Mx X \<inter> qbs_Mx X'"
+ by(simp add: qbs_Mx_def inf_quasi_borel_correct)
+
+definition max_quasi_borel :: "'a set \<Rightarrow> 'a quasi_borel" where
+"max_quasi_borel X = Abs_quasi_borel (X, UNIV \<rightarrow> X)"
+
+lemma max_quasi_borel_correct: "Rep_quasi_borel (max_quasi_borel X) = (X, UNIV \<rightarrow> X)"
+ by(fastforce intro!: Abs_quasi_borel_inverse
+ simp: max_quasi_borel_def qbs_closed1_def qbs_closed2_def qbs_closed3_def is_quasi_borel_def)
+
+lemma max_qbs_space[simp]: "qbs_space (max_quasi_borel X) = X"
+ by(simp add: qbs_space_def max_quasi_borel_correct)
+
+lemma max_qbs_Mx[simp]: "qbs_Mx (max_quasi_borel X) = UNIV \<rightarrow> X"
+ by(simp add: qbs_Mx_def max_quasi_borel_correct)
+
+instantiation quasi_borel :: (type) semilattice_sup
+begin
+
+definition sup_quasi_borel :: "'a quasi_borel \<Rightarrow> 'a quasi_borel \<Rightarrow> 'a quasi_borel" where
+"sup_quasi_borel X Y \<equiv> (if qbs_space X = qbs_space Y then inf_quasi_borel X Y
+ else if qbs_space X \<subset> qbs_space Y then Y
+ else if qbs_space Y \<subset> qbs_space X then X
+ else max_quasi_borel (qbs_space X \<union> qbs_space Y))"
+
+
+instance
+proof
+ fix X Y :: "'a quasi_borel"
+ let ?X = "qbs_space X"
+ let ?Y = "qbs_space Y"
+ consider "?X = ?Y" | "?X \<subset> ?Y" | "?Y \<subset> ?X" | "?X \<subset> ?X \<union> ?Y \<and> ?Y \<subset> ?X \<union> ?Y"
+ by auto
+ then show "X \<le> X \<squnion> Y"
+ proof(cases)
+ case 1
+ show ?thesis
+ unfolding sup_quasi_borel_def
+ by(rule less_eq_quasi_borel.intros(2),simp_all add: 1)
+ next
+ case 2
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by (simp add: less_eq_quasi_borel.intros(1))
+ next
+ case 3
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by auto
+ next
+ case 4
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by(auto simp: less_eq_quasi_borel.intros(1))
+ qed
+next
+ fix X Y :: "'a quasi_borel"
+ let ?X = "qbs_space X"
+ let ?Y = "qbs_space Y"
+ consider "?X = ?Y" | "?X \<subset> ?Y" | "?Y \<subset> ?X" | "?X \<subset> ?X \<union> ?Y \<and> ?Y \<subset> ?X \<union> ?Y"
+ by auto
+ then show "Y \<le> X \<squnion> Y"
+ proof(cases)
+ case 1
+ show ?thesis
+ unfolding sup_quasi_borel_def
+ by(rule less_eq_quasi_borel.intros(2)) (simp_all add: 1)
+ next
+ case 2
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by auto
+ next
+ case 3
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by (auto simp add: less_eq_quasi_borel.intros(1))
+ next
+ case 4
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ by(auto simp: less_eq_quasi_borel.intros(1))
+ qed
+next
+ fix X Y Z :: "'a quasi_borel"
+ assume h:"X \<le> Z" "Y \<le> Z"
+ let ?X = "qbs_space X"
+ let ?Y = "qbs_space Y"
+ let ?Z = "qbs_space Z"
+ consider "?X = ?Y" | "?X \<subset> ?Y" | "?Y \<subset> ?X" | "?X \<subset> ?X \<union> ?Y \<and> ?Y \<subset> ?X \<union> ?Y"
+ by auto
+ then show "sup X Y \<le> Z"
+ proof cases
+ case 1
+ show ?thesis
+ unfolding sup_quasi_borel_def
+ apply(simp add: 1,rule less_eq_quasi_borel.cases[OF h(1)])
+ apply(rule less_eq_quasi_borel.intros(1))
+ apply auto[1]
+ apply simp
+ apply(rule less_eq_quasi_borel.intros(2))
+ apply(simp add: 1)
+ apply(rule less_eq_quasi_borel.cases[OF h(2)])
+ using 1
+ apply fastforce
+ apply simp
+ by (metis "1" h(2) inf_qbs_Mx le_inf_iff le_quasi_borel_iff)
+
+ next
+ case 2
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ using h(2) by auto
+ next
+ case 3
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ using h(1) by auto
+ next
+ case 4
+ then have [simp]:"?X \<noteq> ?Y" "~ (?X \<subset> ?Y)" "~ (?Y \<subset> ?X)"
+ by auto
+ have [simp]:"?X \<subseteq> ?Z" "?Y \<subseteq> ?Z"
+ by (metis h(1) dual_order.order_iff_strict less_eq_quasi_borel.cases)
+ (metis h(2) dual_order.order_iff_strict less_eq_quasi_borel.cases)
+ then consider "?X \<union> ?Y = ?Z" | "?X \<union> ?Y \<subset> ?Z"
+ by blast
+ then show ?thesis
+ unfolding sup_quasi_borel_def
+ apply cases
+ apply simp
+ apply(rule less_eq_quasi_borel.intros(2))
+ apply simp
+ using qbs_Mx_to_X apply auto[1]
+ by(simp add: less_eq_quasi_borel.intros(1))
+ qed
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/Query.thy b/thys/S_Finite_Measure_Monad/Query.thy
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/Query.thy
@@ -0,0 +1,1367 @@
+(* Title: Query.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+subsection \<open>Query\<close>
+
+theory Query
+ imports "Monad_QuasiBorel"
+begin
+
+declare [[coercion qbs_l]]
+abbreviation qbs_real :: "real quasi_borel" ("\<real>\<^sub>Q") where "\<real>\<^sub>Q \<equiv> qbs_borel"
+abbreviation qbs_ennreal :: "ennreal quasi_borel" ("\<real>\<^sub>Q\<^sub>\<ge>\<^sub>0") where "\<real>\<^sub>Q\<^sub>\<ge>\<^sub>0 \<equiv> qbs_borel"
+abbreviation qbs_nat :: "nat quasi_borel" ("\<nat>\<^sub>Q") where "\<nat>\<^sub>Q \<equiv> qbs_count_space UNIV"
+abbreviation qbs_bool :: "bool quasi_borel" ("\<bool>\<^sub>Q") where "\<bool>\<^sub>Q \<equiv> count_space\<^sub>Q UNIV"
+
+
+definition query :: "['a qbs_measure, 'a \<Rightarrow> ennreal] \<Rightarrow> 'a qbs_measure" where
+"query \<equiv> (\<lambda>s f. normalize_qbs (density_qbs s f))"
+
+lemma query_qbs_morphism[qbs]: "query \<in> monadM_qbs X \<rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q qbs_borel) \<Rightarrow>\<^sub>Q monadM_qbs X"
+ by(simp add: query_def)
+
+definition "condition \<equiv> (\<lambda>s P. query s (\<lambda>x. if P x then 1 else 0))"
+
+lemma condition_qbs_morphism[qbs]: "condition \<in> monadM_qbs X \<Rightarrow>\<^sub>Q (X \<Rightarrow>\<^sub>Q \<bool>\<^sub>Q) \<Rightarrow>\<^sub>Q monadM_qbs X"
+ by(simp add: condition_def)
+
+lemma condition_morphismP:
+ assumes "\<And>x. x \<in> qbs_space X \<Longrightarrow> \<P>(y in qbs_l (s x). P x y) \<noteq> 0"
+ and [qbs]: "s \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y" "P \<in> X \<rightarrow>\<^sub>Q Y \<Rightarrow>\<^sub>Q qbs_count_space UNIV"
+ shows "(\<lambda>x. condition (s x) (P x)) \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+proof(rule qbs_morphism_cong'[where f="\<lambda>x. normalize_qbs (density_qbs (s x) (indicator {y\<in>qbs_space Y. P x y}))"])
+ fix x
+ assume x[qbs]:"x \<in> qbs_space X"
+ have "density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y}) = density_qbs (s x) (\<lambda>y. if P x y then 1 else 0)"
+ by(auto intro!: density_qbs_cong[OF qbs_space_monadPM[OF qbs_morphism_space[OF assms(2) x]]] indicator_qbs_morphism'')
+ thus "normalize_qbs (density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y})) = condition (s x) (P x)"
+ unfolding condition_def query_def by simp
+next
+ show "(\<lambda>x. normalize_qbs (density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y}))) \<in> X \<rightarrow>\<^sub>Q monadP_qbs Y"
+ proof(rule normalize_qbs_morphismP[of "\<lambda>x. density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y})"])
+ show "(\<lambda>x. density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y})) \<in> X \<rightarrow>\<^sub>Q monadM_qbs Y"
+ using qbs_morphism_monadPD[OF assms(2)] by simp
+ next
+ fix x
+ assume x:"x \<in> qbs_space X"
+ show "emeasure (qbs_l (density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y}))) (qbs_space Y) \<noteq> 0"
+ "emeasure (qbs_l (density_qbs (s x) (indicator {y \<in> qbs_space Y. P x y}))) (qbs_space Y) \<noteq> \<infinity>"
+ using assms(1)[OF x] qbs_l_monadP_le1[OF qbs_morphism_space[OF assms(2) x]]
+ by(auto simp add: qbs_l_density_qbs_indicator[OF qbs_space_monadPM[OF qbs_morphism_space[OF assms(2) x]] qbs_morphism_space[OF assms(3) x]] measure_def space_qbs_l_in[OF qbs_space_monadPM[OF qbs_morphism_space[OF assms(2) x]]])
+ qed
+qed
+
+lemma query_Bayes:
+ assumes [qbs]: "s \<in> qbs_space (monadP_qbs X)" "qbs_pred X P" "qbs_pred X Q"
+ shows "\<P>(x in condition s P. Q x) = \<P>(x in s. Q x \<bar> P x)" (is "?lhs = ?pq")
+proof -
+ have X: "qbs_space X \<noteq> {}"
+ using assms(1) by(simp only: monadP_qbs_empty_iff[of X]) blast
+ note s[qbs] = qbs_space_monadPM[OF assms(1)]
+ have density_eq: "density_qbs s (\<lambda>x. if P x then 1 else 0) = density_qbs s (indicator {x\<in>qbs_space X. P x})"
+ by(auto intro!: density_qbs_cong[of _ X] indicator_qbs_morphism'')
+ consider "emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) = 0" | "emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) \<noteq> 0" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ have 2:"normalize_qbs (density_qbs s (\<lambda>x. if P x then 1 else 0)) = qbs_null_measure X"
+ by(rule normalize_qbs0) (auto simp: 1)
+ have "\<P>(\<omega> in qbs_l s. P \<omega>) = measure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)"
+ by(simp add: space_qbs_l_in[OF s] measure_def density_eq qbs_l_density_qbs_indicator[OF s])
+ also have "... = 0"
+ by(simp add: measure_def 1)
+ finally show ?thesis
+ by(auto simp: condition_def query_def cond_prob_def 2 1 qbs_null_measure_null_measure[OF X])
+ next
+ case 1[simp]:2
+ from rep_qbs_space_monadP[OF assms(1)]
+ obtain \<alpha> \<mu> where hs: "s = \<lbrakk>X, \<alpha>, \<mu>\<rbrakk>\<^sub>s\<^sub>f\<^sub>i\<^sub>n" "qbs_prob X \<alpha> \<mu>" by auto
+ then interpret qp: qbs_prob X \<alpha> \<mu> by simp
+ have [measurable]:"Measurable.pred (qbs_to_measure X) P" "Measurable.pred (qbs_to_measure X) Q"
+ using assms(2,3) by(simp_all add: lr_adjunction_correspondence)
+ have 2[simp]: "emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) \<noteq> \<top>"
+ by(simp add: hs(1) qp.density_qbs qbs_s_finite.qbs_l[OF qp.density_qbs_s_finite] emeasure_distr emeasure_distr[where N="qbs_to_measure X",OF _ sets.top,simplified space_L] emeasure_density,rule order.strict_implies_not_eq[OF order.strict_trans1[OF qp.nn_integral_le_const[of 1] ennreal_one_less_top]]) auto
+ have 3: "measure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) > 0"
+ using 2 emeasure_eq_ennreal_measure zero_less_measure_iff by fastforce
+ have "query s (\<lambda>x. if P x then 1 else 0) = density_qbs (density_qbs s (\<lambda>x. if P x then 1 else 0)) (\<lambda>x. 1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X))"
+ unfolding query_def by(rule normalize_qbs) auto
+ also have "... = density_qbs s (\<lambda>x. (if P x then 1 else 0) * (1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)))"
+ by(simp add: density_qbs_density_qbs_eq[OF qbs_space_monadPM[OF assms(1)]])
+ finally have query:"query s (\<lambda>x. if P x then 1 else 0) = ..." .
+ have "?lhs = measure (density (qbs_l s) (\<lambda>x. (if P x then 1 else 0) * (1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)))) {x \<in> space (qbs_l s). Q x}"
+ by(simp add: condition_def query qbs_l_density_qbs[OF qbs_space_monadPM[OF assms(1)]])
+ also have "... = measure (density \<mu> (\<lambda>x. (if P (\<alpha> x) then 1 else 0) * (1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)))) {y. \<alpha> y \<in> space (qbs_to_measure X) \<and> Q (\<alpha> y)}"
+ by(simp add: hs(1) qp.qbs_l density_distr measure_def emeasure_distr)
+ also have "... = measure (density \<mu> (\<lambda>x. indicator {r. P (\<alpha> r)} x * (1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)))) {y. Q (\<alpha> y)}"
+ proof -
+ have [simp]:"(if P (\<alpha> r) then 1 else 0) = indicator {r. P (\<alpha> r)} r " for r
+ by auto
+ thus ?thesis by(simp add: space_L)
+ qed
+ also have "... = enn2real (1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)) * measure \<mu> {r. P (\<alpha> r) \<and> Q (\<alpha> r)}"
+ proof -
+ have n_inf: "1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) \<noteq> \<infinity>"
+ using 1 by(auto simp: ennreal_divide_eq_top_iff)
+ show ?thesis
+ by(simp add: measure_density_times[OF _ _ n_inf] Collect_conj_eq)
+ qed
+ also have "... = (1 / measure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)) * qp.prob {r. P (\<alpha> r) \<and> Q (\<alpha> r)}"
+ proof -
+ have "1 / emeasure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X) = ennreal (1 / measure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X))"
+ by(auto simp add: emeasure_eq_ennreal_measure[OF 2] ennreal_1[symmetric] simp del: ennreal_1 intro!: divide_ennreal) (simp_all add: 3)
+ thus ?thesis by simp
+ qed also have "... = ?pq"
+ proof -
+ have qp:"\<P>(x in s. Q x \<and> P x) = qp.prob {r. P (\<alpha> r) \<and> Q (\<alpha> r)}"
+ by(auto simp: hs(1) qp.qbs_l measure_def emeasure_distr, simp add: space_L) meson
+ note sets = sets_qbs_l[OF qbs_space_monadPM[OF assms(1)],measurable_cong]
+ have [simp]: "density (qbs_l s) (\<lambda>x. if P x then 1 else 0) = density (qbs_l s) (indicator {x\<in>space (qbs_to_measure X). P x})"
+ by(auto intro!: density_cong) (auto simp: indicator_def space_L sets_eq_imp_space_eq[OF sets])
+ have p: "\<P>(x in s. P x) = measure (qbs_l (density_qbs s (\<lambda>x. if P x then 1 else 0))) (qbs_space X)"
+ by(auto simp: qbs_l_density_qbs[OF qbs_space_monadPM[OF assms(1),qbs]]) (auto simp: measure_restricted[of "{x \<in> space (qbs_to_measure X). P x}" "qbs_l s",simplified sets,OF _ sets.top,simplified,simplified space_L] space_L sets_eq_imp_space_eq[OF sets])
+ thus ?thesis
+ by(simp add: qp p cond_prob_def)
+ qed
+ finally show ?thesis .
+ qed
+qed
+
+lemma qbs_pmf_cond_pmf:
+ fixes p :: "'a :: countable pmf"
+ assumes "set_pmf p \<inter> {x. P x} \<noteq> {}"
+ shows "condition (qbs_pmf p) P = qbs_pmf (cond_pmf p {x. P x})"
+proof(rule inj_onD[OF qbs_l_inj[of "count_space UNIV"]])
+ note count_space_count_space_qbs_morphism[of P,qbs]
+ show g1:"condition (qbs_pmf p) P \<in> qbs_space (monadM_qbs (count_space\<^sub>Q UNIV))" "qbs_pmf (cond_pmf p {x. P x}) \<in> qbs_space (monadM_qbs (count_space\<^sub>Q UNIV))"
+ by auto
+ show "qbs_l (condition (qbs_pmf p) P) = qbs_l (qbs_pmf (cond_pmf p {x. P x}))"
+ proof(safe intro!: measure_eqI_countable)
+ fix a
+ have "condition (qbs_pmf p) P = normalize_qbs (density_qbs (qbs_pmf p) (\<lambda>x. if P x then 1 else 0))"
+ by(auto simp: condition_def query_def)
+ also have "... = density_qbs (density_qbs (qbs_pmf p) (\<lambda>x. if P x then 1 else 0)) (\<lambda>x. 1 / emeasure (qbs_l (density_qbs (qbs_pmf p) (\<lambda>x. if P x then 1 else 0))) (qbs_space (count_space\<^sub>Q UNIV)))"
+ proof -
+ have 1:"(\<integral>\<^sup>+ x. ennreal (pmf p x) * (if P x then 1 else 0) \<partial>count_space UNIV) = (\<integral>\<^sup>+ x\<in>{x. P x}. ennreal (pmf p x) \<partial>count_space UNIV)"
+ by(auto intro!: nn_integral_cong)
+ have "... > 0"
+ using assms(1) by(force intro!: nn_integral_less[of "\<lambda>x. 0",simplified] simp: AE_count_space set_pmf_eq' indicator_def)
+ hence 2:"(\<integral>\<^sup>+x\<in>{x. P x}. ennreal (pmf p x) \<partial>count_space UNIV) \<noteq> 0"
+ by auto
+ have 3:"(\<integral>\<^sup>+ x\<in>{x. P x}. ennreal (pmf p x) \<partial>count_space UNIV) \<noteq> \<top>"
+ proof -
+ have "(\<integral>\<^sup>+ x\<in>{x. P x}. ennreal (pmf p x) \<partial>count_space UNIV) \<le> (\<integral>\<^sup>+ x. ennreal (pmf p x) \<partial>count_space UNIV)"
+ by(auto intro!: nn_integral_mono simp: indicator_def)
+ also have "... = 1"
+ by (simp add: nn_integral_pmf_eq_1)
+ finally show ?thesis
+ using ennreal_one_neq_top neq_top_trans by fastforce
+ qed
+ show ?thesis
+ by(rule normalize_qbs) (auto simp: qbs_l_density_qbs[of _ "count_space UNIV"] emeasure_density nn_integral_measure_pmf 1 2 3)
+ qed
+ also have "... = density_qbs (qbs_pmf p) (\<lambda>x. (if P x then 1 else 0) * (1 / (\<integral>\<^sup>+ x. ennreal (pmf p x) * (if P x then 1 else 0) \<partial>count_space UNIV)))"
+ by(simp add: density_qbs_density_qbs_eq[of _ "count_space UNIV"] qbs_l_density_qbs[of _ "count_space UNIV"] emeasure_density nn_integral_measure_pmf)
+ also have "... = density_qbs (qbs_pmf p) (\<lambda>x. (if P x then 1 else 0) * (1 / (emeasure (measure_pmf p) (Collect P))))"
+ proof -
+ have [simp]: "(\<integral>\<^sup>+ x. ennreal (pmf p x) * (if P x then 1 else 0) \<partial>count_space UNIV) = emeasure (measure_pmf p) (Collect P)" (is "?l = ?r")
+ proof -
+ have "?l = (\<integral>\<^sup>+ x. ennreal (pmf p x) * (if P x then 1 else 0) \<partial>count_space {x. P x})"
+ by(rule nn_integral_count_space_eq) auto
+ also have "... = ?r"
+ by(auto simp: nn_integral_pmf[symmetric] intro!: nn_integral_cong)
+ finally show ?thesis .
+ qed
+ show ?thesis by simp
+ qed
+ finally show "emeasure (qbs_l (condition (qbs_pmf p) P)) {a} = emeasure (qbs_l (qbs_pmf (cond_pmf p {x. P x}))) {a}"
+ by(simp add: ennreal_divide_times qbs_l_density_qbs[of _ "count_space UNIV"] emeasure_density cond_pmf.rep_eq[OF assms(1)])
+ qed(auto simp: sets_qbs_l[OF g1(1)])
+qed
+
+subsubsection \<open>\texttt{twoUs}\<close>
+text \<open> Example from Section~2 in @{cite Sato_2019}.\<close>
+definition "Uniform \<equiv> (\<lambda>a b::real. uniform_qbs lborel_qbs {a<..<b})"
+
+lemma Uniform_qbs[qbs]: "Uniform \<in> \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q"
+ unfolding Uniform_def by (rule interval_uniform_qbs)
+
+definition twoUs :: "(real \<times> real) qbs_measure" where
+"twoUs \<equiv> do {
+ let u1 = Uniform 0 1;
+ let u2 = Uniform 0 1;
+ let y = u1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s u2;
+ condition y (\<lambda>(x,y). x < 0.5 \<or> y > 0.5)
+ }"
+
+lemma twoUs_qbs: "twoUs \<in> monadM_qbs (\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q)"
+ by(simp add: twoUs_def)
+
+interpretation rr: standard_borel_ne "borel \<Otimes>\<^sub>M borel :: (real \<times> real) measure"
+ by(simp add: borel_prod)
+
+lemma qbs_l_Uniform[simp]: "a < b \<Longrightarrow> qbs_l (Uniform a b) = uniform_measure lborel {a<..<b}"
+ by(simp add: standard_borel_ne.qbs_l_uniform_qbs[of borel lborel_qbs] Uniform_def)
+
+lemma Uniform_qbsP:
+ assumes [arith]: "a < b"
+ shows "Uniform a b \<in> monadP_qbs \<real>\<^sub>Q"
+ by(auto simp: monadP_qbs_def sub_qbs_space intro!: prob_space_uniform_measure)
+
+interpretation UniformP_pair: pair_prob_space "uniform_measure lborel {0<..<1::real}" "uniform_measure lborel {0<..<1::real}"
+ by(auto simp: pair_prob_space_def pair_sigma_finite_def intro!: prob_space_imp_sigma_finite prob_space_uniform_measure)
+
+lemma qbs_l_Uniform_pair: "a < b \<Longrightarrow> qbs_l (Uniform a b \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform a b) = uniform_measure lborel {a<..<b} \<Otimes>\<^sub>M uniform_measure lborel {a<..<b}"
+ by(auto intro!: qbs_l_qbs_pair_measure[of borel borel] standard_borel_ne.standard_borel simp: qbs_l_Uniform[symmetric] simp del: qbs_l_Uniform)
+
+lemma Uniform_pair_qbs[qbs]:
+ assumes "a < b"
+ shows "Uniform a b \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform a b \<in> qbs_space (monadP_qbs (\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q))"
+proof -
+ note [qbs] = qbs_pair_measure_morphismP Uniform_qbsP[OF assms]
+ show ?thesis
+ by simp
+qed
+
+lemma twoUs_prob1: "\<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. fst z < 0.5 \<or> snd z > 0.5) = 3 / 4"
+proof -
+ have [simp]:"{z \<in> space (uniform_measure lborel {0<..<1::real} \<Otimes>\<^sub>M uniform_measure lborel {0<..<1::real}). fst z * 2 < 1 \<or> 1 < snd z * 2} = UNIV \<times> {1/2<..} \<union> {..<1/2} \<times> UNIV"
+ by(auto simp: space_pair_measure)
+ have 1:"UniformP_pair.prob (UNIV \<times> {1 / 2<..}) = 1 / 2"
+ proof -
+ have [simp]:"{0<..<1} \<inter> {1 / 2<..} = {1/2<..<1::real}" by auto
+ thus ?thesis
+ by(auto simp: UniformP_pair.M1.measure_times)
+ qed
+ have 2:"UniformP_pair.prob ({..<1 / 2} \<times> UNIV - UNIV \<times> {1 / 2<..}) = 1 / 4"
+ proof -
+ have [simp]: "{..<1/2::real} \<times> UNIV - UNIV \<times> {1/2::real<..} = {..<1/2} \<times> {..1/2}" "{0<..<1} \<inter> {..<1/2} = {0<..<1/2::real}" "{0<..<1} \<inter> {..1/2::real} = {0<..1/2}"
+ by auto
+ show ?thesis
+ by(auto simp: UniformP_pair.M1.measure_times)
+ qed
+ show ?thesis
+ by(auto simp: qbs_l_Uniform_pair UniformP_pair.P.finite_measure_Union' 1 2)
+qed
+
+lemma twoUs_prob2:"\<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. 1/2 < fst z \<and> (fst z < 1/2 \<or> snd z > 1/2)) = 1 / 4"
+proof -
+ have [simp]:"{z \<in> space (uniform_measure lborel {0<..<1::real} \<Otimes>\<^sub>M uniform_measure lborel {0<..<1::real}). 1 < fst z * 2 \<and> (fst z * 2 < 1 \<or> 1 < snd z * 2)} = {1/2<..} \<times> {1/2<..}"
+ by(auto simp: space_pair_measure)
+ have [simp]: "{0<..<1::real} \<inter> {1/2<..} = {1/2<..<1}" by auto
+ show ?thesis
+ by(auto simp: qbs_l_Uniform_pair UniformP_pair.M1.measure_times)
+qed
+
+lemma twoUs_qbs_prob: "twoUs \<in> qbs_space (monadP_qbs (\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q))"
+proof -
+ have "\<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. fst z < 0.5 \<or> snd z > 0.5) \<noteq> 0"
+ unfolding twoUs_prob1 by simp
+ note qbs_morphism_space[OF condition_morphismP[of qbs_borel "\<lambda>x. Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1" "\<lambda>x z. fst z < 0.5 \<or> snd z > 0.5" "\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q",OF this],simplified,qbs]
+ note Uniform_pair_qbs[of 0 1,simplified,qbs]
+ show ?thesis
+ by(simp add: twoUs_def split_beta')
+qed
+
+lemma "\<P>((x,y) in twoUs. 1/2 < x) = 1 / 3"
+proof -
+ have "\<P>((x,y) in twoUs. 1/2 < x) = \<P>(z in twoUs. 1/2 < fst z)"
+ by (simp add: split_beta')
+ also have "... = \<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. 1/2 < fst z \<bar> fst z < 0.5 \<or> snd z > 0.5)"
+ by(simp add: twoUs_def split_beta',rule query_Bayes[OF Uniform_pair_qbs[of 0 1,simplified,qbs]]) auto
+ also have "... = \<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. 1/2 < fst z \<and> (fst z < 1/2 \<or> snd z > 1/2)) / \<P>(z in Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1. fst z < 0.5 \<or> snd z > 0.5)"
+ by(simp add: cond_prob_def)
+ also have "... = 1 / 3"
+ by(simp only: twoUs_prob2 twoUs_prob1) simp
+ finally show ?thesis .
+qed
+
+subsubsection \<open> Two Dice \<close>
+text \<open> Example from Adrian~\cite[Sect.~2.3]{Adrian_PL}.\<close>
+abbreviation "die \<equiv> qbs_pmf (pmf_of_set {Suc 0..6})"
+
+lemma die_qbs[qbs]: "die \<in> monadM_qbs \<nat>\<^sub>Q"
+ by simp
+
+definition two_dice :: "nat qbs_measure" where
+ "two_dice \<equiv> do {
+ let die1 = die;
+ let die2 = die;
+ let twodice = die1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s die2;
+ (x,y) \<leftarrow> condition twodice
+ (\<lambda>(x,y). x = 4 \<or> y = 4);
+ return_qbs \<nat>\<^sub>Q (x + y)
+ }"
+
+lemma two_dice_qbs: "two_dice \<in> monadM_qbs \<nat>\<^sub>Q"
+ by(simp add: two_dice_def)
+
+lemma prob_die2: "\<P>(x in qbs_l (die \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s die). P x) = real (card ({x. P x} \<inter> ({1..6} \<times> {1..6}))) / 36" (is "?P = ?rhs")
+proof -
+ have "?P = measure_pmf.prob (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {x. P x}"
+ by(auto simp: qbs_pair_pmf)
+ also have "... = measure_pmf.prob (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) ({x. P x} \<inter> set_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})))"
+ by(rule measure_Int_set_pmf[symmetric])
+ also have "... = measure_pmf.prob (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) ({x. P x} \<inter> ({Suc 0..6} \<times> {Suc 0..6}))"
+ by simp
+ also have "... = (\<Sum>z\<in>{x. P x} \<inter> ({Suc 0..6} \<times> {Suc 0..6}). pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) z)"
+ by(simp add: measure_measure_pmf_finite)
+ also have "... = (\<Sum>z\<in>{x. P x} \<inter> ({Suc 0..6} \<times> {Suc 0..6}). 1 / 36)"
+ by(rule Finite_Cartesian_Product.sum_cong_aux) (auto simp: pmf_pair)
+ also have "... = ?rhs"
+ by auto
+ finally show ?thesis .
+qed
+
+lemma dice_prob1: "\<P>(z in qbs_l (die \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s die). fst z = 4 \<or> snd z = 4) = 11 / 36"
+proof -
+ have 1:"Restr {z. fst z = 4 \<or> snd z = 4} {Suc 0..6::nat} = {Suc 0..Suc (Suc (Suc (Suc (Suc (Suc 0)))))} \<times> {Suc (Suc (Suc (Suc 0)))} \<union> {Suc (Suc (Suc (Suc 0)))} \<times> {Suc 0..(Suc (Suc (Suc 0)))} \<union> {Suc (Suc (Suc (Suc 0)))} \<times> {Suc (Suc (Suc (Suc (Suc 0))))..Suc (Suc (Suc (Suc (Suc (Suc 0)))))}"
+ by fastforce
+ have "card ... = card ({Suc 0..Suc (Suc (Suc (Suc (Suc (Suc 0)))))} \<times> {Suc (Suc (Suc (Suc 0)))} \<union> {Suc (Suc (Suc (Suc 0)))} \<times> {Suc 0..(Suc (Suc (Suc 0)))}) + card ({Suc (Suc (Suc (Suc 0)))} \<times> {Suc (Suc (Suc (Suc (Suc 0))))..Suc (Suc (Suc (Suc (Suc (Suc 0)))))})"
+ by(rule card_Un_disjnt) (auto simp: disjnt_def)
+ also have "... = card ({Suc 0..Suc (Suc (Suc (Suc (Suc (Suc 0)))))} \<times> {Suc (Suc (Suc (Suc 0)))}) + card ({Suc (Suc (Suc (Suc 0)))} \<times> {Suc 0..(Suc (Suc (Suc 0)))}) + card ({Suc (Suc (Suc (Suc 0)))} \<times> {Suc (Suc (Suc (Suc (Suc 0))))..Suc (Suc (Suc (Suc (Suc (Suc 0)))))})"
+ proof -
+ have "card ({Suc 0..Suc (Suc (Suc (Suc (Suc (Suc 0)))))} \<times> {Suc (Suc (Suc (Suc 0)))} \<union> {Suc (Suc (Suc (Suc 0)))} \<times> {Suc 0..(Suc (Suc (Suc 0)))}) = card ({Suc 0..Suc (Suc (Suc (Suc (Suc (Suc 0)))))} \<times> {Suc (Suc (Suc (Suc 0)))}) + card ({Suc (Suc (Suc (Suc 0)))} \<times> {Suc 0..(Suc (Suc (Suc 0)))})"
+ by(rule card_Un_disjnt) (auto simp: disjnt_def)
+ thus ?thesis by simp
+ qed
+ also have "... = 11" by auto
+ finally show ?thesis
+ by(auto simp: prob_die2 1)
+qed
+
+lemma dice_program_prob:"\<P>(x in two_dice. P x) = 2 * (\<Sum>n\<in>{5,6,7,9,10}. of_bool (P n) / 11) + of_bool (P 8) / 11" (is "?P = ?rp")
+proof -
+ have 0: "(\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x}) = {5,6,7,8,9,10}"
+ proof safe
+ show " 5 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(1,4)"])
+ show "6 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(2,4)"])
+ show "7 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(3,4)"])
+ show "8 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(4,4)"])
+ show "9 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(5,4)"])
+ show "10 \<in> (\<Union>x\<in>{Suc 0..6} \<times> {Suc 0..6} \<inter> {(x, y). x = 4 \<or> y = 4}. {fst x + snd x})"
+ by(auto intro!: bexI[where x="(6,4)"])
+ qed auto
+
+ have 1:"{Suc 0..6} \<times> {Suc 0..6} \<inter> {x. fst x = 4 \<or> snd x = 4} \<noteq> {}"
+ proof -
+ have "(1,4) \<in> {Suc 0..6} \<times> {Suc 0..6} \<inter> {x. fst x = 4 \<or> snd x = 4}"
+ by auto
+ thus ?thesis by blast
+ qed
+ hence 2: "set_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) \<inter> {(x, y). x = 4 \<or> y = 4} \<noteq> {}"
+ by(auto simp: split_beta')
+ have ceq:"condition (die \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s die) (\<lambda>(x,y). x = 4 \<or> y = 4) = qbs_pmf (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x,y). x = 4 \<or> y = 4})"
+ by(auto simp: split_beta' qbs_pair_pmf 1 intro!: qbs_pmf_cond_pmf)
+ have "two_dice = condition (die \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s die) (\<lambda>(x,y). x = 4 \<or> y = 4) \<bind> (\<lambda>(x,y). return_qbs \<nat>\<^sub>Q (x + y))"
+ by(simp add: two_dice_def)
+ also have "... = qbs_pmf (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x,y). x = 4 \<or> y = 4}) \<bind> (\<lambda>z. qbs_pmf (return_pmf (fst z + snd z)))"
+ by(simp add: ceq) (simp add: qbs_pmf_return_pmf split_beta')
+ also have "... = qbs_pmf (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x,y). x = 4 \<or> y = 4} \<bind> (\<lambda>z. return_pmf (fst z + snd z)))"
+ by(rule qbs_pmf_bind_pmf[symmetric])
+ finally have two_dice_eq:"two_dice = qbs_pmf (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x,y). x = 4 \<or> y = 4} \<bind> (\<lambda>z. return_pmf (fst z + snd z)))" .
+
+ have 3:"measure_pmf.prob (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x, y). x = 4 \<or> y = 4} = 11 / 36"
+ using dice_prob1 by(auto simp: split_beta' qbs_pair_pmf)
+
+ have "?P = measure_pmf.prob (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x, y). x = 4 \<or> y = 4} \<bind> (\<lambda>z. return_pmf (fst z + snd z))) {x. P x}" (is "_ = measure_pmf.prob ?bind _")
+ by(simp add: two_dice_eq)
+ also have "... = measure_pmf.prob ?bind ({x. P x} \<inter> set_pmf ?bind)"
+ by(rule measure_Int_set_pmf[symmetric])
+ also have "... = sum (pmf ?bind) ({x. P x} \<inter> set_pmf ?bind)"
+ by(rule measure_measure_pmf_finite) (auto simp: set_cond_pmf[OF 2])
+ also have "... = sum (pmf ?bind) ({x. P x} \<inter> {5, 6, 7, 8, 9, 10})"
+ by(auto simp: set_cond_pmf[OF 2] 0)
+ also have "... = (\<Sum>n\<in>{n. P n}\<inter>{5, 6, 7, 8, 9, 10}. measure_pmf.expectation (cond_pmf (pair_pmf (pmf_of_set {Suc 0..6}) (pmf_of_set {Suc 0..6})) {(x, y). x = 4 \<or> y = 4}) (\<lambda>x. indicat_real {n} (fst x + snd x)))" (is "_ = (\<Sum>_\<in>_. measure_pmf.expectation ?cond _ )")
+ by(simp add: pmf_bind)
+ also have "... = (\<Sum>n\<in>{n. P n}\<inter>{5, 6, 7, 8, 9, 10}. (\<Sum>m\<in>{(1,4),(2,4),(3,4),(4,4),(5,4),(6,4),(4,1),(4,2),(4,3),(4,5),(4,6)}. indicat_real {n} (fst m + snd m) * pmf ?cond m))"
+ proof(intro Finite_Cartesian_Product.sum_cong_aux integral_measure_pmf_real)
+ fix n m
+ assume h:"n \<in> {n. P n}\<inter>{5, 6, 7, 8, 9, 10}" "m \<in> set_pmf ?cond" "indicat_real {n} (fst m + snd m) \<noteq> 0"
+ then have nm:"fst m + snd m = n"
+ by(auto simp: indicator_def)
+ have m: "fst m \<noteq> 0" "snd m \<noteq> 0" "fst m = 4 \<or> snd m = 4"
+ using h(2) by(auto simp: set_cond_pmf[OF 2])
+ show "m \<in> {(1, 4), (2, 4), (3, 4), (4,4), (5, 4), (6, 4), (4, 1), (4, 2), (4, 3), (4, 5), (4, 6)}"
+ using h(1) nm m by(auto, metis prod.collapse)+
+ qed simp
+ also have "... = (\<Sum>n\<in>{n. P n}\<inter>{5, 6, 7, 8, 9, 10}. (\<Sum>m\<in>{(1,4),(2,4),(3,4),(4,4),(5,4),(6,4),(4,1),(4,2),(4,3),(4,5),(4,6)}. indicat_real {n} (fst m + snd m) * 1 / 11))"
+ proof(rule Finite_Cartesian_Product.sum_cong_aux[OF Finite_Cartesian_Product.sum_cong_aux])
+ fix n m
+ assume h:"n \<in> {n. P n}\<inter>{5, 6, 7, 8, 9, 10}" "m \<in> {(1,4),(2,4),(3,4),(4,4),(5,4),(6,4),(4,1),(4,2),(4,3),(4,5),(4::nat,6::nat)}"
+ have "pmf ?cond m = 1 / 11"
+ using h(2) by(auto simp add: pmf_cond[OF 2] 3 pmf_pair)
+ thus " indicat_real {n} (fst m + snd m) * pmf ?cond m = indicat_real {n} (fst m + snd m) * 1 / 11"
+ by simp
+ qed
+ also have "... = ?rp"
+ by fastforce
+ finally show ?thesis .
+qed
+
+corollary
+ "\<P>(x in two_dice. x = 5) = 2 / 11"
+ "\<P>(x in two_dice. x = 6) = 2 / 11"
+ "\<P>(x in two_dice. x = 7) = 2 / 11"
+ "\<P>(x in two_dice. x = 8) = 1 / 11"
+ "\<P>(x in two_dice. x = 9) = 2 / 11"
+ "\<P>(x in two_dice. x = 10) = 2 / 11"
+
+ unfolding dice_program_prob by simp_all
+
+subsubsection \<open> Gaussian Mean Learning \<close>
+text \<open> Example from Sato et al.~Section~8.~2 in @{cite Sato_2019}.\<close>
+
+definition "Gauss \<equiv> (\<lambda>\<mu> \<sigma>. density_qbs lborel\<^sub>Q (normal_density \<mu> \<sigma>))"
+
+lemma Gauss_qbs[qbs]: "Gauss \<in> \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q"
+ by(simp add: Gauss_def)
+
+primrec GaussLearn' :: "[real, real qbs_measure, real list]
+ \<Rightarrow> real qbs_measure" where
+ "GaussLearn' _ p [] = p"
+| "GaussLearn' \<sigma> p (y#ls) = query (GaussLearn' \<sigma> p ls)
+ (normal_density y \<sigma>)"
+
+lemma GaussLearn'_qbs[qbs]:"GaussLearn' \<in> \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q \<Rightarrow>\<^sub>Q list_qbs \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q"
+ by(simp add: GaussLearn'_def)
+
+context
+ fixes \<sigma> :: real
+ assumes [arith]: "\<sigma> > 0"
+begin
+
+
+abbreviation "GaussLearn \<equiv> GaussLearn' \<sigma>"
+
+lemma GaussLearn_qbs[qbs]: "GaussLearn \<in> qbs_space (monadM_qbs \<real>\<^sub>Q \<Rightarrow>\<^sub>Q list_qbs \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q)"
+ by simp
+
+definition Total :: "real list \<Rightarrow> real" where "Total = (\<lambda>l. foldr (+) l 0)"
+
+lemma Total_simp: "Total [] = 0" "Total (y#ls) = y + Total ls"
+ by(simp_all add: Total_def)
+
+lemma Total_qbs[qbs]: "Total \<in> list_qbs \<real>\<^sub>Q \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ by(simp add: Total_def)
+
+lemma GaussLearn_Total:
+ assumes [arith]: "\<xi> > 0" "n = length L"
+ shows "GaussLearn (Gauss \<delta> \<xi>) L = Gauss ((Total L*\<xi>\<^sup>2+\<delta>*\<sigma>\<^sup>2)/(n*\<xi>\<^sup>2+\<sigma>\<^sup>2)) (sqrt ((\<xi>\<^sup>2*\<sigma>\<^sup>2)/(n*\<xi>\<^sup>2+\<sigma>\<^sup>2)))"
+ using assms(2)
+proof(induction L arbitrary: n)
+ case Nil
+ then show ?case
+ by(simp add: Total_def)
+next
+ case ih:(Cons a L)
+ then obtain n' where n':"n = Suc n'" "n' = length L"
+ by auto
+ have 1:"\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) > 0"
+ by(auto intro!: divide_pos_pos add_nonneg_pos)
+ have sigma:"(sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) * \<sigma> / sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2)) = (sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n * \<xi>\<^sup>2 + \<sigma>\<^sup>2)))"
+ proof(rule power2_eq_imp_eq)
+ show "(sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) * \<sigma> / sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2))\<^sup>2 = (sqrt (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n * \<xi>\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) * (\<sigma>\<^sup>2 / (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2))"
+ by (simp add: power_divide power_mult_distrib)
+ also have "... = \<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * (\<sigma>\<^sup>2 / ((\<xi>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + 1) * \<sigma>\<^sup>2))"
+ by (simp add: distrib_left mult.commute)
+ also have "... = \<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * (1 / (\<xi>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + 1))"
+ by simp
+ also have "... = \<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * (1 / ((\<xi>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)))"
+ by(simp only: add_divide_distrib[of "\<xi>\<^sup>2"]) auto
+ also have "... = \<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * ((real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) / (\<xi>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)))"
+ by simp
+ also have "... = \<xi>\<^sup>2 * \<sigma>\<^sup>2 / (\<xi>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2))"
+ using "1" by force
+ also have "... = ?rhs"
+ by(simp add: n'(1) distrib_right)
+ finally show ?thesis .
+ qed
+ qed simp_all
+ have mu: "((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + a * (\<xi>\<^sup>2 * \<sigma>\<^sup>2) / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) / (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2) = ((a + Total L) * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) / (real n * \<xi>\<^sup>2 + \<sigma>\<^sup>2)" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) * \<sigma>\<^sup>2 + a * (\<xi>\<^sup>2 * \<sigma>\<^sup>2))/ (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) / (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2)"
+ by(simp add: add_divide_distrib)
+ also have "... = (((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) / (\<xi>\<^sup>2 * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) + \<sigma>\<^sup>2)"
+ by (simp add: distrib_left mult.commute)
+ also have "... = (((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) * \<sigma>\<^sup>2 / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) / ((\<xi>\<^sup>2 * \<sigma>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * \<sigma>\<^sup>2) / (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2))"
+ by (simp add: add_divide_distrib)
+ also have "... = (((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) * \<sigma>\<^sup>2) / (\<xi>\<^sup>2 * \<sigma>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2) * \<sigma>\<^sup>2)"
+ using 1 by auto
+ also have "... = (((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) * \<sigma>\<^sup>2) / ((\<xi>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2)) * \<sigma>\<^sup>2)"
+ by(simp only: distrib_right)
+ also have "... = ((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) / (\<xi>\<^sup>2 + (real n' * \<xi>\<^sup>2 + \<sigma>\<^sup>2))"
+ by simp
+ also have "... = ((Total L * \<xi>\<^sup>2 + \<delta> * \<sigma>\<^sup>2) + a * \<xi>\<^sup>2) / (real n * \<xi>\<^sup>2 + \<sigma>\<^sup>2)"
+ by(simp add: n'(1) distrib_right)
+ also have "... = ?rhs"
+ by (simp add: distrib_right)
+ finally show ?thesis .
+ qed
+ show ?case
+ by(simp add: ih(1)[OF n'(2)]) (simp add: query_def qbs_normal_posterior[OF real_sqrt_gt_zero[OF 1]] Gauss_def Total_simp sigma mu)
+qed
+
+lemma GaussLearn_KL_divergence_lem1:
+ fixes a :: real
+ assumes [arith]: "a > 0" "b > 0" "c > 0" "d > 0"
+ shows "(\<lambda>n. ln ((b * (n * d + c)) / (d * (n * b + a)))) \<longlonglongrightarrow> 0"
+proof -
+ have "(\<lambda>n::nat. ln ( (b * (Suc n * d + c)) / (d * (Suc n * b + a)))) = (\<lambda>n. ln ( (b * (d + c / Suc n)) / (d * (b + a / Suc n))))"
+ proof
+ fix n
+ show "ln (b * (real (Suc n) * d + c) / (d * (real (Suc n) * b + a))) = ln (b * (d + c / real (Suc n)) / (d * (b + a / real (Suc n))))" (is "ln ?l = ln ?r")
+ proof -
+ have "?l = b * (d + c / real (Suc n)) / (d * (b + a / real (Suc n))) * (Suc n / Suc n)"
+ unfolding times_divide_times_eq distrib_left distrib_right by (simp add: mult.assoc mult.commute)
+ also have "... = ?r" by simp
+ finally show ?thesis by simp
+ qed
+ qed
+ also have "... \<longlonglongrightarrow> 0"
+ apply(rule tendsto_eq_intros(33)[of _ 1])
+ apply(rule Topological_Spaces.tendsto_eq_intros(25)[of _ "b * d" _ _ "b * d",OF LIMSEQ_Suc[OF Topological_Spaces.tendsto_eq_intros(18)[of _ b _ _ d]] LIMSEQ_Suc[OF Topological_Spaces.tendsto_eq_intros(18)[of _ d _ _ b]]])
+ apply(intro Topological_Spaces.tendsto_eq_intros | auto)+
+ done
+ finally show ?thesis
+ by(rule LIMSEQ_imp_Suc)
+qed
+
+lemma GaussLearn_KL_divergence_lem1':
+ fixes b :: real
+ assumes [arith]: "b > 0" "d > 0" "s > 0"
+ shows "(\<lambda>n. ln (sqrt (b\<^sup>2 * s\<^sup>2 / (real n * b\<^sup>2 + s\<^sup>2)) / sqrt (d\<^sup>2 * s\<^sup>2 / (real n * d\<^sup>2 + s\<^sup>2)))) \<longlonglongrightarrow> 0" (is "?f \<longlonglongrightarrow> 0")
+proof -
+ have "?f = (\<lambda>n. ln (sqrt ((b\<^sup>2 * (n * d\<^sup>2 + s\<^sup>2))/ (d\<^sup>2 * (n * b\<^sup>2 + s\<^sup>2)))))"
+ by(simp add: real_sqrt_divide real_sqrt_mult mult.commute)
+ also have "... = (\<lambda>n. ln ((b\<^sup>2 * (n * d\<^sup>2 + s\<^sup>2) / (d\<^sup>2 * (n * b\<^sup>2 + s\<^sup>2)))) / 2)"
+ by (standard, rule ln_sqrt) (auto intro!: divide_pos_pos mult_pos_pos add_nonneg_pos)
+ also have "... \<longlonglongrightarrow> 0"
+ using GaussLearn_KL_divergence_lem1 by auto
+ finally show ?thesis .
+qed
+
+lemma GaussLearn_KL_divergence_lem2:
+ fixes s :: real
+ assumes [arith]: "s > 0" "b > 0" "d > 0"
+ shows "(\<lambda>n. ((d * s) / (n * d + s)) / (2 * ((b * s) / (n * b + s)))) \<longlonglongrightarrow> 1 / 2"
+proof -
+ have "(\<lambda>n::nat. ((d * s) / (Suc n * d + s)) / (2 * ((b * s) / (Suc n * b + s)))) = (\<lambda>n. (d * b + d * s / Suc n) / (2 * b * d + 2 * b * s / Suc n))"
+ proof
+ fix n
+ show "d * s / (real (Suc n) * d + s) / (2 * (b * s / (real (Suc n) * b + s))) = (d * b + d * s / real (Suc n)) / (2 * b * d + 2 * b * s / real (Suc n))" (is "?l = ?r")
+ proof -
+ have "?l = d * (Suc n * b + s) / ((2 * b) * (Suc n * d + s))"
+ by(simp add: divide_divide_times_eq)
+ also have "... = d * (b + s / Suc n) / ((2 * b) * (d + s / Suc n)) * (Suc n / Suc n)"
+ proof -
+ have 1:"(2 * b * d * real (Suc n) + 2 * b * (s / real (Suc n)) * real (Suc n))= (2 * b) * (Suc n * d + s)"
+ unfolding distrib_left distrib_right by(simp add: mult.assoc mult.commute)
+ show ?thesis
+ unfolding times_divide_times_eq distrib_left distrib_right 1
+ by (simp add: mult.assoc mult.commute)
+ qed
+ also have "... = ?r"
+ by(auto simp: distrib_right distrib_left mult.commute)
+ finally show ?thesis .
+ qed
+ qed
+ also have "... \<longlonglongrightarrow> 1 / 2"
+ by(rule Topological_Spaces.tendsto_eq_intros(25)[of _ "d * b" _ _ "2 * b * d",OF LIMSEQ_Suc LIMSEQ_Suc]) (intro Topological_Spaces.tendsto_eq_intros | auto)+
+ finally show ?thesis
+ by(rule LIMSEQ_imp_Suc)
+qed
+
+lemma GaussLearn_KL_divergence_lem2':
+ fixes s :: real
+ assumes [arith]: "s > 0" "b > 0" "d > 0"
+ shows "(\<lambda>n. ((d^2 * s^2) / (n * d^2 + s^2)) / (2 * ((b^2 * s^2) / (n * b^2 + s^2))) - 1 / 2) \<longlonglongrightarrow> 0"
+ using GaussLearn_KL_divergence_lem2[of "s^2" "b^2" "d^2"]
+ by(rule LIM_zero) auto
+
+lemma GaussLearn_KL_divergence_lem3:
+ fixes a b c d s K L :: real
+ assumes [arith]: "b > 0" "d > 0" "s > 0"
+ shows "((K * d + c * s) / (n * d + s) - (L * b + a * s) / (n * b + s))^2 / (2 * ((b * s) / (n * b + s))) = ((((((K - L) * d * b * real n + c * s * b * real n + K * d * s + c * s * s) - a * s * d * real n - L * b * s - a * s * s))\<^sup>2 / (d * d * b * (real n * real n * real n) + s * s * b * real n + 2 * d * s * b * (real n * real n) + d * d * (real n * real n) * s + s * s * s + 2 * d * s * s * real n))) / (2 * (b * s))" (is "?lhs = ?rhs")
+proof -
+ have 0:"real n * d + s > 0" "real n * b + s > 0"
+ by(auto intro!: add_nonneg_pos)
+ hence 1:"real n * d + s \<noteq> 0" "real n * b + s \<noteq> 0" by simp_all
+ have "?lhs = (((K * d + c * s) * (n * b + s) - (L * b + a * s) * (n * d + s)) / ((n * d + s) * (n * b + s)))\<^sup>2 / (2 * (b * s / (n * b + s)))"
+ unfolding diff_frac_eq[OF 1] by simp
+ also have "... = (((((K * d + c * s) * (n * b + s) - (L * b + a * s) * (n * d + s)))\<^sup>2 / ((n * d + s)^2 * (n * b + s)))) / (2 * (b * s))"
+ by(auto simp: power2_eq_square)
+ also have "... = (((((K * d * (n * b) + c * s * (n * b) + K * d * s + c * s * s) - ((L * b * (n * d) + a * s * (n * d) + L * b * s + a * s * s))))\<^sup>2 / ((n * d)^2 * (n * b) + s^2 * (n * b) + 2 * (n * d) * s * (n * b) + (n * d)^2 * s + s^2 * s + 2 * (n * d) * s * s))) / (2 * (b * s))"
+ by(simp add: power2_sum distrib_left distrib_right is_num_normalize(1))
+ also have "... = (((((K * d * b * real n + c * s * b * real n + K * d * s + c * s * s) - ((L * b * d * real n + a * s * d * real n + L * b * s + a * s * s))))\<^sup>2 / (d * d * b * (real n * real n * real n) + s * s * b *real n + 2 * d * s * b * (real n * real n) + d * d * (real n * real n) * s + s * s * s + 2 * d * s * s * real n))) / (2 * (b * s))"
+ by (simp add: mult.commute mult.left_commute power2_eq_square)
+ also have "... = ((((((K - L) * d * b * real n + c * s * b * real n + K * d * s + c * s * s) - ((a * s * d * real n + L * b * s + a * s * s))))\<^sup>2 / (d * d * b * (real n * real n * real n) + s * s * b * real n + 2 * d * s * b * (real n * real n) + d * d * (real n * real n) * s + s * s * s + 2 * d * s * s * real n))) / (2 * (b * s))"
+ proof -
+ have 1:"K * d * b * real n + c * s * b * real n + K * d * s + c * s * s - (L * b * d * real n + a * s * d * real n + L * b * s + a * s * s) = (K - L) * d * b * real n + c * s * b * real n + K * d * s + c * s * s - (a * s * d * real n + L * b * s + a * s * s)"
+ by (simp add: left_diff_distrib)
+ show ?thesis
+ unfolding 1 ..
+ qed
+ also have "... = ?rhs"
+ by (simp add: diff_diff_eq)
+ finally show ?thesis .
+qed
+
+lemma GaussLearn_KL_divergence_lem4:
+ fixes a b c d s K L :: real
+ assumes [arith]: "b > 0" "d > 0" "s > 0"
+ shows "(\<lambda>n. (\<bar>c * s * b * real n\<bar> + \<bar>K * (real n) * d * s\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real n\<bar> + \<bar>L * (real n) * b * s\<bar> + \<bar>a * s * s\<bar>)\<^sup>2 / (d * d * b * (real n * real n * real n) + s * s * b * real n + 2 * d * s * b * (real n * real n) + d * d * (real n * real n) * s + s * s * s + 2 * d * s * s * real n) / (2 * (b * s))) \<longlonglongrightarrow> 0" (is "(\<lambda>n. ?f n) \<longlonglongrightarrow> 0")
+proof -
+ have t1: "(\<lambda>n. x / (real n * real n)) \<longlonglongrightarrow> 0" for x
+ proof -
+ have "(\<lambda>n. x / (real n * real n)) = (\<lambda>n. x / (real n) * (1 / real n))"
+ by simp
+ also have "... \<longlonglongrightarrow> 0"
+ by (intro Topological_Spaces.tendsto_eq_intros | auto)+
+ finally show ?thesis .
+ qed
+ have t4: "(\<lambda>n. x / (real n * real n * real n)) \<longlonglongrightarrow> 0" for x
+ proof -
+ have "(\<lambda>n. x / (real n * real n * real n)) = (\<lambda>n. x / (real n) * (1 / real n) * (1 / real n))"
+ by simp
+ also have "... \<longlonglongrightarrow> 0"
+ by (intro Topological_Spaces.tendsto_eq_intros | auto)+
+ finally show ?thesis .
+ qed
+ have t2[tendsto_intros]: "(\<lambda>n. x / (sqrt n)) \<longlonglongrightarrow> 0" for x
+ by(rule power_tendsto_0_iff[of 2,THEN iffD1],simp_all add: power2_eq_square) (intro Topological_Spaces.tendsto_eq_intros | auto)+
+ have t3: "(\<lambda>n. x / (sqrt n * real n)) \<longlonglongrightarrow> 0" for x
+ proof -
+ have "(\<lambda>n. x / (sqrt n * real n)) = (\<lambda>n. x / sqrt n * (1 / n))" by simp
+ also have "... \<longlonglongrightarrow> 0"
+ by (intro Topological_Spaces.tendsto_eq_intros | auto)+
+ finally show ?thesis .
+ qed
+
+ have "(\<lambda>n. ?f (Suc n)) = (\<lambda>n. ((\<bar>(c * s * b) / sqrt (real (Suc n))\<bar> + \<bar>(K * d * s) / sqrt (real (Suc n))\<bar> + \<bar>(c * s * s) / (sqrt (Suc n) * real (Suc n))\<bar> + \<bar>(a * s * d) / sqrt (real (Suc n))\<bar> + \<bar>(L * b * s) / sqrt (real (Suc n))\<bar> + \<bar>(a * s * s) / (sqrt (Suc n) * real (Suc n))\<bar>)\<^sup>2 / ((d * d * b + (s * s * b) / (real (Suc n) * real (Suc n)) + (2 * d * s * b) / real (Suc n) + (d * d * s) / real (Suc n) + (s * s * s) / (real (Suc n) * real (Suc n) * real (Suc n)) + (2 * d * s * s) / (real (Suc n) * real (Suc n))))) / (2 * (b * s)))" (is "_ = (\<lambda>n. ?g (Suc n))")
+ proof
+ fix n
+ show "?f (Suc n) = ?g (Suc n)" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<bar>c * s * b * real (Suc n)\<bar> + \<bar>K * d * s * real (Suc n)\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real (Suc n)\<bar> + \<bar>L * b * s * real (Suc n)\<bar> + \<bar>a * s * s\<bar>)\<^sup>2 / (d * d * b * (real (Suc n) * real (Suc n) * real (Suc n)) + s * s * b * real (Suc n) + 2 * d * s * b * (real (Suc n) * real (Suc n)) + d * d * (real (Suc n) * real (Suc n)) * s + s * s * s + 2 * d * s * s * real (Suc n)) / (2 * (b * s))"
+ proof -
+ have 1:"K * real (Suc n) * d * s = K * d * s * real (Suc n)" "L * real (Suc n) * b * s = L * b * s * real (Suc n)"
+ by auto
+ show ?thesis
+ unfolding 1 ..
+ qed
+ also have "... = ((\<bar>c * s * b / sqrt (real (Suc n))\<bar> + \<bar>K * d * s / sqrt (real (Suc n))\<bar> + \<bar>(c * s * s) / (sqrt (Suc n) * real (Suc n))\<bar> + \<bar>a * s * d / sqrt (real (Suc n))\<bar> + \<bar>L * b * s / sqrt (real (Suc n))\<bar> + \<bar>(a * s * s) / (sqrt (Suc n) * real (Suc n))\<bar>) * (sqrt (Suc n) * real (Suc n)) )\<^sup>2 / (d * d * b * (real (Suc n) * real (Suc n) * real (Suc n)) + s * s * b * real (Suc n) + 2 * d * s * b * (real (Suc n) * real (Suc n)) + d * d * (real (Suc n) * real (Suc n)) * s + s * s * s + 2 * d * s * s * real (Suc n)) / (2 * (b * s))"
+ by(simp add: distrib_right left_diff_distrib mult.assoc[symmetric] abs_mult[of _ "real (Suc n)"] del: of_nat_Suc)
+ also have "... = ((\<bar>c * s * b / sqrt (real (Suc n))\<bar> + \<bar>K * d * s / sqrt (real (Suc n))\<bar> + \<bar>(c * s * s) / (sqrt (Suc n) * real (Suc n))\<bar> + \<bar>a * s * d / sqrt (real (Suc n))\<bar> + \<bar>L * b * s / sqrt (real (Suc n))\<bar> + \<bar>(a * s * s) / (sqrt (Suc n) * real (Suc n))\<bar>)^2 * (real (Suc n) * real (Suc n) * real (Suc n))) / (d * d * b * (real (Suc n) * real (Suc n) * real (Suc n)) + s * s * b * real (Suc n) + 2 * d * s * b * (real (Suc n) * real (Suc n)) + d * d * (real (Suc n) * real (Suc n)) * s + s * s * s + 2 * d * s * s * real (Suc n)) / (2 * (b * s))"
+ by(simp add: power2_eq_square)
+ also have "... = ((\<bar>c * s * b / sqrt (real (Suc n))\<bar> + \<bar>K * d * s / sqrt (real (Suc n))\<bar> + \<bar>(c * s * s) / (sqrt (Suc n) * real (Suc n))\<bar> + \<bar>a * s * d / sqrt (real (Suc n))\<bar> + \<bar>L * b * s / sqrt (real (Suc n))\<bar> + \<bar>(a * s * s) / (sqrt (Suc n) * real (Suc n))\<bar>)^2 / ((d * d * b * (real (Suc n) * real (Suc n) * real (Suc n)) + s * s * b * real (Suc n) + 2 * d * s * b * (real (Suc n) * real (Suc n)) + d * d * (real (Suc n) * real (Suc n)) * s + s * s * s + 2 * d * s * s * real (Suc n)) / (real (Suc n) * real (Suc n) * real (Suc n)))) / (2 * (b * s))"
+ by simp
+ also have "... = ?rhs"
+ by(simp add: add_divide_distrib)
+ finally show ?thesis .
+ qed
+ qed
+ also have "... \<longlonglongrightarrow> 0"
+ apply(rule LIMSEQ_Suc)
+ apply(rule Topological_Spaces.tendsto_eq_intros(25)[of _ 0 _ _ "2 * (b * s)",OF Topological_Spaces.tendsto_eq_intros(25)[of _ 0 _ _ "d * d * b"]])
+ apply(intro lim_const_over_n t1 t2 t3 t4 tendsto_diff[of _ 0 _ _ 0,simplified] tendsto_add_zero tendsto_add[of _ "d * d * b" _ _ 0,simplified] | auto)+
+ done
+ finally show ?thesis
+ by(rule LIMSEQ_imp_Suc)
+qed
+
+lemma GaussLearn_KL_divergence_lem5:
+ fixes a b c d K :: real
+ assumes [arith]: "b > 0" "d > 0" "s > 0" "K > 0" "\<bar>f l\<bar> < K * length l"
+ shows "\<bar>(c * s * b * real (length l) + f l * d * s + c * s * s - a * s * d * real (length l) - f l * b * s - a * s * s)\<^sup>2 / (d * d * b * (real (length l) * real (length l) * real (length l)) + s * s * b * real (length l) + 2 * d * s * b * (real (length l) * real (length l)) + d * d * (real (length l) * real (length l)) * s + s * s * s + 2 * d * s * s * real (length l)) / (2 * (b * s))\<bar> \<le> \<bar>(\<bar>c * s * b * real (length l)\<bar> + \<bar>K * real (length l) * d * s\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real (length l)\<bar> + \<bar>- K * real (length l) * b * s\<bar> + \<bar>a * s * s\<bar>)\<^sup>2 / (d * d * b * (real (length l) * real (length l) * real (length l)) + s * s * b * real (length l) + 2 * d * s * b * (real (length l) * real (length l)) + d * d * (real (length l) * real (length l)) * s + s * s * s + 2 * d * s * s * real (length l)) / (2 * (b * s))\<bar>" (is "\<bar>(?l)^2 / ?c1 / ?c2\<bar> \<le> \<bar>(?r)^2 / _ / _\<bar>")
+proof -
+ have "?l^2 / ?c1 / ?c2 \<le> ?r^2 / ?c1 / ?c2"
+ proof(rule divide_right_mono[OF divide_right_mono[OF abs_le_square_iff[THEN iffD1]]])
+ show "\<bar>?l\<bar> \<le> \<bar>?r\<bar>"
+ proof -
+ have "\<bar>?l\<bar> \<le> \<bar>c * s * b * real (length l)\<bar> + \<bar>f l * d * s\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real (length l)\<bar> + \<bar>f l * b * s\<bar> + \<bar>a * s * s\<bar>"
+ by linarith
+ also have "... \<le> \<bar>?r\<bar>"
+ by (auto simp: mult.assoc abs_mult) (auto intro!: add_mono)
+ finally show ?thesis .
+ qed
+ qed auto
+ thus ?thesis
+ by fastforce
+qed
+
+lemma GaussLearn_KL_divergence_lem6:
+ fixes a e b c d K :: real and f :: "'a list \<Rightarrow> real"
+ assumes [arith]:"e > 0" "b > 0" "d > 0" "s > 0"
+ shows "\<exists>N. \<forall>l. length l \<ge> N \<longrightarrow> \<bar>f l\<bar> < K * length l \<longrightarrow> \<bar>((f l * d + c * s) / (length l * d + s) - (f l * b + a * s) / (length l * b + s))^2 / (2 * ((b * s) / (length l * b + s))) \<bar> < e"
+proof(cases "K > 0")
+ case K[arith]:True
+ from GaussLearn_KL_divergence_lem4[OF assms(2-),of c K a "- K"] assms(1) obtain N where N:
+ "\<And>n. n \<ge> N \<Longrightarrow> \<bar>(\<bar>c * s * b * real n\<bar> + \<bar>K * real n * d * s\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real n\<bar> + \<bar>- K * real n * b * s\<bar> + \<bar>a * s * s\<bar>)\<^sup>2 / (d * d * b * (real n * real n * real n) + s * s * b * real n + 2 * d * s * b * (real n * real n) + d * d * (real n * real n) * s + s * s * s + 2 * d * s * s * real n) / (2 * (b * s))\<bar> < e"
+ by(fastforce simp: LIMSEQ_def)
+ show ?thesis
+ proof(safe intro!: exI[where x=N])
+ fix l :: "'a list"
+ assume l:"N \<le> length l" "\<bar>f l\<bar> < K * real (length l)"
+ show "\<bar>((f l * d + c * s) / (real (length l) * d + s) - (f l * b + a * s) / (real (length l) * b + s))\<^sup>2 / (2 * (b * s / (real (length l) * b + s)))\<bar> < e" (is "?l < _")
+ proof -
+ have "?l = \<bar>(c * s * b * real (length l) + f l * d * s + c * s * s - a * s * d * real (length l) - f l * b * s - a * s * s)\<^sup>2 / (d * d * b * (real (length l) * real (length l) * real (length l)) + s * s * b * real (length l) + 2 * d * s * b * (real (length l) * real (length l)) + d * d * (real (length l) * real (length l)) * s + s * s * s + 2 * d * s * s * real (length l)) / (2 * (b * s))\<bar>"
+ unfolding GaussLearn_KL_divergence_lem3[OF assms(2-)] by simp
+ also have "... \<le> \<bar>(\<bar>c * s * b * real (length l)\<bar> + \<bar>K * real (length l) * d * s\<bar> + \<bar>c * s * s\<bar> + \<bar>a * s * d * real (length l)\<bar> + \<bar>- K * real (length l) * b * s\<bar> + \<bar>a * s * s\<bar>)\<^sup>2 / (d * d * b * (real (length l) * real (length l) * real (length l)) + s * s * b * real (length l) + 2 * d * s * b * (real (length l) * real (length l)) + d * d * (real (length l) * real (length l)) * s + s * s * s + 2 * d * s * s * real (length l)) / (2 * (b * s))\<bar>"
+ by(rule GaussLearn_KL_divergence_lem5) (use l in auto)
+ also have "... < e"
+ by(rule N) fact
+ finally show ?thesis .
+ qed
+ qed
+next
+ case False
+ then show ?thesis
+ by (metis (no_types, opaque_lifting) abs_ge_zero add_le_cancel_left add_nonneg_nonneg diff_add_cancel diff_ge_0_iff_ge linorder_not_less of_nat_0_le_iff zero_less_mult_iff)
+qed
+
+lemma GaussLearn_KL_divergence:
+ fixes a b c d e K :: real
+ assumes [arith]:"e > 0" "b > 0" "d > 0"
+ shows "\<exists>N. \<forall>L. length L > N \<longrightarrow> \<bar>Total L / length L\<bar> < K
+ \<longrightarrow> KL_divergence (exp 1) (GaussLearn (Gauss a b) L) (GaussLearn (Gauss c d) L) < e"
+proof -
+ have h:"\<sigma>^2 > 0" "b^2>0" "d^2>0"
+ by auto
+ from GaussLearn_KL_divergence_lem6[of "e / 3",OF _ h(2,3,1)] obtain N1 where N1:
+ "\<And>l. N1 \<le> length l \<Longrightarrow> \<bar>Total l\<bar> < K * real (length l) \<Longrightarrow> \<bar>((Total l * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length l) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total l * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length l) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2 / (2 *(b\<^sup>2 * \<sigma>\<^sup>2 / (real (length l) * b\<^sup>2 + \<sigma>\<^sup>2)))\<bar> < e / 3"
+ by fastforce
+ from GaussLearn_KL_divergence_lem1'[OF assms(2,3) \<open>\<sigma> > 0\<close>]
+ have "\<And>e. e > 0 \<Longrightarrow> \<exists>N. \<forall>n. n \<ge> N \<longrightarrow> \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real n * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real n * d\<^sup>2 + \<sigma>\<^sup>2)))\<bar> < e"
+ by(auto simp: LIMSEQ_def)
+ from this[of "e / 3"] obtain N2 where N2:
+ "\<And>n. n \<ge> N2 \<Longrightarrow> \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real n * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real n * d\<^sup>2 + \<sigma>\<^sup>2)))\<bar> < e / 3"
+ by auto
+ from GaussLearn_KL_divergence_lem2'[OF \<open>\<sigma> > 0\<close> assms(2,3)]
+ have "\<And>e. e > 0 \<Longrightarrow> \<exists>N. \<forall>n. n \<ge> N \<longrightarrow> \<bar>d\<^sup>2 * \<sigma>\<^sup>2 / (real n * d\<^sup>2 + \<sigma>\<^sup>2) / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real n * b\<^sup>2 + \<sigma>\<^sup>2))) - 1 / 2\<bar> < e"
+ by(auto simp: LIMSEQ_def)
+ from this[of "e / 3"] obtain N3 where N3:
+ "\<And>n. n \<ge> N3 \<Longrightarrow> \<bar>d\<^sup>2 * \<sigma>\<^sup>2 / (real n * d\<^sup>2 + \<sigma>\<^sup>2) / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real n * b\<^sup>2 + \<sigma>\<^sup>2))) - 1 / 2\<bar> < e / 3"
+ by auto
+ define N where "N = max (max N1 N2) (max N3 1)"
+ have N: "N \<ge> N1" "N \<ge> N2" "N \<ge> N3" "N \<ge> 1"
+ by(auto simp: N_def)
+ show ?thesis
+ proof(safe intro!: exI[where x=N])
+ fix L :: "real list"
+ assume l:"N < length L" "\<bar>local.Total L / real (length L)\<bar> < K"
+ then have l': "N \<le> length L" "\<bar>Total L\<bar> < K * real (length L)"
+ using order.strict_trans1[OF N(4) l(1)] by(auto intro!: pos_divide_less_eq[THEN iffD1])
+ show "KL_divergence (exp 1) (GaussLearn (Gauss a b) L) (GaussLearn (Gauss c d) L) < e" (is "?lhs < _")
+ proof -
+ have h': "sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) > 0" "sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)) > 0"
+ by(auto intro!: divide_pos_pos add_nonneg_pos)
+ have "?lhs \<le> \<bar>?lhs\<bar>"
+ by auto
+ also have "... = \<bar>KL_divergence (exp 1) (Gauss ((Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))) (Gauss ((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)) (sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2))))\<bar>"
+ by(simp add: GaussLearn_Total[OF assms(2) refl] GaussLearn_Total[OF assms(3) refl])
+ also have "... = \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2))) + ((sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2 + ((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2) / (2 * (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2) - 1 / 2\<bar>"
+ by(simp add: KL_normal_density[OF h'] Gauss_def)
+ also have "... = \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2))) + (sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2 / (2 * (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2) + ((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2 / (2 * (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))\<^sup>2) - 1 / 2\<bar>"
+ unfolding add_divide_distrib by auto
+ also have "... = \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2))) + (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)) / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))) + ((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2 / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))) - 1 / 2\<bar>"
+ using h' by auto
+ also have "... \<le> \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2))) + ((d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)) / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))) - 1 / 2) + ((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2 / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))\<bar>"
+ by auto
+ also have "... \<le> \<bar>ln (sqrt (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)) / sqrt (d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)))\<bar> + \<bar>(d\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2)) / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))) - 1 / 2\<bar> + \<bar>((Total L * d\<^sup>2 + c * \<sigma>\<^sup>2) / (real (length L) * d\<^sup>2 + \<sigma>\<^sup>2) - (Total L * b\<^sup>2 + a * \<sigma>\<^sup>2) / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2))\<^sup>2 / (2 * (b\<^sup>2 * \<sigma>\<^sup>2 / (real (length L) * b\<^sup>2 + \<sigma>\<^sup>2)))\<bar>"
+ by linarith
+ also have "... < e"
+ using N1[OF order.trans[OF N(1) l'(1)] l'(2)] N2[OF order.trans[OF N(2) l'(1)]] N3[OF order.trans[OF N(3) l'(1)]] by auto
+ finally show ?thesis .
+ qed
+ qed
+qed
+
+end
+
+subsubsection \<open> Continuous Distributions \<close>
+text \<open> The following (highr-order) program receives a non-negative function $f$ and returns the distribution
+ whose density function is (noramlized) $f$ if $f$ is integrable w.r.t. the Lebesgue measure.\<close>
+definition dens_to_dist :: "['a :: euclidean_space \<Rightarrow> real] \<Rightarrow> 'a qbs_measure" where
+"dens_to_dist \<equiv> (\<lambda>f. do {
+ query lborel\<^sub>Q f
+ })"
+
+lemma dens_to_dist_qbs[qbs]: "dens_to_dist \<in> (borel\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) \<rightarrow>\<^sub>Q monadM_qbs borel\<^sub>Q"
+ by(simp add: dens_to_dist_def)
+
+context
+ fixes f :: "'a :: euclidean_space \<Rightarrow> real"
+ assumes f_qbs[qbs]: "f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and f_le0:"\<And>x. f x \<ge> 0"
+ and f_int_ne0:"qbs_l (density_qbs lborel_qbs f) UNIV \<noteq> 0"
+ and f_integrable: "qbs_integrable lborel_qbs f"
+begin
+
+lemma f_integrable'[measurable]: "integrable lborel f"
+ using f_integrable by(simp add: qbs_integrable_iff_integrable)
+
+lemma f_int_neinfty:
+ "qbs_l (density_qbs lborel_qbs f) UNIV \<noteq> \<infinity>"
+ using f_integrable' f_le0
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] emeasure_density integrable_iff_bounded)
+
+lemma dens_to_dist: "dens_to_dist f = density_qbs lborel_qbs (\<lambda>x. ennreal (1 / measure (qbs_l (density_qbs lborel_qbs f)) UNIV * f x))"
+proof -
+ have [simp]:"ennreal (f x) * (1 / emeasure (qbs_l (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (f x)))) UNIV) = ennreal (f x / measure (qbs_l (density_qbs lborel\<^sub>Q (\<lambda>x. ennreal (f x)))) UNIV)" for x
+ by (metis divide_ennreal emeasure_eq_ennreal_measure ennreal_0 ennreal_times_divide f_int_ne0 f_int_neinfty f_le0 infinity_ennreal_def mult.comm_neutral zero_less_measure_iff)
+ show ?thesis
+ by(auto simp: dens_to_dist_def query_def normalize_qbs[of _ qbs_borel,simplified qbs_space_qbs_borel,OF _ f_int_ne0 f_int_neinfty] density_qbs_density_qbs_eq[of _ qbs_borel])
+qed
+
+corollary qbs_l_dens_to_dist: "qbs_l (dens_to_dist f) = density lborel (\<lambda>x. ennreal (1 / measure (qbs_l (density_qbs lborel_qbs f)) UNIV * f x))"
+ by(simp add: dens_to_dist qbs_l_density_qbs[of _ qbs_borel])
+
+corollary qbs_integral_dens_to_dist:
+ assumes [qbs]: "g \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ shows "(\<integral>\<^sub>Q x. g x \<partial>dens_to_dist f) = (\<integral>\<^sub>Q x. 1 / measure (qbs_l (density_qbs lborel_qbs f)) UNIV * f x * g x \<partial>lborel\<^sub>Q)"
+ using f_le0 by(simp add: qbs_integral_density_qbs[of _ qbs_borel _ g ,OF _ _ _ AEq_I2[of _ qbs_borel]] dens_to_dist)
+
+lemma dens_to_dist_prob[qbs]:"dens_to_dist f \<in> qbs_space (monadP_qbs borel\<^sub>Q)"
+ using f_int_neinfty f_int_ne0 by(auto simp: dens_to_dist_def query_def intro!: normalize_qbs_prob)
+
+end
+
+subsubsection \<open> Normal Distribution \<close>
+context
+ fixes \<mu> \<sigma> :: real
+ assumes sigma_pos[arith]: "\<sigma> > 0"
+begin
+
+text \<open> We use an unnormalized density function. \<close>
+definition "normal_f \<equiv> (\<lambda>x. exp (-(x - \<mu>)\<^sup>2/ (2 * \<sigma>\<^sup>2)))"
+
+lemma nc_normal_f: "qbs_l (density_qbs lborel_qbs normal_f) UNIV = ennreal (sqrt (2 * pi * \<sigma>\<^sup>2))"
+proof -
+ have "qbs_l (density_qbs lborel_qbs normal_f) UNIV = (\<integral>\<^sup>+ x. ennreal (exp (- ((x - \<mu>)\<^sup>2 / (2 * \<sigma>\<^sup>2)))) \<partial>lborel)"
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] normal_f_def emeasure_density)
+ also have "... = ennreal (sqrt (2 * pi * \<sigma>\<^sup>2)) * (\<integral>\<^sup>+ x. normal_density \<mu> \<sigma> x \<partial>lborel)"
+ by(auto simp: nn_integral_cmult[symmetric] normal_density_def ennreal_mult'[symmetric] intro!: nn_integral_cong)
+ also have "... = ennreal (sqrt (2 * pi * \<sigma>\<^sup>2))"
+ using prob_space.emeasure_space_1[OF prob_space_normal_density]
+ by(simp add: emeasure_density)
+ finally show ?thesis .
+qed
+
+corollary measure_qbs_l_dens_to_dist_normal_f: "measure (qbs_l (density_qbs lborel_qbs normal_f)) UNIV = sqrt (2 * pi * \<sigma>\<^sup>2)"
+ by(simp add: measure_def nc_normal_f)
+
+
+lemma normal_f:
+ shows "normal_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and "\<And>x. normal_f x \<ge> 0"
+ and "qbs_l (density_qbs lborel_qbs normal_f) UNIV \<noteq> 0"
+ and "qbs_integrable lborel_qbs normal_f"
+ using nc_normal_f by(auto simp: qbs_integrable_iff_integrable integrable_iff_bounded qbs_l_density_qbs[of _ qbs_borel] normal_f_def emeasure_density)
+
+lemma qbs_l_densto_dist_normal_f: "qbs_l (dens_to_dist normal_f) = density lborel (normal_density \<mu> \<sigma>)"
+ by(simp add: qbs_l_dens_to_dist[OF normal_f] measure_qbs_l_dens_to_dist_normal_f normal_density_def) (simp add: normal_f_def)
+
+end
+
+subsubsection \<open> Half Normal Distribution \<close>
+context
+ fixes \<mu> \<sigma> :: real
+ assumes sigma_pos[arith]:"\<sigma> > 0"
+begin
+
+definition "hnormal_f \<equiv> (\<lambda>x. if x \<le> \<mu> then 0 else normal_density \<mu> \<sigma> x)"
+
+lemma nc_hnormal_f: "qbs_l (density_qbs lborel_qbs hnormal_f) UNIV = ennreal (1/ 2)"
+proof -
+ have "qbs_l (density_qbs lborel_qbs hnormal_f) UNIV = (\<integral>\<^sup>+ x. ennreal (if x \<le> \<mu> then 0 else normal_density \<mu> \<sigma> x) \<partial>lborel)"
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] hnormal_f_def emeasure_density)
+ also have "... = (\<integral>\<^sup>+ x\<in>{\<mu><..}. normal_density \<mu> \<sigma> x \<partial>lborel)"
+ by(auto intro!: nn_integral_cong)
+ also have "... = 1 / 2 * (\<integral>\<^sup>+ x. normal_density \<mu> \<sigma> x \<partial>lborel)"
+ proof -
+ have 1:"(\<integral>\<^sup>+ x. normal_density \<mu> \<sigma> x \<partial>lborel) = (\<integral>\<^sup>+ x\<in>{\<mu><..}. normal_density \<mu> \<sigma> x \<partial>lborel) + (\<integral>\<^sup>+ x\<in>{..\<mu>}. normal_density \<mu> \<sigma> x \<partial>lborel)"
+ by(auto simp: nn_integral_add[symmetric] intro!: nn_integral_cong) (simp add: indicator_def)
+ have 2: "(\<integral>\<^sup>+ x\<in>{\<mu><..}. normal_density \<mu> \<sigma> x \<partial>lborel) = (\<integral>\<^sup>+ x\<in>{..\<mu>}. normal_density \<mu> \<sigma> x \<partial>lborel)" (is "?l = ?r")
+ proof -
+ have "?l = (\<integral>\<^sup>+ x. ennreal (normal_density \<mu> \<sigma> x * indicator {\<mu><..} x) \<partial>lborel)"
+ by(auto intro!: nn_integral_cong simp add: indicator_mult_ennreal mult.commute)
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x * indicator {\<mu><..} x \<partial>lborel)"
+ by(auto intro!: nn_integral_eq_integral integrable_real_mult_indicator)
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x * indicator {\<mu><..} x \<partial>lebesgue)"
+ by(simp add: integral_completion)
+ also have "... = ennreal (\<integral>x. (if x \<in> {\<mu><..} then normal_density \<mu> \<sigma> x else 0) \<partial>lebesgue)"
+ by (meson indicator_times_eq_if(2))
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x \<partial>lebesgue_on {\<mu><..})"
+ by(rule ennreal_cong, rule Lebesgue_Measure.integral_restrict_UNIV) simp
+ also have "... = ennreal (integral {\<mu><..} (normal_density \<mu> \<sigma>))"
+ by(rule ennreal_cong, rule lebesgue_integral_eq_integral) (auto simp: integrable_restrict_space integrable_completion intro!: integrable_mult_indicator[where 'b=real,simplified])
+ also have "... = ennreal (integral {..<\<mu>} (\<lambda>x. normal_density \<mu> \<sigma> (- x + 2 * \<mu>)))"
+ proof -
+ have "integral {\<mu><..} (normal_density \<mu> \<sigma>) = integral {..<\<mu>} (\<lambda>x. \<bar>- 1\<bar> *\<^sub>R normal_density \<mu> \<sigma> (- x + 2 * \<mu>))"
+ proof(rule conjunct2[OF has_absolute_integral_change_of_variables_1'[where g="\<lambda>x. - x + 2 * \<mu>" and S="{..<\<mu>}" and g'="\<lambda>x. - 1" and f="normal_density \<mu> \<sigma>" and b="integral {\<mu><..} (normal_density \<mu> \<sigma>)",THEN iffD2],symmetric])
+ fix x :: real
+ show "((\<lambda>x. - x + 2 * \<mu>) has_real_derivative - 1) (at x within {..<\<mu>})"
+ by(rule derivative_eq_intros(35)[of _ "- 1" _ _ 0]) (auto simp add: Deriv.field_differentiable_minus)
+ next
+ show "inj_on (\<lambda>x. - x + 2 * \<mu>) {..<\<mu>}"
+ by(auto simp: inj_on_def)
+ next
+ have 1: "(\<lambda>x. - x + 2 * \<mu>) ` {..<\<mu>} = {\<mu><..}"
+ by(auto simp: image_def intro!: bexI[where x="2 * \<mu> - _"])
+ have [simp]: "normal_density \<mu> \<sigma> absolutely_integrable_on {\<mu><..}"
+ by(auto simp: absolutely_integrable_measurable comp_def integrable_restrict_space integrable_completion intro!: integrable_mult_indicator[where 'b=real,simplified] measurable_restrict_space1 measurable_completion)
+ show "normal_density \<mu> \<sigma> absolutely_integrable_on (\<lambda>x. - x + 2 * \<mu>) ` {..<\<mu>} \<and> integral ((\<lambda>x. - x + 2 * \<mu>) ` {..<\<mu>}) (normal_density \<mu> \<sigma>) = integral {\<mu><..} (normal_density \<mu> \<sigma>)"
+ unfolding 1 by simp
+ qed auto
+ thus ?thesis by simp
+ qed
+ also have "... = ennreal (integral {..<\<mu>} (normal_density \<mu> \<sigma>))"
+ proof -
+ have "(\<lambda>x. normal_density \<mu> \<sigma> (- x + 2 * \<mu>)) = normal_density \<mu> \<sigma>"
+ by standard (auto simp: normal_density_def power2_commute )
+ thus ?thesis by simp
+ qed
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x \<partial>lebesgue_on {..<\<mu>})"
+ by(rule ennreal_cong, rule lebesgue_integral_eq_integral[symmetric]) (auto simp: integrable_restrict_space integrable_completion intro!: integrable_mult_indicator[where 'b=real,simplified])
+ also have "... = ennreal (\<integral>x. (if x \<in> {..<\<mu>} then normal_density \<mu> \<sigma> x else 0) \<partial>lebesgue)"
+ by(rule ennreal_cong, rule Lebesgue_Measure.integral_restrict_UNIV[symmetric]) simp
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x * indicator {..<\<mu>} x \<partial>lebesgue)"
+ by (meson indicator_times_eq_if(2)[symmetric])
+ also have "... = ennreal (\<integral>x. normal_density \<mu> \<sigma> x * indicator {..<\<mu>} x \<partial>lborel)"
+ by(simp add: integral_completion)
+ also have "... = (\<integral>\<^sup>+ x. ennreal (normal_density \<mu> \<sigma> x * indicator {..<\<mu>} x) \<partial>lborel)"
+ by(auto intro!: nn_integral_eq_integral[symmetric] integrable_real_mult_indicator)
+ also have "... = ?r"
+ using AE_lborel_singleton by(fastforce intro!: nn_integral_cong_AE simp: indicator_def)
+ finally show ?thesis .
+ qed
+ show ?thesis
+ by(simp add: 1 2) (metis (no_types, lifting) ennreal_divide_times mult_2 mult_2_right mult_divide_eq_ennreal one_add_one top_neq_numeral zero_neq_numeral)
+ qed
+ also have "... = ennreal (1 / 2)"
+ using prob_space.emeasure_space_1[OF prob_space_normal_density]
+ by(simp add: emeasure_density divide_ennreal_def)
+ finally show ?thesis .
+qed
+
+corollary measure_qbs_l_dens_to_dist_hnormal_f: "measure (qbs_l (density_qbs lborel_qbs hnormal_f)) UNIV = 1 / 2"
+ by(simp add: measure_def nc_hnormal_f del: ennreal_half)
+
+lemma hnormal_f:
+ shows "hnormal_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and "\<And>x. hnormal_f x \<ge> 0"
+ and "qbs_l (density_qbs lborel_qbs hnormal_f) UNIV \<noteq> 0"
+ and "qbs_integrable lborel_qbs hnormal_f"
+ using nc_hnormal_f by(auto simp: qbs_integrable_iff_integrable integrable_iff_bounded qbs_l_density_qbs[of _ qbs_borel] hnormal_f_def emeasure_density simp del: ennreal_half)
+
+lemma "qbs_l (dens_to_dist local.hnormal_f) = density lborel (\<lambda>x. ennreal (2 * (if x \<le> \<mu> then 0 else normal_density \<mu> \<sigma> x)))"
+ by(simp add: qbs_l_dens_to_dist[OF hnormal_f] measure_qbs_l_dens_to_dist_hnormal_f) (simp add: hnormal_f_def)
+
+end
+
+
+subsubsection \<open> Erlang Distribution \<close>
+context
+ fixes k :: nat and l :: real
+ assumes l_pos[arith]: "l > 0"
+begin
+
+definition "erlang_f \<equiv> (\<lambda>x. if x < 0 then 0 else x^k * exp (- l * x))"
+
+lemma nc_erlang_f: "qbs_l (density_qbs lborel_qbs erlang_f) UNIV = ennreal (fact k / l^(Suc k))"
+proof -
+ have "qbs_l (density_qbs lborel_qbs erlang_f) UNIV = (\<integral>\<^sup>+ x. ennreal (if x < 0 then 0 else x ^ k * exp (- l * x)) \<partial>lborel)"
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] erlang_f_def emeasure_density)
+ also have "... = ennreal (fact k / l^(Suc k)) * (\<integral>\<^sup>+ x. erlang_density k l x \<partial>lborel)"
+ by(auto simp: nn_integral_cmult[symmetric] ennreal_mult'[symmetric] erlang_density_def intro!: nn_integral_cong)
+ also have "... = ennreal (fact k / l^(Suc k))"
+ using prob_space.emeasure_space_1[OF prob_space_erlang_density]
+ by(simp add: emeasure_density)
+ finally show ?thesis .
+qed
+
+corollary measure_qbs_l_dens_to_dist_erlang_f: "measure (qbs_l (density_qbs lborel_qbs erlang_f)) UNIV = fact k / l^(Suc k)"
+ by(simp add: measure_def nc_erlang_f)
+
+lemma erlang_f:
+ shows "erlang_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and "\<And>x. erlang_f x \<ge> 0"
+ and "qbs_l (density_qbs lborel_qbs erlang_f) UNIV \<noteq> 0"
+ and "qbs_integrable lborel_qbs erlang_f"
+ using nc_erlang_f by(auto simp: qbs_integrable_iff_integrable integrable_iff_bounded qbs_l_density_qbs[of _ qbs_borel] erlang_f_def emeasure_density)
+
+lemma "qbs_l (dens_to_dist erlang_f) = density lborel (erlang_density k l)"
+proof -
+ have [simp]: "l * l ^ k * (if x < 0 then 0 else x ^ k * exp (- l * x)) / fact k = (if x < 0 then 0 else l ^ Suc k * x ^ k * exp (- l * x) / fact k)" for x
+ by auto
+ show ?thesis
+ by(simp add: qbs_l_dens_to_dist[OF erlang_f] measure_qbs_l_dens_to_dist_erlang_f erlang_density_def) (simp add: erlang_f_def)
+qed
+
+end
+
+subsubsection \<open> Uniform Distribution on $(0,1) \times (0,1)$.\<close>
+
+definition "uniform_f \<equiv> indicat_real ({0<..<1::real}\<times>{0<..<1::real})"
+
+lemma
+ shows uniform_f_qbs'[qbs]: "uniform_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and uniform_f_qbs[qbs]: "uniform_f \<in> \<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+proof -
+ have "uniform_f \<in> \<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ by(auto simp: uniform_f_def r_preserves_product[symmetric] intro!: rr.qbs_morphism_measurable_intro)
+ thus "uniform_f \<in> \<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q \<rightarrow>\<^sub>Q \<real>\<^sub>Q" "uniform_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ by(simp_all add: qbs_borel_prod)
+qed
+
+lemma uniform_f_measurable[measurable]: "uniform_f \<in> borel_measurable borel"
+ by (metis borel_prod rr.standard_borel_axioms standard_borel.standard_borel_r_full_faithful uniform_f_qbs')
+
+lemma nc_uniform_f: "qbs_l (density_qbs lborel_qbs uniform_f) UNIV = 1"
+proof -
+ have "qbs_l (density_qbs lborel_qbs uniform_f) UNIV = (\<integral>\<^sup>+ z. ennreal (uniform_f z) \<partial>lborel)"
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] emeasure_density)
+ also have "... = (\<integral>\<^sup>+ z. indicator {0<..<1::real} (fst z) * indicator {0<..<1::real} (snd z) \<partial>(lborel \<Otimes>\<^sub>M lborel))"
+ by(auto simp: lborel_prod intro!: nn_integral_cong) (auto simp: indicator_def uniform_f_def)
+ also have "... = 1"
+ by(auto simp: lborel.nn_integral_fst[symmetric] nn_integral_cmult)
+ finally show ?thesis .
+qed
+
+corollary measure_qbs_l_dens_to_dist_uniform_f: "measure (qbs_l (density_qbs lborel_qbs uniform_f)) UNIV = 1"
+ by(simp add: measure_def nc_uniform_f)
+
+lemma uniform_f:
+ shows "uniform_f \<in> qbs_borel \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ and "\<And>x. uniform_f x \<ge> 0"
+ and "qbs_l (density_qbs lborel_qbs uniform_f) UNIV \<noteq> 0"
+ and "qbs_integrable lborel_qbs uniform_f"
+ using nc_uniform_f by(auto simp: qbs_integrable_iff_integrable integrable_iff_bounded qbs_l_density_qbs[of _ qbs_borel] emeasure_density) (auto simp: uniform_f_def)
+
+lemma qbs_l_dens_to_dist_uniform_f:"qbs_l (dens_to_dist uniform_f) = density lborel (\<lambda>x. ennreal (uniform_f x))"
+ by(simp add: qbs_l_dens_to_dist[OF uniform_f,simplified measure_qbs_l_dens_to_dist_uniform_f])
+
+lemma "dens_to_dist uniform_f = Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1"
+proof -
+ note qbs_pair_measure_morphismP[qbs] Uniform_qbsP[qbs]
+ have [simp]:"sets (borel :: (real \<times> real) measure) = sets (borel \<Otimes>\<^sub>M borel)"
+ by(metis borel_prod)
+ show ?thesis
+ proof(safe intro!: inj_onD[OF qbs_l_inj[of "\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q"]] qbs_space_monadPM measure_eqI)
+(* proof(auto intro!: inj_onD[OF qbs_l_inj[of "\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q"]] qbs_space_monadPM simp: qbs_l_dens_to_dist_uniform_f qbs_l_Uniform_pair, auto intro!: measure_eqI)
+ *)
+ fix A :: "(real \<times> real) set"
+ assume "A \<in> sets (qbs_l (dens_to_dist uniform_f))"
+ then have [measurable]: "A \<in> sets (borel \<Otimes>\<^sub>M borel)"
+ by(auto simp: qbs_l_dens_to_dist_uniform_f)
+ show "emeasure (qbs_l (dens_to_dist uniform_f)) A = emeasure (qbs_l (Uniform 0 1 \<Otimes>\<^sub>Q\<^sub>m\<^sub>e\<^sub>s Uniform 0 1)) A" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<integral>\<^sup>+x\<in>A. ennreal (uniform_f x) \<partial>(lborel \<Otimes>\<^sub>M lborel))"
+ by(simp add: emeasure_density lborel_prod qbs_l_dens_to_dist_uniform_f)
+ also have "... = (\<integral>\<^sup>+x. indicator A x * indicator {0<..<1} (fst x) * indicator {0<..<1} (snd x) \<partial>(lborel \<Otimes>\<^sub>M lborel))"
+ by(auto intro!: nn_integral_cong) (auto simp: indicator_def uniform_f_def)
+ also have "... = (\<integral>\<^sup>+ x\<in>{0<..<1}. (\<integral>\<^sup>+y\<in>{0<..<1}. indicator A (x, y) \<partial>lborel) \<partial>lborel)"
+ by(auto simp add: lborel.nn_integral_fst[symmetric] intro!: nn_integral_cong) (auto simp: indicator_def)
+ also have "... = (\<integral>\<^sup>+ x. (\<integral>\<^sup>+y. indicator A (x, y) \<partial>uniform_measure lborel {0<..<1}) \<partial>uniform_measure lborel {0<..<1})"
+ by(auto simp: nn_integral_uniform_measure divide_ennreal_def)
+ also have "... = ?rhs"
+ by(auto simp: UniformP_pair.M1.emeasure_pair_measure' qbs_l_Uniform_pair)
+ finally show ?thesis .
+ qed
+ next
+ show "dens_to_dist uniform_f \<in> qbs_space (monadP_qbs (\<real>\<^sub>Q \<Otimes>\<^sub>Q \<real>\<^sub>Q))"
+ by(simp add: dens_to_dist_prob[OF uniform_f] qbs_borel_prod)
+ qed (auto simp: qbs_l_dens_to_dist_uniform_f qbs_l_Uniform_pair, qbs, simp)
+qed
+
+subsubsection \<open> If then else \<close>
+
+definition gt :: "(real \<Rightarrow> real) \<Rightarrow> real \<Rightarrow> bool qbs_measure" where
+"gt \<equiv> (\<lambda>f r. do {
+ x \<leftarrow> dens_to_dist (normal_f 0 1);
+ if f x > r
+ then return_qbs \<bool>\<^sub>Q True
+ else return_qbs \<bool>\<^sub>Q False
+ })"
+
+declare normal_f(1)[of 1 0,simplified]
+
+lemma gt_qbs[qbs]: "gt \<in> qbs_space ((\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadP_qbs \<bool>\<^sub>Q)"
+proof -
+ note [qbs] = dens_to_dist_prob[OF normal_f[of 1 0,simplified]] bind_qbs_morphismP return_qbs_morphismP
+ show ?thesis
+ by(simp add: gt_def)
+qed
+
+lemma
+ assumes [qbs]: "f \<in> \<real>\<^sub>Q \<rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ shows "\<P>(b in gt f r. b = True) = \<P>(x in std_normal_distribution. f x > r)" (is "?P1 = ?P2")
+proof -
+ note [qbs] = dens_to_dist_prob[OF normal_f[of 1 0,simplified]] bind_qbs_morphismP return_qbs_morphismP
+ have 1[simp]: "space (qbs_l (gt f r)) = UNIV"
+ by(simp add: space_qbs_l_in[OF qbs_space_monadPM,of _ "\<bool>\<^sub>Q"])
+ have "?P1 = (\<integral>b. indicat_real {True} b \<partial>qbs_l (gt f r))"
+ by simp (metis (full_types) Collect_cong singleton_conv2)
+ also have "... = (\<integral>\<^sub>Q b. indicat_real {True} b \<partial>(gt f r))"
+ by(simp add: qbs_integral_def2_l)
+ also have "... = (\<integral>\<^sub>Q b. indicat_real {True} b \<partial>(dens_to_dist (normal_f 0 1) \<bind> (\<lambda>x. return_qbs \<bool>\<^sub>Q (f x > r))))"
+ proof -
+ have [simp]:"gt f r = dens_to_dist (normal_f 0 1) \<bind> (\<lambda>x. return_qbs \<bool>\<^sub>Q (f x > r))"
+ by(auto simp: gt_def intro!: bind_qbs_cong[of _ "\<real>\<^sub>Q" _ _ "\<bool>\<^sub>Q"] qbs_space_monadPM qbs_morphism_monadPD)
+ show ?thesis by simp
+ qed
+ also have "... = (\<integral>\<^sub>Q x. (indicat_real {True} \<circ> (\<lambda>x. f x > r)) x \<partial>dens_to_dist (normal_f 0 1))"
+ by(rule qbs_integral_bind_return[of _ "\<real>\<^sub>Q"]) (auto intro!: qbs_space_monadPM)
+ also have "... = (\<integral>\<^sub>Q x. indicat_real {x. f x > r} x \<partial>dens_to_dist (normal_f 0 1))"
+ by(auto intro!: qbs_integral_cong[of _ "\<real>\<^sub>Q"] qbs_space_monadPM simp: indicator_def)
+ also have "... = (\<integral>x. indicat_real {x. f x > r} x \<partial>dens_to_dist (normal_f 0 1))"
+ by(simp add: qbs_integral_def2_l)
+ also have "... = ?P2"
+ by(simp add: qbs_l_densto_dist_normal_f[of 1 0])
+ finally show ?thesis .
+qed
+
+text \<open>Examples from Staton~\cite[Sect.~2.2]{staton_2020}.\<close>
+subsubsection \<open> Weekend \<close>
+text \<open> Example from Staton~\cite[Sect.~2.2.1]{staton_2020}.\<close>
+text \<open> This example is formalized in Coq by Affeldt et al.~\cite{10.1145/3573105.3575691}.\<close>
+definition weekend :: "bool qbs_measure" where
+"weekend \<equiv> do {
+ let x = qbs_bernoulli (2 / 7);
+ f = (\<lambda>x. let r = if x then 3 else 10 in pmf (poisson_pmf r) 4)
+ in query x f
+ }"
+
+lemma weekend_qbs[qbs]:"weekend \<in> qbs_space (monadM_qbs \<bool>\<^sub>Q)"
+ by(simp add: weekend_def)
+
+lemma weekend_nc:
+ defines "N \<equiv> 2 / 7 * pmf (poisson_pmf 3) 4 + 5 / 7 * pmf (poisson_pmf 10) 4"
+ shows "qbs_l (density_qbs (bernoulli_pmf (2/7)) (\<lambda>x. (pmf (poisson_pmf (if x then 3 else 10)) 4))) UNIV = N"
+proof -
+ have [simp]:"fact 4 = 4 * fact 3"
+ by (simp add: fact_numeral)
+ show ?thesis
+ by(simp add: qbs_l_density_qbs[of _ "\<bool>\<^sub>Q"] emeasure_density ennreal_plus[symmetric] ennreal_mult'[symmetric] N_def del: ennreal_plus)
+qed
+
+lemma qbs_l_weekend:
+ defines "N \<equiv> 2 / 7 * pmf (poisson_pmf 3) 4 + 5 / 7 * pmf (poisson_pmf 10) 4"
+ shows "qbs_l weekend = qbs_l (density_qbs (qbs_bernoulli (2 / 7)) (\<lambda>x. ennreal (let r = if x then 3 else 10 in r ^ 4 * exp (- r) / (fact 4 * N))))" (is "?lhs = ?rhs")
+proof -
+ have [simp]: "N > 0"
+ by(auto simp: N_def intro!: add_pos_pos)
+ have "?lhs = qbs_l (density_qbs (density_qbs (qbs_bernoulli (2 / 7)) (\<lambda>x. ennreal (let r = if x then 3 else 10 in r ^ 4 * exp (- r) / fact 4))) (\<lambda>x. 1 / ennreal N))"
+ using normalize_qbs[of "density_qbs (qbs_bernoulli (2/7)) (\<lambda>x. (pmf (poisson_pmf (if x then 3 else 10)) 4))" "\<bool>\<^sub>Q",simplified] weekend_nc
+ by(simp add: weekend_def query_def N_def Let_def)
+ also have "... = ?rhs"
+ by(simp add: density_qbs_density_qbs_eq[of _ "\<bool>\<^sub>Q"] ennreal_mult'[symmetric] ennreal_1[symmetric] divide_ennreal del: ennreal_1) (metis (mono_tags, opaque_lifting) divide_divide_eq_left)
+ finally show ?thesis .
+qed
+
+lemma
+ defines "N \<equiv> 2 / 7 * pmf (poisson_pmf 3) 4 + 5 / 7 * pmf (poisson_pmf 10) 4"
+ shows "\<P>(b in weekend. b = True) = 2 / 7 * (3^4 * exp (- 3)) / fact 4 * 1 / N"
+ by simp (simp add: qbs_l_weekend measure_def qbs_l_density_qbs[of _ "\<bool>\<^sub>Q"] emeasure_density emeasure_measure_pmf_finite ennreal_mult'[symmetric] N_def)
+
+
+subsubsection \<open> Whattime \<close>
+text \<open> Example from Staton~\cite[Sect.~2.2.3]{staton_2020}\<close>
+text \<open> $f$ is given as a parameter.\<close>
+definition whattime :: "(real \<Rightarrow> real) \<Rightarrow> real qbs_measure" where
+"whattime \<equiv> (\<lambda>f. do {
+ let T = Uniform 0 24 in
+ query T (\<lambda>t. let r = f t in
+ exponential_density r (1 / 60))
+ })"
+
+lemma whattime_qbs[qbs]: "whattime \<in> (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q"
+ by(simp add: whattime_def)
+
+lemma qbs_l_whattime_sub:
+ assumes [qbs]: "f \<in> \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q"
+ shows "qbs_l (density_qbs (Uniform 0 24) (\<lambda>x. exponential_density (f x) (1 / 60))) = density lborel (\<lambda>x. indicator {0<..<24} x / 24 * exponential_density (f x) (1 / 60))"
+proof -
+ have [measurable]:"f \<in> borel_measurable borel"
+ by (simp add: standard_borel.standard_borel_r_full_faithful standard_borel_ne.standard_borel)
+ have [measurable]: "(\<lambda>x. (exponential_density (f x) (1 / 60))) \<in> borel_measurable borel"
+ by(simp add: exponential_density_def)
+ have 1[measurable]: "(\<lambda>x. ennreal (exponential_density (f x) (1 / 60))) \<in> borel_measurable (uniform_measure lborel {0<..<24})"
+ by(simp add: measurable_cong_sets[OF sets_uniform_measure])
+ show ?thesis
+ by(auto simp: qbs_l_density_qbs[of _ qbs_borel] emeasure_density emeasure_density[OF 1] nn_integral_uniform_measure nn_integral_divide[symmetric] ennreal_mult' divide_ennreal[symmetric] intro!: measure_eqI nn_integral_cong simp del: times_divide_eq_left)
+ (simp add: ennreal_indicator ennreal_times_divide mult.commute mult.left_commute)
+qed
+
+lemma
+ assumes [qbs]: "f \<in> \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q" and [measurable]:"U \<in> sets borel"
+ and "\<And>r. f r \<ge> 0"
+ defines "N \<equiv> (\<integral>t\<in>{0<..<24}. (f t * exp (- 1/ 60 * f t)) \<partial>lborel)"
+ defines "N' \<equiv> (\<integral>\<^sup>+t\<in>{0<..<24}. (f t * exp (- 1/ 60 * f t)) \<partial>lborel)"
+ assumes "N' \<noteq> 0" and "N' \<noteq> \<infinity>"
+ shows "\<P>(t in whattime f. t \<in> U) = (\<integral>t\<in>{0<..<24}\<inter>U. (f t * exp (- 1/ 60 * f t)) \<partial>lborel) / N"
+proof -
+ have 1: "space (whattime f) = UNIV"
+ by (rule space_qbs_l_in[of "whattime f" "\<real>\<^sub>Q",simplified qbs_space_qbs_borel]) simp
+ have [measurable]: "f \<in> borel_measurable borel"
+ by (simp add: standard_borel.standard_borel_r_full_faithful standard_borel_ne.standard_borel)
+ have [measurable]: "(\<lambda>x. exponential_density (f x) (1 / 60)) \<in> borel_measurable borel"
+ by(simp add: measurable_cong_sets[OF sets_uniform_measure] exponential_density_def)
+ have [measurable]: "(\<lambda>x. ennreal (exponential_density (f x) (1 / 60))) \<in> borel_measurable (uniform_measure lborel {0<..<24})"
+ by(simp add: measurable_cong_sets[OF sets_uniform_measure])
+ have qbs_ld: "qbs_l (density_qbs (Uniform 0 24) (\<lambda>x. exponential_density (f x) (1 / 60))) UNIV = (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x) / 24) \<partial>lborel)"
+ by(auto simp: qbs_l_whattime_sub emeasure_density intro!: nn_integral_cong,auto simp: ennreal_indicator[symmetric] ennreal_mult''[symmetric] exponential_density_def) (simp add: mult.commute)
+ have int: "integrable lborel (\<lambda>x. f x * exp (- 1/ 60 * f x) * indicat_real {0<..<24} x)"
+ using assms(3,7) by(simp add: N'_def integrable_iff_bounded ennreal_mult'' ennreal_indicator top.not_eq_extremum)
+
+ have ge: "(\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60)) / 24)\<partial>lborel) > 0"
+ proof -
+ have "(\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60))) \<partial>lborel) > 0" (is "?l > 0")
+ proof -
+ have "ennreal ?l = (\<integral>\<^sup>+x. (indicator {0<..<24} x * (f x * exp (- (f x / 60)))) \<partial>lborel)"
+ unfolding set_lebesgue_integral_def by(simp,rule nn_integral_eq_integral[symmetric]) (insert int assms(3),auto simp: mult.commute)
+ also have "... = (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x)) \<partial>lborel)"
+ by (simp add: indicator_mult_ennreal mult.commute)
+ also have "... > 0"
+ using assms(6) not_gr_zero N'_def by blast
+ finally show ?thesis
+ using ennreal_less_zero_iff by blast
+ qed
+ thus ?thesis by simp
+ qed
+ have ge2: "(\<integral>x\<in>{0<..<24}\<inter> U. (exponential_density (f x) (1 / 60)) \<partial>lborel) \<ge> 0"
+ using assms(3) by(auto intro!: integral_nonneg_AE simp: set_lebesgue_integral_def)
+
+ have "(\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x) / 24) \<partial>lborel) \<noteq> 0 \<and> (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x) / 24) \<partial>lborel) \<noteq> \<infinity>"
+ proof -
+ have "(\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x) / 24) \<partial>lborel) = (\<integral>\<^sup>+x. ennreal (f x * exp (- 1/ 60 * f x)) * indicator {0<..<24} x / 24 \<partial>lborel)"
+ by(rule nn_integral_cong, insert assms(3)) (auto simp: divide_ennreal[symmetric] ennreal_times_divide mult.commute)
+ also have "... = (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x)) \<partial>lborel) / 24"
+ by(simp add: nn_integral_divide)
+ finally show ?thesis
+ using assms(5,6,7) by (simp add: ennreal_divide_eq_top_iff)
+ qed
+ hence "normalize_qbs (density_qbs (Uniform 0 24) (\<lambda>x. (exponential_density (f x) (1 / 60)))) = density_qbs (density_qbs (Uniform 0 24) (\<lambda>x. ennreal (exponential_density (f x) (1 / 60)))) (\<lambda>x. 1 / (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- 1/ 60 * f x) / 24) \<partial>lborel))"
+ using normalize_qbs[of "density_qbs (Uniform 0 24) (\<lambda>x. exponential_density (f x) (1 / 60))" qbs_borel,simplified] by(simp add: qbs_ld)
+ also have "... = density_qbs (Uniform 0 24) (\<lambda>x. ennreal (exponential_density (f x) (1 / 60)) / (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- (f x / 60)) / 24) \<partial>lborel))"
+ by(simp add: density_qbs_density_qbs_eq[of _ qbs_borel] ennreal_times_divide)
+
+ finally have "\<P>(x in whattime f. x \<in> U) = measure (density (qbs_l (Uniform 0 24)) (\<lambda>x. ennreal (exponential_density (f x) (1 / 60)) / (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- (f x / 60)) / 24) \<partial>lborel))) U"
+ unfolding 1 by (simp add: whattime_def query_def qbs_l_density_qbs[of _ qbs_borel])
+ also have "... = enn2real ((\<integral>\<^sup>+x\<in>{0<..<24}. (ennreal (exponential_density (f x) (1 / 60)) / (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- (f x / 60)) / 24)\<partial>lborel) * indicator U x) \<partial>lborel) / 24)"
+ by(simp add: measure_def emeasure_density nn_integral_uniform_measure)
+ also have "... = enn2real ((\<integral>\<^sup>+x\<in>{0<..<24}. (ennreal (exponential_density (f x) (1 / 60)) * indicator U x) \<partial>lborel) / (\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- (f x / 60)) / 24)\<partial>lborel) / 24)"
+ by(simp add: ennreal_divide_times ennreal_times_divide nn_integral_divide)
+ also have "... = enn2real (ennreal (\<integral>x\<in>{0<..<24}\<inter> U. (exponential_density (f x) (1 / 60)) \<partial>lborel) / ennreal (\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60)) / 24)\<partial>lborel) / ennreal 24)"
+ proof -
+ have 1:"(\<integral>\<^sup>+x\<in>{0<..<24}. ennreal (f x * exp (- (f x / 60)) / 24)\<partial>lborel) = ennreal (\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60)) / 24)\<partial>lborel)" (is "?l = ?r")
+ proof -
+ have "?l = (\<integral>\<^sup>+x. ennreal (f x * exp (- (f x / 60)) / 24 * indicat_real {0<..<24} x) \<partial>lborel)"
+ by (simp add: nn_integral_set_ennreal)
+ also have "... = ennreal (\<integral>x. (f x * exp (- (f x / 60)) / 24 * indicat_real {0<..<24} x)\<partial>lborel)"
+ by(rule nn_integral_eq_integral) (use int assms(3) in auto)
+ also have "... = ?r"
+ by(auto simp: set_lebesgue_integral_def intro!: Bochner_Integration.integral_cong ennreal_cong)
+ finally show ?thesis .
+ qed
+ have 2:"(\<integral>\<^sup>+x\<in>{0<..<24}. (ennreal (exponential_density (f x) (1 / 60)) * indicator U x) \<partial>lborel) = ennreal (\<integral>x\<in>{0<..<24}\<inter> U. (exponential_density (f x) (1 / 60)) \<partial>lborel)" (is "?l = ?r")
+ proof -
+ have "?l = (\<integral>\<^sup>+x. ennreal (f x * exp (- (f x / 60)) * indicat_real {0<..<24} x * indicator U x) \<partial>lborel)"
+ by (auto intro!: nn_integral_cong simp: exponential_density_def indicator_def)
+ also have "... = ennreal (\<integral>x. (f x * exp (- (f x / 60)) * indicat_real {0<..<24} x * indicator U x)\<partial>lborel)"
+ by(rule nn_integral_eq_integral) (use integrable_real_mult_indicator[OF _ int] assms(3) in auto)
+ also have "... = ?r"
+ by(auto simp: set_lebesgue_integral_def indicator_def exponential_density_def intro!: Bochner_Integration.integral_cong ennreal_cong)
+ finally show ?thesis .
+ qed
+ show ?thesis
+ by(simp add: 1 2)
+ qed
+ also have "... = enn2real (ennreal ((\<integral>x\<in>{0<..<24}\<inter> U. (exponential_density (f x) (1 / 60)) \<partial>lborel) / (\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60)) / 24)\<partial>lborel) / 24))"
+ by(simp only: divide_ennreal[OF ge2 ge] divide_ennreal[OF divide_nonneg_pos[OF ge2 ge]])
+ also have "... = (\<integral>x\<in>{0<..<24}\<inter> U. (exponential_density (f x) (1 / 60)) \<partial>lborel) / (\<integral>x\<in>{0<..<24}. (f x * exp (- (f x / 60)) / 24)\<partial>lborel) / 24"
+ by(rule enn2real_ennreal) (use ge ge2 in auto)
+ also have "... = (\<integral>x\<in>{0<..<24}\<inter>U. (f x * exp (- 1/ 60 * f x)) \<partial>lborel) / N"
+ by(auto simp: N_def exponential_density_def)
+ finally show ?thesis .
+qed
+
+subsubsection \<open> Distributions on Functions \<close>
+definition a_times_x :: "(real \<Rightarrow> real) qbs_measure" where
+"a_times_x \<equiv> do {
+ a \<leftarrow> Uniform (-2) 2;
+ return_qbs (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) (\<lambda>x. a * x)
+ }"
+
+lemma a_times_x_qbs[qbs]: "a_times_x \<in> monadM_qbs (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q)"
+ by(simp add: a_times_x_def)
+
+lemma a_times_x_qbsP: "a_times_x \<in> monadP_qbs (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q)"
+proof -
+ note [qbs] = Uniform_qbsP[of "-2" 2,simplified] return_qbs_morphismP bind_qbs_morphismP
+ show ?thesis
+ by(simp add: a_times_x_def)
+qed
+
+definition a_times_x' :: "(real \<Rightarrow> real) qbs_measure" where
+"a_times_x' \<equiv> do {
+ condition a_times_x (\<lambda>f. f 1 \<ge> 0)
+ }"
+
+lemma a_times_x'_qbs[qbs]: "a_times_x' \<in> monadM_qbs (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q)"
+ by(simp add: a_times_x'_def)
+
+lemma prob_a_times_x:
+ assumes [measurable]: "Measurable.pred borel P"
+ shows "\<P>(f in a_times_x. P (f r)) = \<P>(a in Uniform (-2) 2. P (a * r))" (is "?lhs = ?rhs")
+proof -
+ have [qbs]: "qbs_pred qbs_borel P"
+ using r_preserves_morphisms by fastforce
+ have "?lhs = measure a_times_x ({f. P (f r)} \<inter> space a_times_x)"
+ by (simp add: Collect_conj_eq inf_sup_aci(1))
+ also have "... = (\<integral>\<^sub>Q f. indicat_real {f. P (f r)} f \<partial>a_times_x)"
+ by(simp add: qbs_integral_def2_l)
+ also have "... = qbs_integral (Uniform (- 2) 2) (indicat_real {f. P (f r)} \<circ> (*))"
+ unfolding a_times_x_def by(rule qbs_integral_bind_return[of _ qbs_borel]) auto
+ also have "... = (\<integral>\<^sub>Q a. indicat_real {a. P (a * r)} a \<partial>Uniform (- 2) 2)"
+ by(auto simp: comp_def indicator_def)
+ also have "... = ?rhs"
+ by (simp add: qbs_integral_def2_l)
+ finally show ?thesis .
+qed
+
+lemma "\<P>(f in a_times_x'. f 1 \<ge> 1) = 1 / 2" (is "?P = _")
+proof -
+ have "?P = \<P>(f in a_times_x. f 1 \<ge> 1 \<bar> f 1 \<ge> 0)"
+ by(simp add: query_Bayes[OF a_times_x_qbsP] a_times_x'_def)
+ also have "... = \<P>(f in a_times_x. f 1 \<ge> 1) / \<P>(f in a_times_x. f 1 \<ge> 0)"
+ by(auto simp add: cond_prob_def) (meson dual_order.trans linordered_nonzero_semiring_class.zero_le_one)
+ also have "... = 1 / 2"
+ proof -
+ have [simp]: "{-2<..<2::real} \<inter> Collect ((\<le>) 1) = {1..<2}" "{-2<..<2::real} \<inter> Collect ((\<le>) 0) = {0..<2}"
+ by auto
+ show ?thesis
+ by(auto simp: prob_a_times_x)
+ qed
+ finally show ?thesis .
+qed
+
+
+text \<open> Almost everywhere, integrable, and integrations are also interpreted as programs.\<close>
+lemma "(\<lambda>g f x. if (AE\<^sub>Q y in g x. f x y \<noteq> \<infinity>) then (\<integral>\<^sup>+\<^sub>Q y. f x y \<partial>(g x)) else 0)
+ \<in> (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q\<^sub>\<ge>\<^sub>0) \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q\<^sub>\<ge>\<^sub>0"
+ by simp
+
+lemma "(\<lambda>g f x. if qbs_integrable (g x) (f x) then Some (\<integral>\<^sub>Q y. f x y \<partial>(g x)) else None)
+ \<in> (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q monadM_qbs \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q (\<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q \<real>\<^sub>Q) \<Rightarrow>\<^sub>Q \<real>\<^sub>Q \<Rightarrow>\<^sub>Q option_qbs \<real>\<^sub>Q"
+ by simp
+
+end
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/ROOT b/thys/S_Finite_Measure_Monad/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/ROOT
@@ -0,0 +1,17 @@
+chapter AFP
+
+session "S_Finite_Measure_Monad" = "HOL-Probability" +
+ options [timeout = 600]
+ sessions "Standard_Borel_Spaces"
+ theories
+ "Lemmas_S_Finite_Measure_Monad"
+ "Kernels"
+ "QuasiBorel"
+ "QBS_Morphism"
+ "Measure_QuasiBorel_Adjunction"
+ "Monad_QuasiBorel"
+ "Montecarlo"
+ "Query"
+ document_files
+ "root.tex"
+ "root.bib"
diff --git a/thys/S_Finite_Measure_Monad/document/root.bib b/thys/S_Finite_Measure_Monad/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/document/root.bib
@@ -0,0 +1,81 @@
+@inproceedings{
+ Heunen_2017,
+ author = {Heunen, Chris and Kammar, Ohad and Staton, Sam and Yang, Hongseok},
+ title = {A Convenient Category for Higher-Order Probability Theory},
+ year = {2017},
+ isbn = {9781509030187},
+ publisher = {IEEE Press},
+ booktitle = {Proceedings of the 32nd Annual ACM/IEEE Symposium on Logic in Computer Science},
+ articleno = {77},
+ numpages = {12},
+ location = {Reykjav\'{\i}k, Iceland},
+ series = {LICS '17}
+}
+
+@article{Sato_2019,
+ title={Formal verification of higher-order probabilistic programs: reasoning about approximation, convergence, Bayesian inference, and optimization},
+ volume={3},
+ ISSN={2475-1421},
+ url={http://dx.doi.org/10.1145/3290351},
+ DOI={10.1145/3290351},
+ number={POPL},
+ journal={Proceedings of the ACM on Programming Languages},
+ publisher={Association for Computing Machinery (ACM)},
+ author={Sato, Tetsuya and Aguirre, Alejandro and Barthe, Gilles and Gaboardi, Marco and Garg, Deepak and Hsu, Justin},
+ year={2019},
+ month={Jan},
+ pages={1–30}
+}
+
+@misc{Adrian_PL,
+ title = {Probabilistic Programming},
+ author = {Sampson, Adrian},
+ key = {Probabilistic programming},
+ howpublished = {\url{http://adriansampson.net/doc/ppl.html}},
+ note = {Accessed: January 25. 2023}
+}
+
+@inproceedings{10.1145/3573105.3575691,
+ author = {Affeldt, Reynald and Cohen, Cyril and Saito, Ayumu},
+ title = {Semantics of Probabilistic Programs Using S-Finite Kernels in {Coq}},
+ year = {2023}, isbn = {9798400700262},
+ publisher = {Association for Computing Machinery},
+ address = {New York, NY, USA},
+ doi = {10.1145/3573105.3575691},
+ booktitle = {Proceedings of the 12th ACM SIGPLAN International Conference on Certified Programs and Proofs},
+ pages = {3–16},
+ numpages = {14},
+ keywords = {probabilistic programming language, measure theory, integration theory, Coq},
+ location = {Boston, MA, USA}, series = {CPP 2023}
+}
+
+@inbook{staton_2020,
+ place={Cambridge},
+ title={Probabilistic Programs as Measures},
+ DOI={10.1017/9781108770750.003},
+ booktitle={Foundations of Probabilistic Programming},
+ publisher={Cambridge University Press},
+ author={Staton, Sam},
+ year={2020},
+ pages={43–74}
+}
+
+@InProceedings{staton_2017,
+author="Staton, Sam",
+editor="Yang, Hongseok",
+title="Commutative Semantics for Probabilistic Programming",
+booktitle="Programming Languages and Systems",
+year="2017",
+publisher="Springer Berlin Heidelberg",
+address="Berlin, Heidelberg",
+pages="855--879",
+abstract="We show that a measure-based denotational semantics for probabilistic programming is commutative.",
+isbn="978-3-662-54434-1"
+}
+
+@misc{HongseokLecture2017,
+ title={Semantics of Higher-Order Probabilistic Programs with Continuous Distributions},
+ author = {Hongseok Yang},
+ howpublished = {\url{https://alfa.di.uminho.pt/~nevrenato/probprogschool_slides/Hongseok.pdf}},
+ note = {Accessed: February 8. 2023}
+}
\ No newline at end of file
diff --git a/thys/S_Finite_Measure_Monad/document/root.tex b/thys/S_Finite_Measure_Monad/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/document/root.tex
@@ -0,0 +1,75 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+\usepackage{amsmath}
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+\usepackage[only,bigsqcap]{stmaryrd}
+%for \<Sqinter>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{S-Finite Measure Monad on Quasi-Borel Spaces}
+\author{Michikazu Hirata, Yasuhiko Minamide}
+\maketitle
+\begin{abstract}
+ The s-finite measure monad on quasi-Borel spaces provides
+ a suitable denotational model for higher-order probabilistic programs
+ with conditioning.
+ This entry is a formalization of the s-finite measure monad and related notions,
+ including s-finite measures, s-finite kernels, and a proof automation for quasi-Borel spaces which is an
+ extension of our previous entry \textit{quasi-Borel spaces}.
+ We also implement several examples of probabilistic programs in previous works and prove their property.
+
+ This work is a part of the work by Hirata, Minamide, and Sato,
+ \textit{Semantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL}
+ which will be presented at the 14th Conference on Interactive Theorem Proving (ITP2023).
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/S_Finite_Measure_Monad/qbs.ML b/thys/S_Finite_Measure_Monad/qbs.ML
new file mode 100644
--- /dev/null
+++ b/thys/S_Finite_Measure_Monad/qbs.ML
@@ -0,0 +1,79 @@
+(* Title: qbs.ML
+ Author: Yasuhiko Minamide, Michikazu Hirata, Tokyo Institute of Technology
+ qbs prover
+*)
+
+signature QBS =
+sig
+
+ val get : Context.generic -> thm list
+ val qbs_add: attribute
+ val qbs_del: attribute
+
+ val qbs_tac: Proof.context -> thm list -> tactic
+ val simproc : Proof.context -> cterm -> thm option
+end ;
+
+structure Qbs : QBS =
+struct
+
+structure Data = Generic_Data
+(
+ type T = thm list
+ val empty: T = []
+ val merge = Thm.merge_thms
+);
+
+val get = Data.get
+
+fun add thm = Data.map (Thm.add_thm thm)
+
+val qbs_add = Thm.declaration_attribute add;
+val qbs_del = Thm.declaration_attribute (Data.map o Thm.del_thm);
+
+fun instantiate ctxt (Abs (n, T, t1 $ t2)) =
+ let val (T1, T2) = @{Type_fn \<open>fun A B => \<open>(A,B)\<close>\<close>} (type_of1([T] ,t1))
+ val t1' = Abs (n, T, t1)
+ val t2' = Abs (n, T, t2)
+ in
+ Thm.instantiate'
+ (map (Option.map (Thm.ctyp_of ctxt)) [SOME T, SOME T1, SOME T2])
+ (map (Option.map (Thm.cterm_of ctxt)) [SOME t1', NONE, NONE, NONE, SOME t2'])
+ @{thm qbs_morphism_app}
+ end
+| instantiate _ (Abs (_, _, Abs _)) = @{thm curry_preserves_morphisms}
+| instantiate ctxt (t1 $ t2) =
+ let val (T1, T2) = @{Type_fn \<open>fun A B => \<open>(A,B)\<close>\<close>} (type_of1 ([], t1)) in
+ Thm.instantiate'
+ (map (Option.map (Thm.ctyp_of ctxt)) [SOME T1, SOME T2])
+ (map (Option.map (Thm.cterm_of ctxt)) [SOME t1, NONE, NONE, SOME t2])
+ @{thm qbs_morphism_space}
+ end
+| instantiate _ t = raise (TERM (("instantiate"), [t]))
+
+
+fun qbs_tac ctxt facts =
+ let val instantiate_tac =
+ SUBGOAL (fn (t,i) =>
+ (case HOLogic.dest_Trueprop t of
+ \<^Const_>\<open>Set.member _ for f \<^Const_>\<open>qbs_space _ for _\<close>\<close> =>
+ resolve_tac ctxt [instantiate ctxt f] i
+ | _ => raise (TERM ("not a qbs_space predicate", [t])))
+ handle TERM _ => no_tac) 1
+ val thms = facts @ get (Context.Proof ctxt)
+ val single_step_tac =
+ CHANGED (asm_full_simp_tac (put_simpset HOL_basic_ss ctxt addsimps ((map (Simplifier.norm_hhf ctxt) thms))) 1)
+ ORELSE resolve_tac ctxt thms 1
+ ORELSE instantiate_tac
+ in
+ REPEAT single_step_tac
+ end
+
+fun simproc ctxt redex =
+ let
+ val t = HOLogic.mk_Trueprop (Thm.term_of redex);
+ fun tac {context = ctxt, prems = _ } =
+ SOLVE (qbs_tac ctxt (Simplifier.prems_of ctxt));
+ in \<^try>\<open>Goal.prove ctxt [] [] t tac RS @{thm Eq_TrueI}\<close> end;
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/Abstract_Metrizable_Topology.thy b/thys/Standard_Borel_Spaces/Abstract_Metrizable_Topology.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/Abstract_Metrizable_Topology.thy
@@ -0,0 +1,2406 @@
+(* Title: Abstract_Metrizable_Topology.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+section \<open>Abstract Metrizable Topology\<close>
+theory Abstract_Metrizable_Topology
+ imports "Set_Based_Metric_Product"
+begin
+
+subsection \<open> Metrizable Spaces \<close>
+locale metrizable =
+ fixes S :: "'a topology"
+ assumes ex_metric:"\<exists>\<rho>. metric_set (topspace S) \<rho> \<and> S = metric_set.mtopology (topspace S) \<rho>"
+begin
+
+lemma metric:
+ obtains \<rho> where "metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ using ex_metric by metis
+
+lemma bounded_metric:
+ obtains \<rho> where "metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ "\<And>x y. \<rho> x y < 1"
+proof -
+ obtain \<rho> where "metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ by(rule metric)
+ then have "\<exists>\<rho>. metric_set (topspace S) \<rho> \<and> metric_set.mtopology (topspace S) \<rho> = S \<and> (\<forall>x y. \<rho> x y < 1)"
+ using metric_set.bounded_dist_dist(1) metric_set.bounded_dist_dist(2) metric_set.bounded_dist_generate_same_topology
+ by(fastforce intro!: exI[where x="bounded_dist \<rho>"])
+ thus ?thesis
+ using that by auto
+qed
+
+lemma second_countable_if_separable:
+ assumes "separable S"
+ shows "second_countable S"
+proof -
+ obtain d where hd:"metric_set (topspace S) d" "S = metric_set.mtopology (topspace S) d"
+ using ex_metric by(auto simp: metrizable_def)
+ then interpret m: separable_metric_set "topspace S" d
+ using metric_set.separable_iff_topological_separable[of "topspace S" d] assms
+ by auto
+ show "second_countable S"
+ using m.second_countable \<open>S = m.mtopology\<close> by simp
+qed
+
+corollary second_countable_iff_separable: "second_countable S \<longleftrightarrow> separable S"
+ using second_countable_if_separable separable_if_second_countable
+ by auto
+
+lemma Hausdorff: "Hausdorff_space S"
+ using ex_metric metric_set.mtopology_Hausdorff by fastforce
+
+lemma subtopology: "metrizable (subtopology S X)"
+proof -
+ obtain \<rho> where h:"metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ by(rule metric)
+ then show ?thesis
+ using metric_set.submetric_subtopology[OF h(1),of "topspace S \<inter> X"]
+ by(auto intro!: exI[where x="submetric (topspace S \<inter> X) \<rho>"] simp: metrizable_def subtopology_restrict metric_set.mtopology_topspace metric_set.submetric_metric_set)
+qed
+
+lemma g_delta_of_closedin:
+ assumes "closedin S X"
+ shows "g_delta_of S X"
+ using assms ex_metric metric_set.g_delta_of_closed by fastforce
+
+lemma closedin_singleton:
+ assumes "s \<in> topspace S"
+ shows "closedin S {s}"
+proof -
+ obtain \<rho> where h:"metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ by(rule metric)
+ then show ?thesis
+ using metric_set.closedin_closed_ball[OF h(1),of s 0]
+ by(simp add: metric_set.closed_ball_0[OF h(1) assms])
+qed
+
+lemma dense_of_infinite:
+ assumes "infinite (topspace S)" "dense_of S U"
+ shows "infinite U"
+proof -
+ obtain \<rho> where h:"metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ by(rule metric)
+ show ?thesis
+ by(rule metric_set.dense_set_infinite[OF h(1),simplified h(2),OF assms])
+qed
+
+lemma homeomorphic_metrizable:
+ assumes "S homeomorphic_space S'"
+ shows "metrizable S'"
+proof(rule metric)
+ fix d
+ assume h: "metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S"
+ then interpret m: metric_set "topspace S" d by simp
+ from assms obtain f g where fg: "homeomorphic_maps S S' f g"
+ by(auto simp: homeomorphic_space_def)
+ hence g: "g \<in> topspace S' \<rightarrow> topspace S" "inj_on g (topspace S')" "g ` (topspace S') = topspace S"
+ by (auto simp: homeomorphic_eq_injective_perfect_map homeomorphic_maps_map perfect_map_def)
+ have f: "f \<in> topspace S \<rightarrow> topspace S'" "inj_on f (topspace S)" "f ` (topspace S) = topspace S'"
+ using fg by (auto simp: homeomorphic_eq_injective_perfect_map homeomorphic_maps_map perfect_map_def)
+ interpret m': metric_set "topspace S'" "m.ed g (topspace S')"
+ by(simp add: m.embed_dist_dist[OF g(1,2)])
+ show "metrizable S'"
+ unfolding metrizable_def
+ proof(safe intro!: exI[where x="m.ed g (topspace S')"])
+ have [simp]:"m'.ed f (topspace S) = d"
+ by standard+ (insert f g fg m.dist_notin m.dist_notin',auto simp: m'.embed_dist_on_def m.embed_dist_on_def homeomorphic_maps_def)
+ have [simp]:"((`) f ` {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S \<and> 0 < \<epsilon>}) = {m'.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S' \<and> 0 < \<epsilon>}"
+ proof safe
+ fix a and e :: real
+ assume "a \<in> topspace S" "0 < e"
+ then show "\<exists>b e'. f ` m.open_ball a e = m'.open_ball b e' \<and> b \<in> topspace S' \<and> 0 < e'"
+ using f g fg by(auto simp: m.open_ball_def m'.open_ball_def m.embed_dist_on_def homeomorphic_maps_def intro!: exI[where x="f a"] exI[where x=e]) (metis (no_types, lifting) image_eqI mem_Collect_eq)
+ next
+ fix a and e :: real
+ assume "a \<in> topspace S'" "0 < e"
+ then show "m'.open_ball a e \<in> (`) f ` {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S \<and> 0 < \<epsilon>}"
+ using m'.embed_dist_open_ball[OF f(1,2),simplified,of "g a" e] f g fg m'.open_ballD'(1)
+ by(auto simp: m.embed_dist_on_def homeomorphic_maps_def image_def intro!: exI[where x="g a"] exI[where x=e] exI[where x="m.open_ball (g a) e"]) blast
+ qed
+ show "S' = m'.mtopology"
+ using topology_generated_by_homeomorphic_spaces[OF homeomorphic_maps_imp_map[OF fg] h(2)[symmetric,simplified m.mtopology_def2]]
+ by(simp add: m'.mtopology_def2)
+ qed(rule m'.metric_set_axioms)
+qed
+
+end
+
+lemma euclidean_metrizable: "metrizable (euclidean :: ('a ::metric_space) topology)"
+ by (metis euclidean_mtopology metric_class_metric_set metrizable.intro topspace_euclidean)
+
+sublocale metric_set \<subseteq> metrizable "mtopology"
+ using metric_set_axioms metrizable_def mtopology_topspace by fastforce
+
+lemma metrizable_prod:
+ assumes "metrizable X" "metrizable Y"
+ shows "metrizable (prod_topology X Y)"
+proof
+ obtain dx dy where "metric_set (topspace X) dx" "metric_set.mtopology (topspace X) dx = X" "metric_set (topspace Y) dy" "metric_set.mtopology (topspace Y) dy = Y"
+ using metrizable.metric[OF assms(2)] metrizable.metric[OF assms(1)] by metis
+ then show "\<exists>\<rho>. metric_set (topspace (prod_topology X Y)) \<rho> \<and> prod_topology X Y = metric_set.mtopology (topspace (prod_topology X Y)) \<rho>"
+ by(auto intro!: exI[where x="binary_distance (topspace X) dx (topspace Y) dy"] simp: binary_metric_set binary_distance_mtopology)
+qed
+
+lemma metrizable_product:
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> metrizable (X i)"
+ shows "metrizable (product_topology X I)"
+proof -
+ obtain d where hd:"\<And>i. i \<in> I \<Longrightarrow> metric_set (topspace (X i)) (d i)" "\<And>i. i \<in> I \<Longrightarrow> X i = metric_set.mtopology (topspace (X i)) (d i)"
+ using assms(2) by(auto simp: metrizable_def) metis
+ from product_metricI'[of "1/2" _ _ d,OF _ _ assms(1) this(1)]
+ interpret pd: product_metric "1 / 2" I "to_nat_on I" "from_nat_into I" "\<lambda>i. topspace (X i)" "\<lambda>i x y. if i \<in> I then bounded_dist (d i) x y else 0" 1
+ by simp
+ show ?thesis
+ using hd(2) by(auto simp: metrizable_def pd.product_dist_distance pd.product_dist_mtopology[symmetric] hd(1) metric_set.bounded_dist_generate_same_topology intro!: exI[where x=pd.product_dist] product_topology_cong)
+qed
+
+subsection \<open> Complete Metrizable Spaces \<close>
+locale complete_metrizable =
+ fixes S :: "'a topology"
+ assumes ex_cmetric: "\<exists>\<rho>. complete_metric_set (topspace S) \<rho> \<and> S = metric_set.mtopology (topspace S) \<rho>"
+begin
+
+lemma cmetric:
+ obtains \<rho> where "complete_metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ using ex_cmetric by metis
+
+lemma bounded_cmetric:
+ obtains \<rho> where "complete_metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ "\<And>x y. \<rho> x y < 1"
+proof -
+ obtain \<rho> where "complete_metric_set (topspace S) \<rho>" "metric_set.mtopology (topspace S) \<rho> = S"
+ by(rule cmetric)
+ then have "\<exists>\<rho>. complete_metric_set (topspace S) \<rho> \<and> metric_set.mtopology (topspace S) \<rho> = S \<and> (\<forall>x y. \<rho> x y < 1)"
+ using metric_set.bounded_dist_dist(1) metric_set.bounded_dist_dist(2) metric_set.bounded_dist_generate_same_topology complete_metric_set.bounded_dist_complete complete_metric_set_def
+ by(fastforce intro!: exI[where x="bounded_dist \<rho>"])
+ thus ?thesis
+ using that by auto
+qed
+
+lemma metrizable: "metrizable S"
+ using complete_metric_set_def complete_metrizable_axioms complete_metrizable_def metrizable_def by blast
+
+sublocale metrizable
+ by(rule metrizable)
+
+lemma closedin_complete_metrizable:
+ assumes "closedin S A"
+ shows "complete_metrizable (subtopology S A)"
+ by (metis assms closedin_def complete_metric_set.submetric_complete_iff complete_metric_set_def complete_metrizable_axioms complete_metrizable_def metric_set.submetric_subtopology topspace_subtopology_subset)
+
+lemma homeomorphic_complete_metrizable:
+ assumes "S homeomorphic_space S'"
+ shows "complete_metrizable S'"
+proof(rule cmetric)
+ fix d
+ assume h: "complete_metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S"
+ then interpret m: complete_metric_set "topspace S" d by simp
+ from assms obtain f g where fg: "homeomorphic_maps S S' f g"
+ by(auto simp: homeomorphic_space_def)
+ hence g: "g \<in> topspace S' \<rightarrow> topspace S" "inj_on g (topspace S')" "g ` (topspace S') = topspace S"
+ by (auto simp: homeomorphic_eq_injective_perfect_map homeomorphic_maps_map perfect_map_def)
+ have f: "f \<in> topspace S \<rightarrow> topspace S'" "inj_on f (topspace S)" "f ` (topspace S) = topspace S'"
+ using fg by (auto simp: homeomorphic_eq_injective_perfect_map homeomorphic_maps_map perfect_map_def)
+ interpret m': complete_metric_set "topspace S'" "m.ed g (topspace S')"
+ by(auto intro!: m.embed_dist_complete[OF g(1,2)] simp: h(2) g(3))
+ show "complete_metrizable S'"
+ unfolding complete_metrizable_def
+ proof(safe intro!: exI[where x="m.ed g (topspace S')"])
+ have [simp]:"m'.ed f (topspace S) = d"
+ by standard+ (insert f g fg m.dist_notin m.dist_notin',auto simp: m'.embed_dist_on_def m.embed_dist_on_def homeomorphic_maps_def)
+ have [simp]:"((`) f ` {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S \<and> 0 < \<epsilon>}) = {m'.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S' \<and> 0 < \<epsilon>}"
+ proof safe
+ fix a and e :: real
+ assume "a \<in> topspace S" "0 < e"
+ then show "\<exists>b e'. f ` m.open_ball a e = m'.open_ball b e' \<and> b \<in> topspace S' \<and> 0 < e'"
+ using f g fg by(auto simp: m.open_ball_def m'.open_ball_def m.embed_dist_on_def homeomorphic_maps_def intro!: exI[where x="f a"] exI[where x=e]) (metis (no_types, lifting) image_eqI mem_Collect_eq)
+ next
+ fix a and e :: real
+ assume "a \<in> topspace S'" "0 < e"
+ then show "m'.open_ball a e \<in> (`) f ` {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> topspace S \<and> 0 < \<epsilon>}"
+ using m'.embed_dist_open_ball[OF f(1,2),simplified,of "g a" e] f g fg m'.open_ballD'(1)
+ by(auto simp: m.embed_dist_on_def homeomorphic_maps_def image_def intro!: exI[where x="g a"] exI[where x=e] exI[where x="m.open_ball (g a) e"]) blast
+ qed
+ show "S' = m'.mtopology"
+ using topology_generated_by_homeomorphic_spaces[OF homeomorphic_maps_imp_map[OF fg] h(2)[symmetric,simplified m.mtopology_def2]]
+ by(simp add: m'.mtopology_def2)
+ qed(rule m'.complete_metric_set_axioms)
+qed
+
+end
+
+lemma euclidean_complete_metrizable[simp]:
+ "complete_metrizable (euclidean :: ('a ::complete_space) topology)"
+ by (metis complete_metrizable.intro complete_space_complete_metric_set euclidean_mtopology topspace_euclidean)
+
+sublocale complete_metric_set \<subseteq> complete_metrizable "mtopology"
+ using complete_metric_set_axioms complete_metrizable_def mtopology_topspace by fastforce
+
+lemma complete_metrizable_prod:
+ assumes "complete_metrizable X" "complete_metrizable Y"
+ shows "complete_metrizable (prod_topology X Y)"
+proof
+ obtain dx dy where "complete_metric_set (topspace X) dx" "metric_set.mtopology (topspace X) dx = X" "complete_metric_set (topspace Y) dy" "metric_set.mtopology (topspace Y) dy = Y"
+ using complete_metrizable.cmetric[OF assms(2)] complete_metrizable.cmetric[OF assms(1)] by metis
+ then show "\<exists>\<rho>. complete_metric_set (topspace (prod_topology X Y)) \<rho> \<and> prod_topology X Y = metric_set.mtopology (topspace (prod_topology X Y)) \<rho>"
+ using binary_distance_complete by(auto intro!: exI[where x="binary_distance (topspace X) dx (topspace Y) dy"] simp: binary_distance_mtopology complete_metric_set_def)
+qed
+
+lemma complete_metrizable_product:
+ assumes "countable I" "\<And>i. i \<in> I \<Longrightarrow> complete_metrizable (X i)"
+ shows "complete_metrizable (product_topology X I)"
+proof -
+ obtain d where hd:"\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (topspace (X i)) (d i)" "\<And>i. i \<in> I \<Longrightarrow> X i = metric_set.mtopology (topspace (X i)) (d i)"
+ using assms(2) by(auto simp: complete_metrizable_def) metis
+ from product_complete_metricI'[of "1/2" _ _ d,OF _ _ assms(1) this(1)]
+ interpret pd: product_complete_metric "1 / 2" I "to_nat_on I" "from_nat_into I" "\<lambda>i. topspace (X i)" "\<lambda>i x y. if i \<in> I then bounded_dist (d i) x y else 0" 1
+ by simp
+ show ?thesis
+ using hd(2) by(auto simp: complete_metrizable_def pd.product_dist_distance pd.product_dist_mtopology[symmetric] hd(1) complete_metric_set.axioms(1) metric_set.bounded_dist_generate_same_topology pd.complete_metric_set_axioms intro!: exI[where x=pd.product_dist] product_topology_cong)
+qed
+
+lemma(in complete_metrizable) g_delta_of_complete_metrizable:
+ assumes "g_delta_of S B"
+ shows "complete_metrizable (subtopology S B)"
+proof -
+ obtain d where d:"complete_metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S"
+ by(rule cmetric)
+ interpret m: complete_metric_set "topspace S" d by fact
+ obtain U :: "nat \<Rightarrow> _" where U: "\<And>n. openin S (U n)" "B = \<Inter> (range U)"
+ using g_delta_ofD'[OF assms] by metis
+ consider "topspace (subtopology S B) = {}" | "topspace (subtopology S B) = topspace S" | "topspace (subtopology S B) \<noteq> {}" "topspace (subtopology S B) \<subset> topspace S"
+ by (metis assms g_delta_of_subset order_le_less topspace_subtopology_subset)
+ then show ?thesis
+ proof cases
+ case 1
+ with empty_metric_polish show ?thesis
+ by(auto intro!: exI[where x="\<lambda>x y. 0"] simp: complete_metrizable_def polish_metric_set_def separable_metric_set_def Int_absorb1 assms empty_metric_mtopology g_delta_of_subset subtopology_eq_discrete_topology_eq)
+ next
+ case 2
+ then have "B = topspace S"
+ using g_delta_of_subset[OF assms] by auto
+ thus ?thesis
+ by(simp add: complete_metrizable_axioms)
+ next
+ case 3
+ then have h: "B \<noteq> {}" "\<And>n. U n \<noteq> {}" by(auto simp: U(2))
+ define f where "f \<equiv> (\<lambda>x. (x, (\<lambda>i. 1 / m.dist_set (topspace S - (U i)) x)))"
+ have f_inj:"inj f"
+ by(auto simp: inj_def f_def)
+ have f_inv: "\<And>x. x \<in> f ` B \<Longrightarrow> f (fst x) = x" "\<And>x. fst (f x) = x"
+ by(auto simp: f_def)
+ have "continuous_map (subtopology S B) (prod_topology S (powertop_real UNIV)) f"
+ unfolding continuous_map_pairwise continuous_map_componentwise_UNIV
+ proof safe
+ have [simp]:"fst \<circ> f = id"
+ by(auto simp: f_def)
+ show "continuous_map (subtopology S B) S (fst \<circ> f)"
+ by simp
+ next
+ fix k
+ show "continuous_map (subtopology S B) euclideanreal (\<lambda>x. (snd \<circ> f) x k)"
+ proof(cases "U k = topspace S")
+ case True
+ then show ?thesis
+ by(simp add: f_def)
+ next
+ case False
+ then have [simp]:"(\<lambda>x. snd (f x) k) = (\<lambda>x. 1 / m.dist_set (topspace S - (U k)) x)"
+ by(simp add: f_def)
+ have "continuous_map (subtopology S B) euclideanreal ..."
+ proof(rule continuous_map_real_divide)
+ show "continuous_map (subtopology S B) euclideanreal (m.dist_set (topspace S - U k))"
+ using m.dist_set_continuous[simplified d(2),of "topspace S - U k"]
+ by (simp add: continuous_map_from_subtopology)
+ next
+ fix x
+ assume "x \<in> topspace (subtopology S B)"
+ then have h':"x \<in> topspace S" "x \<in> B" by auto
+ have 1: "closedin S (topspace S - U k)" "topspace S - U k \<noteq> {}"
+ using U(1) d(2) m.mtopology_openin_iff2 False by auto
+ with h'(2) m.dist_set_closed_ge0[simplified d(2),OF 1 h'(1)]
+ show "m.dist_set (topspace S - U k) x \<noteq> 0"
+ by(auto simp: U(2))
+ qed simp
+ thus ?thesis by simp
+ qed
+ qed
+ hence f_cont: "continuous_map (subtopology S B) (subtopology (prod_topology S (powertop_real UNIV)) (f ` B)) f"
+ using g_delta_of_subset[OF assms] by(auto simp: continuous_map_in_subtopology)
+ have f_invcont: "continuous_map (subtopology (prod_topology S (powertop_real UNIV)) (f ` B)) (subtopology S B) fst"
+ by(auto intro!: continuous_map_into_subtopology simp: continuous_map_subtopology_fst f_def)
+
+ have homeo: "subtopology (prod_topology S (powertop_real UNIV)) (f ` B) homeomorphic_space subtopology S B"
+ using f_inv(2) by(auto simp: homeomorphic_space_def homeomorphic_maps_def f_cont f_invcont intro!: exI[where x=f] exI[where x=fst])
+
+ show ?thesis
+ proof(safe intro!: complete_metrizable.homeomorphic_complete_metrizable[OF _ homeo] complete_metrizable.closedin_complete_metrizable[of _ "f ` B"] complete_metrizable_prod complete_metrizable_product complete_metrizable_axioms)
+ interpret r: polish_metric_set UNIV "dist :: real \<Rightarrow> _" by simp
+ interpret pd: product_complete_metric "1/2" UNIV id id "\<lambda>n. UNIV" "\<lambda>n. bounded_dist (dist :: real \<Rightarrow> _)" 1
+ by(auto intro!: product_complete_metric_natI' simp: r.complete_metric_set_axioms)
+ interpret bpd: complete_metric_set "topspace S \<times> (\<Pi>\<^sub>E x\<in>(UNIV::nat set). (UNIV::real set))" "binary_distance (topspace S) d (\<Pi>\<^sub>E x\<in>(UNIV::nat set). (UNIV::real set)) pd.product_dist"
+ using pd.complete_metric_set_axioms by(auto intro!: binary_distance_complete d(1))
+
+ have "closedin bpd.mtopology (f ` B)"
+ proof -
+ { fix a b and zn :: "nat \<Rightarrow> _"
+ assume h':"zn \<in> UNIV \<rightarrow> f ` B" "m.converge_to_inS (\<lambda>n. fst (zn n)) a" "\<forall>i. r.converge_to_inS (\<lambda>n. snd (zn n) i) (b i)"
+ then obtain xn where xn: "\<And>n. xn n \<in> B" "\<And>n. zn n = f (xn n)"
+ by (metis PiE UNIV_I f_inv(2) imageE)
+
+ have h: "m.converge_to_inS xn a" "\<And>i. r.converge_to_inS (\<lambda>n. 1 / m.dist_set (topspace S - U i) (xn n)) (b i)"
+ proof -
+ {
+ fix i
+ have "(\<lambda>n. snd (zn n) i) = (\<lambda>n. 1 / m.dist_set (topspace S - U i) (xn n))"
+ by standard (simp add: xn(2) f_def)
+ }
+ thus "m.converge_to_inS xn a" "\<And>i. r.converge_to_inS (\<lambda>n. 1 / m.dist_set (topspace S - U i) (xn n)) (b i)"
+ using h' by(auto simp: xn(2) f_def)
+ qed
+ have conv1: "r.converge_to_inS (\<lambda>n. m.dist_set (topspace S - U i) (xn n)) (m.dist_set (topspace S - U i) a)" for i
+ using m.dist_set_continuous h(1) by(simp add: metric_set_continuous_map_eq'[OF m.metric_set_axioms r.metric_set_axioms,simplified euclidean_mtopology])
+ have dista_n0:"m.dist_set (topspace S - U i) a \<noteq> 0" if "U i \<noteq> topspace S" for i
+ proof(rule LIMSEQ_inverse_not0[OF _ conv1[simplified converge_to_def_set[symmetric]] h(2)[simplified converge_to_def_set[symmetric]]])
+ fix n
+ have "0 < m.dist_set (topspace S - U i) (xn n)"
+ using xn(1) U(1)[of i] by(auto intro!: m.dist_set_closed_ge0 simp: U(2) d(2) in_mono openin_subset) (use openin_subset that in blast)+
+ thus "m.dist_set (topspace S - U i) (xn n) \<noteq> 0" by simp
+ qed
+ from tendsto_inverse_real[OF conv1[simplified converge_to_def_set[symmetric]] this]
+ have conv1':"r.converge_to_inS (\<lambda>n. 1 / m.dist_set (topspace S - U i) (xn n)) (1 / m.dist_set (topspace S - U i) a)" if "U i \<noteq> topspace S" for i
+ by(simp add: that converge_to_def_set)
+ have "a \<in> U n" for n
+ proof(cases "U n = topspace S")
+ case True
+ then show ?thesis
+ using h'(2) by(auto simp: m.converge_to_inS_def)
+ next
+ case False
+ with m.dist_set_nzeroD(2)[OF dista_n0[OF this]] dista_n0
+ show ?thesis
+ by fastforce
+ qed
+ hence "a \<in> B"
+ by(auto simp: U(2))
+ moreover have "b n = 1 / m.dist_set (topspace S - (U n)) a" for n
+ proof(cases "U n = topspace S")
+ case True
+ then show ?thesis
+ using h(2)[of n,simplified converge_to_def_set[symmetric]]
+ by (simp add: LIMSEQ_const_iff)
+ next
+ case False
+ from conv1'[OF this] h(2)[of n]
+ show ?thesis
+ by(simp add: r.converge_to_inS_unique)
+ qed
+ ultimately have "(a, b) \<in> f ` B"
+ by(auto simp: f_def image_def)
+ }
+ thus ?thesis
+ unfolding bpd.mtopology_closedin_iff binary_distance_converge_to_inS_iff'[OF m.metric_set_axioms pd.metric_set_axioms]
+ using pd.converge_to_iff[simplified r.bounded_dist_converge_to_inS_iff[symmetric]] g_delta_of_subset[OF assms] f_def
+ by auto
+ qed
+ thus "closedin (prod_topology S (powertop_real UNIV)) (f ` B)"
+ by(simp only: binary_distance_mtopology[OF m.metric_set_axioms pd.metric_set_axioms] pd.product_dist_mtopology[symmetric] r.bounded_dist_generate_same_topology[symmetric] euclidean_mtopology d(2))
+ qed simp_all
+ qed
+qed
+
+corollary(in complete_metrizable) openin_complete_metrizable:
+ assumes "openin S u"
+ shows "complete_metrizable (subtopology S u)"
+ using assms by(auto intro!: g_delta_of_complete_metrizable )
+
+subsection \<open> Polish Spaces \<close>
+locale polish_topology = complete_metrizable +
+ assumes S_separable:"separable S"
+begin
+
+lemma S_second_countable: "second_countable S"
+ by(rule second_countable_if_separable[OF S_separable])
+
+lemma closedin_polish:
+ assumes "closedin S A"
+ shows "polish_topology (subtopology S A)"
+ by (simp add: S_second_countable assms closedin_complete_metrizable polish_topology_axioms_def polish_topology_def second_countable_subtopology separable_if_second_countable)
+
+lemma g_delta_of_polish:
+ assumes "g_delta_of S A"
+ shows "polish_topology (subtopology S A)"
+ by(simp add: polish_topology_def g_delta_of_complete_metrizable[OF assms] polish_topology_axioms_def S_second_countable second_countable_subtopology separable_if_second_countable)
+
+corollary openin_polish:
+ assumes "openin S A"
+ shows "polish_topology (subtopology S A)"
+ by (simp add: assms g_delta_of_polish)
+
+lemma homeomorphic_polish_topology:
+ assumes "S homeomorphic_space S'"
+ shows "polish_topology S'"
+ by(simp add: polish_topology_def homeomorphic_complete_metrizable[OF assms] homeomorphic_separable[OF S_separable assms] polish_topology_axioms_def)
+
+end
+
+lemma polish_topology_def2:
+ "polish_topology S \<longleftrightarrow> (\<exists>\<rho>. polish_metric_set (topspace S) \<rho> \<and> S = metric_set.mtopology (topspace S) \<rho>)"
+ by (metis complete_metric_set.axioms(1) complete_metrizable_def metric_set.separable_iff_topological_separable polish_metric_set.axioms(1) polish_metric_set.axioms(2) polish_metric_set.intro polish_topology_axioms_def polish_topology_def)
+
+lemma(in polish_topology) polish_metric:
+ obtains d where "polish_metric_set (topspace S) d"
+ and "S = metric_set.mtopology (topspace S) d"
+ using polish_topology_axioms by(auto simp: polish_topology_def2)
+
+lemma(in polish_topology) bounded_polish_metric:
+ obtains d where "polish_metric_set (topspace S) d"
+ and "S = metric_set.mtopology (topspace S) d"
+ and "\<And>x y. d x y < 1"
+proof -
+ obtain d where d:"polish_metric_set (topspace S) d" "S = metric_set.mtopology (topspace S) d"
+ by(rule polish_metric)
+ interpret d: polish_metric_set "topspace S" d by fact
+ have "\<exists>d'. polish_metric_set (topspace S) d' \<and> S = metric_set.mtopology (topspace S) d' \<and> (\<forall>x y. d' x y < 1)"
+ using d by(auto intro!: exI[where x="bounded_dist d"] polish_metric_set.bounded_dist_polish simp:d.bounded_dist_generate_same_topology d.bounded_dist_dist)
+ with that show ?thesis
+ by auto
+qed
+
+sublocale polish_metric_set \<subseteq> polish_topology mtopology
+ using mtopology_topspace by(auto simp: polish_topology_def2 polish_metric_set_axioms intro!: exI[where x=dist])
+
+lemma polish_topology_euclidean[simp]: "polish_topology (euclidean :: ('a :: polish_space) topology)"
+ using polish_class_polish_set
+ by(auto simp: polish_topology_def2 intro!: exI[where x=dist]) (use open_openin open_openin_set topology_eq in blast)
+
+lemma polish_topology_countable[simp]:
+ "polish_topology (euclidean :: 'a :: {countable,discrete_topology} topology)"
+proof -
+ interpret polish_metric_set "UNIV :: 'a set" "discrete_dist UNIV"
+ by(simp add: discrete_dist_polish_iff)
+ show ?thesis
+ unfolding polish_topology_def2
+ by(auto intro!: exI[where x="discrete_dist UNIV"] simp: topology_eq polish_metric_set_axioms discrete_dist_topology[of "UNIV :: 'a set"] discrete_topology_class.open_discrete)
+qed
+
+lemma polish_topology_prod:
+ assumes "polish_topology S" and "polish_topology S'"
+ shows "polish_topology (prod_topology S S')"
+proof -
+ obtain \<rho> \<rho>' where hr:
+ "polish_metric_set (topspace S) \<rho>" "S = metric_set.mtopology (topspace S) \<rho>"
+ "polish_metric_set (topspace S') \<rho>'" "S' = metric_set.mtopology (topspace S') \<rho>'"
+ using assms by(auto simp: polish_topology_def2)
+ interpret m1:polish_metric_set "topspace S" \<rho> by fact
+ interpret m2:polish_metric_set "topspace S'" \<rho>' by fact
+ interpret m: polish_metric_set "topspace S \<times> topspace S'" "binary_distance (topspace S) \<rho> (topspace S') \<rho>'"
+ by(auto intro!: binary_distance_polish simp: m1.polish_metric_set_axioms m2.polish_metric_set_axioms)
+ show ?thesis
+ unfolding polish_topology_def2
+ using binary_distance_mtopology[OF m1.metric_set_axioms m2.metric_set_axioms,simplified space_pair_measure[symmetric]] hr(2,4)
+ by(auto intro!: exI[where x="binary_distance (topspace S) \<rho> (topspace S') \<rho>'"] m.polish_metric_set_axioms)
+qed
+
+lemma polish_topology_product:
+ assumes "countable I" and "\<And>i. i \<in> I \<Longrightarrow> polish_topology (S i)"
+ shows "polish_topology (product_topology S I)"
+proof -
+ obtain \<rho> where hr:
+ "\<And>i. i \<in> I \<Longrightarrow> polish_metric_set (topspace (S i)) (\<rho> i)" "\<And>i. i \<in> I \<Longrightarrow> S i = metric_set.mtopology (topspace (S i)) (\<rho> i)"
+ using assms(2) by(auto simp: polish_topology_def2) metis
+ define \<rho>' where "\<rho>' \<equiv> (\<lambda>i x y. if i \<in> I then bounded_dist (\<rho> i) x y else 0)"
+ interpret pd: product_polish_metric "1/2" I "to_nat_on I" "from_nat_into I" "\<lambda>i. topspace (S i)" \<rho>' 1
+ using assms hr by(auto intro!: product_polish_metricI' simp: \<rho>'_def)
+ have "product_topology S I = product_topology (\<lambda>i. metric_set.mtopology (topspace (S i)) (\<rho> i)) I"
+ by(auto intro!: product_topology_cong hr(2))
+ also have "... = product_topology (\<lambda>i. metric_set.mtopology (topspace (S i)) (\<rho>' i)) I"
+ by(auto intro!: product_topology_cong simp: \<rho>'_def)
+ (use hr(1) metric_set.bounded_dist_generate_same_topology polish_metric_set.axioms(2) separable_metric_set_def in blast)
+ also have "... = pd.mtopology"
+ by(rule pd.product_dist_mtopology)
+ finally have "product_topology S I = pd.mtopology" .
+ show ?thesis
+ unfolding polish_topology_def2
+ by(auto intro!: exI[where x="pd.product_dist"] simp: pd.polish_metric_set_axioms) fact
+qed
+
+lemma polish_topology_closedin_polish:
+ assumes "polish_topology S" and "closedin S U"
+ shows "polish_topology (subtopology S U)"
+proof -
+ obtain \<rho> where *:
+ "polish_metric_set (topspace S) \<rho>" "S = metric_set.mtopology (topspace S) \<rho>"
+ using assms by(auto simp: polish_topology_def2)
+ interpret m:polish_metric_set "topspace S" \<rho> by fact
+ interpret m':polish_metric_set U "submetric U \<rho>"
+ using m.submetric_complete_iff[OF closedin_subset[OF assms(2)]] m.submetric_separable[OF closedin_subset[OF assms(2)]] assms(2) *
+ by(simp add: polish_metric_set_def)
+ have "subtopology S U = m'.mtopology"
+ using m.submetric_subtopology[OF closedin_subset[OF assms(2)]] * by simp
+ thus ?thesis
+ using m'.mtopology_topspace
+ by(auto simp: polish_topology_def2 m'.polish_metric_set_axioms intro!: exI[where x="submetric U \<rho>"])
+qed
+
+subsection \<open> Compact Metrizable Spaces \<close>
+locale compact_metrizable = metrizable +
+ assumes compact: "compact_space S"
+begin
+
+sublocale polish_topology
+proof -
+ obtain d where "compact_metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S"
+ using metric compact by(auto simp: compact_metric_set_def compact_metric_set_axioms.intro)
+ then interpret m: polish_metric_set "topspace S" d
+ by(simp add: compact_metric_set.polish)
+ show "polish_topology S"
+ using \<open>m.mtopology = S\<close> m.polish_topology_axioms by simp
+qed
+
+lemma compact_metric:
+ obtains d where "compact_metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S"
+ by (metis metric compact compact_metric_set.intro compact_metric_set_axioms.intro)
+
+end
+
+subsection \<open>Continuous Embddings\<close>
+abbreviation Hilbert_cube_as_topology :: "(nat \<Rightarrow> real) topology" where
+"Hilbert_cube_as_topology \<equiv> (product_topology (\<lambda>n. top_of_set {0..1}) UNIV)"
+
+lemma topspace_Hilbert_cube: "topspace Hilbert_cube_as_topology = (\<Pi>\<^sub>E x\<in>UNIV. {0..1})"
+ by simp
+
+lemma Hilbert_cube_Polish_topology: "polish_topology Hilbert_cube_as_topology"
+ by(auto intro!: polish_topology_closedin_polish polish_topology_product)
+
+abbreviation Cantor_space_as_topology :: "(nat \<Rightarrow> real) topology" where
+"Cantor_space_as_topology \<equiv> (product_topology (\<lambda>n. top_of_set {0,1}) UNIV)"
+
+lemma topspace_Cantor_space:
+ "topspace Cantor_space_as_topology = (\<Pi>\<^sub>E x\<in>UNIV. {0,1})"
+ by simp
+
+lemma Cantor_space_Polish_topology:
+ "polish_topology Cantor_space_as_topology"
+ by(auto intro!: polish_topology_closedin_polish polish_topology_product)
+
+text \<open> Proposition 2.2.3 in \cite{borelsets} \<close>
+lemma continuous_map_metrizable_extension:
+ assumes "A \<subseteq> topspace W" "metrizable W" "complete_metrizable Z" "continuous_map (subtopology W A) Z f"
+ shows "\<exists>h gd. g_delta_of W gd \<and> (\<forall>a\<in>A. f a = h a) \<and> A \<subseteq> gd \<and> continuous_map (subtopology W gd) Z h"
+proof -
+ obtain dz where hdz: "complete_metric_set (topspace Z) dz" "metric_set.mtopology (topspace Z) dz = Z" "\<And>x y. dz x y < 1"
+ using complete_metrizable.bounded_cmetric[OF assms(3)] by auto
+ interpret dz: complete_metric_set "topspace Z" dz by fact
+ obtain dw where hdw: "metric_set (topspace W) dw" "metric_set.mtopology (topspace W) dw = W"
+ using metrizable.metric[OF assms(2)] by auto
+ interpret dw: metric_set "topspace W" dw by fact
+ interpret subd: metric_set A "submetric A dw"
+ using assms by(auto intro!: dw.submetric_metric_set)
+ have "subd.mtopology = subtopology W A"
+ using assms(1) dw.submetric_subtopology hdw(2) by auto
+ let ?oscf = "dz.osc_on A W f"
+ define gd where "gd \<equiv> {x\<in>W closure_of A. ?oscf x = 0}"
+ have g_delta: "g_delta_of W gd"
+ proof -
+ have *:"{x\<in>W closure_of A. ?oscf x < t} = \<Union> {V \<inter> (W closure_of A)| V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < t}" for t
+ by(auto simp: dz.osc_on_less_iff)
+ have 1:"gd = \<Inter> {{x\<in>W closure_of A. ?oscf x < 1 / real n}|n. n \<in> {0<..}}"
+ proof -
+ have "x \<in> gd" if h:"\<And>n. n \<in> {0<..} \<Longrightarrow> x \<in> {x\<in>W closure_of A. ?oscf x < 1 / real n}" for x
+ proof -
+ have "?oscf x < \<epsilon>" if he:"\<epsilon>>0" for \<epsilon>
+ proof -
+ obtain n where "1 / real (Suc n) < \<epsilon>"
+ by (meson enn2real_le_iff enn2real_positive_iff ennreal_less_top ennreal_less_zero_iff he linorder_not_le nat_approx_posE order_le_less_trans)
+ thus ?thesis
+ using h[of "Suc n"] by auto
+ qed
+ hence "?oscf x = 0"
+ using not_gr_zero by blast
+ thus ?thesis
+ using that by(auto simp: gd_def)
+ qed
+ thus ?thesis
+ by (auto simp: gd_def)
+ qed
+ also have "... = \<Inter> {\<Union> {V \<inter> (W closure_of A)| V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < 1 / real n}|n. n \<in> {0<..}}"
+ using * by auto
+ also have "... = W closure_of A \<inter> \<Inter> {\<Union> {V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < 1 / real n}|n. n \<in> {0<..}}"
+ by blast
+ also have "g_delta_of W ..."
+ proof -
+ have "{\<Union> {V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < ennreal (1 / real n)} | n. 0 < n} = (\<lambda>n. \<Union> {V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < ennreal (1 / real n)}) ` {0<..}" by auto
+ also have "countable ..." by auto
+ finally show ?thesis
+ by(auto intro!: dw.g_delta_of_closed[simplified hdw(2),of "W closure_of A"] g_delta_of_inter[OF _ g_delta_ofI[of "{\<Union> {V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < ennreal (1 / real n)} | n. n \<in> {0<..}}" _ "\<Inter> {\<Union> {V. openin W V \<and> dz.diam (f ` (A \<inter> V)) < 1 / real n}|n. 0 < n}"]] )
+ qed
+ finally show ?thesis .
+ qed
+ have oscf0: "?oscf a = 0" if "a \<in> A" for a
+ using assms that by(auto intro!: osc_on_inA_0[OF dw.metric_set_axioms dz.metric_set_axioms,simplified \<open>dz.mtopology = Z\<close> \<open>dw.mtopology = W\<close>] simp: le_iff_inf)
+ hence A_subst_of_gd: "A \<subseteq> gd"
+ using closure_of_subset[OF assms(1)] by(auto simp add: gd_def)
+ define h where "h x \<equiv> let xn = (SOME an. an \<in> UNIV \<rightarrow> A \<and> dw.converge_to_inS an x) in dz.the_limit_of (\<lambda>n. f (xn n))" for x
+ have h_extends:"f a = h a" if "a \<in> A" for a
+ proof -
+ obtain an where han: "an \<in> UNIV \<rightarrow> A" "dw.converge_to_inS an a"
+ using dw.closure_of_mtopology_an[of a A] A_subst_of_gd \<open>a \<in> A\<close> gd_def hdw(2) by auto
+ show ?thesis
+ unfolding h_def Let_def
+ proof(rule someI2[of _ an "\<lambda>t. f a = dz.the_limit_of (\<lambda>n. f (t n))"])
+ fix bn
+ assume h:"bn \<in> UNIV \<rightarrow> A \<and> dw.converge_to_inS bn a"
+ hence "subd.converge_to_inS bn a"
+ using assms(1) dw.convergent_insubmetric that by fastforce
+ hence "dz.converge_to_inS (\<lambda>n. f (bn n)) (f a)"
+ using metric_set_continuous_map_eq'[OF subd.metric_set_axioms dz.metric_set_axioms,of f,simplified \<open>subd.mtopology = subtopology W A\<close> \<open>dz.mtopology = Z\<close> assms(4)]
+ by auto
+ thus "f a = dz.the_limit_of (\<lambda>n. f (bn n))"
+ by(simp add: dz.the_limit_of_eq)
+ qed(use han in auto)
+ qed
+ have "gd \<subseteq> topspace W"
+ by(simp add: gd_def in_closure_of)
+ then interpret subd_on_gd: metric_set gd "submetric gd dw"
+ by(auto intro!: dw.submetric_metric_set)
+ have "subtopology W gd = subd_on_gd.mtopology"
+ using \<open>gd \<subseteq> topspace W\<close> dw.submetric_subtopology hdw(2) by auto
+ have Cauchyf:"dz.Cauchy_inS (\<lambda>n. f (an n))" if "subd.Cauchy_inS an" "dw.converge_to_inS an a" "?oscf a = 0" for an a
+ proof -
+ have "{dz.diam (f ` (A \<inter> U)) |U. a \<in> U \<and> openin W U} = (\<lambda>U. dz.diam (f ` (A \<inter> U))) ` {U. a \<in> U \<and> openin W U}"
+ by auto
+ hence "(\<Sqinter>i\<in>{U. a \<in> U \<and> openin W U}. dz.diam (f ` (A \<inter> i))) = \<bottom>"
+ using that(3) by(auto simp: dz.osc_on_def bot_ennreal)
+ from this[simplified INF_eq_bot_iff]
+ have "\<And>\<epsilon>. \<epsilon> > 0 \<Longrightarrow> \<exists>u\<in>{U. a \<in> U \<and> openin W U}. dz.diam (f ` (A \<inter> u)) < \<epsilon>"
+ by(simp add: bot_ennreal)
+ hence he:"\<And>\<epsilon>. \<epsilon> > 0 \<Longrightarrow> \<exists>u\<in>{U. a \<in> U \<and> openin W U}. dz.diam (f ` (A \<inter> u)) < ennreal \<epsilon>"
+ by auto
+ show ?thesis
+ unfolding dz.Cauchy_inS_def
+ proof safe
+ show "\<And>x. f (an x) \<in> topspace Z"
+ using assms(1,4) subd.Cauchy_inS_dest1[OF that(1)] by(auto simp: continuous_map_def)
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ from he[OF this] obtain U where hu:"a \<in> U" "openin W U" "dz.diam (f ` (A \<inter> U)) < ennreal \<epsilon>"
+ by auto
+ then obtain e where he:"e > 0" "a \<in> dw.open_ball a e" "dw.open_ball a e \<subseteq> U"
+ by (metis \<open>dw.converge_to_inS an a\<close> dw.metric_set_axioms dw.mtopology_openin_iff dw.open_ball_ina hdw(2) metric_set.converge_to_inS_def2')
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> an n \<in> dw.open_ball a e"
+ using \<open>dw.converge_to_inS an a\<close> dw.converge_to_inS_def2' by blast
+ hence hn: "\<And>n. n \<ge> N \<Longrightarrow> an n \<in> A \<inter> U"
+ using he(3) that(1) by(auto simp: subd.Cauchy_inS_def)
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dz (f (an n)) (f (an m)) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n m
+ assume "N \<le> n" "N \<le> m"
+ then have "an n \<in> A \<inter> U" "an m \<in> A \<inter> U"
+ using hn by auto
+ hence "f (an n) \<in> f ` (A \<inter> U)" "f (an m) \<in> f ` (A \<inter> U)"
+ by auto
+ then have "ennreal (dz (f (an n)) (f (an m))) \<le> dz.diam (f ` (A \<inter> U))"
+ using assms(4) subd.mtopology_topspace by(auto intro!: dz.diam_is_sup simp:\<open>subd.mtopology = subtopology W A\<close> continuous_map_def)
+ also have "... < ennreal \<epsilon>" by fact
+ finally show "dz (f (an n)) (f (an m)) < \<epsilon>"
+ using dz.dist_geq0 by (simp add: ennreal_less_iff)
+ qed
+ qed
+ qed
+ have "continuous_map (subtopology W gd) Z h"
+ proof -
+ have h_image:"h \<in> gd \<rightarrow> topspace Z"
+ proof
+ fix x
+ assume "x \<in> gd"
+ then obtain xn where hxn: "xn \<in> UNIV \<rightarrow> A" "dw.converge_to_inS xn x"
+ using dw.closure_of_mtopology_an[of x A] by(auto simp: gd_def hdw(2))
+ show "h x \<in> topspace Z"
+ unfolding h_def Let_def
+ proof(rule someI2[of _ xn "\<lambda>t. dz.the_limit_of (\<lambda>n. f (t n)) \<in> topspace Z"])
+ fix an
+ assume "an \<in> subd.sequence \<and> dw.converge_to_inS an x"
+ then have h:"an \<in> subd.sequence" "dw.converge_to_inS an x" by auto
+ then have "dz.Cauchy_inS (\<lambda>n. f (an n))"
+ using \<open>x \<in> gd\<close> by(auto intro!: Cauchyf[OF dw.Cauchy_insub_Cauchy_inverse[OF assms(1) h(1) dw.Cauchy_if_convergent_inS] h(2)] simp: gd_def dw.convergent_inS_def)
+ thus "dz.the_limit_of (\<lambda>n. f (an n)) \<in> topspace Z"
+ by(simp add: dz.convergence dz.the_limit_of_inS)
+ qed(use hxn in auto)
+ qed
+ show ?thesis
+ unfolding metric_set_continuous_map_eq[OF subd_on_gd.metric_set_axioms dz.metric_set_axioms,simplified \<open>subtopology W gd = subd_on_gd.mtopology\<close>[symmetric] \<open>dz.mtopology = Z\<close>]
+ proof safe
+ fix x and \<epsilon> :: real
+ assume "x \<in> gd" "0 < \<epsilon>"
+ then have "?oscf x < \<epsilon> / 3"
+ by(auto simp: gd_def)
+ then obtain u where hu: "openin W u" "x \<in> u" "dz.diam (f ` (A \<inter> u)) < \<epsilon> / 3"
+ by(auto simp: dz.osc_on_def Inf_less_iff)
+ hence "openin subd_on_gd.mtopology (u \<inter> gd)"
+ by(auto simp : \<open>subtopology W gd = subd_on_gd.mtopology\<close>[symmetric] openin_subtopology)
+ then obtain \<delta> where hd: "\<delta> > 0" "subd_on_gd.open_ball x \<delta> \<subseteq> u \<inter> gd" "x \<in> subd_on_gd.open_ball x \<delta>"
+ by (metis Int_iff \<open>x \<in> gd\<close> hu(2) subd_on_gd.mtopology_openin_iff subd_on_gd.open_ball_ina)
+ show "\<exists>\<delta>>0. \<forall>y\<in>gd. submetric gd dw x y < \<delta> \<longrightarrow> dz (h x) (h y) < \<epsilon>"
+ proof(safe intro!: exI[where x=\<delta>] \<open>\<delta> > 0\<close>)
+ fix y
+ assume h':"y \<in> gd" "submetric gd dw x y < \<delta>"
+ then have "y \<in> subd_on_gd.open_ball x \<delta>"
+ by(simp add: \<open>x \<in> gd\<close> subd_on_gd.open_ball_def)
+ then obtain \<delta>y where hdy: "\<delta>y > 0" "subd_on_gd.open_ball y \<delta>y \<subseteq> subd_on_gd.open_ball x \<delta>" "y \<in> subd_on_gd.open_ball y \<delta>y"
+ using h'(1) subd_on_gd.mtopology_open_ball_in' subd_on_gd.open_ball_ina by blast
+ obtain xn' yn' where hxyn':"xn' \<in> UNIV \<rightarrow> A" "dw.converge_to_inS xn' x" "yn' \<in> UNIV \<rightarrow> A" "dw.converge_to_inS yn' y"
+ using dw.closure_of_mtopology_an[of _ A] \<open>y \<in> gd\<close> \<open>x \<in> gd\<close> by(simp add: gd_def hdw(2)) metis
+ show "dz (h x) (h y) < \<epsilon>"
+ proof -
+ { fix xn yn
+ assume hxyn:"xn \<in> subd.sequence" "dw.converge_to_inS xn x"
+ "yn \<in> subd.sequence" "dw.converge_to_inS yn y"
+ then have Cauchyxyn: "dz.Cauchy_inS (\<lambda>n. f (xn n))" "dz.Cauchy_inS (\<lambda>n. f (yn n))"
+ using Cauchyf[OF dw.Cauchy_insub_Cauchy_inverse[OF assms(1) hxyn(1) dw.Cauchy_if_convergent_inS] hxyn(2)] Cauchyf[OF dw.Cauchy_insub_Cauchy_inverse[OF assms(1) hxyn(3) dw.Cauchy_if_convergent_inS] hxyn(4)] \<open>x \<in> gd\<close> \<open>y \<in> gd\<close>
+ by(auto simp: gd_def dw.convergent_inS_def)
+ have convxyn:"subd_on_gd.converge_to_inS xn x" "subd_on_gd.converge_to_inS yn y"
+ using hxyn \<open>x \<in> gd\<close> \<open>y \<in> gd\<close> \<open>A \<subseteq> gd\<close> by(auto intro!: dw.convergent_insubmetric \<open>gd \<subseteq> topspace W\<close>)
+ then obtain Nx Ny where hnxy: "\<And>n. n \<ge> Nx \<Longrightarrow> xn n \<in> subd_on_gd.open_ball x \<delta>" "\<And>n. n \<ge> Ny \<Longrightarrow> yn n \<in> subd_on_gd.open_ball y \<delta>y"
+ using hd(1) hdy(1) subd_on_gd.converge_to_inS_def2' by blast
+ have "0 < \<epsilon> / 3" using \<open>0 < \<epsilon>\<close> by simp
+ obtain Nfx Nfy where hnfxy: "\<And>n. n \<ge> Nfx \<Longrightarrow> dz (f (xn n)) (dz.the_limit_of (\<lambda>n. f (xn n))) < \<epsilon> / 3" "\<And>n. n \<ge> Nfy \<Longrightarrow> dz (f (yn n)) (dz.the_limit_of (\<lambda>n. f (yn n))) < \<epsilon> / 3"
+ using dz.the_limit_if_converge[OF dz.convergence[OF Cauchyxyn(1)]] dz.the_limit_if_converge[OF dz.convergence[OF Cauchyxyn(2)]]
+ by(auto simp: dz.converge_to_inS_def2) (meson \<open>0 < \<epsilon> / 3\<close> less_divide_eq_numeral1(1))
+ define N where "N \<equiv> Max {Nx,Ny,Nfx,Nfy}"
+ have N:"N \<ge> Nx" "N \<ge> Ny" "N \<ge> Nfx" "N \<ge> Nfy"
+ by(simp_all add: N_def)
+ have "dz (dz.the_limit_of (\<lambda>n. f (xn n))) (dz.the_limit_of (\<lambda>n. f (yn n))) < \<epsilon>"
+ (is "?lhs < _")
+ proof -
+ have "?lhs \<le> dz (dz.the_limit_of (\<lambda>n. f (xn n))) (f (xn N)) + dz (f (xn N)) (dz.the_limit_of (\<lambda>n. f (yn n)))"
+ using dz.dist_tr[OF dz.the_limit_of_inS[OF dz.convergence[OF Cauchyxyn(1)]] _ dz.the_limit_of_inS[OF dz.convergence[OF Cauchyxyn(2)]],of \<open>f (xn N)\<close>] dz.Cauchy_inS_dest1[OF Cauchyxyn(1)]
+ by simp
+ also have "... \<le> dz (dz.the_limit_of (\<lambda>n. f (xn n))) (f (xn N)) + dz (f (xn N)) (f (yn N)) + dz (f (yn N)) (dz.the_limit_of (\<lambda>n. f (yn n)))"
+ using dz.dist_tr[OF _ _ dz.the_limit_of_inS[OF dz.convergence[OF Cauchyxyn(2)]],of "f (xn N)" "f (yn N)"] dz.Cauchy_inS_dest1[OF Cauchyxyn(1)] dz.Cauchy_inS_dest1[OF Cauchyxyn(2)]
+ by simp
+ also have "... < \<epsilon> / 3 + dz (f (xn N)) (f (yn N)) + \<epsilon> / 3"
+ using hnfxy[of N] N by(simp add: dz.dist_sym[of "dz.the_limit_of (\<lambda>n. f (xn n))"])
+ also have "... < \<epsilon>"
+ proof -
+ have "xn N \<in> A \<inter> u" "yn N \<in> A \<inter> u"
+ using hdy(2) hd(2) hnxy[of N] N hxyn(1,3) by auto
+ hence "ennreal (dz (f (xn N)) (f (yn N))) \<le> dz.diam (f ` (A \<inter> u))"
+ by(auto intro!: dz.diam_is_sup dz.Cauchy_inS_dest1[OF Cauchyxyn(1)] dz.Cauchy_inS_dest1[OF Cauchyxyn(2)])
+ also have "... < ennreal (\<epsilon> / 3)" by fact
+ finally have "dz (f (xn N)) (f (yn N)) < \<epsilon> / 3"
+ using dz.dist_geq0 ennreal_less_iff by blast
+ thus ?thesis by simp
+ qed
+ finally show ?thesis .
+ qed
+ }
+ note h = this
+ show ?thesis
+ apply(simp only: h_def[of x] Let_def)
+ apply(rule someI2[of "\<lambda>k. k \<in> subd.sequence \<and> dw.converge_to_inS k x" xn',OF conjI[OF hxyn'(1,2)]])
+ apply(simp only: h_def[of y] Let_def)
+ apply(rule someI2[of "\<lambda>k. k \<in> subd.sequence \<and> dw.converge_to_inS k y" yn',OF conjI[OF hxyn'(3,4)]])
+ using h by auto
+ qed
+ qed
+ qed(use h_image in auto)
+ qed
+
+ with h_extends g_delta A_subst_of_gd
+ show ?thesis by auto
+qed
+
+lemma Lavrentiev_theorem:
+ assumes "complete_metrizable X" "complete_metrizable Y" "A \<subseteq> topspace X" "B \<subseteq> topspace Y" "homeomorphic_map (subtopology X A) (subtopology Y B) f"
+ shows "\<exists>h gda gdb. g_delta_of X gda \<and> g_delta_of Y gdb \<and> A \<subseteq> gda \<and> B \<subseteq> gdb \<and> (\<forall>x\<in>A. f x = h x) \<and> homeomorphic_map (subtopology X gda) (subtopology Y gdb) h"
+proof -
+ interpret cmx: complete_metrizable X by fact
+ interpret cmy: complete_metrizable Y by fact
+ interpret mxy: metrizable "prod_topology X Y"
+ by(auto intro!: metrizable_prod cmx.metrizable cmy.metrizable)
+ obtain g where "homeomorphic_maps (subtopology X A) (subtopology Y B) f g"
+ using assms(5) homeomorphic_map_maps by blast
+ then have hfg: "continuous_map (subtopology X A) (subtopology Y B) f" "continuous_map (subtopology Y B) (subtopology X A) g"
+ "\<And>x. x \<in> A \<Longrightarrow> g (f x) = x" "\<And>y. y \<in> B \<Longrightarrow> f (g y) = y"
+ using assms(3,4) by(auto simp: homeomorphic_maps_def)
+ obtain f' g' gda gdb where h:
+ "g_delta_of X gda" "\<And>a. a \<in> A \<Longrightarrow> f a = f' a" "A \<subseteq> gda" "continuous_map (subtopology X gda) Y f'"
+ "g_delta_of Y gdb" "\<And>b. b \<in> B \<Longrightarrow> g b = g' b" "B \<subseteq> gdb" "continuous_map (subtopology Y gdb) X g'"
+ using continuous_map_metrizable_extension[OF assms(3) cmx.metrizable assms(2) continuous_map_into_fulltopology[OF hfg(1)]]
+ continuous_map_metrizable_extension[OF assms(4) cmy.metrizable assms(1) continuous_map_into_fulltopology[OF hfg(2)]]
+ by auto
+ define H where "H \<equiv> SIGMA x:gda. {f' x}"
+ have Heq:"H = {(x,y). x \<in> gda \<and> y \<in> topspace Y \<and> y = f' x}"
+ using g_delta_of_subset[OF h(1)] h(4) by(auto simp: continuous_map_def H_def)
+ define K where Keq:"K = {(x,y). x \<in> topspace X \<and> y \<in> gdb \<and> x = g' y}"
+ define A' where "A' \<equiv> fst ` (H \<inter> K)"
+ define B' where "B' \<equiv> snd ` (H \<inter> K)"
+ have A'eq: "A' = {x \<in> gda. (x, f' x) \<in> K}"
+ using h(4)
+ by (auto simp: A'_def Keq Heq image_def continuous_map_def Pi_def)
+ (metis (mono_tags, lifting) IntI case_prod_conv fst_conv mem_Collect_eq)
+ have B'eq: "B' = {y \<in> gdb. (g' y, y) \<in> H}"
+ using h(8)
+ by (auto simp: B'_def Keq Heq image_def continuous_map_def Pi_def)
+ (metis (mono_tags, lifting) IntI case_prod_conv snd_conv mem_Collect_eq)
+ have A'_gd: "g_delta_of X A'"
+ proof -
+ have K_gd:"g_delta_of (prod_topology X Y) K"
+ proof -
+ have "closedin (subtopology (prod_topology X Y) (topspace X \<times> gdb)) K"
+ proof -
+ have "K = ((\<lambda>y. (g' y, y)) ` topspace (subtopology Y gdb))"
+ using h(8) g_delta_of_subset[OF h(5)] by(auto simp add: Keq continuous_map_def)
+ thus ?thesis
+ using cmx.Hausdorff continuous_map_imp_closed_graph'[OF h(8)]
+ by(auto simp: prod_topology_subtopology(2))
+ qed
+ then obtain T where hT:"closedin (prod_topology X Y) T" "K = T \<inter> (topspace X \<times> gdb)"
+ using closedin_subtopology by metis
+ thus ?thesis
+ by(auto intro!: g_delta_of_inter g_delta_of_prod simp: h(5) mxy.g_delta_of_closedin)
+ qed
+ have "A' = ((\<lambda>x. (x,f' x)) -` K \<inter> topspace (subtopology X gda))"
+ by(auto simp add: A'eq Keq)
+ also have "g_delta_of X ..."
+ by(rule g_delta_of_subtopology_inverse[OF g_delta_of_continuous_map[OF _ K_gd] h(1)]) (auto intro!: continuous_map_pairedI h(4))
+ finally show ?thesis .
+ qed
+ have A_subst_A': "A \<subseteq> A'"
+ proof
+ fix a
+ assume 0:"a \<in> A"
+ then have "f' a = f a" "f' a \<in> B"
+ using h(2)[OF 0,symmetric] hfg(1) assms(3) by(auto simp: continuous_map_def)
+ thus "a \<in> A'"
+ using h(6)[OF \<open>f' a \<in> B\<close>,symmetric] hfg(3)[OF 0] 0 assms(3) h(3) h(7)
+ by(auto simp: A'eq Keq)
+ qed
+ have B'_gd: "g_delta_of Y B'"
+ proof -
+ have H_gd:"g_delta_of (prod_topology X Y) H"
+ proof -
+ have "closedin (subtopology (prod_topology X Y) (gda \<times> topspace Y)) H"
+ proof -
+ have "H = ((\<lambda>y. (y, f' y)) ` topspace (subtopology X gda))"
+ using h(4) g_delta_of_subset[OF h(1)] by(auto simp add: Heq continuous_map_def)
+ thus ?thesis
+ using cmy.Hausdorff continuous_map_imp_closed_graph[OF h(4)]
+ by(auto simp: prod_topology_subtopology(1))
+ qed
+ then obtain T where hT:"closedin (prod_topology X Y) T" "H = T \<inter> (gda \<times> topspace Y)"
+ using closedin_subtopology by metis
+ thus ?thesis
+ by(auto intro!: g_delta_of_inter g_delta_of_prod simp: h(1) mxy.g_delta_of_closedin)
+ qed
+ have "B' = ((\<lambda>x. (g' x,x)) -` H \<inter> topspace (subtopology Y gdb))"
+ by(auto simp add: B'eq Heq)
+ also have "g_delta_of Y ..."
+ by(rule g_delta_of_subtopology_inverse[OF g_delta_of_continuous_map[OF _ H_gd] h(5)]) (auto intro!: continuous_map_pairedI h(8))
+ finally show ?thesis .
+ qed
+ have B_subst_B': "B \<subseteq> B'"
+ proof
+ fix b
+ assume 0:"b \<in> B"
+ then have "g' b = g b" "g' b \<in> A"
+ using h(6)[OF 0,symmetric] hfg(2) assms(4) by(auto simp: continuous_map_def)
+ thus "b \<in> B'"
+ using h(2)[OF \<open>g' b \<in> A\<close>,symmetric] hfg(4)[OF 0] 0 assms(4) h(3) h(7)
+ by(auto simp: B'eq Heq)
+ qed
+ have "homeomorphic_map (subtopology X A') (subtopology Y B') f'"
+ proof(rule homeomorphic_maps_imp_map[where g=g'])
+ show "homeomorphic_maps (subtopology X A') (subtopology Y B')
+ f' g'"
+ unfolding homeomorphic_maps_def
+ proof safe
+ show "continuous_map (subtopology X A') (subtopology Y B') f'"
+ using g_delta_of_subset[OF h(5)]
+ by(auto intro!: continuous_map_into_subtopology continuous_map_from_subtopology_mono[OF h(4)] simp: A'eq B'eq Heq Keq)
+ next
+ show "continuous_map (subtopology Y B') (subtopology X A') g'"
+ using g_delta_of_subset[OF h(1)]
+ by(auto intro!: continuous_map_into_subtopology continuous_map_from_subtopology_mono[OF h(8)] simp: A'eq B'eq Heq Keq)
+ qed(auto simp: A'eq B'eq Keq Heq)
+ qed
+
+ with A'_gd B'_gd A_subst_A' B_subst_B' h(2)
+ show ?thesis by auto
+qed
+
+corollary(in complete_metrizable) complete_metrizable_subtopology_is_g_delta:
+ assumes "A \<subseteq> topspace S" "complete_metrizable (subtopology S A)"
+ shows "g_delta_of S A"
+proof -
+ obtain h gda gdb where h:
+ "g_delta_of S gda" "g_delta_of (subtopology S A) gdb" "A \<subseteq> gda" "A \<subseteq> gdb" "\<forall>x\<in>A. x = h x" "homeomorphic_map (subtopology (subtopology S A) gdb) (subtopology S gda) h"
+ using Lavrentiev_theorem[OF assms(2) complete_metrizable_axioms _ assms(1),of A id] assms(1)
+ by simp (metis subtopology_topspace topspace_subtopology_subset)
+ have "gdb = A"
+ using g_delta_of_subset[OF h(2)] h(4) assms(1) by auto
+ hence "homeomorphic_map (subtopology S A) (subtopology S gda) h"
+ using h(6) by (simp add: subtopology_subtopology)
+ hence "homeomorphic_map (subtopology S A) (subtopology S gda) id"
+ by(rule homeomorphic_map_eq) (use assms(1) h(5) in auto)
+ hence "subtopology S A = subtopology S gda" by simp
+ hence "A = gda"
+ by (metis assms(1) g_delta_of_subset h(1) topspace_subtopology_subset)
+ thus ?thesis
+ by(simp add: h(1))
+qed
+
+corollary(in complete_metrizable) subtopology_complete_metrizable_iff:
+ assumes "A \<subseteq> topspace S"
+ shows "complete_metrizable (subtopology S A) \<longleftrightarrow> g_delta_of S A"
+ by(auto simp : g_delta_of_complete_metrizable complete_metrizable_subtopology_is_g_delta[OF assms])
+
+corollary complete_metrizable_homeo_image_g_delta:
+ assumes "complete_metrizable X" "complete_metrizable Y" "B \<subseteq> topspace Y" "X homeomorphic_space subtopology Y B"
+ shows "g_delta_of Y B"
+proof -
+ obtain f where f:"homeomorphic_map X (subtopology Y B) f"
+ using assms(4) homeomorphic_space by blast
+ obtain h gda gdb where h:
+ "g_delta_of X gda" "g_delta_of Y gdb" "topspace X \<subseteq> gda" "B \<subseteq> gdb" "\<forall>x\<in>topspace X. f x = h x" "homeomorphic_map (subtopology X gda) (subtopology Y gdb) h"
+ using Lavrentiev_theorem[OF assms(1,2) subset_refl assms(3),simplified,OF f] by metis
+ hence [simp]: "gda = topspace X"
+ using g_delta_of_subset by blast
+ have "homeomorphic_map X (subtopology Y gdb) f"
+ using h(5,6) by(auto intro!: homeomorphic_map_eq[where f=h])
+ hence "f ` topspace X = B" "f ` topspace X = gdb"
+ using homeomorphic_imp_surjective_map[OF f] assms(3) g_delta_of_subset[OF h(2)] h(4) homeomorphic_imp_surjective_map[OF \<open>homeomorphic_map X (subtopology Y gdb) f\<close>]
+ by auto
+ with h(2) show ?thesis by auto
+qed
+
+lemma(in metrizable) embedding_into_Hilbert_cube:
+ assumes "separable S"
+ shows "\<exists>A \<subseteq> topspace Hilbert_cube_as_topology. S homeomorphic_space (subtopology Hilbert_cube_as_topology A)"
+proof -
+ consider "topspace S = {}" | "topspace S \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto intro!: exI[where x="{}"] simp: homeomorphic_empty_space_eq)
+ next
+ case S_ne:2
+ then obtain U where U:"countable U" "dense_of S U" "U \<noteq> {}"
+ using assms(1) by(auto simp: separable_def dense_of_nonempty)
+ obtain xn where xn:"\<And>n::nat. xn n \<in> U" "U = range xn"
+ by (metis U(1) U(3) from_nat_into range_from_nat_into)
+ then have xns:"xn n \<in> topspace S" for n
+ using dense_of_subset[OF U(2)] by auto
+ obtain d where d:"metric_set (topspace S) d" "metric_set.mtopology (topspace S) d = S" "\<And>x y. d x y < 1"
+ using bounded_metric by auto
+ interpret ms: metric_set "topspace S" d by fact
+ define f where "f \<equiv> (\<lambda>x n. d x (xn n))"
+ have f_inj:"inj_on f (topspace S)"
+ proof
+ fix x y
+ assume xy:"x \<in> topspace S" "y \<in> topspace S" "f x = f y"
+ then have "\<And>n. d x (xn n) = d y (xn n)" by(auto simp: f_def dest: fun_cong)
+ hence d2:"d x y \<le> 2 * d x (xn n)" for n
+ using ms.dist_tr[OF xy(1) _ xy(2),of "xn n",simplified ms.dist_sym[of "xn n" y]] dense_of_subset[OF U(2)] xn(1)[of n]
+ by auto
+ have "d x y < \<epsilon>" if "\<epsilon> > 0" for \<epsilon>
+ proof -
+ have "0 < \<epsilon> / 2" using that by simp
+ then obtain n where "d x (xn n) < \<epsilon> / 2"
+ using ms.dense_set_def2[of U,simplified d(2)] U(2) xy(1) xn(2) by blast
+ with d2[of n] show ?thesis by simp
+ qed
+ hence "d x y = 0"
+ using ms.dist_geq0[of x y]
+ by (metis dual_order.irrefl order_neq_le_trans)
+ thus "x = y"
+ using ms.dist_0[OF xy(1,2)] by simp
+ qed
+ have f_img: "f ` topspace S \<subseteq> topspace Hilbert_cube_as_topology"
+ using d(3) ms.dist_geq0 by(auto simp: topspace_Hilbert_cube f_def less_le_not_le)
+ have f_cont: "continuous_map S Hilbert_cube_as_topology f"
+ unfolding continuous_map_componentwise_UNIV f_def continuous_map_in_subtopology
+ proof safe
+ show "continuous_map S euclideanreal (\<lambda>x. d x (xn k))" for k
+ using ms.dist_set_continuous[of "{xn k}"] by(simp add: d(2))
+ next
+ show "d x (xn k) \<in> {0..1}" for x k
+ using d(3) ms.dist_geq0 by(auto simp: less_le_not_le)
+ qed
+ hence f_cont': "continuous_map S (subtopology Hilbert_cube_as_topology (f ` topspace S)) f"
+ using continuous_map_into_subtopology by blast
+ obtain g where g: "g ` (f ` topspace S) = topspace S" "\<And>x. x \<in> topspace S \<Longrightarrow> g (f x) = x" "\<And>x. x \<in> f ` topspace S \<Longrightarrow> f (g x) = x"
+ by (meson f_inj f_the_inv_into_f the_inv_into_f_eq the_inv_into_onto)
+ have g_cont: "continuous_map (subtopology Hilbert_cube_as_topology (f ` topspace S)) S g"
+ proof -
+ interpret m01: polish_metric_set "{0..1::real}" "submetric {0..1} dist"
+ by (metis closed_atLeastAtMost closed_closedin euclidean_mtopology polish_class_polish_set polish_metric_set.submetric_polish subset_UNIV)
+ have m01_eq: "m01.mtopology = top_of_set {0..1}"
+ by(rule submetric_of_euclidean(2)[of "{0..1::real}"])
+ have "submetric {0..1::real} dist x y \<le> 1" "submetric {0..1::real} dist x y \<ge> 0" for x y
+ using dist_real_def by(auto simp: submetric_def)
+ then interpret ppm: product_polish_metric "1/2" "UNIV :: nat set" id id "\<lambda>_. {0..1}" "\<lambda>_. submetric {0..1::real} dist" 1
+ by(auto intro!: product_polish_metric_natI m01.polish_metric_set_axioms)
+ have Hilbert_cube_eq: "ppm.mtopology = Hilbert_cube_as_topology"
+ by(simp add: ppm.product_dist_mtopology[symmetric] m01_eq)
+ interpret f_S: metric_set "f ` topspace S" "submetric (f ` topspace S) ppm.product_dist"
+ using f_img by(auto intro!: ppm.submetric_metric_set)
+ have 1:"subtopology Hilbert_cube_as_topology (f ` topspace S) = f_S.mtopology"
+ using ppm.submetric_subtopology[of "f ` topspace S"] f_img by(simp add: Hilbert_cube_eq)
+ have "continuous_map f_S.mtopology ms.mtopology g"
+ unfolding metric_set_continuous_map_eq'[OF f_S.metric_set_axioms ms.metric_set_axioms]
+ proof safe
+ show "x \<in> topspace S \<Longrightarrow> g (f x) \<in> topspace S" for x
+ by(simp add: g(2))
+ next
+ fix yn y
+ assume h:"f_S.converge_to_inS yn y"
+ have "ppm.converge_to_inS yn y"
+ using ppm.converge_to_insub_converge_to_inS[OF _ h] f_img by auto
+ hence m01_conv:"\<And>n. m01.converge_to_inS (\<lambda>i. yn i n) (y n)"
+ using ppm.converge_to_iff[of yn y] by(auto simp: ppm.converge_to_inS_def)
+ have "\<And>n. \<exists>zn. yn n = f zn \<and> zn \<in> topspace S"
+ using h by(auto simp: f_S.converge_to_inS_def)
+ then obtain zn where zn:"\<And>n. f (zn n) = yn n" "\<And>n. zn n \<in> topspace S"
+ by metis
+ obtain z where z:"f z = y" "z \<in> topspace S"
+ using h by(auto simp: f_S.converge_to_inS_def)
+ show "ms.converge_to_inS (\<lambda>n. g (yn n)) (g y)"
+ unfolding ms.converge_to_inS_def2
+ proof safe
+ show "g (yn n) \<in> topspace S" "g y \<in> topspace S" for n
+ using g(2)[of z] g(2)[of "zn n"] zn[of n] z by simp_all
+ next
+ fix \<epsilon> :: real
+ assume he: "0 < \<epsilon>"
+ then have "0 < \<epsilon> / 3" by simp
+ then obtain m where m:"d z (xn m) < \<epsilon> / 3"
+ using ms.dense_set_def2[of U,simplified d(2)] U(2) z(2) xn(2) by blast
+ obtain N where "\<And>n. n \<ge> N \<Longrightarrow> \<bar>yn n m - y m \<bar> < \<epsilon> / 3"
+ using m01_conv[of m,simplified m01.converge_to_inS_def2] \<open>0 < \<epsilon> / 3\<close>
+ by(simp only: submetric_def dist_real_def) (metis (full_types, lifting) PiE UNIV_I)
+ hence N:"\<And>n. n \<ge> N \<Longrightarrow> yn n m < \<epsilon> / 3 + y m"
+ by (metis abs_diff_less_iff add.commute)
+ have "\<exists>N. \<forall>n\<ge>N. d (zn n) z < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ have "d (zn n) z \<le> f (zn n) m + d z (xn m)"
+ using ms.dist_tr[OF zn(2)[of n] xns[of m] z(2),simplified ms.dist_sym[of "xn m" z]]
+ by(auto simp: f_def)
+ also have "... < \<epsilon> / 3 + y m + d z (xn m)"
+ using N[OF \<open>N\<le>n\<close>] zn(1)[of n] by simp
+ also have "... = \<epsilon> / 3 + d z (xn m) + d z (xn m)"
+ by(simp add: z(1)[symmetric] f_def)
+ also have "... < \<epsilon>"
+ using m by auto
+ finally show "d (zn n) z < \<epsilon>" .
+ qed
+ thus "\<exists>N. \<forall>n\<ge>N. d (g (yn n)) (g y) < \<epsilon>"
+ using zn(1) z(1) g(2)[OF z(2)] g(2)[OF zn(2)] by auto
+ qed
+ qed
+ thus ?thesis
+ by(simp add: d(2) 1)
+ qed
+ show ?thesis
+ using f_img g(2,3) f_cont' g_cont
+ by(auto intro!: exI[where x="f ` topspace S"] homeomorphic_maps_imp_homeomorphic_space[where f=f and g=g] simp: homeomorphic_maps_def)
+ qed
+qed
+
+corollary(in complete_metrizable) embedding_into_Hilbert_cube_g_delta_of:
+ assumes "separable S"
+ shows "\<exists>A. g_delta_of Hilbert_cube_as_topology A \<and> S homeomorphic_space (subtopology Hilbert_cube_as_topology A)"
+proof -
+ obtain A where h:"A \<subseteq> topspace Hilbert_cube_as_topology" "S homeomorphic_space subtopology Hilbert_cube_as_topology A"
+ using embedding_into_Hilbert_cube[OF assms(1)] by blast
+ with complete_metrizable_homeo_image_g_delta[OF complete_metrizable_axioms polish_topology.axioms(1)[OF Hilbert_cube_Polish_topology] h(1,2)]
+ show ?thesis
+ by(auto intro!: exI[where x=A])
+qed
+
+corollary(in polish_topology) embedding_into_Hilbert_cube_g_delta_of:
+ "\<exists>A. g_delta_of Hilbert_cube_as_topology A \<and> S homeomorphic_space (subtopology Hilbert_cube_as_topology A)"
+ by(rule embedding_into_Hilbert_cube_g_delta_of[OF S_separable])
+
+lemma(in polish_topology) uncountable_contains_Cantor_space':
+ assumes "uncountable (topspace S)"
+ shows "\<exists>A\<subseteq> topspace S. Cantor_space_as_topology homeomorphic_space (subtopology S A)"
+proof -
+ obtain U P where up: "countable U" "openin S U" "perfect_set S P""U \<union> P = topspace S" "U \<inter> P = {}" "\<And>a. a \<noteq> {} \<Longrightarrow> openin (subtopology S P) a \<Longrightarrow> uncountable a"
+ using Cantor_Bendixon[OF S_second_countable] by auto
+ have P: "closedin S P" "P \<subseteq> topspace S" "uncountable P"
+ using countable_Un_iff[of U P] up(1) assms up(4)
+ by(simp_all add: perfect_setD[OF up(3)])
+ then interpret pp: polish_topology "subtopology S P"
+ by(simp add: closedin_polish)
+ have Ptop: "topspace (subtopology S P) = P"
+ using P(2) by auto
+ obtain U where U: "countable U" "dense_of (subtopology S P) U"
+ using pp.S_separable separable_def by blast
+ with uncountable_infinite[OF P(3)] pp.dense_of_infinite P(2)
+ have "infinite U" by (metis topspace_subtopology_subset)
+ obtain d where "complete_metric_set P d" and d:"metric_set.mtopology P d = subtopology S P"
+ using pp.cmetric by(simp only: Ptop,auto)
+ interpret md: complete_metric_set P d by fact
+ define xn where "xn \<equiv> from_nat_into U"
+ have xn: "bij_betw xn UNIV U" "\<And>n m. n \<noteq> m \<Longrightarrow> xn n \<noteq> xn m" "\<And>n. xn n \<in> U" "\<And>n. xn n \<in> P" "md.dense_set (range xn)"
+ using bij_betw_from_nat_into[OF U(1) \<open>infinite U\<close>] dense_of_subset[OF U(2)] d U(2) range_from_nat_into[OF infinite_imp_nonempty[OF \<open>infinite U\<close>] U(1)]
+ by(auto simp add: xn_def U(1) \<open>infinite U\<close> from_nat_into[OF infinite_imp_nonempty[OF \<open>infinite U\<close>]])
+ have [simp]:"topspace md.mtopology = P"
+ using Ptop by(simp add: md.mtopology_topspace)
+ have perfect:"perfect_space md.mtopology"
+ using d perfect_set_subtopology up(3) by simp
+ define jn where "jn \<equiv> (\<lambda>n. LEAST i. i > n \<and> md.closed_ball (xn i) ((1/2)^i) \<subseteq> md.open_ball (xn n) ((1/2)^n) - md.open_ball (xn n) ((1/2)^i))"
+ define kn where "kn \<equiv> (\<lambda>n. LEAST k. k > jn n \<and> md.closed_ball (xn k) ((1/2)^k) \<subseteq> md.open_ball (xn n) ((1/2)^jn n))"
+ have dxmxn: "\<forall>n n'. \<exists>m. m > n \<and> m > n' \<and> (1/2)^(m-1) < d (xn n) (xn m) \<and> d (xn n) (xn m) < (1/2)^(Suc n')"
+ proof safe
+ fix n n'
+ have hinfin':"infinite (md.open_ball x e \<inter> (range xn))" if "x \<in> P" "e > 0" for x e
+ proof
+ assume h_fin:"finite (md.open_ball x e \<inter> range xn)"
+ have h_nen:"md.open_ball x e \<inter> range xn \<noteq> {}"
+ using xn(5) that by(auto simp: md.dense_set_def)
+ have infin: "infinite (md.open_ball x e)"
+ using md.perfect_set_open_ball_infinite[OF perfect] that by simp
+ then obtain y where y:"y \<in> md.open_ball x e" "y \<notin> range xn"
+ using h_fin by(metis inf.absorb_iff2 inf_commute subsetI)
+ define e' where "e' = Min {d y xk |xk. xk \<in> md.open_ball x e \<inter> range xn}"
+ have fin: "finite {d y xk |xk. xk \<in> md.open_ball x e \<inter> range xn}"
+ using finite_imageI[OF h_fin,of "d y"] by (metis Setcompr_eq_image)
+ have nen: "{d y xk |xk. xk \<in> md.open_ball x e \<inter> range xn} \<noteq> {}"
+ using h_nen by auto
+ have "e' > 0"
+ unfolding e'_def Min_gr_iff[OF fin nen]
+ proof safe
+ fix l
+ assume "xn l \<in> md.open_ball x e"
+ from y(2) md.dist_0[OF md.open_ballD'(1)[OF y(1)] md.open_ballD'(1)[OF this]] md.dist_geq0[of y "xn l"]
+ show "0 < d y (xn l)"
+ by auto
+ qed
+ obtain e'' where e'': "e'' > 0" "md.open_ball y e'' \<subseteq> md.open_ball x e" "y \<in> md.open_ball y e''"
+ by (meson md.mtopology_open_ball_in' md.open_ballD'(1) md.open_ball_ina y(1))
+ define \<epsilon> where "\<epsilon> \<equiv> min e' e''"
+ have "\<epsilon> > 0"
+ using e''(1) \<open>e' > 0\<close> by(simp add: \<epsilon>_def)
+ then obtain m where m: "d y (xn m) < \<epsilon>"
+ using md.dense_set_def2[of "range xn"] xn(5) md.open_ballD'(1)[OF y(1)] by blast
+ consider "xn m \<in> md.open_ball x e" | "xn m \<in> P - md.open_ball x e"
+ using xn(4) by auto
+ then show False
+ proof cases
+ case 1
+ then have "e' \<le> d y (xn m)"
+ using Min_le_iff[OF fin nen] by(auto simp: e'_def)
+ thus ?thesis
+ using m by(simp add: \<epsilon>_def)
+ next
+ case 2
+ then have "xn m \<notin> md.open_ball y e''"
+ using e''(2) by auto
+ hence "e'' \<le> d y (xn m)"
+ by(rule md.open_ball_nin_le[OF md.open_ballD'(1)[OF y(1)] e''(1) xn(4)[of m]])
+ thus ?thesis
+ using m by(simp add: \<epsilon>_def)
+ qed
+ qed
+ have hinfin:"infinite (md.open_ball x e \<inter> (xn ` {l<..}))" if "x \<in> P" "e > 0" for x e l
+ proof
+ assume "finite (md.open_ball x e \<inter> xn ` {l<..})"
+ moreover have "finite (md.open_ball x e \<inter> xn ` {..l})" by simp
+ moreover have "(md.open_ball x e \<inter> (range xn)) = (md.open_ball x e \<inter> xn ` {l<..}) \<union> (md.open_ball x e \<inter> xn ` {..l})"
+ by fastforce
+ ultimately have "finite (md.open_ball x e \<inter> (range xn))"
+ by auto
+ with hinfin'[OF that] show False ..
+ qed
+ have "infinite (md.open_ball (xn n) ((1/2)^Suc n'))"
+ using md.perfect_set_open_ball_infinite[OF perfect] xn(4)[of n] by simp
+ then obtain x where x: "x \<in> md.open_ball (xn n) ((1/2)^Suc n')" "x \<noteq> xn n"
+ by (metis finite_insert finite_subset infinite_imp_nonempty singletonI subsetI)
+ then obtain e where e: "e > 0" "md.open_ball x e \<subseteq> md.open_ball (xn n) ((1/2)^Suc n')" "x \<in> md.open_ball x e"
+ by (meson md.mtopology_open_ball_in' md.open_ballD'(1) md.open_ball_ina)
+ have "d (xn n) x > 0"
+ using md.dist_geq0[of "xn n" x] md.dist_0[OF xn(4)[of n] md.open_ballD'(1)[OF x(1)]] x(2) by simp
+ then obtain m' where m': "m' - 1 > 0" "(1/2)^(m' - 1) < d (xn n) x"
+ by (metis One_nat_def diff_Suc_Suc diff_zero one_less_numeral_iff reals_power_lt_ex semiring_norm(76))
+ define m where "m \<equiv> max m' (max n' (Suc n))"
+ then have "m \<ge> m'" "m \<ge> n'" "m \<ge> Suc n" by simp_all
+ hence m: "m - 1 > 0" "(1/2)^(m - 1) < d (xn n) x" "m > n"
+ using m' less_trans[OF _ m'(2),of "(1 / 2) ^ (m - 1)"]
+ by auto (metis diff_less_mono le_eq_less_or_eq)
+ define \<epsilon> where "\<epsilon> \<equiv> min e (d (xn n) x - (1/2)^(m - 1))"
+ have "\<epsilon> > 0"
+ using e m by(simp add: \<epsilon>_def)
+ have ball_le:"md.open_ball x \<epsilon> \<subseteq> md.open_ball (xn n) ((1 / 2) ^ Suc n')"
+ using md.open_ball_le[of \<epsilon> e x] e(2) by(simp add: \<epsilon>_def)
+ obtain k where k: "xn k \<in> md.open_ball x \<epsilon>" "k > m"
+ using infinite_imp_nonempty[OF hinfin[OF md.open_ballD'(1)[OF x(1)] \<open>\<epsilon> > 0\<close>,of m]] by auto
+ show "\<exists>m>n. n' < m \<and> (1 / 2) ^ (m - 1) < d (xn n) (xn m) \<and> d (xn n) (xn m) < (1 / 2) ^ Suc n'"
+ proof(intro exI[where x=k] conjI)
+ have "(1 / 2) ^ (k - 1) < (1 / (2 :: real)) ^ (m - 1)"
+ using k(2) m(3) by simp
+ also have "... = d (xn n) x + ((1/2)^ (m - 1) - d (xn n) x)" by simp
+ also have "... < d (xn n) x - d (xn k) x"
+ using md.open_ballD[OF k(1)] by(simp add: \<epsilon>_def md.dist_sym[of x _])
+ also have "... \<le> d (xn n) (xn k)"
+ using md.dist_tr[OF xn(4)[of n] xn(4)[of k] md.open_ballD'(1)[OF x(1)]] by simp
+ finally show "(1 / 2) ^ (k - 1) < d (xn n) (xn k)" .
+ qed(use \<open>m \<ge> n'\<close> k ball_le md.open_ballD[of "xn k" "xn n" "(1 / 2) ^ Suc n'"] m(3) in auto)
+ qed
+ have "jn n > n \<and> md.closed_ball (xn (jn n)) ((1/2)^(jn n)) \<subseteq> md.open_ball (xn n) ((1/2)^n) - md.open_ball (xn n) ((1/2)^(jn n))" for n
+ unfolding jn_def
+ proof(rule LeastI_ex)
+ obtain m where m:"m > n" "(1 / 2) ^ (m - 1) < d (xn n) (xn m)" "d (xn n) (xn m) < (1 / 2) ^ Suc n"
+ using dxmxn by auto
+ show "\<exists>x>n. md.closed_ball (xn x) ((1 / 2) ^ x) \<subseteq> md.open_ball (xn n) ((1 / 2) ^ n) - md.open_ball (xn n) ((1 / 2) ^ x)"
+ proof(safe intro!: exI[where x=m] m(1))
+ fix x
+ assume h:"x \<in> md.closed_ball (xn m) ((1 / 2) ^ m)"
+ have 1:"d (xn n) x < (1 / 2) ^ n"
+ proof -
+ have "d (xn n) x < (1 / 2) ^ Suc n + (1 / 2) ^ m"
+ using m(3) md.dist_tr[OF xn(4)[of n] xn(4)[of m] md.closed_ballD'(1)[OF h]] md.closed_ballD[OF h]
+ by simp
+ also have "... \<le> (1 / 2) ^ Suc n + (1 / 2) ^ Suc n"
+ by (metis Suc_lessI add_mono divide_less_eq_1_pos divide_pos_pos less_eq_real_def m(1) one_less_numeral_iff power_strict_decreasing_iff semiring_norm(76) zero_less_numeral zero_less_one)
+ finally show ?thesis by simp
+ qed
+ have 2:"(1 / 2) ^ m \<le> d (xn n) x"
+ proof -
+ have "(1 / 2) ^ (m - 1) < d (xn n) x + (1 / 2) ^ m"
+ using order.strict_trans2[OF m(2) md.dist_tr[OF xn(4)[of n] md.closed_ballD'(1)[OF h] xn(4)[of m]]] md.closed_ballD(1)[OF h]
+ by(simp add: md.dist_sym)
+ hence "(1 / 2) ^ (m - 1) - (1 / 2) ^ m \<le> d (xn n) x"
+ by simp
+ thus ?thesis
+ using not0_implies_Suc[OF gr_implies_not0[OF m(1)]] by auto
+ qed
+ show "x \<in> md.open_ball (xn n) ((1 / 2) ^ n)"
+ "x \<in> md.open_ball (xn n) ((1 / 2) ^ m) \<Longrightarrow> False"
+ using xn(4)[of n] md.closed_ballD'(1)[OF h] 1 2 by(auto simp: md.open_ball_def)
+ qed
+ qed
+ hence jn: "\<And>n. jn n > n" "\<And>n. md.closed_ball (xn (jn n)) ((1/2)^(jn n)) \<subseteq> md.open_ball (xn n) ((1/2)^n) - md.open_ball (xn n) ((1/2)^(jn n))"
+ by simp_all
+ have "kn n > jn n \<and> md.closed_ball (xn (kn n)) ((1/2)^(kn n)) \<subseteq> md.open_ball (xn n) ((1/2)^jn n)" for n
+ unfolding kn_def
+ proof(rule LeastI_ex)
+ obtain m where m:"m > jn n" "d (xn n) (xn m) < (1 / 2) ^ Suc (jn n)"
+ using dxmxn by blast
+ show "\<exists>x>jn n. md.closed_ball (xn x) ((1 / 2) ^ x) \<subseteq> md.open_ball (xn n) ((1 / 2) ^ jn n)"
+ proof(intro exI[where x=m] conjI)
+ show "md.closed_ball (xn m) ((1 / 2) ^ m) \<subseteq> md.open_ball (xn n) ((1 / 2) ^ jn n)"
+ proof
+ fix x
+ assume h:"x \<in> md.closed_ball (xn m) ((1 / 2) ^ m)"
+ have "d (xn n) x < (1 / 2)^ Suc (jn n) + (1 / 2) ^ m"
+ using md.dist_tr[OF xn(4)[of n] xn(4)[of m] md.closed_ballD'(1)[OF h]] m(2) md.closed_ballD[OF h]
+ by simp
+ also have "... \<le> (1 / 2)^ Suc (jn n) + (1 / 2)^ Suc (jn n)"
+ by (metis Suc_le_eq add_mono dual_order.refl less_divide_eq_1_pos linorder_not_less m(1) not_numeral_less_one power_decreasing zero_le_divide_1_iff zero_le_numeral zero_less_numeral)
+ finally show "x \<in> md.open_ball (xn n) ((1 / 2) ^ jn n)"
+ by(simp add: xn(4)[of n] md.closed_ballD'(1)[OF h] md.open_ball_def)
+ qed
+ qed(use m(1) in auto)
+ qed
+ hence kn: "\<And>n. kn n > jn n" "\<And>n. md.closed_ball (xn (kn n)) ((1/2)^(kn n)) \<subseteq> md.open_ball (xn n) ((1/2)^(jn n))"
+ by simp_all
+ have jnkn_pos: "jn n > 0" "kn n > 0" for n
+ using not0_implies_Suc[OF gr_implies_not0[OF jn(1)[of n]]] kn(1)[of n] by auto
+
+ define bn :: "real list \<Rightarrow> nat"
+ where "bn \<equiv> rec_list 1 (\<lambda>a l t. if a = 0 then jn t else kn t)"
+ have bn_simp: "bn [] = 1" "bn (a # l) = (if a = 0 then jn (bn l) else kn (bn l))" for a l
+ by(simp_all add: bn_def)
+ define to_listn :: "(nat \<Rightarrow> real) \<Rightarrow> nat \<Rightarrow> real list"
+ where "to_listn \<equiv> (\<lambda>x . rec_nat [] (\<lambda>n t. x n # t))"
+ have to_listn_simp: "to_listn x 0 = []" "to_listn x (Suc n) = x n # to_listn x n" for x n
+ by(simp_all add: to_listn_def)
+ have to_listn_eq: "(\<And>m. m < n \<Longrightarrow> x m = y m) \<Longrightarrow> to_listn x n = to_listn y n" for x y n
+ by(induction n) (auto simp: to_listn_simp)
+ have bn_gtn: "bn (to_listn x n) > n" for x n
+ apply(induction n arbitrary: x)
+ using jn(1) kn(1) by(auto simp: bn_simp to_listn_simp) (meson Suc_le_eq le_less less_trans_Suc)+
+ define rn where "rn \<equiv> (\<lambda>n. Min (range (\<lambda>x. (1 / 2 :: real) ^ bn (to_listn x n))))"
+ have rn_fin: "finite (range (\<lambda>x. (1 / 2 :: real) ^ bn (to_listn x n)))" for n
+ proof -
+ have "finite (range (\<lambda>x. bn (to_listn x n)))"
+ proof(induction n)
+ case ih:(Suc n)
+ have "(range (\<lambda>x. bn (to_listn x (Suc n)))) \<subseteq> (range (\<lambda>x. jn (bn (to_listn x n)))) \<union> (range (\<lambda>x. kn (bn (to_listn x n))))"
+ by(auto simp: to_listn_simp bn_simp)
+ moreover have "finite ..."
+ using ih finite_range_imageI by auto
+ ultimately show ?case by(rule finite_subset)
+ qed(simp add: to_listn_simp)
+ thus ?thesis
+ using finite_range_imageI by blast
+ qed
+ have rn_nen: "(range (\<lambda>x. (1 / 2 :: real) ^ bn (to_listn x n))) \<noteq> {}" for n
+ by simp
+ have rn_pos: "0 < rn n" for n
+ by(simp add: Min_gr_iff[OF rn_fin rn_nen] rn_def)
+ have rn_less: "rn n < (1/2)^n" for n
+ using bn_gtn[of n] by(auto simp: rn_def Min_less_iff[OF rn_fin rn_nen])
+ have cball_le_ball:"md.closed_ball (xn (bn (a#l))) ((1/2)^(bn (a#l))) \<subseteq> md.open_ball (xn (bn l)) ((1/2) ^ (bn l))" for a l
+ using kn(2)[of "bn l"] md.open_ball_le[of "(1 / 2) ^ jn (bn l)" "(1 / 2) ^ bn l" "xn (bn l)"] less_imp_le [OF jn(1)] jn(2)
+ by(simp add: bn_simp) blast
+ hence cball_le:"md.closed_ball (xn (bn (a#l))) ((1/2)^(bn (a#l))) \<subseteq> md.closed_ball (xn (bn l)) ((1/2) ^ (bn l))" for a l
+ using md.open_ball_closed_ball by blast
+ have cball_disj: "md.closed_ball (xn (bn (0#l))) ((1/2)^(bn (0#l))) \<inter> md.closed_ball (xn (bn (1#l))) ((1/2)^(bn (1#l))) = {}" for l
+ using jn(2) kn(2) by(auto simp: bn_simp)
+ have "\<forall>x. \<exists>xa\<in>P. (\<Inter>n. md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) = {xa}"
+ proof
+ fix x
+ show "\<exists>xa\<in>P. (\<Inter>n. md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) = {xa}"
+ proof(rule md.closed_decseq_Inter)
+ show "md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n)) \<noteq> {}" for n
+ using md.closed_ball_ina[OF xn(4)[of "bn (to_listn x n)"],of "(1 / 2) ^ bn (to_listn x n)"] by auto
+ next
+ show "decseq (\<lambda>n. md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n)))"
+ by(intro decseq_SucI,simp add: to_listn_simp cball_le)
+ next
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ then obtain N where N: "(1 / 2) ^ N < (1/2) * \<epsilon>"
+ by (metis divide_pos_pos mult.commute mult.right_neutral one_less_numeral_iff reals_power_lt_ex semiring_norm(76) times_divide_eq_right zero_less_numeral)
+ show "\<exists>N. \<forall>n\<ge>N. md.diam (md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ have "md.diam (md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) \<le> md.diam (md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ n))"
+ using bn_gtn[of n x] by(auto intro!: md.diam_subset md.closed_ball_le)
+ also have "... \<le> ennreal (2 * (1 / 2) ^ n)"
+ by(simp add: md.diam_cball_leq)
+ also have "... \<le> ennreal (2 * (1 / 2) ^ N)"
+ using \<open>N \<le> n\<close> by (simp add: numeral_mult_ennreal)
+ also have "... < ennreal (2 *(1/2) * \<epsilon>)"
+ using N by (simp add: \<open>0 < \<epsilon>\<close> ennreal_lessI le_less numeral_mult_ennreal)
+ also have "... = ennreal \<epsilon>"
+ by (simp add: \<open>0 < \<epsilon>\<close> le_less numeral_mult_ennreal)
+ finally show "md.diam (md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) < ennreal \<epsilon>" .
+ qed
+ qed(rule md.closedin_closed_ball)
+ qed
+ then obtain f where f:"\<And>x. f x \<in> P" "\<And>x. (\<Inter>n. md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))) = {f x}"
+ by metis
+ hence f': "\<And>n x. f x \<in> md.closed_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))"
+ by blast
+ have f'': "f x \<in> md.open_ball (xn (bn (to_listn x n))) ((1 / 2) ^ bn (to_listn x n))" for n x
+ using f'[of x "Suc n"] cball_le_ball[of _ "to_listn x n"] by(auto simp: to_listn_simp)
+ from f interpret bdmd: metric_set "f ` (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "submetric (f ` (\<Pi>\<^sub>E i\<in>UNIV. {0,1})) d"
+ by(auto intro!: md.submetric_metric_set)
+ have bdmd_top: "bdmd.mtopology = subtopology md.mtopology (f ` (\<Pi>\<^sub>E i\<in>UNIV. {0,1}))"
+ by (simp add: f(1) image_subset_iff md.submetric_subtopology)
+ have bdmd_sub: "bdmd.mtopology = subtopology S (f ` (\<Pi>\<^sub>E i\<in>UNIV. {0,1}))"
+ using f(1) Int_absorb1[of "f ` (UNIV \<rightarrow>\<^sub>E {0, 1})" P] by(fastforce simp: bdmd_top d subtopology_subtopology)
+ interpret d01: polish_metric_set "{0,1::real}" "submetric {0,1::real} dist"
+ by(auto intro!: polish_metric_set.submetric_polish[OF polish_class_polish_set] simp: euclidean_mtopology)
+ interpret pd: product_polish_metric "1/2" UNIV id id "\<lambda>_. {0,1::real}" "\<lambda>_. submetric {0,1::real} dist" 1
+ by(auto intro!: product_polish_metric_natI simp: d01.polish_metric_set_axioms) (auto simp: submetric_def)
+ have mpd_top: "pd.mtopology = Cantor_space_as_topology"
+ by(auto simp: pd.product_dist_mtopology[symmetric] submetric_of_euclidean(2) intro!: product_topology_cong)
+
+ define def_at where "def_at x y \<equiv> LEAST n. x n \<noteq> y n" for x y :: "nat \<Rightarrow> real"
+ have def_atxy: "\<And>n. n < def_at x y \<Longrightarrow> x n = y n" "x (def_at x y) \<noteq> y (def_at x y)" if "x \<noteq> y" for x y
+ proof -
+ have "\<exists>n. x n \<noteq> y n"
+ using that by auto
+ from LeastI_ex[OF this]
+ show "\<And>n. n < def_at x y \<Longrightarrow> x n = y n" "x (def_at x y) \<noteq> y (def_at x y)"
+ using not_less_Least by(auto simp: def_at_def)
+ qed
+ have def_at_le_if: "pd.product_dist x y \<le> (1/2)^n \<Longrightarrow> n \<le> def_at x y" if assm:"x \<noteq> y" "x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" for x y n
+ proof -
+ assume h:"pd.product_dist x y \<le> (1 / 2) ^ n"
+ have "x m = y m" if m_less_n: "m < n" for m
+ proof(rule ccontr)
+ assume nen: "x m \<noteq> y m"
+ then have "submetric {0, 1} dist (x m) (y m) = 1"
+ using assm(2,3) by(auto simp: submetric_def)
+ hence "1 \<le> 2 ^ m * pd.product_dist x y"
+ using pd.product_dist_geq[of m m,simplified,OF assm(2,3)] by simp
+ hence "(1/2)^m \<le> 2^m * (1/2)^m * pd.product_dist x y" by simp
+ hence "(1/2)^m \<le> pd.product_dist x y" by (simp add: power_one_over)
+ also have "... \<le> (1 / 2) ^ n"
+ by(simp add: h)
+ finally show False
+ using that by auto
+ qed
+ thus "n \<le> def_at x y"
+ by (meson def_atxy(2) linorder_not_le that(1))
+ qed
+ have def_at_le_then: "pd.product_dist x y \<le> 2 * (1/2)^n" if assm:"x \<noteq> y" "x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "n \<le> def_at x y" for x y n
+ proof -
+ have "\<And>m. m < n \<Longrightarrow> x m = y m"
+ by (metis def_atxy(1) order_less_le_trans that(4))
+ hence 1:"\<And>m. m < n \<Longrightarrow> submetric {0, 1} dist (x m) (y m) = 0"
+ by (simp add: submetric_def)
+ have "pd.product_dist x y = (\<Sum>i. (1/2)^(i + n) * (submetric {0, 1} dist (x (i + n)) (y (i + n)))) + (\<Sum>i<n. (1/2)^i * (submetric {0, 1} dist (x i) (y i)))"
+ using assm pd.product_dist_summable'[simplified] by(auto intro!: suminf_split_initial_segment simp: product_dist_def)
+ also have "... = (\<Sum>i. (1/2)^(i + n) * (submetric {0, 1} dist (x (i + n)) (y (i + n))))"
+ by(simp add: 1)
+ also have "... \<le> (\<Sum>i. (1/2)^(i + n))"
+ using pd.product_dist_summable'[simplified] pd.d_bound by(auto intro!: suminf_le summable_ignore_initial_segment)
+ finally show ?thesis
+ using pd.nsum_of_rK[of n] by simp
+ qed
+ have d_le_def: "d (f x) (f y) \<le> (1/2)^(def_at x y)" if assm:"x \<noteq> y" "x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" for x y
+ proof -
+ have 1:"to_listn x n = to_listn y n" if "n \<le> def_at x y" for n
+ proof -
+ have "\<And>m. m < n \<Longrightarrow> x m = y m"
+ by (metis def_atxy(1) order_less_le_trans that)
+ then show ?thesis
+ by(auto intro!: to_listn_eq)
+ qed
+ have "f x \<in> md.closed_ball (xn (bn (to_listn x (def_at x y)))) ((1 / 2) ^ bn (to_listn x (def_at x y)))"
+ "f y \<in> md.closed_ball (xn (bn (to_listn x (def_at x y)))) ((1 / 2) ^ bn (to_listn x (def_at x y)))"
+ using f'[of x "def_at x y"] f'[of y "def_at x y"] by(auto simp: 1[OF order_refl])
+ hence "d (f x) (f y) \<le> 2 * (1 / 2) ^ bn (to_listn x (def_at x y))"
+ using f(1) by(auto intro!: md.diam_is_sup'[OF _ _ md.diam_cball_leq])
+ also have "... \<le> (1/2)^(def_at x y)"
+ proof -
+ have "Suc (def_at x y) \<le> bn (to_listn x (def_at x y))"
+ using bn_gtn[of "def_at x y" x] by simp
+ hence "(1 / 2) ^ bn (to_listn x (def_at x y)) \<le> (1 / 2 :: real) ^ Suc (def_at x y)"
+ using power_decreasing_iff[OF pd.r] by blast
+ thus ?thesis
+ by simp
+ qed
+ finally show "d (f x) (f y) \<le> (1/2)^(def_at x y)" .
+ qed
+ have fy_in:"f y \<in> md.closed_ball (xn (bn (to_listn x m))) ((1/2)^bn (to_listn x m)) \<Longrightarrow> \<forall>l<m. x l = y l" if assm:"x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" for x y m
+ proof(induction m)
+ case ih:(Suc m)
+ have "f y \<in> md.closed_ball (xn (bn (to_listn x m))) ((1 / 2) ^ bn (to_listn x m))"
+ using ih(2) cball_le by(auto simp: to_listn_simp)
+ with ih(1) have k:"k < m \<Longrightarrow> x k = y k" for k by simp
+ show ?case
+ proof safe
+ fix l
+ assume "l < Suc m"
+ then consider "l < m" | "l = m"
+ using \<open>l < Suc m\<close> by fastforce
+ thus "x l = y l"
+ proof cases
+ case 2
+ have 3:"f y \<in> md.closed_ball (xn (bn (y l # to_listn y l))) ((1 / 2) ^ bn (y l # to_listn y l))"
+ using f'[of y "Suc l"] by(simp add: to_listn_simp)
+ have 4:"f y \<in> md.closed_ball (xn (bn (x l # to_listn y l))) ((1 / 2) ^ bn (x l # to_listn y l))"
+ using ih(2) to_listn_eq[of m x y,OF k] by(simp add: to_listn_simp 2)
+ show ?thesis
+ proof(rule ccontr)
+ assume "x l \<noteq> y l"
+ then consider "x l = 0" "y l = 1" | "x l = 1" "y l = 0"
+ using assm(1,2) by(auto simp: PiE_def Pi_def) metis
+ thus False
+ by cases (use cball_disj[of "to_listn y l"] 3 4 in auto)
+ qed
+ qed(simp add: k)
+ qed
+ qed simp
+ have d_le_rn_then: "\<exists>e>0. \<forall>y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1}). x \<noteq> y \<longrightarrow> d (f x) (f y) < e \<longrightarrow> n \<le> def_at x y" if assm: "x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" for x n
+ proof(safe intro!: exI[where x="(1/2)^bn (to_listn x n) - d (xn (bn (to_listn x n))) (f x)"])
+ show "0 < (1 / 2) ^ bn (to_listn x n) - d (xn (bn (to_listn x n))) (f x)"
+ using md.open_ballD[OF f''] by auto
+ next
+ fix y
+ assume h:"y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "d (f x) (f y) < (1 / 2) ^ bn (to_listn x n) - d (xn (bn (to_listn x n))) (f x)" "x \<noteq> y"
+ then have "f y \<in> md.closed_ball (xn (bn (to_listn x n))) ((1/2)^bn (to_listn x n))"
+ using md.dist_tr[OF xn(4)[of "bn (to_listn x n)"] f(1)[of x] f(1)[of y]]
+ by(simp add: xn(4)[of "bn (to_listn x n)"] f(1)[of y] md.closed_ball_def)
+ with fy_in[OF assm h(1)] have "\<forall>m < n. x m = y m"
+ by simp
+ thus "n \<le> def_at x y"
+ by (meson def_atxy(2) linorder_not_le h(3))
+ qed
+ have 0: "f ` (\<Pi>\<^sub>E i\<in>UNIV. {0,1}) \<subseteq> topspace S"
+ using f(1) P(2) by auto
+ have 1: "continuous_map pd.mtopology bdmd.mtopology f"
+ unfolding metric_set_continuous_map_eq[OF pd.metric_set_axioms bdmd.metric_set_axioms]
+ proof safe
+ fix x :: "nat \<Rightarrow> real" and \<epsilon> :: real
+ assume h:"x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "0 < \<epsilon>"
+ then obtain n where n:"(1/2)^n < \<epsilon>"
+ using real_arch_pow_inv[OF _ pd.r(2)] by auto
+ show "\<exists>\<delta>>0. \<forall>y\<in>UNIV \<rightarrow>\<^sub>E {0, 1}. pd.product_dist x y < \<delta> \<longrightarrow> submetric (f ` (UNIV \<rightarrow>\<^sub>E {0, 1})) d (f x) (f y) < \<epsilon>"
+ proof(safe intro!: exI[where x="(1/2)^n"])
+ fix y
+ assume y:"y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "pd.product_dist x y < (1 / 2) ^ n"
+ consider "x = y" | "x \<noteq> y" by auto
+ thus "submetric (f ` (UNIV \<rightarrow>\<^sub>E {0, 1})) d (f x) (f y) < \<epsilon>"
+ proof cases
+ case 1
+ with y(1) h md.dist_0[OF f(1)[of y] f(1)[of y]]
+ show ?thesis by(auto simp add: submetric_def)
+ next
+ case 2
+ then have "n \<le> def_at x y"
+ using h(1) y by(auto intro!: def_at_le_if)
+ have "submetric (f ` (UNIV \<rightarrow>\<^sub>E {0, 1})) d (f x) (f y) \<le> (1/2)^(def_at x y)"
+ using h(1) y(1) by(auto simp: d_le_def[OF 2 h(1) y(1)] submetric_def)
+ also have "... \<le> (1/2)^n"
+ using \<open>n \<le> def_at x y\<close> by simp
+ finally show ?thesis
+ using n by simp
+ qed
+ qed simp
+ qed simp
+ have 2: "open_map pd.mtopology bdmd.mtopology f"
+ proof(rule metric_set_opem_map_from_dist[OF pd.metric_set_axioms bdmd.metric_set_axioms,of f,simplified subtopology_topspace[of bdmd.mtopology,simplified bdmd.mtopology_topspace]])
+ fix x :: "nat \<Rightarrow> real" and \<epsilon> :: real
+ assume h:"x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "0 < \<epsilon>"
+ then obtain n where n: "(1/2)^n < \<epsilon>"
+ using real_arch_pow_inv[OF _ pd.r(2)] by auto
+ obtain e where e: "e > 0" "\<And>y. y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1}) \<Longrightarrow> x \<noteq> y \<Longrightarrow> d (f x) (f y) < e \<Longrightarrow> Suc n \<le> def_at x y"
+ using d_le_rn_then[OF h(1),of "Suc n"] by auto
+ show "\<exists>\<delta>>0. \<forall>y\<in>UNIV \<rightarrow>\<^sub>E {0, 1}. submetric (f ` (UNIV \<rightarrow>\<^sub>E {0, 1})) d (f x) (f y) < \<delta> \<longrightarrow> pd.product_dist x y < \<epsilon>"
+ proof(safe intro!: exI[where x=e])
+ fix y
+ assume y:"y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" and "submetric (f ` (UNIV \<rightarrow>\<^sub>E {0, 1})) d (f x) (f y) < e"
+ then have d':"d (f x) (f y) < e"
+ using h(1) by(simp add: submetric_def)
+ consider "x = y" | "x \<noteq> y" by auto
+ thus "pd.product_dist x y < \<epsilon>"
+ by cases (use pd.dist_0[OF y y] h(2) def_at_le_then[OF _ h(1) y e(2)[OF y _ d']] n in auto)
+ qed(use e(1) in auto)
+ qed simp
+ have 3: "f ` (topspace pd.mtopology) = topspace bdmd.mtopology"
+ by(simp add: bdmd.mtopology_topspace pd.mtopology_topspace)
+ have 4: "inj_on f (topspace pd.mtopology)"
+ unfolding pd.mtopology_topspace
+ proof
+ fix x y
+ assume h:"x \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "y \<in> (\<Pi>\<^sub>E i\<in>UNIV. {0,1})" "f x = f y"
+ show "x = y"
+ proof
+ fix n
+ have "f y \<in> md.closed_ball (xn (bn (to_listn x (Suc n)))) ((1/2)^bn (to_listn x (Suc n)))"
+ using f'[of x "Suc n"] by(simp add: h)
+ thus "x n = y n"
+ using fy_in[OF h(1,2),of "Suc n"] by simp
+ qed
+ qed
+ show ?thesis
+ using homeomorphic_map_imp_homeomorphic_space[OF bijective_open_imp_homeomorphic_map[OF 1 2 3 4]] 0
+ by(auto simp: bdmd_sub mpd_top)
+qed
+
+lemma(in polish_topology) uncountable_contains_Cantor_space:
+ assumes "uncountable (topspace S)"
+ shows "\<exists>A. g_delta_of S A \<and> Cantor_space_as_topology homeomorphic_space (subtopology S A)"
+proof -
+ obtain A where A:"A \<subseteq> topspace S" "Cantor_space_as_topology homeomorphic_space (subtopology S A)"
+ using uncountable_contains_Cantor_space'[OF assms] by auto
+ then have "g_delta_of S A"
+ using Cantor_space_Polish_topology
+ by(auto intro!: complete_metrizable_homeo_image_g_delta simp: polish_topology_def complete_metrizable_axioms)
+ thus ?thesis
+ by(auto intro!: exI[where x=A] A(2))
+qed
+
+subsection \<open>Borel Spaces\<close>
+text \<open> Borel spaces generated from abstract topology \<close>
+definition borel_of :: "'a topology \<Rightarrow> 'a measure" where
+"borel_of S \<equiv> sigma (topspace S) {U. openin S U}"
+
+lemma emeasure_borel_of: "emeasure (borel_of S) A = 0"
+ by (simp add: borel_of_def emeasure_sigma)
+
+lemma borel_of_euclidean: "borel_of euclidean = borel"
+ by(simp add: borel_of_def borel_def)
+
+lemma space_borel_of: "space (borel_of S) = topspace S"
+ by(simp add: space_measure_of_conv borel_of_def)
+
+lemma sets_borel_of: "sets (borel_of S) = sigma_sets (topspace S) {U. openin S U}"
+ by (simp add: subset_Pow_Union topspace_def borel_of_def)
+
+lemma sets_borel_of_closed: "sets (borel_of S) = sigma_sets (topspace S) {U. closedin S U}"
+ unfolding sets_borel_of
+proof(safe intro!: sigma_sets_eqI)
+ fix a
+ assume a:"openin S a"
+ have "topspace S - (topspace S - a) \<in> sigma_sets (topspace S) {U. closedin S U}"
+ by(rule sigma_sets.Compl) (use a in auto)
+ thus "a \<in> sigma_sets (topspace S) {U. closedin S U}"
+ using openin_subset[OF a] by (simp add: Diff_Diff_Int inf.absorb_iff2)
+next
+ fix b
+ assume b:"closedin S b"
+ have "topspace S - (topspace S - b) \<in> sigma_sets (topspace S) {U. openin S U}"
+ by(rule sigma_sets.Compl) (use b in auto)
+ thus "b \<in> sigma_sets (topspace S) {U. openin S U}"
+ using closedin_subset[OF b] by (simp add: Diff_Diff_Int inf.absorb_iff2)
+qed
+
+lemma borel_of_open:
+ assumes "openin S U"
+ shows "U \<in> sets (borel_of S)"
+ using assms by (simp add: subset_Pow_Union topspace_def borel_of_def)
+
+lemma borel_of_closed:
+ assumes "closedin S U"
+ shows "U \<in> sets (borel_of S)"
+ using assms sigma_sets.Compl[of "topspace S - U" "topspace S"]
+ by (simp add: closedin_def double_diff sets_borel_of)
+
+lemma(in metric_set) nbh_sets[measurable]: "(\<Union>a\<in>A. open_ball a e) \<in> sets (borel_of mtopology)"
+ by(auto intro!: borel_of_open openin_clauses(3) openin_open_ball)
+
+lemma borel_of_g_delta_of:
+ assumes "g_delta_of S U"
+ shows "U \<in> sets (borel_of S)"
+ using g_delta_ofD[OF assms] borel_of_open
+ by(auto intro!: sets.countable_INT'[of _ id,simplified])
+
+lemma borel_of_subtopology:
+ "borel_of (subtopology S U) = restrict_space (borel_of S) U"
+proof(rule measure_eqI)
+ show "sets (borel_of (subtopology S U)) = sets (restrict_space (borel_of S) U)"
+ unfolding restrict_space_eq_vimage_algebra' sets_vimage_algebra sets_borel_of topspace_subtopology space_borel_of Int_commute[of U]
+ proof(rule sigma_sets_eqI)
+ fix a
+ assume "a \<in> Collect (openin (subtopology S U))"
+ then obtain T where "openin S T" "a = T \<inter> U"
+ by(auto simp: openin_subtopology)
+ show "a \<in> sigma_sets (topspace S \<inter> U) {(\<lambda>x. x) -` A \<inter> (topspace S \<inter> U) |A. A \<in> sigma_sets (topspace S) (Collect (openin S))}"
+ using openin_subset[OF \<open>openin S T\<close>] \<open>a = T \<inter> U\<close> by(auto intro!: exI[where x=T] \<open>openin S T\<close>)
+ next
+ fix b
+ assume "b \<in> {(\<lambda>x. x) -` A \<inter> (topspace S \<inter> U) |A. A \<in> sigma_sets (topspace S) (Collect (openin S))}"
+ then obtain T where ht:"b = T \<inter> (topspace S \<inter> U)" "T \<in> sigma_sets (topspace S) (Collect (openin S))"
+ by auto
+ hence "b = T \<inter> U"
+ proof -
+ have "T \<subseteq> topspace S"
+ by(rule sigma_sets_into_sp[OF _ ht(2)]) (simp add: subset_Pow_Union topspace_def)
+ thus ?thesis
+ by(auto simp: ht(1))
+ qed
+ with ht(2) show "b \<in> sigma_sets (topspace S \<inter> U) (Collect (openin (subtopology S U)))"
+ proof(induction arbitrary: b U)
+ case (Basic a)
+ then show ?case
+ by(auto simp: openin_subtopology)
+ next
+ case Empty
+ then show ?case by simp
+ next
+ case ih:(Compl a)
+ then show ?case
+ by (simp add: Diff_Int_distrib2 sigma_sets.Compl)
+ next
+ case (Union a)
+ then show ?case
+ by (metis UN_extend_simps(4) sigma_sets.Union)
+ qed
+ qed
+qed(simp add: emeasure_borel_of restrict_space_def emeasure_measure_of_conv)
+
+
+lemma(in metrizable) sigma_sets_eq_cinter_dunion:
+ "sigma_sets (topspace S) {U. openin S U} = sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+proof safe
+ fix a
+ interpret sa: sigma_algebra "topspace S" "sigma_sets (topspace S) {U. openin S U}"
+ by(auto intro!: sigma_algebra_sigma_sets openin_subset)
+ assume "a \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ then show "a \<in> sigma_sets (topspace S) {U. openin S U}"
+ by induction auto
+next
+ have c:"sigma_sets_cinter_dunion (topspace S) {U. openin S U} \<subseteq> {U\<in>sigma_sets_cinter_dunion (topspace S) {U. openin S U}. topspace S - U \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}}"
+ proof
+ fix a
+ assume a: "a \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ then show "a \<in> {U \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}. topspace S - U \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}}"
+ proof induction
+ case a:(Basic_cd a)
+ then have "g_delta_of S (topspace S - a)"
+ by(auto intro!: g_delta_of_closedin)
+ from g_delta_ofD'[OF this] obtain U where U:
+ "\<And>n :: nat. openin S (U n)" "topspace S - a = \<Inter> (range U)" by auto
+ show ?case
+ using a U(1) by(auto simp: U(2) intro!: Inter_cd)
+ next
+ case Top_cd
+ then show ?case by auto
+ next
+ case ca:(Inter_cd a)
+ define b where "b \<equiv> (\<lambda>n. (topspace S - a n) \<inter> (\<Inter>i. if i < n then a i else topspace S))"
+ have bd:"disjoint_family b"
+ using nat_neq_iff by(fastforce simp: disjoint_family_on_def b_def)
+ have bin:"b i \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}" for i
+ unfolding b_def
+ apply(rule sigma_sets_cinter_dunion_int)
+ using ca(2)[of i]
+ apply auto[1]
+ apply(rule Inter_cd) using ca by auto
+ have bun:"topspace S - (\<Inter> (range a)) = (\<Union>i. b i)" (is "?lhs = ?rhs")
+ proof -
+ { fix x
+ have "x \<in> ?lhs \<longleftrightarrow> x \<in> topspace S \<and> x \<in> (\<Union>i. topspace S - a i)"
+ by auto
+ also have "... \<longleftrightarrow> x \<in> topspace S \<and> (\<exists>n. x \<in> topspace S - a n)"
+ by auto
+ also have "... \<longleftrightarrow> x \<in> topspace S \<and> (\<exists>n. x \<in> topspace S - a n \<and> (\<forall>i<n. x \<in> a i))"
+ proof safe
+ fix n
+ assume 1:"x \<notin> a n" "x \<in> topspace S"
+ define N where "N \<equiv> Min {m. m \<le> n \<and> x \<notin> a m}"
+ have N:"x \<notin> a N" "N \<le> n"
+ using linorder_class.Min_in[of "{m. m \<le> n \<and> x \<notin> a m}"] 1
+ by(auto simp: N_def)
+ have N':"x \<in> a i" if "i < N" for i
+ proof(rule ccontr)
+ assume "x \<notin> a i"
+ then have "N \<le> i"
+ using linorder_class.Min_le[of "{m. m \<le> n \<and> x \<notin> a m}" i] that N(2)
+ by(auto simp: N_def)
+ with that show False by auto
+ qed
+ show "\<exists>n. x \<in> topspace S - a n \<and> (\<forall>i<n. x \<in> a i)"
+ using N N' by(auto intro!: exI[where x=N] 1)
+ qed auto
+ also have "... \<longleftrightarrow> x \<in> ?rhs"
+ by(auto simp: b_def)
+ finally have "x \<in> ?lhs \<longleftrightarrow> x \<in> ?rhs" . }
+ thus ?thesis by auto
+ qed
+ have "... \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ by(rule Union_cd) (use bin bd in auto)
+ thus ?case
+ using Inter_cd[of a,OF ca(1)] by(auto simp: bun)
+ next
+ case ca:(Union_cd a)
+ have "topspace S - (\<Union> (range a)) = (\<Inter>i. (topspace S - a i))"
+ by simp
+ have "... \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ by(rule Inter_cd) (use ca in auto)
+ then show ?case
+ using Union_cd[of a,OF ca(1,2)] by auto
+ qed
+ qed
+ fix a
+ assume "a \<in> sigma_sets (topspace S) {U. openin S U}"
+ then show "a \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ proof induction
+ case a:(Union a)
+ define b where "b \<equiv> (\<lambda>n. a n \<inter> (\<Inter>i. if i < n then topspace S - a i else topspace S))"
+ have bd:"disjoint_family b"
+ by(auto simp: disjoint_family_on_def b_def) (metis Diff_iff UnCI image_eqI linorder_neqE_nat mem_Collect_eq)
+ have bin:"b i \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}" for i
+ unfolding b_def
+ apply(rule sigma_sets_cinter_dunion_int)
+ using a(2)[of i]
+ apply auto[1]
+ apply(rule Inter_cd) using c a by auto
+ have bun:"(\<Union>i. a i) = (\<Union>i. b i)" (is "?lhs = ?rhs")
+ proof -
+ {
+ fix x
+ have "x \<in> ?lhs \<longleftrightarrow> x \<in> topspace S \<and> x \<in> ?lhs"
+ using sigma_sets_cinter_dunion_into_sp[OF _ a(2)]
+ by (metis UN_iff subsetD subset_Pow_Union topspace_def)
+ also have "... \<longleftrightarrow> x \<in> topspace S \<and> (\<exists>n. x \<in> a n)" by auto
+ also have "... \<longleftrightarrow> x \<in> topspace S \<and> (\<exists>n. x \<in> a n \<and> (\<forall>i<n. x \<in> topspace S - a i))"
+ proof safe
+ fix n
+ assume 1:"x \<in> topspace S" "x \<in> a n"
+ define N where "N \<equiv> Min {m. m \<le> n \<and> x \<in> a m}"
+ have N:"x \<in> a N" "N \<le> n"
+ using linorder_class.Min_in[of "{m. m \<le> n \<and> x \<in> a m}"] 1
+ by(auto simp: N_def)
+ have N':"x \<notin> a i" if "i < N" for i
+ proof(rule ccontr)
+ assume "\<not> x \<notin> a i"
+ then have "N \<le> i"
+ using linorder_class.Min_le[of "{m. m \<le> n \<and> x \<in> a m}" i] that N(2)
+ by(auto simp: N_def)
+ with that show False by auto
+ qed
+ show "\<exists>n. x \<in> a n \<and> (\<forall>i<n. x \<in> topspace S - a i)"
+ using N N' 1 by(auto intro!: exI[where x=N])
+ qed auto
+ also have "... \<longleftrightarrow> x \<in> ?rhs"
+ proof safe
+ fix m
+ assume "x \<in> b m"
+ then show "x \<in> topspace S" "\<exists>n. x \<in> a n \<and> (\<forall>i<n. x \<in> topspace S - a i)"
+ by(auto intro!: exI[where x=m] simp: b_def)
+ qed(auto simp: b_def)
+ finally have "x \<in> ?lhs \<longleftrightarrow> x \<in> ?rhs" . }
+ thus ?thesis by auto
+ qed
+ have "... \<in> sigma_sets_cinter_dunion (topspace S) {U. openin S U}"
+ by(rule Union_cd) (use bin bd in auto)
+ thus ?case
+ by(auto simp: bun)
+ qed(use c in auto)
+qed
+
+lemma(in metrizable) sigma_sets_eq_cinter:
+ "sigma_sets (topspace S) {U. openin S U} = sigma_sets_cinter (topspace S) {U. openin S U}"
+proof safe
+ fix a
+ interpret sa: sigma_algebra "topspace S" "sigma_sets (topspace S) {U. openin S U}"
+ by(auto intro!: sigma_algebra_sigma_sets openin_subset)
+ assume "a \<in> sigma_sets_cinter (topspace S) {U. openin S U}"
+ then show "a \<in> sigma_sets (topspace S) {U. openin S U}"
+ by induction auto
+qed (use sigma_sets_cinter_dunion_subset sigma_sets_eq_cinter_dunion in auto)
+
+
+lemma continuous_map_measurable:
+ assumes "continuous_map X Y f"
+ shows "f \<in> borel_of X \<rightarrow>\<^sub>M borel_of Y"
+proof(rule measurable_sigma_sets[OF sets_borel_of[of Y]])
+ show "{U. openin Y U} \<subseteq> Pow (topspace Y)"
+ by (simp add: subset_Pow_Union topspace_def)
+next
+ show "f \<in> space (borel_of X) \<rightarrow> topspace Y"
+ using continuous_map_image_subset_topspace[OF assms]
+ by(auto simp: space_borel_of)
+next
+ fix U
+ assume "U \<in> {U. openin Y U}"
+ then have "openin X (f -` U \<inter> topspace X)"
+ using continuous_map[of X Y f] assms by auto
+ thus "f -` U \<inter> space (borel_of X) \<in> sets (borel_of X)"
+ by(simp add: space_borel_of sets_borel_of)
+qed
+
+lemma open_map_preserves_sets:
+ assumes "open_map S T f" "inj_on f (topspace S)" "A \<in> sets (borel_of S)"
+ shows "f ` A \<in> sets (borel_of T)"
+ using assms(3)[simplified sets_borel_of]
+proof(induction)
+ case (Basic a)
+ with assms(1) show ?case
+ by(auto simp: sets_borel_of open_map_def)
+next
+ case Empty
+ show ?case by simp
+next
+ case (Compl a)
+ moreover have "f ` (topspace S - a) = f ` (topspace S) - f ` a"
+ by (metis Diff_subset assms(2) calculation(1) inj_on_image_set_diff sigma_sets_into_sp subset_Pow_Union topspace_def)
+ moreover have "f ` (topspace S) \<in> sets (borel_of T)"
+ by (meson assms(1) borel_of_open open_map_def openin_topspace)
+ ultimately show ?case
+ by auto
+next
+ case (Union a)
+ then show ?case
+ by (simp add: image_UN)
+qed
+
+lemma open_map_preserves_sets':
+ assumes "open_map S (subtopology T (f ` (topspace S))) f" "inj_on f (topspace S)" "f ` (topspace S) \<in> sets (borel_of T)" "A \<in> sets (borel_of S)"
+ shows "f ` A \<in> sets (borel_of T)"
+ using assms(4)[simplified sets_borel_of]
+proof(induction)
+ case (Basic a)
+ then have "openin (subtopology T (f ` (topspace S))) (f ` a)"
+ using assms(1) by(auto simp: open_map_def)
+ hence "f ` a \<in> sets (borel_of (subtopology T (f ` (topspace S))))"
+ by(simp add: sets_borel_of)
+ hence "f ` a \<in> sets (restrict_space (borel_of T) (f ` (topspace S)))"
+ by(simp add: borel_of_subtopology)
+ thus ?case
+ by (metis sets_restrict_space_iff assms(3) sets.Int_space_eq2)
+next
+ case Empty
+ show ?case by simp
+next
+ case (Compl a)
+ moreover have "f ` (topspace S - a) = f ` (topspace S) - f ` a"
+ by (metis Diff_subset assms(2) calculation(1) inj_on_image_set_diff sigma_sets_into_sp subset_Pow_Union topspace_def)
+ ultimately show ?case
+ using assms(3) by auto
+next
+ case (Union a)
+ then show ?case
+ by (simp add: image_UN)
+qed
+
+
+text \<open> Abstract topology version of @{thm second_countable_borel_measurable}. \<close>
+lemma borel_of_second_countable':
+ assumes "second_countable S" and "subbase_of S \<U>"
+ shows "borel_of S = sigma (topspace S) \<U>"
+ unfolding borel_of_def
+proof(rule sigma_eqI)
+ show "{U. openin S U} \<subseteq> Pow (topspace S)"
+ by (simp add: subset_Pow_Union topspace_def)
+next
+ show "\<U> \<subseteq> Pow (topspace S)"
+ using subbase_of_subset[OF assms(2)] by auto
+next
+ interpret s: sigma_algebra "topspace S" "sigma_sets (topspace S) \<U>"
+ using subbase_of_subset[OF assms(2)] by(auto intro!: sigma_algebra_sigma_sets)
+ obtain \<O> where ho: "countable \<O>" "base_of S \<O>"
+ using assms(1) by(auto simp: second_countable_def)
+ show "sigma_sets (topspace S) {U. openin S U} = sigma_sets (topspace S) \<U>"
+ proof(rule sigma_sets_eqI)
+ fix U
+ assume "U \<in> {U. openin S U}"
+ then have "generate_topology_on \<U> U"
+ using assms(2) by(simp add: subbase_of_def openin_topology_generated_by_iff)
+ thus "U \<in> sigma_sets (topspace S) \<U>"
+ proof induction
+ case (UN K)
+ with ho(2) obtain V where hv:
+ "\<And>k. k \<in> K \<Longrightarrow> V k \<subseteq> \<O>" "\<And>k. k \<in> K \<Longrightarrow> \<Union> (V k) = k"
+ by(simp add: base_of_def openin_topology_generated_by_iff[symmetric] assms(2)[simplified subbase_of_def,symmetric]) metis
+ define \<U>k where "\<U>k = (\<Union>k\<in>K. V k)"
+ have 0:"countable \<U>k"
+ using hv by(auto intro!: countable_subset[OF _ ho(1)] simp: \<U>k_def)
+ have "\<Union> \<U>k = (\<Union>A\<in>\<U>k. A)" by auto
+ also have "... = \<Union> K"
+ unfolding \<U>k_def UN_simps by(simp add: hv(2))
+ finally have 1:"\<Union> \<U>k = \<Union> K" .
+ have "\<forall>b\<in>\<U>k. \<exists>k\<in>K. b \<subseteq> k"
+ using hv by (auto simp: \<U>k_def)
+ then obtain V' where hv': "\<And>b. b \<in> \<U>k \<Longrightarrow> V' b \<in> K" and "\<And>b. b \<in> \<U>k \<Longrightarrow> b \<subseteq> V' b"
+ by metis
+ then have "(\<Union>b\<in>\<U>k. V' b) \<subseteq> \<Union>K" "\<Union>\<U>k \<subseteq> (\<Union>b\<in>\<U>k. V' b)"
+ by auto
+ then have "\<Union>K = (\<Union>b\<in>\<U>k. V' b)"
+ unfolding 1 by auto
+ also have "\<dots> \<in> sigma_sets (topspace S) \<U>"
+ using hv' UN by(auto intro!: s.countable_UN' simp: 0)
+ finally show "\<Union>K \<in> sigma_sets (topspace S) \<U>" .
+ qed auto
+ next
+ fix U
+ assume "U \<in> \<U>"
+ from assms(2)[simplified subbase_of_def] openin_topology_generated_by_iff generate_topology_on.Basis[OF this]
+ show "U \<in> sigma_sets (topspace S) {U. openin S U}"
+ by auto
+ qed
+qed
+
+text \<open> Abstract topology version @{thm borel_prod}.\<close>
+lemma borel_of_prod:
+ assumes "second_countable S" and "second_countable S'"
+ shows "borel_of S \<Otimes>\<^sub>M borel_of S' = borel_of (prod_topology S S')"
+proof -
+ have "borel_of S \<Otimes>\<^sub>M borel_of S' = sigma (topspace S \<times> topspace S') {a \<times> b |a b. a \<in> {a. openin S a} \<and> b \<in> {b. openin S' b}}"
+ proof -
+ obtain \<O> \<O>' where ho:
+ "countable \<O>" "base_of S \<O>" "countable \<O>'" "base_of S' \<O>'"
+ using assms by(auto simp: second_countable_def)
+ show ?thesis
+ unfolding borel_of_def
+ apply(rule sigma_prod)
+ using topology_generated_by_topspace[of \<O>,simplified base_is_subbase[OF ho(2),simplified subbase_of_def,symmetric]] topology_generated_by_topspace[of \<O>',simplified base_is_subbase[OF ho(4),simplified subbase_of_def,symmetric]]
+ base_of_openin[OF ho(2)] base_of_openin[OF ho(4)]
+ by(auto intro!: exI[where x=\<O>] exI[where x=\<O>'] simp: ho subset_Pow_Union topspace_def)
+ qed
+ also have "... = borel_of (prod_topology S S')"
+ using borel_of_second_countable'[OF prod_topology_second_countable[OF assms],simplified subbase_of_def,OF prod_topology_generated_by_open]
+ by simp
+ finally show ?thesis .
+qed
+
+lemma product_borel_of_measurable:
+ assumes "i \<in> I"
+ shows "(\<lambda>x. x i) \<in> (borel_of (product_topology S I)) \<rightarrow>\<^sub>M borel_of (S i)"
+ by(auto intro!: continuous_map_measurable simp: assms)
+
+
+text \<open> Abstract topology version of @{thm sets_PiM_subset_borel} \<close>
+lemma sets_PiM_subset_borel_of:
+ "sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i)) \<subseteq> sets (borel_of (product_topology S I))"
+proof -
+ have *: "(\<Pi>\<^sub>E i\<in>I. X i) \<in> sets (borel_of (product_topology S I))" if [measurable]:"\<And>i. X i \<in> sets (borel_of (S i))" "finite {i. X i \<noteq> topspace (S i)}" for X
+ proof -
+ note [measurable] = product_borel_of_measurable
+ define I' where "I' = {i. X i \<noteq> topspace (S i)} \<inter> I"
+ have "finite I'" unfolding I'_def using that by simp
+ have "(\<Pi>\<^sub>E i\<in>I. X i) = (\<Inter>i\<in>I'. (\<lambda>x. x i)-`(X i) \<inter> space (borel_of (product_topology S I))) \<inter> space (borel_of (product_topology S I))"
+ proof(standard;standard)
+ fix x
+ assume "x \<in> Pi\<^sub>E I X"
+ then show "x \<in> (\<Inter>i\<in>I'. (\<lambda>x. x i) -` X i \<inter> space (borel_of (product_topology S I))) \<inter> space (borel_of (product_topology S I))"
+ using sets.sets_into_space[OF that(1)] by(auto simp: PiE_def I'_def Pi_def space_borel_of)
+ next
+ fix x
+ assume 1:"x \<in> (\<Inter>i\<in>I'. (\<lambda>x. x i) -` X i \<inter> space (borel_of (product_topology S I))) \<inter> space (borel_of (product_topology S I))"
+ have "x i \<in> X i" if hi:"i \<in> I" for i
+ proof -
+ consider "i \<in> I' \<and> I' \<noteq> {}" | "i \<notin> I' \<and> I' = {}" | "i \<notin> I' \<and> I' \<noteq> {}" by auto
+ then show ?thesis
+ apply cases
+ using sets.sets_into_space[OF \<open>\<And>i. X i \<in> sets (borel_of (S i))\<close>] 1 that
+ by(auto simp: space_borel_of I'_def)
+ qed
+ then show "x \<in> Pi\<^sub>E I X"
+ using 1 by(auto simp: space_borel_of)
+ qed
+ also have "... \<in> sets (borel_of (product_topology S I))"
+ using that \<open>finite I'\<close> by(auto simp: I'_def)
+ finally show ?thesis .
+ qed
+ then have "{Pi\<^sub>E I X |X. (\<forall>i. X i \<in> sets (borel_of (S i))) \<and> finite {i. X i \<noteq> space (borel_of (S i))}} \<subseteq> sets (borel_of (product_topology S I))"
+ by(auto simp: space_borel_of)
+ show ?thesis unfolding sets_PiM_finite
+ by(rule sets.sigma_sets_subset',fact) (simp add: borel_of_open[OF openin_topspace, of "product_topology S I",simplified] space_borel_of)
+qed
+
+text \<open> Abstract topology version of @{thm sets_PiM_equal_borel}.\<close>
+lemma sets_PiM_equal_borel_of:
+ assumes "countable I" and "\<And>i. i \<in> I \<Longrightarrow> second_countable (S i)"
+ shows "sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i)) = sets (borel_of (product_topology S I))"
+proof
+ obtain K where hk:
+ "countable K" "base_of (product_topology S I) K"
+ "\<And>k. k \<in> K \<Longrightarrow> \<exists>X. (k = (\<Pi>\<^sub>E i\<in>I. X i)) \<and> (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)} \<and> {i. X i \<noteq> topspace (S i)} \<subseteq> I"
+ using product_topology_countable_base_of[OF assms(1)] assms(2)
+ by force
+ have *:"k \<in> sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))" if "k \<in> K" for k
+ proof -
+ obtain X where H: "k = (\<Pi>\<^sub>E i\<in>I. X i)" "\<And>i. openin (S i) (X i)" "finite {i. X i \<noteq> topspace (S i)}" "{i. X i \<noteq> topspace (S i)} \<subseteq> I"
+ using hk(3)[OF \<open>k \<in> K\<close>] by blast
+ show ?thesis unfolding H(1) sets_PiM_finite
+ using borel_of_open[OF H(2)] H(3) by(auto simp: space_borel_of)
+ qed
+ have **: "U \<in> sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))" if "openin (product_topology S I) U" for U
+ proof -
+ obtain B where "B \<subseteq> K" "U = (\<Union>B)"
+ using \<open>openin (product_topology S I) U\<close> \<open>base_of (product_topology S I) K\<close> by (metis base_of_def)
+ have "countable B" using \<open>B \<subseteq> K\<close> \<open>countable K\<close> countable_subset by blast
+ moreover have "k \<in> sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))" if "k \<in> B" for k
+ using \<open>B \<subseteq> K\<close> * that by auto
+ ultimately show ?thesis unfolding \<open>U = (\<Union>B)\<close> by auto
+ qed
+ have "sigma_sets (topspace (product_topology S I)) {U. openin (product_topology S I) U} \<subseteq> sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))"
+ apply (rule sets.sigma_sets_subset') using ** by(auto intro!: sets_PiM_I_countable[OF assms(1)] simp: borel_of_open[OF openin_topspace])
+ thus " sets (borel_of (product_topology S I)) \<subseteq> sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))"
+ by (simp add: subset_Pow_Union topspace_def borel_of_def)
+qed(rule sets_PiM_subset_borel_of)
+
+
+
+lemma homeomorphic_map_borel_isomorphic:
+ assumes "homeomorphic_map X Y f"
+ shows "measurable_isomorphic_map (borel_of X) (borel_of Y) f"
+proof -
+ obtain g where "homeomorphic_maps X Y f g"
+ using assms by(auto simp: homeomorphic_map_maps)
+ hence "continuous_map X Y f" "continuous_map Y X g"
+ "\<And>x. x \<in> topspace X \<Longrightarrow> g (f x) = x"
+ "\<And>y. y \<in> topspace Y \<Longrightarrow> f (g y) = y"
+ by(auto simp: homeomorphic_maps_def)
+ thus ?thesis
+ by(auto intro!: measurable_isomorphic_map_byWitness dest: continuous_map_measurable simp: space_borel_of)
+qed
+
+lemma homeomorphic_space_measurable_isomorphic:
+ assumes "S homeomorphic_space T"
+ shows "borel_of S measurable_isomorphic borel_of T"
+ using homeomorphic_map_borel_isomorphic[of S T] assms by(auto simp: measurable_isomorphic_def homeomorphic_space)
+
+
+lemma measurable_isomorphic_borel_map:
+ assumes "sets M = sets (borel_of S)" and f: "measurable_isomorphic_map M N f"
+ shows "\<exists>S'. homeomorphic_map S S' f \<and> sets N = sets (borel_of S')"
+proof -
+ obtain g where fg:"f \<in> M \<rightarrow>\<^sub>M N" "g \<in> N \<rightarrow>\<^sub>M M" "\<And>x. x\<in>space M \<Longrightarrow> g (f x) = x" "\<And>y. y\<in>space N \<Longrightarrow> f (g y) = y" "\<And>A. A\<in>sets M \<Longrightarrow> f ` A \<in> sets N" "\<And>A. A\<in>sets N \<Longrightarrow> g ` A \<in> sets M" "bij_betw g (space N) (space M)"
+ using measurable_isomorphic_mapD'[OF f] by metis
+ have g:"measurable_isomorphic_map N M g"
+ by(auto intro!: measurable_isomorphic_map_byWitness fg)
+ have g':"bij_betw g (space N) (topspace S)"
+ using fg(7) sets_eq_imp_space_eq[OF assms(1)] by(auto simp: space_borel_of)
+ show ?thesis
+ proof(intro exI[where x="pullback_topology (space N) g S"] conjI)
+ have [simp]: "{U. openin (pullback_topology (space N) g S) U} = (`) f ` {U. openin S U}"
+ unfolding openin_pullback_topology'[OF g']
+ proof safe
+ fix u
+ assume u:"openin S u"
+ then have 1:"u \<subseteq> space M"
+ by(simp add: sets_eq_imp_space_eq[OF assms(1)] space_borel_of openin_subset)
+ with fg(3) have "g ` f ` u = u"
+ by(fastforce simp: image_def)
+ with u show "openin S (g ` f ` u)" by simp
+ fix x
+ assume "x \<in> u"
+ with 1 fg(1) show "f x \<in> space N" by(auto simp: measurable_space)
+ next
+ fix u
+ assume "openin S (g ` u)" "u \<subseteq> space N"
+ with fg(4) show "u \<in> (`) f ` {U. openin S U}"
+ by(auto simp: image_def intro!: exI[where x="g ` u"]) (metis in_mono)
+ qed
+ have [simp]:"g -` topspace S \<inter> space N = space N"
+ using bij_betw_imp_surj_on g' by blast
+ show "sets N = sets (borel_of (pullback_topology (space N) g S))"
+ by(auto simp: sets_borel_of topspace_pullback_topology intro!: measurable_isomorphic_map_sigma_sets[OF assms(1)[simplified sets_borel_of space_borel_of[symmetric] sets_eq_imp_space_eq[OF assms(1),symmetric]] f])
+ next
+ show "homeomorphic_map S (pullback_topology (space N) g S) f"
+ proof(rule homeomorphic_maps_imp_map[where g=g])
+ obtain f' where f':"homeomorphic_maps (pullback_topology (space N) g S) S g f'"
+ using topology_from_bij(1)[OF g'] homeomorphic_map_maps by blast
+ have f'2:"f' y = f y" if y:"y \<in> topspace S" for y
+ proof -
+ have [simp]:"g -` topspace S \<inter> space N = space N"
+ using bij_betw_imp_surj_on g' by blast
+ obtain x where "x \<in> space N" "y = g x"
+ using g' y by(auto simp: bij_betw_def image_def)
+ thus ?thesis
+ using fg(4) f' by(auto simp: homeomorphic_maps_def topspace_pullback_topology)
+ qed
+ thus "homeomorphic_maps S (pullback_topology (space N) g S) f g"
+ by(auto intro!: homeomorphic_maps_eq[OF f'] simp: homeomorphic_maps_sym[of S])
+ qed
+ qed
+qed
+
+lemma measurable_isomorphic_borels:
+ assumes "sets M = sets (borel_of S)" "M measurable_isomorphic N"
+ shows "\<exists>S'. S homeomorphic_space S' \<and> sets N = sets (borel_of S')"
+ using measurable_isomorphic_borel_map[OF assms(1)] assms(2) homeomorphic_map_maps
+ by(fastforce simp: measurable_isomorphic_def homeomorphic_space_def )
+
+lemma(in polish_topology) closedin_clopen_topology:
+ assumes "closedin S a"
+ shows "\<exists>S'. polish_topology S' \<and> (\<forall>u. openin S u \<longrightarrow> openin S' u) \<and> topspace S = topspace S' \<and> sets (borel_of S) = sets (borel_of S') \<and> openin S' a \<and> closedin S' a"
+proof -
+ have "polish_topology (subtopology S a)"
+ by(rule closedin_polish[OF assms])
+ from polish_topology.bounded_polish_metric[OF this] obtain da where da:
+ "polish_metric_set a da" "subtopology S a = metric_set.mtopology a da" "\<And>x y. da x y < 1"
+ by (metis topspace_subtopology_subset closedin_subset[OF assms])
+ interpret pa: polish_metric_set a da by fact
+ have "polish_topology (subtopology S (topspace S - a))"
+ using assms by(auto intro!: openin_polish)
+ from polish_topology.bounded_polish_metric[OF this]
+ obtain db where db: "polish_metric_set (topspace S - a) db" "subtopology S (topspace S - a) = metric_set.mtopology (topspace S - a) db" "\<And>x y. db x y < 1"
+ by (metis Diff_subset topspace_subtopology_subset)
+ interpret pb: polish_metric_set "topspace S - a" db by fact
+ interpret p: sum_polish_metric UNIV "\<lambda>b. if b then a else topspace S - a" "\<lambda>b. if b then da else db"
+ using da db by(auto intro!: sum_polish_metricI simp: disjoint_family_on_def)
+ have 0: "(\<Union>i. if i then a else topspace S - a) = topspace S"
+ using closedin_subset assms by auto
+
+ have 1: "sets (borel_of S) = sets (borel_of p.mtopology)"
+ proof -
+ have "sigma_sets (topspace S) (Collect (openin S)) = sigma_sets (topspace S) (Collect (openin p.mtopology))"
+ proof(rule sigma_sets_eqI)
+ fix a
+ assume "a \<in> Collect (openin S)"
+ then have "openin p.mtopology a"
+ by(simp only: p.openin_sum_mtopology_iff) (auto simp: 0 da(2)[symmetric] db(2)[symmetric] openin_subtopology dest:openin_subset)
+ thus "a \<in> sigma_sets (topspace S) (Collect (openin p.mtopology))"
+ by auto
+ next
+ interpret s: sigma_algebra "topspace S" "sigma_sets (topspace S) (Collect (openin S))"
+ by(auto intro!: sigma_algebra_sigma_sets openin_subset)
+ fix b
+ assume "b \<in> Collect (openin p.mtopology)"
+ then have "openin p.mtopology b" by auto
+ then have b:"b \<subseteq> topspace S" "openin (subtopology S a) (b \<inter> a)" "openin (subtopology S (topspace S - a)) (b \<inter> (topspace S - a))"
+ by(simp_all only: p.openin_sum_mtopology_iff,insert 0 da(2) db(2)) (auto simp: all_bool_eq)
+ have [simp]: "(b \<inter> a) \<union> (b \<inter> (topspace S - a)) = b"
+ using Diff_partition b(1) by blast
+ have "(b \<inter> a) \<union> (b \<inter> (topspace S - a)) \<in> sigma_sets (topspace S) (Collect (openin S))"
+ proof(rule sigma_sets_Un)
+ have [simp]:"a \<in> sigma_sets (topspace S) (Collect (openin S))"
+ proof -
+ have "topspace S - (topspace S - a) \<in> sigma_sets (topspace S) (Collect (openin S))"
+ by(rule sigma_sets.Compl) (use assms in auto)
+ thus ?thesis
+ using double_diff[OF closedin_subset[OF assms]] by simp
+ qed
+ from b(2,3) obtain T T' where T:"openin S T" "openin S T'" and [simp]:"b \<inter> a = T \<inter> a" "b \<inter> (topspace S - a) = T' \<inter> (topspace S - a)"
+ by(auto simp: openin_subtopology)
+ show "b \<inter> a \<in> sigma_sets (topspace S) (Collect (openin S))"
+ "b \<inter> (topspace S - a) \<in> sigma_sets (topspace S) (Collect (openin S))"
+ using T assms by auto
+ qed
+ thus "b \<in> sigma_sets (topspace S) (Collect (openin S))"
+ by simp
+ qed
+ thus ?thesis
+ by(simp only: sets_borel_of p.mtopology_topspace) (use 0 in auto)
+ qed
+ have 2:"\<And>u. openin S u \<Longrightarrow> openin p.mtopology u"
+ by(simp only: p.openin_sum_mtopology_iff) (auto simp: all_bool_eq da(2)[symmetric] db(2)[symmetric] openin_subtopology dest:openin_subset)
+ have 3:"openin p.mtopology a"
+ by(simp only: p.openin_sum_mtopology_iff) (auto simp: all_bool_eq)
+ have 4:"closedin p.mtopology a"
+ by (metis 0 2 assms closedin_def p.mtopology_topspace)
+ have 5: "topspace S = topspace p.mtopology"
+ by(simp only: p.mtopology_topspace) (simp only: 0)
+ have 6: "polish_topology p.mtopology"
+ using p.polish_topology_axioms by blast
+ show ?thesis
+ by(rule exI[where x=p.mtopology]) (insert 5 2 6, simp only: 1 3 4 ,auto)
+qed
+
+lemma polish_topology_union_polish:
+ fixes X :: "nat \<Rightarrow> 'a topology"
+ assumes "\<And>n. polish_topology (X n)" "\<And>n. topspace (X n) = Xt" "\<And>x y. x \<in> Xt \<Longrightarrow> y \<in> Xt \<Longrightarrow> x \<noteq> y \<Longrightarrow> \<exists>Ox Oy. (\<forall>n. openin (X n) Ox) \<and> (\<forall>n. openin (X n) Oy) \<and> x \<in> Ox \<and> y \<in> Oy \<and> disjnt Ox Oy"
+ defines "Xun \<equiv> topology_generated_by (\<Union>n. {u. openin (X n) u})"
+ shows "polish_topology Xun"
+proof -
+ have topsXun:"topspace Xun = Xt"
+ using assms(2) by(auto simp: Xun_def dest:openin_subset)
+ define f :: "'a \<Rightarrow> nat \<Rightarrow> 'a" where "f \<equiv> (\<lambda>x n. x)"
+ have "continuous_map Xun (product_topology X UNIV) f"
+ by(auto simp: assms(2) topsXun f_def continuous_map_componentwise, auto simp: Xun_def openin_topology_generated_by_iff continuous_map_def assms(2) dest:openin_subset[of "X _",simplified assms(2)] )
+ (insert openin_subopen, fastforce intro!: generate_topology_on.Basis)
+ hence 1: "continuous_map Xun (subtopology (product_topology X UNIV) (f ` (topspace Xun))) f"
+ by(auto simp: continuous_map_in_subtopology)
+ have 2: "inj_on f (topspace Xun)"
+ by(auto simp: inj_on_def f_def dest:fun_cong)
+ have 3: "f ` (topspace Xun) = topspace (subtopology (product_topology X UNIV) (f ` (topspace Xun)))"
+ by(auto simp: topsXun assms(2) f_def)
+ have 4: "open_map Xun (subtopology (product_topology X UNIV) (f ` (topspace Xun))) f"
+ proof(safe intro!: open_map_generated_topo[OF _ 2[simplified Xun_def],simplified Xun_def[symmetric]])
+ fix u n
+ assume u:"openin (X n) u"
+ show "openin (subtopology (product_topology X UNIV) (f ` topspace Xun)) (f ` u)"
+ unfolding openin_subtopology
+ proof(safe intro!: exI[where x="{ \<lambda>i. if i = n then a else b i |a b. a \<in>u \<and> b \<in> UNIV \<rightarrow> Xt}"])
+ show "openin (product_topology X UNIV) {\<lambda>i. if i = n then a else b i |a b. a \<in>u \<and> b \<in> UNIV \<rightarrow> Xt}"
+ by(auto simp: openin_product_topology_alt u assms(2) openin_topspace[of "X _",simplified assms(2)] intro!: exI[where x="\<lambda>i. if i = n then u else Xt"])
+ (auto simp: PiE_def Pi_def, metis openin_subset[OF u,simplified assms(2)] in_mono)
+ next
+ show "\<And>y. y \<in> u \<Longrightarrow> \<exists>a b. f y = (\<lambda>i. if i = n then a else b i) \<and> a \<in> u \<and> b \<in> UNIV \<rightarrow> Xt"
+ using assms(2) f_def openin_subset u by fastforce
+ next
+ show "\<And>y. y \<in> u \<Longrightarrow> f y \<in> f ` topspace Xun"
+ using openin_subset[OF u] by(auto simp: assms(2) topsXun)
+ next
+ show "\<And>x xa a b. xa \<in> topspace Xun \<Longrightarrow> f xa = (\<lambda>i. if i = n then a else b i) \<Longrightarrow> a \<in> u \<Longrightarrow> b \<in> UNIV \<rightarrow> Xt \<Longrightarrow> f xa \<in> f ` u"
+ using openin_subset[OF u] by(auto simp: topsXun assms(2)) (metis f_def imageI)
+ qed
+ qed
+ have 5:"(subtopology (product_topology X UNIV) (f ` topspace Xun)) homeomorphic_space Xun"
+ using homeomorphic_map_imp_homeomorphic_space[OF bijective_open_imp_homeomorphic_map[OF 1 4 3 2]]
+ by(simp add: homeomorphic_space_sym[of Xun])
+ show ?thesis
+ proof(safe intro!: polish_topology.homeomorphic_polish_topology[OF polish_topology.closedin_polish[OF polish_topology_product] 5] assms)
+ show "closedin (product_topology X UNIV) (f ` topspace Xun)"
+ proof -
+ have 1: "openin (product_topology X UNIV) ((UNIV \<rightarrow>\<^sub>E Xt) - f ` Xt)"
+ proof(rule openin_subopen[THEN iffD2])
+ show "\<forall>x\<in>(UNIV \<rightarrow>\<^sub>E Xt) - f ` Xt. \<exists>T. openin (product_topology X UNIV) T \<and> x \<in> T \<and> T \<subseteq> (UNIV \<rightarrow>\<^sub>E Xt) - f ` Xt"
+ proof safe
+ fix x
+ assume x:"x \<in> UNIV \<rightarrow>\<^sub>E Xt" "x \<notin> f ` Xt"
+ have "\<exists>n. x n \<noteq> x 0"
+ proof(rule ccontr)
+ assume " \<nexists>n. x n \<noteq> x 0"
+ then have "\<forall>n. x n = x 0" by auto
+ hence "x = (\<lambda>_. x 0)" by auto
+ thus False
+ using x by(auto simp: f_def topsXun assms(2))
+ qed
+ then obtain n where n: "n \<noteq> 0" "x n \<noteq> x 0"
+ by metis
+ from assms(3)[OF _ _ this(2)] x
+ obtain On O0 where h:"\<And>n. openin (X n) On" "\<And>n. openin (X n) O0" "x n \<in> On" "x 0 \<in> O0" "disjnt On O0"
+ by fastforce
+ have "openin (product_topology X UNIV) ((\<lambda>x. x 0) -` O0 \<inter> topspace (product_topology X UNIV))"
+ using continuous_map_product_coordinates[of 0 UNIV X] h(2)[of 0] by blast
+ moreover have "openin (product_topology X UNIV) ((\<lambda>x. x n) -` On \<inter> topspace (product_topology X UNIV))"
+ using continuous_map_product_coordinates[of n UNIV X] h(1)[of n] by blast
+ ultimately have op: "openin (product_topology X UNIV) ((\<lambda>T. T 0) -` O0 \<inter> topspace (product_topology X UNIV) \<inter> ((\<lambda>T. T n) -` On \<inter> topspace (product_topology X UNIV)))"
+ by auto
+ have xin:"x \<in> (\<lambda>T. T 0) -` O0 \<inter> topspace (product_topology X UNIV) \<inter> ((\<lambda>T. T n) -` On \<inter> topspace (product_topology X UNIV))"
+ using x h(3,4) by(auto simp: assms(2))
+ have subset:"(\<lambda>T. T 0) -` O0 \<inter> topspace (product_topology X UNIV) \<inter> ((\<lambda>T. T n) -` On \<inter> topspace (product_topology X UNIV)) \<subseteq> (UNIV \<rightarrow>\<^sub>E Xt) - f ` Xt"
+ using h(5) by(auto simp: assms(2) disjnt_def f_def)
+
+ show "\<exists>T. openin (product_topology X UNIV) T \<and> x \<in> T \<and> T \<subseteq> (UNIV \<rightarrow>\<^sub>E Xt) - f ` Xt"
+ by(rule exI[where x="((\<lambda>x. x 0) -` O0 \<inter> topspace (product_topology X UNIV)) \<inter> ((\<lambda>x. x n) -` On \<inter> topspace (product_topology X UNIV))"]) (use op xin subset in auto)
+ qed
+ qed
+
+ thus ?thesis
+ by(auto simp: closedin_def assms(2) topsXun f_def)
+ qed
+ qed(simp add: f_def)
+qed
+
+lemma(in polish_topology) sets_clopen_topology:
+ assumes "a \<in> sets (borel_of S)"
+ shows "\<exists>S'. polish_topology S' \<and> (\<forall>u. openin S u \<longrightarrow> openin S' u) \<and> topspace S = topspace S' \<and> sets (borel_of S) = sets (borel_of S') \<and> openin S' a \<and> closedin S' a"
+proof -
+ have "a \<in> sigma_sets (topspace S) {U. closedin S U}"
+ using assms by(simp add: sets_borel_of_closed)
+ thus ?thesis
+ proof induction
+ case (Basic a)
+ then show ?case
+ by(simp add: closedin_clopen_topology)
+ next
+ case Empty
+ with polish_topology_axioms show ?case
+ by auto
+ next
+ case (Compl a)
+ then obtain S' where S':"polish_topology S'" "(\<forall>u. openin S u \<longrightarrow> openin S' u)" "topspace S = topspace S'" "sets (borel_of S) = sets (borel_of S')" "openin S' a" "closedin S' a"
+ by auto
+ from polish_topology.closedin_clopen_topology[OF S'(1) S'(6)] S'
+ show ?case by auto
+ next
+ case ih:(Union a)
+ then obtain Si where Si:
+ "\<And>i. polish_topology (Si i)" "\<And>u i. openin S u \<Longrightarrow> openin (Si i) u" "\<And>i::nat. topspace S = topspace (Si i)" "\<And>i. sets (borel_of S) = sets (borel_of (Si i))" "\<And>i. openin (Si i) (a i)" "\<And>i. closedin (Si i) (a i)"
+ by metis
+ define Sun where "Sun \<equiv> topology_generated_by (\<Union>n. {u. openin (Si n) u})"
+ have Sun1: "polish_topology Sun"
+ unfolding Sun_def
+ proof(safe intro!: polish_topology_union_polish[where Xt="topspace S"])
+ fix x y
+ assume xy:"x \<in> topspace S" "y \<in> topspace S" "x \<noteq> y"
+ then obtain Ox Oy where Oxy: "x \<in> Ox" "y \<in> Oy" "openin S Ox" "openin S Oy" "disjnt Ox Oy"
+ using Hausdorff by(auto simp: Hausdorff_space_def) metis
+ show "\<exists>Ox Oy. (\<forall>x. openin (Si x) Ox) \<and> (\<forall>x. openin (Si x) Oy) \<and> x \<in> Ox \<and> y \<in> Oy \<and> disjnt Ox Oy"
+ by(rule exI[where x=Ox],insert Si(2) Oxy, auto intro!: exI[where x=Oy])
+ qed (use Si in auto)
+ have Suntop:"topspace S = topspace Sun"
+ using Si(3) by(auto simp: Sun_def dest: openin_subset)
+ have Sunsets: "sets (borel_of S) = sets (borel_of Sun)" (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = sigma_sets (topspace S) (\<Union>n. {u. openin (Si n) u})"
+ proof
+ show "sets (borel_of S) \<subseteq> sigma_sets (topspace S) (\<Union>n. {u. openin (Si n) u})"
+ using Si(2) by(auto simp: sets_borel_of intro!: sigma_sets_mono')
+ next
+ show "sigma_sets (topspace S) (\<Union>n. {u. openin (Si n) u}) \<subseteq> sets (borel_of S)"
+ by(simp add: sigma_sets_le_sets_iff[of "borel_of S" "\<Union>n. {u. openin (Si n) u}",simplified space_borel_of]) (use Si(4) sets_borel_of in fastforce)
+ qed
+ also have "... = ?rhs"
+ using borel_of_second_countable'[OF polish_topology.S_second_countable[OF Sun1],of "\<Union>n. {u. openin (Si n) u}"]
+ by (simp add: Sun_def Suntop subbase_of_def subset_Pow_Union)
+ finally show ?thesis .
+ qed
+ have Sun_open: "\<And>u i. openin (Si i) u \<Longrightarrow> openin Sun u"
+ by(auto simp: Sun_def openin_topology_generated_by_iff intro!: generate_topology_on.Basis)
+ have Sun_opena: "openin Sun (\<Union>i. a i)"
+ using Sun_open[OF Si(5),simplified Sun_def] by(auto simp: Sun_def openin_topology_generated_by_iff intro!: generate_topology_on.UN)
+ hence "closedin Sun (topspace Sun - (\<Union>i. a i))"
+ by auto
+ from polish_topology.closedin_clopen_topology[OF Sun1 this]
+ show ?case
+ using Suntop Sunsets Sun_open[OF Si(2)] Sun_opena
+ by (metis closedin_def openin_closedin_eq)
+ qed
+qed
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/Lemmas_StandardBorel.thy b/thys/Standard_Borel_Spaces/Lemmas_StandardBorel.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/Lemmas_StandardBorel.thy
@@ -0,0 +1,2327 @@
+(* Title: Lemmas_StandardBorel.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+text \<open> We refer to the HOL-Analysis library,
+ the textbooks by Matsuzaka~\cite{topology} and Srivastava~\cite{borelsets},
+ and the lecture note by Biskup~\cite{standardborel}.\<close>
+
+section \<open>Lemmas\<close>
+theory Lemmas_StandardBorel
+ imports "HOL-Probability.Probability"
+begin
+
+subsection \<open>Lemmas for Abstract Topology\<close>
+
+subsubsection \<open> Generated By \<close>
+lemma topology_generated_by_sub:
+ assumes "\<And>U. U \<in> \<U> \<Longrightarrow> (openin X U)"
+ and "openin (topology_generated_by \<U>) U"
+ shows "openin X U"
+proof -
+ have "generate_topology_on \<U> U"
+ by (simp add: assms(2) openin_topology_generated_by)
+ then show ?thesis
+ by induction (use assms(1) in auto)
+qed
+
+lemma topology_generated_by_open:
+ "S = topology_generated_by {U | U . openin S U}"
+ unfolding topology_eq
+proof standard+
+ fix U
+ assume "openin (topology_generated_by {U |U. openin S U}) U"
+ note this[simplified openin_topology_generated_by_iff]
+ then show "openin S U"
+ by induction auto
+qed(simp add: openin_topology_generated_by_iff generate_topology_on.Basis)
+
+lemma topology_generated_by_eq:
+ assumes "\<And>U. U \<in> \<U> \<Longrightarrow> (openin (topology_generated_by \<O>) U)"
+ and "\<And>U. U \<in> \<O> \<Longrightarrow> (openin (topology_generated_by \<U>) U)"
+ shows "topology_generated_by \<O> = topology_generated_by \<U>"
+ using topology_generated_by_sub[of \<U>, OF assms(1)] topology_generated_by_sub[of \<O>,OF assms(2)]
+ by(auto simp: topology_eq)
+
+lemma topology_generated_by_homeomorphic_spaces:
+ assumes "homeomorphic_map X Y f" "X = topology_generated_by \<O>"
+ shows "Y = topology_generated_by ((`) f ` \<O>)"
+ unfolding topology_eq
+proof
+ have f:"open_map X Y f" "inj_on f (topspace X)"
+ using assms(1) by (simp_all add: homeomorphic_imp_open_map perfect_injective_eq_homeomorphic_map[symmetric])
+ obtain g where g: "\<And>x. x \<in> topspace X \<Longrightarrow> g (f x) = x" "\<And>y. y \<in> topspace Y \<Longrightarrow> f (g y) = y" "open_map Y X g" "inj_on g (topspace Y)"
+ using homeomorphic_map_maps[of X Y f,simplified assms(1)] homeomorphic_imp_open_map homeomorphic_maps_map[of X Y f] homeomorphic_imp_injective_map[of Y X] by blast
+ show "\<And>S. openin Y S = openin (topology_generated_by ((`) f ` \<O>)) S"
+ proof safe
+ fix S
+ assume "openin Y S"
+ then have "openin X (g ` S)"
+ using g(3) by (simp add: open_map_def)
+ hence h:"generate_topology_on \<O> (g ` S)"
+ by(simp add: assms(2) openin_topology_generated_by_iff)
+ have "S = f ` (g ` S)"
+ using openin_subset[OF \<open>openin Y S\<close>] g(2) by(fastforce simp: image_def)
+ also have "openin (topology_generated_by ((`) f ` \<O>)) ..."
+ using h
+ proof induction
+ case Empty
+ then show ?case by simp
+ next
+ case (Int a b)
+ with inj_on_image_Int[OF f(2),of a b] show ?case
+ by (metis assms(2) openin_Int openin_subset openin_topology_generated_by_iff)
+ next
+ case (UN K)
+ then show ?case
+ by(auto simp: image_Union)
+ next
+ case (Basis s)
+ then show ?case
+ by(auto intro!: generate_topology_on.Basis simp: openin_topology_generated_by_iff)
+ qed
+ finally show "openin (topology_generated_by ((`) f ` \<O>)) S" .
+ next
+ fix S
+ assume "openin (topology_generated_by ((`) f ` \<O>)) S"
+ then have "generate_topology_on ((`) f ` \<O>) S"
+ by(simp add: openin_topology_generated_by_iff)
+ thus "openin Y S"
+ proof induction
+ case (Basis s)
+ then obtain U where u:"U \<in> \<O>" "s = f ` U" by auto
+ then show ?case
+ using assms(1) assms(2) homeomorphic_map_openness_eq topology_generated_by_Basis by blast
+ qed auto
+ qed
+qed
+
+lemma open_map_generated_topo:
+ assumes "\<And>u. u \<in> U \<Longrightarrow> openin S (f ` u)" "inj_on f (topspace (topology_generated_by U))"
+ shows "open_map (topology_generated_by U) S f"
+ unfolding open_map_def
+proof safe
+ fix u
+ assume "openin (topology_generated_by U) u"
+ then have "generate_topology_on U u"
+ by(simp add: openin_topology_generated_by_iff)
+ thus "openin S (f ` u)"
+ proof induction
+ case (Int a b)
+ then have [simp]:"f ` (a \<inter> b) = f ` a \<inter> f ` b"
+ by (meson assms(2) inj_on_image_Int openin_subset openin_topology_generated_by_iff)
+ from Int show ?case by auto
+ qed (simp_all add: image_Union openin_clauses(3) assms)
+qed
+
+lemma subtopology_generated_by:
+ "subtopology (topology_generated_by \<O>) T = topology_generated_by {T \<inter> U | U. U \<in> \<O>}"
+ unfolding topology_eq openin_subtopology openin_topology_generated_by_iff
+proof safe
+ fix A
+ assume "generate_topology_on \<O> A"
+ then show "generate_topology_on {T \<inter> U |U. U \<in> \<O>} (A \<inter> T)"
+ proof induction
+ case Empty
+ then show ?case
+ by (simp add: generate_topology_on.Empty)
+ next
+ case (Int a b)
+ moreover have "a \<inter> b \<inter> T = (a \<inter> T) \<inter> (b \<inter> T)" by auto
+ ultimately show ?case
+ by(auto intro!: generate_topology_on.Int)
+ next
+ case (UN K)
+ moreover have "(\<Union> K \<inter> T) = (\<Union> { k \<inter> T | k. k \<in> K})" by auto
+ ultimately show ?case
+ by(auto intro!: generate_topology_on.UN)
+ next
+ case (Basis s)
+ then show ?case
+ by(auto intro!: generate_topology_on.Basis)
+ qed
+next
+ fix A
+ assume "generate_topology_on {T \<inter> U |U. U \<in> \<O>} A"
+ then show "\<exists>L. generate_topology_on \<O> L \<and> A = L \<inter> T"
+ proof induction
+ case Empty
+ show ?case
+ by(auto intro!: exI[where x="{}"] generate_topology_on.Empty)
+ next
+ case ih:(Int a b)
+ then obtain La Lb where
+ "generate_topology_on \<O> La" "a = La \<inter> T" "generate_topology_on \<O> Lb" "b = Lb \<inter> T"
+ by auto
+ thus ?case
+ using ih by(auto intro!: exI[where x="La \<inter> Lb"] generate_topology_on.Int)
+ next
+ case ih:(UN K)
+ then obtain L where
+ "\<And>k. k \<in> K \<Longrightarrow> generate_topology_on \<O> (L k) " "\<And>k. k \<in> K \<Longrightarrow> k = (L k) \<inter> T"
+ by metis
+ thus ?case
+ using ih by(auto intro!: exI[where x="\<Union>k\<in>K. L k"] generate_topology_on.UN)
+ next
+ case (Basis s)
+ then show ?case
+ using generate_topology_on.Basis by fastforce
+ qed
+qed
+
+lemma prod_topology_generated_by:
+ "topology_generated_by { U \<times> V | U V. U \<in> \<O> \<and> V \<in> \<U>} = prod_topology (topology_generated_by \<O>) (topology_generated_by \<U>)"
+ unfolding topology_eq
+proof safe
+ fix U
+ assume h:"openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) U"
+ show "openin (prod_topology (topology_generated_by \<O>) (topology_generated_by \<U>)) U"
+ by(auto simp: openin_prod_Times_iff[of "topology_generated_by \<O>" "topology_generated_by \<U>"]
+ intro!: topology_generated_by_Basis topology_generated_by_sub[OF _ h])
+next
+ fix U
+ assume "openin (prod_topology (topology_generated_by \<O>) (topology_generated_by \<U>)) U"
+ then have "\<forall>z\<in>U. \<exists>V1 V2. openin (topology_generated_by \<O>) V1 \<and> openin (topology_generated_by \<U>) V2 \<and> fst z \<in> V1 \<and> snd z \<in> V2 \<and> V1 \<times> V2 \<subseteq> U"
+ by(auto simp: openin_prod_topology_alt)
+ hence "\<exists>V1. \<forall>z\<in>U. \<exists>V2. openin (topology_generated_by \<O>) (V1 z) \<and> openin (topology_generated_by \<U>) V2 \<and> fst z \<in> (V1 z) \<and> snd z \<in> V2 \<and> (V1 z) \<times> V2 \<subseteq> U"
+ by(rule bchoice)
+ then obtain V1 where "\<forall>z\<in>U. \<exists>V2. openin (topology_generated_by \<O>) (V1 z) \<and> openin (topology_generated_by \<U>) V2 \<and> fst z \<in> (V1 z) \<and> snd z \<in> V2 \<and> (V1 z) \<times> V2 \<subseteq> U"
+ by auto
+ hence "\<exists>V2. \<forall>z\<in>U. openin (topology_generated_by \<O>) (V1 z) \<and> openin (topology_generated_by \<U>) (V2 z) \<and> fst z \<in> (V1 z) \<and> snd z \<in> (V2 z) \<and> (V1 z) \<times> (V2 z) \<subseteq> U"
+ by(rule bchoice)
+ then obtain V2 where hv12:"\<And>z. z\<in>U \<Longrightarrow> openin (topology_generated_by \<O>) (V1 z) \<and> openin (topology_generated_by \<U>) (V2 z) \<and> fst z \<in> (V1 z) \<and> snd z \<in> (V2 z) \<and> (V1 z) \<times> (V2 z) \<subseteq> U"
+ by auto
+ hence 1:"U = (\<Union>z\<in>U. (V1 z) \<times> (V2 z))"
+ by auto
+ have "openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) (\<Union>z\<in>U. (V1 z) \<times> (V2 z))"
+ proof(rule openin_Union)
+ show "\<And>S. S \<in> (\<lambda>z. V1 z \<times> V2 z) ` U \<Longrightarrow> openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) S"
+ proof safe
+ fix x y
+ assume h:"(x,y) \<in> U"
+ then have "generate_topology_on \<O> (V1 (x,y))"
+ using hv12 by(auto simp: openin_topology_generated_by_iff)
+ thus "openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) (V1 (x, y) \<times> V2 (x, y))"
+ proof induction
+ case Empty
+ then show ?case by auto
+ next
+ case (Int a b)
+ thus ?case
+ by (auto simp: Sigma_Int_distrib1)
+ next
+ case (UN K)
+ then have "openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) (\<Union>{ k \<times> V2 (x, y) | k. k \<in> K})"
+ by auto
+ moreover have "(\<Union> {k \<times> V2 (x, y) |k. k \<in> K}) = (\<Union> K \<times> V2 (x, y))"
+ by blast
+ ultimately show ?case by simp
+ next
+ case ho:(Basis s)
+ have "generate_topology_on \<U> (V2 (x,y))"
+ using h hv12 by(auto simp: openin_topology_generated_by_iff)
+ thus ?case
+ proof induction
+ case Empty
+ then show ?case by auto
+ next
+ case (Int a b)
+ then show ?case
+ by (auto simp: Sigma_Int_distrib2)
+ next
+ case (UN K)
+ then have "openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) (\<Union> { s \<times> k | k. k \<in>K})"
+ by auto
+ moreover have "(\<Union> { s \<times> k | k. k \<in>K}) = s \<times> \<Union>K"
+ by blast
+ ultimately show ?case by simp
+ next
+ case (Basis s')
+ then show ?case
+ using ho by(auto intro!: topology_generated_by_Basis)
+ qed
+ qed
+ qed
+ qed
+ thus "openin (topology_generated_by {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<U>}) U"
+ using 1 by auto
+qed
+
+lemma prod_topology_generated_by_open:
+ "prod_topology S S' = topology_generated_by {U \<times> V | U V. openin S U \<and> openin S' V}"
+ using prod_topology_generated_by[of " {U |U. openin S U}" "{U |U. openin S' U}"] topology_generated_by_open[of S,symmetric] topology_generated_by_open[of S']
+ by auto
+
+lemma product_topology_cong:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> S i = K i"
+ shows "product_topology S I = product_topology K I"
+proof -
+ have 1:"{\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)}} \<subseteq> {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (K i) (X i)) \<and> finite {i. X i \<noteq> topspace (K i)}}" if "\<And>i. i \<in> I \<Longrightarrow> S i = K i" for S K :: "_ \<Rightarrow> 'b topology"
+ proof
+ fix x
+ assume hx:"x \<in> {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)}}"
+ then obtain X where hX:
+ "x = (\<Pi>\<^sub>E i\<in>I. X i)" "\<And>i. openin (S i) (X i)" "finite {i. X i \<noteq> topspace (S i)}"
+ by auto
+ define X' where "X' \<equiv> (\<lambda>i. if i \<in> I then X i else topspace (K i))"
+ have "x = (\<Pi>\<^sub>E i\<in>I. X' i)"
+ by(auto simp: hX(1) X'_def PiE_def Pi_def)
+ moreover have "finite {i. X' i \<noteq> topspace (K i)}"
+ using that by(auto intro!: finite_subset[OF _ hX(3)] simp: X'_def)
+ moreover have "openin (K i) (X' i)" for i
+ using hX(2)[of i] that[of i] by(auto simp: X'_def)
+ ultimately show "x \<in> {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (K i) (X i)) \<and> finite {i. X i \<noteq> topspace (K i)}}"
+ by(auto intro!: exI[where x="X'"])
+ qed
+ have "{\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)}} = {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (K i) (X i)) \<and> finite {i. X i \<noteq> topspace (K i)}}"
+ using 1[of S K] 1[of K S] assms by auto
+ thus ?thesis
+ by(simp add: product_topology_def)
+qed
+
+lemma topology_generated_by_without_empty:
+ "topology_generated_by \<O> = topology_generated_by { U \<in> \<O>. U \<noteq> {}}"
+proof(rule topology_generated_by_eq)
+ fix U
+ show "U \<in> \<O> \<Longrightarrow> openin (topology_generated_by { U \<in> \<O>. U \<noteq> {}}) U"
+ by(cases "U = {}") (simp_all add: topology_generated_by_Basis)
+qed (simp add: topology_generated_by_Basis)
+
+lemma topology_from_bij:
+ assumes "bij_betw f A (topspace S)"
+ shows "homeomorphic_map (pullback_topology A f S) S f" "topspace (pullback_topology A f S) = A"
+proof -
+ note h = bij_betw_imp_surj_on[OF assms] bij_betw_inv_into_left[OF assms] bij_betw_inv_into_right[OF assms]
+ then show [simp]:"topspace (pullback_topology A f S) = A"
+ by(auto simp: topspace_pullback_topology)
+ show "homeomorphic_map (pullback_topology A f S) S f"
+ by(auto simp: homeomorphic_map_maps homeomorphic_maps_def h continuous_map_pullback[OF continuous_map_id,simplified] inv_into_into intro!: exI[where x="inv_into A f"] continuous_map_pullback'[where f=f]) (metis (mono_tags, opaque_lifting) comp_apply continuous_map_eq continuous_map_id h(3) id_apply)
+qed
+
+lemma openin_pullback_topology':
+ assumes "bij_betw f A (topspace S)"
+ shows "openin (pullback_topology A f S) u \<longleftrightarrow> (openin S (f ` u)) \<and> u \<subseteq> A"
+ unfolding openin_pullback_topology
+proof safe
+ fix U
+ assume h:"openin S U" "u = f -` U \<inter> A"
+ from openin_subset[OF this(1)] assms
+ have [simp]:"f ` (f -` U \<inter> A) = U"
+ by(auto simp: image_def vimage_def bij_betw_def)
+ show "openin S (f ` (f -` U \<inter> A))"
+ by(simp add: h)
+next
+ assume "openin S (f ` u)" "u \<subseteq> A"
+ with assms show "\<exists>U. openin S U \<and> u = f -` U \<inter> A"
+ by(auto intro!: exI[where x="f ` u"] simp: bij_betw_def inj_on_def)
+qed
+
+subsubsection \<open> Isolated Point \<close>
+definition isolated_points_of :: "'a topology \<Rightarrow> 'a set \<Rightarrow> 'a set" (infixr "isolated'_points'_of" 80) where
+"X isolated_points_of A \<equiv> {x\<in>topspace X \<inter> A. x \<notin> X derived_set_of A}"
+
+lemma isolated_points_of_eq:
+ "X isolated_points_of A = {x\<in>topspace X \<inter> A. \<exists>U. x \<in> U \<and> openin X U \<and> U \<inter> (A - {x}) = {}}"
+ unfolding isolated_points_of_def by(auto simp: in_derived_set_of)
+
+lemma in_isolated_points_of:
+ "x \<in> X isolated_points_of A \<longleftrightarrow> x \<in> topspace X \<and> x \<in> A \<and> (\<exists>U. x \<in> U \<and> openin X U \<and> U \<inter> (A - {x}) = {})"
+ by(simp add: isolated_points_of_eq)
+
+lemma derived_set_of_eq:
+ "x \<in> X derived_set_of A \<longleftrightarrow> x \<in> X closure_of (A - {x})"
+ by(auto simp: in_derived_set_of in_closure_of)
+
+subsubsection \<open> Perfect Set \<close>
+definition perfect_set :: "'a topology \<Rightarrow> 'a set \<Rightarrow> bool" where
+"perfect_set X A \<longleftrightarrow> closedin X A \<and> X isolated_points_of A = {}"
+
+abbreviation "perfect_space X \<equiv> perfect_set X (topspace X)"
+
+lemma perfect_setI:
+ assumes "closedin X A"
+ and "\<And>x T. \<lbrakk>x \<in> A; x \<in> T; openin X T\<rbrakk> \<Longrightarrow> \<exists>y\<noteq>x. y \<in> T \<and> y \<in> A"
+ shows "perfect_set X A"
+ using assms by(simp add: perfect_set_def isolated_points_of_def in_derived_set_of) blast
+
+lemma perfect_spaceI:
+ assumes "\<And>x T. \<lbrakk>x \<in> T; openin X T\<rbrakk> \<Longrightarrow> \<exists>y\<noteq>x. y \<in> T"
+ shows "perfect_space X"
+ using assms by(auto intro!: perfect_setI) (meson in_mono openin_subset)
+
+lemma perfect_setD:
+ assumes "perfect_set X A"
+ shows "closedin X A" "A \<subseteq> topspace X" "\<And>x T. \<lbrakk>x \<in> A; x \<in> T; openin X T\<rbrakk> \<Longrightarrow> \<exists>y\<noteq>x. y \<in> T \<and> y \<in> A"
+ using assms closedin_subset[of X A] by(simp_all add: perfect_set_def isolated_points_of_def in_derived_set_of) blast
+
+lemma perfect_space_perfect:
+ "perfect_set euclidean (UNIV :: 'a :: perfect_space set)"
+ by(auto simp: perfect_set_def in_isolated_points_of) (metis Int_Diff inf_top.right_neutral insert_Diff not_open_singleton)
+
+lemma perfect_set_subtopology:
+ assumes "perfect_set X A"
+ shows "perfect_space (subtopology X A)"
+ using perfect_setD[OF assms] by(auto intro!: perfect_setI simp: inf.absorb_iff2 openin_subtopology)
+
+subsubsection \<open> Bases and Sub-Bases in Abstract Topology\<close>
+definition subbase_of :: "['a topology, 'a set set] \<Rightarrow> bool" where
+"subbase_of S \<O> \<longleftrightarrow> S = topology_generated_by \<O>"
+
+definition base_of :: "['a topology, 'a set set] \<Rightarrow> bool" where
+"base_of S \<O> \<longleftrightarrow> (\<forall>U. openin S U \<longleftrightarrow> (\<exists>\<U>. U = \<Union>\<U> \<and> \<U> \<subseteq> \<O>))"
+
+definition second_countable :: "'a topology \<Rightarrow> bool" where
+"second_countable S \<longleftrightarrow> (\<exists>\<O>. countable \<O> \<and> base_of S \<O>)"
+
+definition zero_dimensional :: "'a topology \<Rightarrow> bool" where
+"zero_dimensional S \<longleftrightarrow> (\<exists>\<O>. base_of S \<O> \<and> (\<forall>u\<in>\<O>. openin S u \<and> closedin S u))"
+
+lemma openin_base:
+ assumes "base_of S \<O> " "U = \<Union>\<U>" and "\<U> \<subseteq> \<O>"
+ shows "openin S U"
+ using assms by(auto simp: base_of_def)
+
+lemma base_is_subbase:
+ assumes "base_of S \<O>"
+ shows "subbase_of S \<O>"
+ unfolding subbase_of_def topology_eq openin_topology_generated_by_iff
+proof safe
+ fix U
+ assume "openin S U"
+ then obtain \<U> where hu:"U = \<Union>\<U>" "\<U> \<subseteq> \<O>"
+ using assms by(auto simp: base_of_def)
+ thus "generate_topology_on \<O> U"
+ by(auto intro!: generate_topology_on.UN) (auto intro!: generate_topology_on.Basis)
+next
+ fix U
+ assume "generate_topology_on \<O> U"
+ then show "openin S U"
+ proof induction
+ case (Basis s)
+ then show ?case
+ using openin_base[OF assms,of s "{s}"]
+ by auto
+ qed auto
+qed
+
+lemma subbase_of_subset:
+ assumes "subbase_of S \<O>" and "U \<in> \<O>"
+ shows "U \<subseteq> topspace S"
+ using assms(1)[simplified subbase_of_def] topology_generated_by_topspace assms
+ by auto
+
+lemma subbase_of_openin:
+ assumes "subbase_of S \<O>" and "U \<in> \<O>"
+ shows "openin S U"
+ using assms by(simp add: subbase_of_def openin_topology_generated_by_iff generate_topology_on.Basis)
+
+lemma base_of_subset:
+ assumes "base_of S \<O>" and "U \<in> \<O>"
+ shows "U \<subseteq> topspace S"
+ using subbase_of_subset[OF base_is_subbase[OF assms(1)] assms(2)] .
+
+lemma base_of_openin:
+ assumes "base_of S \<O>" and "U \<in> \<O>"
+ shows "openin S U"
+ using subbase_of_openin[OF base_is_subbase[OF assms(1)] assms(2)] .
+
+lemma base_of_def2:
+ assumes "\<And>U. U \<in> \<O> \<Longrightarrow> openin S U"
+ shows "base_of S \<O> \<longleftrightarrow> (\<forall>U. openin S U \<longrightarrow> (\<forall>x\<in>U. \<exists>W\<in>\<O>. x \<in> W \<and> W \<subseteq> U))"
+proof
+ assume h:"base_of S \<O>"
+ show "\<forall>U. openin S U \<longrightarrow> (\<forall>x\<in>U. \<exists>W\<in>\<O>. x \<in> W \<and> W \<subseteq> U)"
+ proof safe
+ fix U x
+ assume h':"openin S U" "x \<in> U"
+ then obtain \<U> where hu: "U = \<Union>\<U>" "\<U> \<subseteq> \<O>"
+ using h by(auto simp: base_of_def)
+ then obtain W where "x \<in> W" "W \<in> \<U>"
+ using h'(2) by blast
+ thus "\<exists>W\<in>\<O>. x \<in> W \<and> W \<subseteq> U"
+ using hu by(auto intro!: bexI[where x=W])
+ qed
+next
+ assume h:"\<forall>U. openin S U \<longrightarrow> (\<forall>x\<in>U. \<exists>W\<in>\<O>. x \<in> W \<and> W \<subseteq> U)"
+ show "base_of S \<O>"
+ unfolding base_of_def
+ proof safe
+ fix U
+ assume "openin S U"
+ then have "\<forall>x\<in>U. \<exists>W. W\<in>\<O> \<and> x \<in> W \<and> W \<subseteq> U"
+ using h by blast
+ hence "\<exists>W. \<forall>x\<in>U. W x \<in> \<O> \<and> x \<in> W x \<and> W x \<subseteq> U"
+ by(rule bchoice)
+ then obtain W where hw:
+ "\<forall>x\<in>U. W x \<in> \<O> \<and> x \<in> W x \<and> W x \<subseteq> U" by auto
+ thus "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> \<O>"
+ by(auto intro!: exI[where x="W ` U"])
+ next
+ fix U \<U>
+ show "\<U> \<subseteq> \<O> \<Longrightarrow> openin S (\<Union> \<U>)"
+ using assms by auto
+ qed
+qed
+
+lemma base_of_def2':
+ "base_of S \<O> \<longleftrightarrow> (\<forall>b\<in>\<O>. openin S b) \<and> (\<forall>x. openin S x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x))"
+proof
+ assume h:"base_of S \<O>"
+ show "(\<forall>b\<in>\<O>. openin S b) \<and> (\<forall>x. openin S x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x))"
+ proof(rule conjI)
+ show "\<forall>b\<in>\<O>. openin S b"
+ using openin_base[OF h,of _ "{_}"] by auto
+ next
+ show "\<forall>x. openin S x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x)"
+ using h by(auto simp: base_of_def)
+ qed
+next
+ assume h:"(\<forall>b\<in>\<O>. openin S b) \<and> (\<forall>x. openin S x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x))"
+ show "base_of S \<O>"
+ unfolding base_of_def
+ proof safe
+ fix U
+ assume "openin S U"
+ then obtain B' where "B'\<subseteq>\<O>" "\<Union> B' = U"
+ using h by blast
+ thus "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> \<O>"
+ by(auto intro!: exI[where x=B'])
+ next
+ fix U \<U>
+ show "\<U> \<subseteq> \<O> \<Longrightarrow> openin S (\<Union> \<U>)"
+ using h by auto
+ qed
+qed
+
+corollary base_of_in_subset:
+ assumes "base_of S \<O>" "openin S u" "x \<in> u"
+ shows "\<exists>v\<in>\<O>. x \<in> v \<and> v \<subseteq> u"
+ using assms base_of_def2 base_of_def2' by fastforce
+
+lemma base_of_without_empty:
+ assumes "base_of S \<O>"
+ shows "base_of S {U \<in> \<O>. U \<noteq> {}}"
+ unfolding base_of_def2'
+proof safe
+ fix x
+ assume "x \<in> \<O>" " \<not> openin S x"
+ thus "\<And>y. y \<in> {}"
+ using base_of_openin[OF assms \<open>x \<in> \<O>\<close>] by simp
+next
+ fix x
+ assume "openin S x"
+ then obtain B' where "B' \<subseteq>\<O>" "\<Union> B' = x"
+ using assms by(simp add: base_of_def2') metis
+ thus "\<exists>B'\<subseteq>{U \<in> \<O>. U \<noteq> {}}. \<Union> B' = x"
+ by(auto intro!: exI[where x="{y \<in> B'. y \<noteq> {}}"])
+qed
+
+lemma second_countable_ex_without_empty:
+ assumes "second_countable S"
+ shows "\<exists>\<O>. countable \<O> \<and> base_of S \<O> \<and> (\<forall>U\<in>\<O>. U \<noteq> {})"
+proof -
+ obtain \<O> where "countable \<O>" "base_of S \<O>"
+ using assms second_countable_def by blast
+ thus ?thesis
+ by(auto intro!: exI[where x="{U \<in> \<O>. U \<noteq> {}}"] base_of_without_empty)
+qed
+
+lemma subtopology_subbase_of:
+ assumes "subbase_of S \<O>"
+ shows "subbase_of (subtopology S T) {T \<inter> U | U. U \<in> \<O>}"
+ using assms subtopology_generated_by
+ by(auto simp: subbase_of_def)
+
+lemma subtopology_base_of:
+ assumes "base_of S \<O>"
+ shows "base_of (subtopology S T) {T \<inter> U | U. U \<in> \<O>}"
+ unfolding base_of_def
+proof
+ fix L
+ show "openin (subtopology S T) L = (\<exists>\<U>. L = \<Union> \<U> \<and> \<U> \<subseteq> {T \<inter> U |U. U \<in> \<O>})"
+ proof
+ assume "openin (subtopology S T) L "
+ then obtain T' where ht:
+ "openin S T'" "L = T' \<inter> T"
+ by(auto simp: openin_subtopology)
+ then obtain \<U> where hu:
+ "T' = (\<Union> \<U>)" "\<U> \<subseteq> \<O>"
+ using assms by(auto simp: base_of_def)
+ show "\<exists>\<U>. L = \<Union> \<U> \<and> \<U> \<subseteq> {T \<inter> U |U. U \<in> \<O>}"
+ using hu ht by(auto intro!: exI[where x="{T \<inter> U | U. U \<in> \<U>}"])
+ next
+ assume "\<exists>\<U>. L = \<Union> \<U> \<and> \<U> \<subseteq> {T \<inter> U |U. U \<in> \<O>}"
+ then obtain \<U> where hu: "L = \<Union> \<U>" "\<U> \<subseteq> {T \<inter> U |U. U \<in> \<O>}"
+ by auto
+ hence "\<forall>U\<in>\<U>. \<exists>U'\<in>\<O>. U = T \<inter> U'" by blast
+ then obtain k where hk:"\<And>U. U \<in> \<U> \<Longrightarrow> k U \<in> \<O>" "\<And>U. U \<in> \<U> \<Longrightarrow> U = T \<inter> k U"
+ by metis
+ hence "L = \<Union> {T \<inter> k U |U. U \<in> \<U>}"
+ using hu by auto
+ also have "... = \<Union> {k U |U. U \<in> \<U>} \<inter> T" by auto
+ finally have 1:"L = \<Union> {k U |U. U \<in> \<U>} \<inter> T" .
+ moreover have "openin S (\<Union> {k U |U. U \<in> \<U>})"
+ using hu hk assms by(auto simp: base_of_def)
+ ultimately show "openin (subtopology S T) L"
+ by(auto intro!: exI[where x="\<Union> {k U |U. U \<in> \<U>}"] simp: openin_subtopology)
+ qed
+qed
+
+lemma second_countable_subtopology:
+ assumes "second_countable S"
+ shows "second_countable (subtopology S T)"
+proof -
+ obtain \<O> where "countable \<O>" "base_of S \<O>"
+ using assms second_countable_def by blast
+ thus ?thesis
+ by(auto intro!: exI[where x="{T \<inter> U | U. U \<in> \<O>}"] simp: second_countable_def Setcompr_eq_image dest: subtopology_base_of)
+qed
+
+lemma Lindelof_of:
+ assumes "second_countable S" "\<And>u. u \<in> U \<Longrightarrow> openin S u" "\<Union> U = topspace S"
+ shows "\<exists>U'. countable U' \<and> U' \<subseteq> U \<and> \<Union> U' = topspace S"
+proof -
+ from assms(1) obtain \<O> where h: "countable \<O>" "base_of S \<O>"
+ by(auto simp: second_countable_def)
+ define B' where "B' \<equiv> {v\<in>\<O>. \<exists>u\<in>U. v \<subseteq> u}"
+ have B': "countable B'"
+ using h(1) by(auto simp: B'_def)
+ have "\<forall>v. v \<in> B' \<longrightarrow> (\<exists>u\<in>U. v \<subseteq> u)" by(auto simp: B'_def)
+ then obtain U' where U':"\<And>v. v \<in> B' \<Longrightarrow> U' v \<in> U" "\<And>v. v \<in> B' \<Longrightarrow> v \<subseteq> U' v"
+ by metis
+ show ?thesis
+ proof(rule exI[where x="U' ` B'"])
+ show "countable (U' ` B') \<and> U' ` B' \<subseteq> U \<and> \<Union> (U' ` B') = topspace S"
+ proof safe
+ fix x
+ assume "x \<in> topspace S"
+ then obtain u where u:"x \<in> u" "u \<in> U"
+ using assms(3) by auto
+ obtain v where v:"x \<in> v" "v \<in> \<O>" "v \<subseteq> u"
+ using base_of_in_subset[OF h(2) assms(2)[OF u(2)] u(1)] by auto
+ show "x \<in> \<Union> (U' ` B')"
+ using u v U' by(auto intro!: bexI[where x=v]) (auto simp: B'_def intro!: exI[where x=u])
+ qed(use B' U' assms(2) openin_subset in blast)+
+ qed
+qed
+
+lemma open_map_with_base:
+ assumes "base_of S \<O>" "\<And>A. A \<in> \<O> \<Longrightarrow> openin S' (f ` A)"
+ shows "open_map S S' f"
+ unfolding open_map_def
+proof safe
+ fix U
+ assume "openin S U"
+ then obtain \<U> where "U = \<Union>\<U>" "\<U> \<subseteq> \<O>"
+ using assms(1) by(auto simp: base_of_def)
+ hence "f ` U = \<Union>{ f ` A | A. A \<in> \<U>}" by blast
+ also have "openin S' ..."
+ using assms(2) \<open>\<U> \<subseteq> \<O>\<close> by auto
+ finally show "openin S' (f ` U)" .
+qed
+
+text \<open> Construct a base from a subbase.\<close>
+definition finite_intersections :: "'a set set \<Rightarrow> 'a set set" where
+"finite_intersections \<O> \<equiv> { \<Inter>\<O>' | \<O>'. \<O>' \<noteq> {} \<and> finite \<O>' \<and> \<O>' \<subseteq> \<O>}"
+
+lemma finite_intersections_inI:
+ assumes "U = \<Inter>\<O>'" "\<O>' \<noteq> {}" " finite \<O>'" and "\<O>' \<subseteq> \<O>"
+ shows "U \<in> finite_intersections \<O>"
+ using assms by(auto simp: finite_intersections_def)
+
+lemma finite_intersections_Uin:
+ assumes "U \<in> \<O>"
+ shows "U \<in> finite_intersections \<O>"
+ using assms by(auto intro!: finite_intersections_inI[of U "{U}"])
+
+lemma finite_intersections_int:
+ assumes "U \<in> finite_intersections \<O>" and "V \<in> finite_intersections \<O>"
+ shows "U \<inter> V \<in> finite_intersections \<O>"
+proof -
+ obtain \<O>U \<O>V where
+ "U = \<Inter>\<O>U" "\<O>U \<noteq> {}" "finite \<O>U" "\<O>U \<subseteq> \<O>" "V = \<Inter>\<O>V" "finite \<O>V" "\<O>V \<subseteq> \<O>"
+ using assms by(auto simp: finite_intersections_def)
+ thus ?thesis
+ by(auto intro!: finite_intersections_inI[of _ "\<O>U \<union> \<O>V"])
+qed
+
+lemma finite_intersections_countable:
+ assumes "countable \<O>"
+ shows "countable (finite_intersections \<O>)"
+proof -
+ have "finite_intersections \<O> = (\<Union>i\<in>{\<O>'. \<O>' \<noteq> {} \<and> finite \<O>' \<and> \<O>' \<subseteq> \<O>}. {\<Inter> i})"
+ by(auto simp: finite_intersections_def)
+ also have "countable ..."
+ using countable_Collect_finite_subset[OF assms]
+ by(auto intro!: countable_UN[of "{ \<O>'. \<O>' \<noteq> {} \<and> finite \<O>' \<and> \<O>' \<subseteq> \<O>}" "\<lambda>\<O>'. {\<Inter>\<O>'}"])
+ (auto intro!: countable_subset[of "{\<O>'. \<O>' \<noteq> {} \<and> finite \<O>' \<and> \<O>' \<subseteq> \<O>}" "{A. finite A \<and> A \<subseteq> \<O>}"])
+ finally show ?thesis .
+qed
+
+lemma finite_intersections_openin:
+ assumes "U \<in> finite_intersections \<O>"
+ shows "openin (topology_generated_by \<O>) U"
+proof -
+ obtain \<O>U where hu:
+ "U = \<Inter>\<O>U" "\<O>U \<noteq> {}" "finite \<O>U" "\<O>U \<subseteq> \<O>"
+ using assms by(auto simp: finite_intersections_def)
+ show ?thesis
+ using hu by(auto intro: topology_generated_by_Basis)
+qed
+
+lemma topology_generated_by_finite_intersections:
+ "topology_generated_by \<O> = topology_generated_by (finite_intersections \<O>)"
+proof(rule topology_generated_by_eq)
+ fix U
+ assume "U \<in> \<O>"
+ then show "openin (topology_generated_by (finite_intersections \<O>)) U"
+ by(auto intro!: topology_generated_by_Basis simp: finite_intersections_Uin)
+qed (rule finite_intersections_openin)
+
+lemma topology_generated_by_is_union_of_finite_intersections:
+ "openin (topology_generated_by \<O>) U \<longleftrightarrow> (\<exists>\<U>. U = \<Union>\<U> \<and> \<U> \<subseteq> finite_intersections \<O>)"
+proof
+ assume "openin (topology_generated_by \<O>) U"
+ then have "generate_topology_on \<O> U"
+ by (simp add: openin_topology_generated_by_iff)
+ thus "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> finite_intersections \<O>"
+ proof induction
+ case Empty
+ then show ?case
+ by auto
+ next
+ case (Int a b)
+ then obtain \<U>a \<U>b where hab:
+ "a = \<Union> \<U>a" "\<U>a \<subseteq> finite_intersections \<O>" "b = \<Union> \<U>b" "\<U>b \<subseteq> finite_intersections \<O>"
+ by auto
+ then have "a \<inter> b = \<Union>{ Ua \<inter> Ub | Ua Ub. Ua \<in> \<U>a \<and> Ub \<in> \<U>b}"
+ by blast
+ moreover have "{ Ua \<inter> Ub | Ua Ub. Ua \<in> \<U>a \<and> Ub \<in> \<U>b} \<subseteq> finite_intersections \<O>"
+ using hab(2,4) finite_intersections_int by blast
+ ultimately show ?case by auto
+ next
+ case (UN K)
+ then have "\<exists>\<U>. \<forall>k\<in>K. k = \<Union> (\<U> k) \<and> \<U> k \<subseteq> finite_intersections \<O>"
+ by(auto intro!: bchoice)
+ then obtain \<U> where
+ "\<forall>k\<in>K. k = \<Union> (\<U> k) \<and> \<U> k \<subseteq> finite_intersections \<O>" by auto
+ thus ?case
+ by(auto intro!: exI[where x="\<Union>k\<in>K. (\<U> k)"]) (metis UnionE)
+ next
+ case (Basis s)
+ then show ?case
+ by(auto intro!: exI[where x="{s}"] finite_intersections_Uin)
+ qed
+next
+ assume "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> finite_intersections \<O>"
+ then obtain \<U> where
+ "U = \<Union> \<U>" "\<U> \<subseteq> finite_intersections \<O>" by auto
+ thus "openin (topology_generated_by \<O>) U"
+ using finite_intersections_openin
+ by(auto simp: openin_topology_generated_by_iff intro!: generate_topology_on.UN)
+qed
+
+lemma base_from_subbase:
+ assumes "subbase_of S \<O>"
+ shows "base_of S (finite_intersections \<O>)"
+ using topology_generated_by_is_union_of_finite_intersections[of \<O>,simplified assms[simplified subbase_of_def,symmetric]]
+ by(simp add: base_of_def)
+
+lemma countable_base_from_countable_subbase:
+ assumes "countable \<O>" and "subbase_of S \<O>"
+ shows "second_countable S"
+ using finite_intersections_countable[OF assms(1)] base_from_subbase[OF assms(2)]
+ by(auto simp: second_countable_def)
+
+lemma prod_topology_second_countable:
+ assumes "second_countable S" and "second_countable S'"
+ shows "second_countable (prod_topology S S')"
+proof -
+ obtain \<O> \<O>' where ho:
+ "countable \<O>" "base_of S \<O>" "countable \<O>'" "base_of S' \<O>'"
+ using assms by(auto simp: second_countable_def)
+ show ?thesis
+ proof(rule countable_base_from_countable_subbase[where \<O>="{ U \<times> V | U V. U \<in> \<O> \<and> V \<in> \<O>'}"])
+ have "{U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<O>'} = (\<lambda>(U,V). U \<times> V) ` (\<O> \<times> \<O>')"
+ by auto
+ also have "countable ..."
+ using ho(1,3) by auto
+ finally show "countable {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<O>'}" .
+ next
+ show "subbase_of (prod_topology S S') {U \<times> V |U V. U \<in> \<O> \<and> V \<in> \<O>'}"
+ using base_is_subbase[OF ho(2)] base_is_subbase[OF ho(4)]
+ by(simp add: subbase_of_def prod_topology_generated_by)
+ qed
+qed
+
+text \<open> Abstract version of the theorem @{thm product_topology_countable_basis}.\<close>
+lemma product_topology_countable_base_of:
+ assumes "countable I" and "\<And>i. i \<in> I \<Longrightarrow> second_countable (S i)"
+ shows "\<exists>\<O>'. countable \<O>' \<and> base_of (product_topology S I) \<O>' \<and>
+ (\<forall>k \<in> \<O>'. \<exists>X. k = (\<Pi>\<^sub>E i\<in>I. X i) \<and> (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)} \<and> {i. X i \<noteq> topspace (S i)} \<subseteq> I)"
+proof -
+ obtain \<O> where ho:
+ "\<And>i. i \<in> I \<Longrightarrow> countable (\<O> i)" "\<And>i. i \<in> I \<Longrightarrow> base_of (S i) (\<O> i)"
+ using assms(2)[simplified second_countable_def] by metis
+ show ?thesis
+ unfolding second_countable_def
+ proof(intro exI[where x="{\<Pi>\<^sub>E i\<in>I. U i | U. finite {i\<in>I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i\<in>I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)}"] conjI)
+ show "countable {\<Pi>\<^sub>E i\<in>I. U i | U. finite {i\<in>I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i\<in>I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)}"
+ (is "countable ?X")
+ proof -
+ have "?X = {\<Pi>\<^sub>E i\<in>I. U i | U. finite {i\<in>I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i\<in>I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i \<in>(UNIV- I). U i = {undefined})}"
+ (is "_ = ?Y")
+ proof (rule set_eqI)
+ show "\<And>x. x \<in> ?X \<longleftrightarrow> x \<in> ?Y"
+ proof
+ fix x
+ assume "x \<in> ?X"
+ then obtain U where hu:
+ "x = (\<Pi>\<^sub>E i\<in>I. U i)" "finite {i\<in>I. U i \<noteq> topspace (S i)}" "(\<forall>i\<in>{i\<in>I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)"
+ by auto
+ define U' where "U' i \<equiv> (if i \<in> I then U i else {undefined})" for i
+ have "x = (\<Pi>\<^sub>E i\<in>I. U' i)"
+ using hu(1) by(auto simp: U'_def PiE_def extensional_def Pi_def)
+ moreover have "finite {i\<in>I. U' i \<noteq> topspace (S i)}" "(\<forall>i\<in>{i\<in>I. U' i \<noteq> topspace (S i)}. U' i \<in> \<O> i)" "\<forall>i \<in>(UNIV- I). U' i = {undefined}"
+ using hu(2,3) by(auto simp: U'_def) (metis (mono_tags, lifting) Collect_cong)
+ ultimately show "x \<in> ?Y" by auto
+ qed auto
+ qed
+ also have "... = (\<lambda>U. \<Pi>\<^sub>E i\<in>I. U i) ` {U. finite {i\<in>I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i\<in>I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i \<in>(UNIV- I). U i = {undefined})}" by auto
+ also have "countable ..."
+ proof(rule countable_image)
+ have "{U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})} = {U. \<exists>I'. finite I' \<and> I' \<subseteq> I \<and> (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>(I - I'). U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ (is "?A = ?B")
+ proof (rule set_eqI)
+ show "\<And>x. x \<in> ?A \<longleftrightarrow> x \<in> ?B"
+ proof
+ fix U
+ assume "U \<in> {U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ then show "U \<in> {U. \<exists>I'. finite I' \<and> I' \<subseteq> I \<and> (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ by auto
+ next
+ fix U
+ assume assm:"U \<in> {U. \<exists>I'. finite I' \<and> I' \<subseteq> I \<and> (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ then obtain I' where hi':
+ "finite I'" "I' \<subseteq> I" "\<forall>i\<in>I'. U i \<in> \<O> i" "\<forall>i\<in>I - I'. U i = topspace (S i)" "\<forall>i\<in>UNIV - I. U i = {undefined}"
+ by auto
+ then have "\<And>i. i \<in> I \<Longrightarrow> U i \<noteq> topspace (S i) \<Longrightarrow> i \<in> I'" by auto
+ hence "{i \<in> I. U i \<noteq> topspace (S i)} \<subseteq> I'" by auto
+ hence "finite {i \<in> I. U i \<noteq> topspace (S i)}"
+ using hi'(1) by (simp add: rev_finite_subset)
+ thus "U \<in> {U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ using hi' by auto
+ qed
+ qed
+ also have "... = (\<Union>I'\<in>{I'. finite I' \<and> I' \<subseteq> I}. {U. (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})})"
+ by auto
+ also have "countable ..."
+ proof(rule countable_UN[OF countable_Collect_finite_subset[OF assms(1)]])
+ fix I'
+ assume "I' \<in> {I'. finite I' \<and> I' \<subseteq> I}"
+ hence hi':"finite I'" "I' \<subseteq> I" by auto
+ have "(\<lambda>U i. if i \<in> I' then U i else undefined) ` {U. (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})} \<subseteq> (\<Pi>\<^sub>E i\<in>I'. \<O> i)"
+ by auto
+ moreover have "countable ..."
+ using hi' by(auto intro!: countable_PiE ho)
+ ultimately have "countable ((\<lambda>U i. if i \<in> I' then U i else undefined) ` {U. (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})})"
+ by(simp add: countable_subset)
+ moreover have "inj_on (\<lambda>U i. if i \<in> I' then U i else undefined) {U. (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ (is "inj_on ?f ?X")
+ proof
+ fix x y
+ assume hxy: "x \<in> ?X" "y \<in> ?X" "?f x = ?f y"
+ show "x = y"
+ proof
+ fix i
+ consider "i \<in> I'" | "i \<in> I - I'" | "i \<in> UNIV - I"
+ using hi'(2) by blast
+ then show "x i = y i"
+ proof cases
+ case i:1
+ then show ?thesis
+ using fun_cong[OF hxy(3),of i] by auto
+ next
+ case i:2
+ then show ?thesis
+ using hxy(1,2) by auto
+ next
+ case i:3
+ then show ?thesis
+ using hxy(1,2) by auto
+ qed
+ qed
+ qed
+ ultimately show "countable {U. (\<forall>i\<in>I'. U i \<in> \<O> i) \<and> (\<forall>i\<in>I - I'. U i = topspace (S i)) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}"
+ using countable_image_inj_on by auto
+ qed
+ finally show "countable {U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i) \<and> (\<forall>i\<in>UNIV - I. U i = {undefined})}" .
+ qed
+ finally show ?thesis .
+ qed
+ next
+ show "base_of (product_topology S I) {\<Pi>\<^sub>E i\<in>I. U i |U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)}"
+ (is "base_of (product_topology S I) ?X")
+ unfolding base_of_def
+ proof safe
+ fix U
+ assume "openin (product_topology S I) U"
+ then have "\<forall>x\<in>U. \<exists>Ux. finite {i \<in> I. Ux i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>I. openin (S i) (Ux i)) \<and> x \<in> Pi\<^sub>E I Ux \<and> Pi\<^sub>E I Ux \<subseteq> U"
+ by(simp add: openin_product_topology_alt)
+ hence "\<exists>Ux. \<forall>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>I. openin (S i) (Ux x i)) \<and> x \<in> Pi\<^sub>E I (Ux x) \<and> Pi\<^sub>E I (Ux x) \<subseteq> U"
+ by(rule bchoice)
+ then obtain Ux where hui:
+ "\<And>x. x \<in> U \<Longrightarrow> finite {i \<in> I. Ux x i \<noteq> topspace (S i)}" "\<And>x i. x \<in> U \<Longrightarrow> i \<in> I \<Longrightarrow> openin (S i) (Ux x i)" "\<And>x. x \<in> U \<Longrightarrow> x \<in> Pi\<^sub>E I (Ux x)" "\<And>x. x \<in> U \<Longrightarrow> Pi\<^sub>E I (Ux x) \<subseteq> U"
+ by fastforce
+ then have 1:"\<forall>x\<in>U. \<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. \<exists>\<U>xj. \<U>xj \<subseteq> \<O> i \<and> Ux x i = \<Union> \<U>xj"
+ using ho[simplified base_of_def] by (metis (no_types, lifting) mem_Collect_eq)
+ have "\<forall>x\<in>U. \<exists>\<U>xj. \<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. \<U>xj i \<subseteq> \<O> i \<and> Ux x i = \<Union> (\<U>xj i)"
+ by(standard, rule bchoice) (use 1 in simp)
+ hence "\<exists>\<U>xj. \<forall>x\<in>U. \<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. \<U>xj x i \<subseteq> \<O> i \<and> Ux x i = \<Union> (\<U>xj x i)"
+ by(rule bchoice)
+ then obtain \<U>xj where
+ "\<forall>x\<in>U. \<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. \<U>xj x i \<subseteq> \<O> i \<and> Ux x i = \<Union> (\<U>xj x i)"
+ by auto
+ hence huxj: "\<And>x i. x \<in> U \<Longrightarrow> i \<in> {i \<in> I. Ux x i \<noteq> topspace (S i)} \<Longrightarrow> \<U>xj x i \<subseteq> \<O> i"
+ "\<And>x i. x \<in> U \<Longrightarrow> i \<in> {i \<in> I. Ux x i \<noteq> topspace (S i)} \<Longrightarrow> Ux x i = \<Union> (\<U>xj x i)"
+ by blast+
+ show "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> ?X"
+ proof(intro exI[where x="{\<Pi>\<^sub>E i\<in>I. K i | K. \<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))}"] conjI)
+ show "U = \<Union> {\<Pi>\<^sub>E i\<in>I. K i | K. \<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))}"
+ proof safe
+ fix x
+ assume hxu:"x \<in> U"
+ have "\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. Ux x i = \<Union> (\<U>xj x i)"
+ using huxj[OF hxu] by blast
+ hence "\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. \<exists>Uxj. Uxj \<in> \<U>xj x i \<and> x i \<in> Uxj"
+ using hui(3)[OF hxu] by auto
+ hence "\<exists>Uxj. \<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. Uxj i \<in> \<U>xj x i \<and> x i \<in> Uxj i"
+ by(rule bchoice)
+ then obtain Uxj where huxj':
+ "\<And>i. i \<in> {i \<in> I. Ux x i \<noteq> topspace (S i)} \<Longrightarrow> Uxj i \<in> \<U>xj x i"
+ "\<And>i. i \<in> {i \<in> I. Ux x i \<noteq> topspace (S i)} \<Longrightarrow> x i \<in> Uxj i"
+ by auto
+ define K where "K \<equiv> (\<lambda>i. if i \<in> {i \<in> I. Ux x i \<noteq> topspace (S i)} then Uxj i else topspace (S i))"
+ have "x \<in> (\<Pi>\<^sub>E i\<in>I. K i)"
+ using huxj'(2) hui(3,4)[OF hxu] openin_subset[OF hui(2)[OF hxu]]
+ by(auto simp: K_def PiE_def Pi_def)
+ moreover have "\<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))"
+ by(rule bexI[OF _ hxu], rule conjI,simp add: hui(1)[OF hxu]) (use hui(2) hxu openin_subset huxj'(1) K_def in auto)
+ ultimately show "x \<in> \<Union> {\<Pi>\<^sub>E i\<in>I. K i | K. \<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))}"
+ by auto
+ next
+ fix x X K u
+ assume hu: "x \<in> (\<Pi>\<^sub>E i\<in>I. K i)" "u \<in> U" "finite {i \<in> I. Ux u i \<noteq> topspace (S i)}" "\<forall>i\<in>{i \<in> I. Ux u i \<noteq> topspace (S i)}. K i \<in> \<U>xj u i" "\<forall>i\<in>UNIV -{i \<in> I. Ux u i \<noteq> topspace (S i)}. K i = topspace (S i)"
+ have "\<And>i. i \<in> {i \<in> I. Ux u i \<noteq> topspace (S i)} \<Longrightarrow> K i \<subseteq> Ux u i"
+ using huxj[OF hu(2)] hu(4) by blast
+ moreover have "\<And>i. i \<in> I - {i \<in> I. Ux u i \<noteq> topspace (S i)} \<Longrightarrow> K i = Ux u i"
+ using hu(5) by auto
+ ultimately have "\<And>i. i \<in> I \<Longrightarrow> K i \<subseteq> Ux u i"
+ by blast
+ thus "x \<in> U"
+ using hui(4)[OF hu(2)] hu(1) by blast
+ qed
+ next
+ show "{\<Pi>\<^sub>E i\<in>I. K i | K. \<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))} \<subseteq> ?X"
+ proof
+ fix x
+ assume "x \<in> {\<Pi>\<^sub>E i\<in>I. K i | K. \<exists>x\<in>U. finite {i \<in> I. Ux x i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i \<in> \<U>xj x i) \<and> (\<forall>i\<in>UNIV -{i \<in> I. Ux x i \<noteq> topspace (S i)}. K i = topspace (S i))}"
+ then obtain u K where hu:
+ "x = (\<Pi>\<^sub>E i\<in>I. K i)" "u \<in> U" "finite {i \<in> I. Ux u i \<noteq> topspace (S i)}" "\<forall>i\<in>{i \<in> I. Ux u i \<noteq> topspace (S i)}. K i \<in> \<U>xj u i" "\<forall>i\<in>UNIV -{i \<in> I. Ux u i \<noteq> topspace (S i)}. K i = topspace (S i)"
+ by auto
+ have hksubst:"{i \<in> I. K i \<noteq> topspace (S i)} \<subseteq> {i \<in> I. Ux u i \<noteq> topspace (S i)}"
+ using hu(5) by fastforce
+ hence "finite {i \<in> I. K i \<noteq> topspace (S i)}"
+ using hu(3) by (simp add: finite_subset)
+ moreover have "\<forall>i\<in>{i \<in> I. K i \<noteq> topspace (S i)}. K i \<in> \<O> i"
+ using huxj(1)[OF hu(2)] hu(4) hksubst
+ by (meson subsetD)
+ ultimately show "x \<in> ?X"
+ using hu(1) by auto
+ qed
+ qed
+ next
+ fix \<U>
+ assume "\<U> \<subseteq> ?X"
+ have "openin (product_topology S I) u" if hu:"u \<in> \<U>" for u
+ proof -
+ have hu': "u \<in> ?X"
+ using \<open>\<U> \<subseteq> ?X\<close> hu by auto
+ then obtain U where hU:
+ "u = (\<Pi>\<^sub>E i\<in>I. U i)" "finite {i \<in> I. U i \<noteq> topspace (S i)}" "\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i"
+ by auto
+ define U' where "U' \<equiv> (\<lambda>i. if i \<in> {i \<in> I. U i \<noteq> topspace (S i)} then U i else topspace (S i))"
+ have hU': "u = (\<Pi>\<^sub>E i\<in>I. U' i)"
+ by(auto simp: hU(1) U'_def PiE_def Pi_def)
+ have hUfinite : "finite {i. U' i \<noteq> topspace (S i)}"
+ using hU(2) by(auto simp: U'_def)
+ have hUoi: "\<forall>i\<in>{i. U' i \<noteq> topspace (S i)}. U' i \<in> \<O> i"
+ using hU(3) by(auto simp: U'_def)
+ have hUi: "\<forall>i\<in>{i. U' i \<noteq> topspace (S i)}. i \<in> I"
+ using hU(2) by(auto simp: U'_def)
+ have hallopen:"openin (S i) (U' i)" for i
+ proof -
+ consider "i \<in> {i. U' i \<noteq> topspace (S i)}" | "i \<notin> {i. U' i \<noteq> topspace (S i)}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ using hUoi ho(2)[of i] base_of_openin[of "S i" "\<O> i" "U' i"] hUi
+ by auto
+ next
+ case 2
+ then have "U' i = topspace (S i)" by auto
+ thus ?thesis by auto
+ qed
+ qed
+ show "openin (product_topology S I) u"
+ using hallopen hUfinite by(auto intro!: product_topology_basis simp: hU')
+ qed
+ thus "openin (product_topology S I) (\<Union> \<U>)"
+ by auto
+ qed
+ next
+ show "\<forall>k\<in>{Pi\<^sub>E I U |U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)}. \<exists>X. k = Pi\<^sub>E I X \<and> (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)} \<and> {i. X i \<noteq> topspace (S i)} \<subseteq> I"
+ proof
+ fix k
+ assume "k \<in> {Pi\<^sub>E I U |U. finite {i \<in> I. U i \<noteq> topspace (S i)} \<and> (\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i)}"
+ then obtain U where hu:
+ "k = (\<Pi>\<^sub>E i\<in>I. U i)" "finite {i \<in> I. U i \<noteq> topspace (S i)}" "\<forall>i\<in>{i \<in> I. U i \<noteq> topspace (S i)}. U i \<in> \<O> i"
+ by auto
+ define X where "X \<equiv> (\<lambda>i. if i \<in> {i \<in> I. U i \<noteq> topspace (S i)} then U i else topspace (S i))"
+ have hX1: "k = (\<Pi>\<^sub>E i\<in>I. X i)"
+ using hu(1) by(auto simp: X_def PiE_def Pi_def)
+ have hX2: "openin (S i) (X i)" for i
+ using hu(3) base_of_openin[of "S i" _ "U i",OF ho(2)]
+ by(auto simp: X_def)
+ have hX3: "finite {i. X i \<noteq> topspace (S i)}"
+ using hu(2) by(auto simp: X_def)
+ have hX4: "{i. X i \<noteq> topspace (S i)} \<subseteq> I"
+ by(auto simp: X_def)
+ show "\<exists>X. k = (\<Pi>\<^sub>E i\<in>I. X i) \<and> (\<forall>i. openin (S i) (X i)) \<and> finite {i. X i \<noteq> topspace (S i)} \<and> {i. X i \<noteq> topspace (S i)} \<subseteq> I"
+ using hX1 hX2 hX3 hX4 by(auto intro!: exI[where x=X])
+ qed
+ qed
+qed
+
+lemma product_topology_second_countable:
+ assumes "countable I" and "\<And>i. i \<in> I \<Longrightarrow> second_countable (S i)"
+ shows "second_countable (product_topology S I)"
+ using product_topology_countable_base_of[OF assms(1)] assms(2)
+ by(fastforce simp: second_countable_def)
+
+lemma Cantor_Bendixon:
+ assumes "second_countable X"
+ shows "\<exists>U P. countable U \<and> openin X U \<and> perfect_set X P \<and> U \<union> P = topspace X \<and> U \<inter> P = {} \<and> (\<forall>a\<noteq>{}. openin (subtopology X P) a \<longrightarrow> uncountable a)"
+proof -
+ obtain \<O> where o: "countable \<O>" "base_of X \<O>"
+ using assms by(auto simp: second_countable_def)
+ define U where "U \<equiv> \<Union> {u\<in>\<O>. countable u}"
+ define P where "P \<equiv> topspace X - U"
+ have 1: "countable U"
+ using o(1) by(auto simp: U_def intro!: countable_UN[of _ id,simplified])
+ have 2: "openin X U"
+ using base_of_openin[OF o(2)] by(auto simp: U_def)
+ have openin_c:"countable v \<longleftrightarrow> v \<subseteq> U" if "openin X v" for v
+ proof
+ assume "countable v"
+ obtain \<U> where "v = \<Union>\<U>" "\<U> \<subseteq> \<O>"
+ using \<open>openin X v\<close> o(2) by(auto simp: base_of_def)
+ with \<open>countable v\<close> have "\<And>u. u \<in> \<U> \<Longrightarrow> countable u"
+ by (meson Sup_upper countable_subset)
+ thus "v \<subseteq> U"
+ using \<open>\<U> \<subseteq> \<O>\<close> by(auto simp: \<open>v = \<Union>\<U>\<close> U_def)
+ qed(rule countable_subset[OF _ 1])
+ have 3: "perfect_set X P"
+ proof(rule perfect_setI)
+ fix x T
+ assume h:"x \<in> P" "x \<in> T" "openin X T"
+ have T_unc:"uncountable T"
+ using openin_c[OF h(3)] h(1,2) by(auto simp: P_def)
+ obtain \<U> where U:"T = \<Union>\<U>" "\<U> \<subseteq> \<O>"
+ using h(3) o(2) by(auto simp: base_of_def)
+ then obtain u where u:"u \<in> \<U>" "uncountable u"
+ using T_unc U_def h(3) openin_c by auto
+ hence "uncountable (u - {x})" by simp
+ hence "\<not> (u - {x} \<subseteq> U)"
+ using 1 by (metis countable_subset)
+ then obtain y where "y \<in> u - {x}" "y \<notin> U"
+ by blast
+ thus "\<exists>y. y \<noteq> x \<and> y \<in> T \<and> y \<in> P"
+ using U u base_of_subset[OF o(2),of u] by(auto intro!: exI[where x=y] simp:P_def)
+ qed(use 2 P_def in auto)
+ have 4 : "uncountable a" if "openin (subtopology X P) a" "a \<noteq> {}" for a
+ proof
+ assume contable:"countable a"
+ obtain b where b: "openin X b" "a = P \<inter> b"
+ using \<open>openin (subtopology X P) a\<close> by(auto simp: openin_subtopology)
+ hence "uncountable b"
+ using P_def openin_c that(2) by auto
+ thus False
+ by (metis 1 Diff_Int_distrib2 Int_absorb1 P_def b(1) b(2) contable countable_Int1 openin_subset uncountable_minus_countable)
+ qed
+ show ?thesis
+ using 1 2 3 4 by(auto simp: P_def)
+qed
+
+subsubsection \<open> Dense and Separable in Abstract Topology\<close>
+definition dense_of :: "['a topology, 'a set] \<Rightarrow> bool" where
+"dense_of S U \<longleftrightarrow> (U \<subseteq> topspace S \<and> (\<forall>V. openin S V \<longrightarrow> V \<noteq> {} \<longrightarrow> U \<inter> V \<noteq> {}))"
+
+lemma dense_of_def2:
+ "dense_of S U \<longleftrightarrow> (U \<subseteq> topspace S \<and> (S closure_of U) = topspace S)"
+ using dense_intersects_open by(auto simp: dense_of_def closure_of_subset_topspace in_closure_of) auto
+
+lemma dense_of_subset:
+ assumes "dense_of S U"
+ shows "U \<subseteq> topspace S"
+ using assms by(simp add: dense_of_def)
+
+lemma dense_of_nonempty:
+ assumes "topspace S \<noteq> {}" "dense_of S U"
+ shows "U \<noteq> {}"
+ using assms by(auto simp: dense_of_def)
+
+definition separable :: "'a topology \<Rightarrow> bool" where
+"separable S \<longleftrightarrow> (\<exists>U. countable U \<and> dense_of S U)"
+
+lemma dense_ofI:
+ assumes "U \<subseteq> topspace S"
+ and "\<And>V. openin S V \<Longrightarrow> V \<noteq> {} \<Longrightarrow> U \<inter> V \<noteq> {}"
+ shows "dense_of S U"
+ using assms by(auto simp: dense_of_def)
+
+lemma separable_if_second_countable:
+ assumes "second_countable S"
+ shows "separable S"
+proof -
+ obtain \<O> where ho:
+ "countable \<O>" "base_of S \<O>" "\<And>u. u \<in> \<O> \<Longrightarrow> u \<noteq> {}"
+ using second_countable_ex_without_empty[OF assms] by auto
+ then obtain x where hx: "\<And>u. u \<in> \<O> \<Longrightarrow> x u \<in> u"
+ by (metis all_not_in_conv)
+ show ?thesis
+ unfolding separable_def
+ proof(intro exI[where x="{x u|u. u \<in> \<O>}"] conjI)
+ show "countable {x u |u. u \<in> \<O>}"
+ using ho(1) by (simp add: Setcompr_eq_image)
+ next
+ show "dense_of S {x u |u. u \<in> \<O>}"
+ proof(rule dense_ofI)
+ show "{x u |u. u \<in> \<O>} \<subseteq> topspace S"
+ using hx base_of_subset[OF ho(2)] by auto
+ next
+ fix V
+ assume "openin S V" "V \<noteq> {}"
+ then obtain B where hb:"B \<subseteq> \<O>" "V = \<Union> B"
+ using base_of_def2' ho(2) by metis
+ with \<open>V \<noteq> {}\<close> obtain b where "b \<in> B"
+ by auto
+ hence "{x u |u. u \<in> \<O>} \<inter> b \<subseteq> {x u |u. u \<in> \<O>} \<inter> V"
+ using hb(2) by auto
+ moreover have "x b \<in> {x u |u. u \<in> \<O>} \<inter> b"
+ using hb(1) \<open>b \<in> B\<close> hx[of b] by auto
+ ultimately show "{x u |u. u \<in> \<O>} \<inter> V \<noteq> {}"
+ by auto
+ qed
+ qed
+qed
+
+lemma dense_of_prod:
+ assumes "dense_of S U" and "dense_of S' U'"
+ shows "dense_of (prod_topology S S') (U \<times> U')"
+proof(rule dense_ofI)
+ fix V
+ assume h:"openin (prod_topology S S') V" "V \<noteq> {}"
+ then obtain x y where hxy:"(x,y) \<in> V" by auto
+ then obtain V1 V2 where hv12:
+ "openin S V1" "openin S' V2" "x \<in> V1" "y \<in> V2" "V1 \<times> V2 \<subseteq> V"
+ using h(1) openin_prod_topology_alt[of S S' V] by blast
+ hence "V1 \<noteq> {}" "V2 \<noteq> {}" by auto
+ hence "U \<inter> V1 \<noteq> {}" "U' \<inter> V2 \<noteq> {}"
+ using assms hv12 by(auto simp: dense_of_def)
+ thus "U \<times> U' \<inter> V \<noteq> {}"
+ using hv12 by auto
+next
+ show "U \<times> U' \<subseteq> topspace (prod_topology S S')"
+ using assms by(auto simp add: dense_of_def)
+qed
+
+lemma separable_prod:
+ assumes "separable S" and "separable S'"
+ shows "separable (prod_topology S S')"
+proof -
+ obtain U U' where
+ "countable U" "dense_of S U" "countable U'" "dense_of S' U'"
+ using assms by(auto simp: separable_def)
+ thus ?thesis
+ by(auto intro!: exI[where x="U\<times>U'"] dense_of_prod simp: separable_def)
+qed
+
+lemma dense_of_product:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> dense_of (T i) (U i)"
+ shows "dense_of (product_topology T I) (\<Pi>\<^sub>E i\<in>I. U i)"
+proof(rule dense_ofI)
+ fix V
+ assume h:"openin (product_topology T I) V" "V \<noteq> {}"
+ then obtain x where hx:"x \<in> V" by auto
+ then obtain K where hk:
+ "finite {i \<in> I. K i \<noteq> topspace (T i)}" "\<forall>i\<in>I. openin (T i) (K i)" "x \<in> (\<Pi>\<^sub>E i\<in>I. K i)" "(\<Pi>\<^sub>E i\<in>I. K i) \<subseteq> V"
+ using h(1) openin_product_topology_alt[of T I V] by auto
+ hence "\<And>i. i \<in> I \<Longrightarrow> K i \<noteq> {}" by auto
+ hence "\<And>i. i \<in> I \<Longrightarrow> U i \<inter> K i \<noteq> {}"
+ using assms hk by(auto simp: dense_of_def)
+ hence "(\<Pi>\<^sub>E i\<in>I. U i) \<inter> (\<Pi>\<^sub>E i\<in>I. K i) \<noteq> {}"
+ by (simp add: PiE_Int PiE_eq_empty_iff)
+ thus "(\<Pi>\<^sub>E i\<in>I. U i) \<inter> V \<noteq> {}"
+ using hk by auto
+next
+ show "(\<Pi>\<^sub>E i\<in>I. U i) \<subseteq> topspace (product_topology T I)"
+ using assms by(auto simp: dense_of_def)
+qed
+
+lemma separable_countable_product:
+ assumes "countable I" and "\<And>i. i \<in> I \<Longrightarrow> separable (T i)"
+ shows "separable (product_topology T I)"
+proof -
+ consider "\<exists>i\<in>I. topspace (T i) = {}" | "\<And>i. i \<in> I \<Longrightarrow> topspace (T i) \<noteq> {}"
+ by auto
+ thus ?thesis
+ proof cases
+ case 1
+ then obtain i where i:"i \<in> I" "topspace (T i) = {}"
+ by auto
+ show ?thesis
+ unfolding separable_def dense_of_def
+ proof(intro exI[where x="{}"] conjI)
+ show " \<forall>V. openin (product_topology T I) V \<longrightarrow> V \<noteq> {} \<longrightarrow> {} \<inter> V \<noteq> {}"
+ proof safe
+ fix V x
+ assume h: "openin (product_topology T I) V" "x \<in> V"
+ from i have "topspace (product_topology T I) = {}"
+ by auto
+ with h(1) have "V = {}"
+ using openin_subset by blast
+ thus "x \<in> {}"
+ using h(2) by auto
+ qed
+ qed auto
+ next
+ case 2
+ then have "\<exists>x. \<forall>i\<in>I. x i \<in> topspace (T i)"
+ by (meson all_not_in_conv)
+ moreover from "2"
+ have "\<exists>U. \<forall>i\<in>I. countable (U i) \<and> dense_of (T i) (U i)"
+ using assms(2) by(auto intro!: bchoice simp: separable_def)
+ ultimately
+ obtain x U where hxu:
+ "\<And>i. i \<in> I \<Longrightarrow> x i \<in> topspace (T i)" "\<And>i. i \<in> I \<Longrightarrow> countable (U i)" "\<And>i. i \<in> I \<Longrightarrow> dense_of (T i) (U i)"
+ by auto
+ define U' where "U' \<equiv> (\<lambda>J i. if i \<in> J then U i else {x i})"
+ show ?thesis
+ unfolding separable_def
+ proof(intro exI[where x="\<Union>{ \<Pi>\<^sub>E i\<in>I. U' J i | J. finite J \<and> J \<subseteq> I}"] conjI)
+ have "(\<Union>{ \<Pi>\<^sub>E i\<in>I. U' J i | J. finite J \<and> J \<subseteq> I}) = (\<Union> ((\<lambda>J. \<Pi>\<^sub>E i\<in>I. U' J i) ` {J. finite J \<and> J \<subseteq> I}))"
+ by auto
+ also have "countable ..."
+ proof(rule countable_UN)
+ fix J
+ assume hj:"J \<in> {J. finite J \<and> J \<subseteq> I}"
+ have "inj_on (\<lambda>f. (\<lambda>i\<in>J. f i, \<lambda>i\<in>(I-J). f i)) (\<Pi>\<^sub>E i\<in>I. U' J i)"
+ proof(rule inj_onI)
+ fix f g
+ assume h:"f \<in> Pi\<^sub>E I (U' J)" "g \<in> Pi\<^sub>E I (U' J)"
+ "(restrict f J, restrict f (I - J)) = (restrict g J, restrict g (I - J))"
+ then have "\<And>i. i \<in> J \<Longrightarrow> f i = g i" "\<And>i. i \<in>(I-J) \<Longrightarrow> f i = g i"
+ by(auto simp: restrict_def) meson+
+ thus "f = g"
+ using h(1,2) by(auto simp: U'_def) (meson PiE_ext)
+ qed
+ moreover have "countable ((\<lambda>f. (\<lambda>i\<in>J. f i, \<lambda>i\<in>(I-J). f i)) ` (\<Pi>\<^sub>E i\<in>I. U' J i))" (is "countable ?K")
+ proof -
+ have 1:"?K \<subseteq> (\<Pi>\<^sub>E i\<in>J. U i) \<times> (\<Pi>\<^sub>E i\<in>(I-J). {x i})"
+ using hj by(auto simp: U'_def PiE_def Pi_def)
+ have 2:"countable ..."
+ proof(rule countable_SIGMA)
+ show "countable (Pi\<^sub>E J U)"
+ using hj hxu(2) by(auto intro!: countable_PiE)
+ next
+ have "(\<Pi>\<^sub>E i\<in>I - J. {x i}) = { \<lambda>i\<in>I-J. x i }"
+ by(auto simp: PiE_def extensional_def restrict_def Pi_def)
+ thus "countable (\<Pi>\<^sub>E i\<in>I - J. {x i})"
+ by simp
+ qed
+ show ?thesis
+ by(rule countable_subset[OF 1 2])
+ qed
+ ultimately show "countable (\<Pi>\<^sub>E i\<in>I. U' J i)"
+ by(simp add: countable_image_inj_eq)
+ qed(rule countable_Collect_finite_subset[OF assms(1)])
+ finally show "countable (\<Union>{ \<Pi>\<^sub>E i\<in>I. U' J i | J. finite J \<and> J \<subseteq> I})" .
+ next
+ show "dense_of (product_topology T I) (\<Union> {\<Pi>\<^sub>E i\<in>I. U' J i |J. finite J \<and> J \<subseteq> I})"
+ proof(rule dense_ofI)
+ fix V
+ assume h:"openin (product_topology T I) V" "V \<noteq> {}"
+ then obtain y where hx:"y \<in> V" by auto
+ then obtain K where hk:
+ "finite {i \<in> I. K i \<noteq> topspace (T i)}" "\<And>i. i\<in>I \<Longrightarrow> openin (T i) (K i)" "y \<in> (\<Pi>\<^sub>E i\<in>I. K i)" "(\<Pi>\<^sub>E i\<in>I. K i) \<subseteq> V"
+ using h(1) openin_product_topology_alt[of T I V] by auto
+ hence 3:"\<And>i. i \<in> I \<Longrightarrow> K i \<noteq> {}" by auto
+ hence 4:"i \<in> {i \<in> I. K i \<noteq> topspace (T i)} \<Longrightarrow> K i \<inter> U' {i \<in> I. K i \<noteq> topspace (T i)} i \<noteq> {}" for i
+ using hxu(3)[of i] hk(2)[of i] by(auto simp: U'_def dense_of_def)
+ have "\<exists>z. \<forall>i\<in>{i \<in> I. K i \<noteq> topspace (T i)}. z i \<in> K i \<inter> U' {i \<in> I. K i \<noteq> topspace (T i)} i"
+ by(rule bchoice) (use 4 in auto)
+ then obtain z where hz: "\<forall>i\<in>{i \<in> I. K i \<noteq> topspace (T i)}. z i \<in> K i \<inter> U' {i \<in> I. K i \<noteq> topspace (T i)} i"
+ by auto
+ have 5: "i \<notin> {i \<in> I. K i \<noteq> topspace (T i)} \<Longrightarrow> i \<in> I \<Longrightarrow> x i \<in> K i" for i
+ using hxu(1)[of i] by auto
+ have "(\<lambda>i. if i \<in> {i \<in> I. K i \<noteq> topspace (T i)} then z i else if i \<in> I then x i else undefined) \<in> (\<Pi>\<^sub>E i\<in>I. U' {i \<in> I. K i \<noteq> topspace (T i)} i) \<inter> (\<Pi>\<^sub>E i\<in>I. K i)"
+ using 4 5 hz by(auto simp: U'_def)
+ thus "\<Union> {Pi\<^sub>E I (U' J) |J. finite J \<and> J \<subseteq> I} \<inter> V \<noteq> {}"
+ using hk(1,4) by blast
+ next
+ have "\<And>J. J \<subseteq> I \<Longrightarrow> (\<Pi>\<^sub>E i\<in>I. U' J i) \<subseteq> topspace (product_topology T I)"
+ using hxu by(auto simp: dense_of_def U'_def PiE_def Pi_def) (metis subsetD)
+ thus "(\<Union> {\<Pi>\<^sub>E i\<in>I. U' J i |J. finite J \<and> J \<subseteq> I}) \<subseteq> topspace (product_topology T I)"
+ by auto
+ qed
+ qed
+ qed
+qed
+
+lemma separable_finite_product:
+ assumes "finite I" and "\<And>i. i \<in> I \<Longrightarrow> separable (T i)"
+ shows "separable (product_topology T I)"
+ using separable_countable_product[OF countable_finite[OF assms(1)]] assms by auto
+
+lemma homeomorphic_separable:
+ assumes "separable X" "X homeomorphic_space Y"
+ shows "separable Y"
+proof -
+ obtain f g where "homeomorphic_maps X Y f g"
+ using assms(2) by(auto simp: homeomorphic_space_def)
+ hence fg:"continuous_map X Y f" "continuous_map Y X g" "\<And>x. x \<in> topspace X \<Longrightarrow> g(f x) = x" "\<And>y. y \<in> topspace Y \<Longrightarrow> f(g y) = y"
+ by(auto simp: homeomorphic_maps_def)
+ obtain U where U: "countable U" "dense_of X U"
+ using assms(1) by(auto simp: separable_def)
+ show ?thesis
+ unfolding separable_def dense_of_def countable_image[OF U(1)]
+ proof(intro exI[where x="f ` U"] conjI)
+ show "f ` U \<subseteq> topspace Y"
+ using U(2) fg(1) by(auto simp: dense_of_def continuous_map_def)
+ next
+ show "\<forall>V. openin Y V \<longrightarrow> V \<noteq> {} \<longrightarrow> f ` U \<inter> V \<noteq> {}"
+ proof safe
+ fix V x
+ assume h:"openin Y V" "f ` U \<inter> V = {}" "x \<in> V"
+ then have "U \<inter> (f -` V \<inter> topspace X) = {}"
+ by blast
+ moreover have "f -` V \<inter> topspace X \<noteq> {}"
+ using continuous_map_preimage_topspace fg(2) fg(4) h(1) h(3) openin_subset by fastforce
+ moreover have "openin X (f -` V \<inter> topspace X)"
+ using h(1) fg(1) by auto
+ ultimately show "x \<in> {}"
+ using U(2) by(auto simp: dense_of_def)
+ qed
+ qed(rule countable_image[OF U(1)])
+qed
+
+subsubsection \<open> $G_{\delta}$ Set in Abstract Topology\<close>
+definition g_delta_of :: "['a topology, 'a set] \<Rightarrow> bool" where
+"g_delta_of S A \<longleftrightarrow> (\<exists>\<U>. \<U> \<noteq> {} \<and> countable \<U> \<and> (\<forall>b\<in>\<U>. openin S b) \<and> A = \<Inter> \<U>)"
+
+lemma g_delta_ofI:
+ assumes "U \<noteq> {}" "countable U" "\<And>b. b \<in> U \<Longrightarrow> openin S b" "A = \<Inter> U"
+ shows "g_delta_of S A"
+ using assms by(auto simp: g_delta_of_def)
+
+lemma g_delta_ofD:
+ assumes "g_delta_of S A"
+ shows "\<exists>\<U>. \<U> \<noteq> {} \<and> countable \<U> \<and> (\<forall>b\<in>\<U>. openin S b) \<and> A = \<Inter> \<U>"
+ using assms by(simp add: g_delta_of_def)
+
+lemma g_delta_ofD':
+ assumes "g_delta_of S A"
+ shows "\<exists>U. (\<forall>n::nat. openin S (U n)) \<and> A = \<Inter> (range U)"
+proof-
+ obtain \<U> where h:"\<U> \<noteq> {}" "countable \<U>" "\<And>b. b\<in>\<U> \<Longrightarrow> openin S b" "A = \<Inter> \<U>"
+ using g_delta_ofD[OF assms] by metis
+ show ?thesis
+ using range_from_nat_into[OF h(1,2)] h(3,4)
+ by(auto intro!: exI[where x="from_nat_into \<U>"])
+qed
+
+lemma g_delta_of_subset:
+ assumes "g_delta_of S A"
+ shows "A \<subseteq> topspace S"
+ using assms openin_subset by(auto simp: g_delta_of_def)
+
+lemma g_delta_of_open_set[simp]:
+ assumes "openin S A"
+ shows "g_delta_of S A"
+ using assms by(auto simp: g_delta_of_def intro!: exI[where x="{A}"])
+
+lemma g_delta_of_empty[simp]: "g_delta_of S {}"
+ by simp
+
+lemma g_delta_of_topspace[simp]: "g_delta_of S (topspace S)"
+ by simp
+
+lemma g_delta_of_inter:
+ assumes "g_delta_of S A" and "g_delta_of S B"
+ shows "g_delta_of S (A \<inter> B)"
+proof -
+ obtain Ua Ub where hu:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin S b" "A = \<Inter> Ua"
+ "countable Ub" "\<And>b. b \<in> Ub \<Longrightarrow> openin S b" "B = \<Inter> Ub"
+ using assms by(auto simp: g_delta_of_def)
+ thus ?thesis
+ by(auto intro!: g_delta_ofI[where U="Ua \<union> Ub"])
+qed
+
+lemma g_delta_of_Int:
+ assumes "\<And>a. a \<in> \<U> \<Longrightarrow> g_delta_of X a" "countable \<U>" "\<U> \<noteq> {}"
+ shows "g_delta_of X (\<Inter> \<U>)"
+proof -
+ obtain Ua where u:
+ "\<And>a. a \<in> \<U> \<Longrightarrow> Ua a \<noteq> {}" "\<And>a. a \<in> \<U> \<Longrightarrow> countable (Ua a)" "\<And>a b. a \<in> \<U> \<Longrightarrow> b \<in> Ua a \<Longrightarrow> openin X b" "\<And>a. a \<in> \<U> \<Longrightarrow> a = \<Inter> (Ua a)"
+ using g_delta_ofD[OF assms(1)] by metis
+ have 1: "\<Union> {Ua a |a. a \<in> \<U>} \<noteq> {}"
+ using assms(3) u(1) by auto
+ have 2: "countable (\<Union> {Ua a |a. a \<in> \<U>})"
+ by (simp add: Setcompr_eq_image assms(2) u(2))
+ have 3: "\<And>b. b \<in> \<Union> {Ua a |a. a \<in> \<U>} \<Longrightarrow> openin X b"
+ using u(3) by auto
+ show ?thesis
+ using u(4) by(fastforce intro!: g_delta_ofI[OF 1 2 3])
+qed
+
+lemma g_delta_of_continuous_map:
+ assumes "continuous_map X Y f" "g_delta_of Y a"
+ shows "g_delta_of X (f -` a \<inter> topspace X)"
+proof -
+ obtain Ua where u:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin Y b" "a = \<Inter> Ua"
+ using g_delta_ofD[OF assms(2)] by metis
+ then have 0:"f -` a \<inter> topspace X = \<Inter> {f -` b \<inter> topspace X|b. b \<in> Ua}"
+ by auto
+ have 1: "{f -` b \<inter> topspace X |b. b \<in> Ua} \<noteq> {}"
+ using u(1) by simp
+ have 2:"countable {f -` b \<inter> topspace X|b. b \<in> Ua}"
+ using u by (simp add: Setcompr_eq_image)
+ have 3:"\<And>c. c \<in> {f -` b \<inter> topspace X|b. b \<in> Ua} \<Longrightarrow> openin X c"
+ using assms u(3) by blast
+ show ?thesis
+ using g_delta_ofI[OF 1 2 3] by(simp add: 0)
+qed
+
+lemma g_delta_of_inj_open_map:
+ assumes "open_map X Y f" "inj_on f (topspace X)" "g_delta_of X a"
+ shows "g_delta_of Y (f ` a)"
+proof -
+ obtain Ua where u:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin X b" "a = \<Inter> Ua"
+ using g_delta_ofD[OF assms(3)] by metis
+ then obtain j where "j \<in> Ua" by auto
+ have "f ` a = f ` \<Inter> Ua" by(simp add: u(4))
+ also have "... = \<Inter> ((`) f ` Ua)"
+ using u openin_subset by(auto intro!: image_INT[OF assms(2) _ \<open>j \<in> Ua\<close>,of id,simplified])
+ also have "... = \<Inter> {f ` u|u. u \<in> Ua}" by auto
+ finally have 0: "f ` a = \<Inter> {f ` u |u. u \<in> Ua}" .
+ have 1:"{f ` u |u. u \<in> Ua} \<noteq> {}"
+ using u(1) by auto
+ have 2:"countable {f ` u |u. u \<in> Ua}"
+ using u(2) by (simp add: Setcompr_eq_image)
+ have 3: "\<And>c. c \<in> {f ` u |u. u \<in> Ua} \<Longrightarrow> openin Y c"
+ using assms(1) u(3) by(auto simp: open_map_def)
+ show ?thesis
+ using g_delta_ofI[OF 1 2 3] by(simp add: 0)
+qed
+
+lemma g_delta_of_homeo_morphic:
+ assumes "g_delta_of X a" "homeomorphic_map X Y f"
+ shows "g_delta_of Y (f ` a)"
+ by(auto intro!: g_delta_of_inj_open_map[of X Y f] simp: assms(1) homeomorphic_imp_injective_map[OF assms(2)] homeomorphic_imp_open_map[OF assms(2)])
+
+lemma g_delta_of_prod:
+ assumes "g_delta_of X A" "g_delta_of Y B"
+ shows "g_delta_of (prod_topology X Y) (A \<times> B)"
+proof -
+ obtain Ua Ub where hu:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin X b" "A = \<Inter> Ua"
+ "Ub \<noteq> {}" "countable Ub" "\<And>b. b \<in> Ub \<Longrightarrow> openin Y b" "B = \<Inter> Ub"
+ using assms by(auto simp: g_delta_of_def)
+ then have 0:"A \<times> B = \<Inter> {a \<times> b | a b. a \<in> Ua \<and> b \<in> Ub}" by blast
+ have 1: "{a \<times> b | a b. a \<in> Ua \<and> b \<in> Ub} \<noteq> {}"
+ using hu(1,5) by auto
+ have 2: "countable {a \<times> b | a b. a \<in> Ua \<and> b \<in> Ub}"
+ proof -
+ have "countable ((\<lambda>(x, y). x \<times> y) ` (Ua \<times> Ub))"
+ using hu(2,6) by(auto intro!: countable_image[of "Ua \<times> Ub" "\<lambda>(x,y). x \<times> y"])
+ moreover have "... = {a \<times> b | a b. a \<in> Ua \<and> b \<in> Ub}" by auto
+ ultimately show ?thesis by simp
+ qed
+ have 3: "\<And>c. c \<in> {a \<times> b | a b. a \<in> Ua \<and> b \<in> Ub} \<Longrightarrow> openin (prod_topology X Y) c"
+ using hu(3,7) by(auto simp: openin_prod_Times_iff)
+ show ?thesis
+ using g_delta_ofI[OF 1 2 3] by(simp add: 0)
+qed
+
+lemma g_delta_of_prod1:
+ assumes "g_delta_of X A"
+ shows "g_delta_of (prod_topology X Y) (A \<times> topspace Y)"
+ by(auto intro!: g_delta_of_prod assms)
+
+lemma g_delta_of_prod2:
+ assumes "g_delta_of Y B"
+ shows "g_delta_of (prod_topology X Y) (topspace X \<times> B)"
+ by(auto intro!: g_delta_of_prod assms)
+
+lemma g_delta_of_subtopology:
+ assumes "g_delta_of X A" "A \<subseteq> S"
+ shows "g_delta_of (subtopology X S) A"
+proof -
+ obtain Ua where u:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin X b" "A = \<Inter> Ua"
+ using g_delta_ofD[OF assms(1)] by metis
+ have 0: "\<Inter> Ua = \<Inter> {ua \<inter> S | ua. ua \<in> Ua } "
+ using assms(2) u(4) by auto
+ have 1: "{ua \<inter> S | ua. ua \<in> Ua } \<noteq> {}"
+ using u(1) by auto
+ have 2: "countable {ua \<inter> S | ua. ua \<in> Ua }"
+ using u(2) by (simp add: Setcompr_eq_image)
+ have 3: "\<And>b. b \<in> {ua \<inter> S | ua. ua \<in> Ua } \<Longrightarrow> openin (subtopology X S) b"
+ using u(3) by(auto simp: openin_subtopology)
+ show ?thesis
+ using g_delta_ofI[OF 1 2 3 0] by(simp add: u(4))
+qed
+
+lemma g_delta_of_subtopology_inverse:
+ assumes "g_delta_of (subtopology X S) A" "g_delta_of X S"
+ shows "g_delta_of X A"
+proof -
+ obtain Ua where ua:
+ "Ua \<noteq> {}" "countable Ua" "\<And>b. b \<in> Ua \<Longrightarrow> openin (subtopology X S) b" "A = \<Inter> Ua"
+ using g_delta_ofD[OF assms(1)] by metis
+ then obtain T where t: "\<And>b. b \<in> Ua \<Longrightarrow> openin X (T b)" "\<And>b. b \<in> Ua \<Longrightarrow> b = T b \<inter> S"
+ by(auto simp: openin_subtopology) metis
+ have 0: "A = \<Inter> {T b|b. b \<in> Ua} \<inter> S"
+ using ua(1,4) t(2) by blast
+ have "{T b |b. b \<in> Ua} \<noteq> {}" "countable {T b |b. b \<in> Ua}"
+ using ua(1,2) by(simp_all add: Setcompr_eq_image)
+ from g_delta_ofI[OF this] t(1) show ?thesis
+ by(auto intro!: g_delta_of_inter[OF _ assms(2)] simp: 0)
+qed
+
+lemma continuous_map_imp_closed_graph':
+ assumes "continuous_map X Y f" "Hausdorff_space Y"
+ shows "closedin (prod_topology Y X) ((\<lambda>x. (f x,x)) ` topspace X)"
+ using assms closed_map_def closed_map_paired_continuous_map_left by blast
+
+subsubsection \<open> Upper-Semicontinuous \<close>
+definition upper_semicontinuous_map :: "['a topology, 'a \<Rightarrow> 'b :: linorder_topology] \<Rightarrow> bool" where
+"upper_semicontinuous_map X f \<longleftrightarrow> (\<forall>a. openin X {x\<in>topspace X. f x < a})"
+
+lemma continuous_upper_semicontinuous:
+ assumes "continuous_map X (euclidean :: ('b :: linorder_topology) topology) f"
+ shows "upper_semicontinuous_map X f"
+ unfolding upper_semicontinuous_map_def
+proof safe
+ fix a :: 'b
+ have *:"openin euclidean U \<Longrightarrow> openin X {x \<in> topspace X. f x \<in> U}" for U
+ using assms by(simp add: continuous_map)
+ have "openin euclidean {..<a}" by auto
+ with *[of "{..<a}"] show "openin X {x \<in> topspace X. f x < a}" by auto
+qed
+
+lemma upper_semicontinuous_map_iff_closed:
+ "upper_semicontinuous_map X f \<longleftrightarrow> (\<forall>a. closedin X {x\<in>topspace X. f x \<ge> a})"
+proof -
+ have "{x \<in> topspace X. f x < a} = topspace X - {x \<in> topspace X. f x \<ge> a}" for a
+ by auto
+ thus ?thesis
+ by (simp add: closedin_def upper_semicontinuous_map_def)
+qed
+
+lemma upper_semicontinuous_map_real_iff:
+ fixes f :: "'a \<Rightarrow> real"
+ shows "upper_semicontinuous_map X f \<longleftrightarrow> upper_semicontinuous_map X (\<lambda>x. ereal (f x))"
+ unfolding upper_semicontinuous_map_def
+proof safe
+ fix a :: ereal
+ assume h:"\<forall>a::real. openin X {x \<in> topspace X. f x < a}"
+ consider "a = - \<infinity>" | "a = \<infinity>" | "a \<noteq> - \<infinity> \<and> a \<noteq> \<infinity>" by auto
+ then show "openin X {x \<in> topspace X. ereal (f x) < a}"
+ proof cases
+ case 3
+ then have "ereal (f x) < a \<longleftrightarrow> f x < real_of_ereal a" for x
+ by (metis ereal_less_eq(3) linorder_not_less real_of_ereal.elims)
+ thus ?thesis
+ using h by simp
+ qed simp_all
+next
+ fix a :: real
+ assume h:"\<forall>a::ereal. openin X {x \<in> topspace X. ereal (f x) < a}"
+ then have "openin X {x \<in> topspace X. ereal (f x) < ereal a}"
+ by blast
+ moreover have"ereal (f x) < real_of_ereal a \<longleftrightarrow> f x < a" for x
+ by auto
+ ultimately show "openin X {x \<in> topspace X. f x < a}" by auto
+qed
+
+subsection \<open> Lemmas for Limits\<close>
+lemma qlim_eq_lim_mono_at_bot:
+ fixes g :: "rat \<Rightarrow> 'a :: linorder_topology"
+ assumes "mono f" "(g \<longlongrightarrow> a) at_bot" "\<And>r::rat. f (real_of_rat r) = g r"
+ shows "(f \<longlongrightarrow> a) at_bot"
+proof -
+ have "mono g"
+ by(metis assms(1,3) mono_def of_rat_less_eq)
+ have ga:"\<And>r. g r \<ge> a"
+ proof(rule ccontr)
+ fix r
+ assume "\<not> a \<le> g r"
+ then have "g r < a" by simp
+ from order_topology_class.order_tendstoD(1)[OF assms(2) this]
+ obtain Q :: rat where q: "\<And>q. q \<le> Q \<Longrightarrow> g r < g q"
+ by(auto simp: eventually_at_bot_linorder)
+ define q where "q \<equiv> min r Q"
+ show False
+ using q[of q] \<open>mono g\<close>
+ by(auto simp: q_def mono_def) (meson linorder_not_less min.cobounded1)
+ qed
+ show ?thesis
+ proof(rule decreasing_tendsto)
+ show "\<forall>\<^sub>F n in at_bot. a \<le> f n"
+ unfolding eventually_at_bot_linorder
+ by(rule exI[where x=undefined],auto) (metis Ratreal_def assms(1,3) dual_order.trans ga less_eq_real_def lt_ex monoD of_rat_dense) (*metis assms(1) assms(3) ga less_eq_real_def lfp.leq_trans lt_ex monoD of_rat_dense*)
+ next
+ fix x
+ assume "a < x"
+ with topological_space_class.topological_tendstoD[OF assms(2),of "{..<x}"]
+ obtain Q :: rat where q: "\<And>q. q \<le> Q \<Longrightarrow> g q < x"
+ by(auto simp: eventually_at_bot_linorder)
+ show "\<forall>\<^sub>F n in at_bot. f n < x"
+ using q assms(1,3) by(auto intro!: exI[where x="real_of_rat Q"] simp: eventually_at_bot_linorder) (metis dual_order.refl monoD order_le_less_trans)
+ qed
+qed
+
+lemma qlim_eq_lim_mono_at_top:
+ fixes g :: "rat \<Rightarrow> 'a :: linorder_topology"
+ assumes "mono f" "(g \<longlongrightarrow> a) at_top" "\<And>r::rat. f (real_of_rat r) = g r"
+ shows "(f \<longlongrightarrow> a) at_top"
+proof -
+ have "mono g"
+ by(metis assms(1,3) mono_def of_rat_less_eq)
+ have ga:"\<And>r. g r \<le> a"
+ proof(rule ccontr)
+ fix r
+ assume "\<not> g r \<le> a"
+ then have "a < g r" by simp
+ from order_topology_class.order_tendstoD(2)[OF assms(2) this]
+ obtain Q :: rat where q: "\<And>q. Q \<le> q \<Longrightarrow> g q < g r"
+ by(auto simp: eventually_at_top_linorder)
+ define q where "q \<equiv> max r Q"
+ show False
+ using q[of q] \<open>mono g\<close> by(auto simp: q_def mono_def leD)
+ qed
+ show ?thesis
+ proof(rule increasing_tendsto)
+ show "\<forall>\<^sub>F n in at_top. f n \<le> a"
+ unfolding eventually_at_top_linorder
+ by(rule exI[where x=undefined],auto) (metis (no_types, opaque_lifting) assms(1) assms(3) dual_order.trans ga gt_ex monoD of_rat_dense order_le_less)
+ next
+ fix x
+ assume "x < a"
+ with topological_space_class.topological_tendstoD[OF assms(2),of "{x<..}"]
+ obtain Q :: rat where q: "\<And>q. Q \<le> q \<Longrightarrow> x < g q"
+ by(auto simp: eventually_at_top_linorder)
+ show "\<forall>\<^sub>F n in at_top. x < f n"
+ using q assms(1,3) by(auto simp: eventually_at_top_linorder intro!: exI[where x="real_of_rat Q"]) (metis dual_order.refl monoD order_less_le_trans)
+ qed
+qed
+
+lemma tendsto_enn2real:
+ assumes "k < top" and "(f \<longlongrightarrow> k) F"
+ shows "((\<lambda>n. enn2real (f n)) \<longlongrightarrow> enn2real k) F"
+proof -
+ have 1:"ennreal (enn2real k) = k" "enn2real k \<ge> 0"
+ using assms(1) by auto
+ show ?thesis
+ using assms tendsto_enn2real[OF _ 1(2),of f]
+ by(simp add: 1(1))
+qed
+
+lemma LIMSEQ_inverse_not0:
+ fixes xn :: "nat \<Rightarrow> real"
+ assumes "\<And>n. xn n \<noteq> 0" "xn \<longlonglongrightarrow> x" "(\<lambda>n. 1 / (xn n)) \<longlonglongrightarrow> b"
+ shows "x \<noteq> 0"
+proof
+ assume x:"x = 0"
+ then have xn:"\<And>e. e > 0 \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. \<bar>xn n\<bar> < e"
+ using LIMSEQ_D[OF assms(2)] by simp
+ have "\<exists>N. \<forall>n\<ge>N. \<bar>1 / (xn n) - b\<bar> \<ge> r" if r:"r > 0" for r
+ proof -
+ have "0 < 1 / (r + \<bar>b\<bar>)"
+ using that by auto
+ with xn[OF this] obtain N where N':"\<And>n. n \<ge> N \<Longrightarrow> \<bar>xn n\<bar> < 1 / (r + \<bar>b\<bar>)"
+ by auto
+ show ?thesis
+ proof(rule exI[where x=N])
+ show "\<forall>n\<ge>N. r \<le> \<bar>1 / xn n - b\<bar>"
+ proof safe
+ fix n
+ assume "n \<ge> N"
+ note N'[OF this]
+ hence "(r + \<bar>b\<bar>) * \<bar>xn n\<bar> < 1"
+ by (metis \<open>0 < 1 / (r + \<bar>b\<bar>)\<close> mult.commute pos_less_divide_eq zero_less_divide_1_iff)
+ hence "1 / \<bar>xn n\<bar> > r + \<bar>b\<bar>"
+ using assms(1)[of n] by (simp add: less_divide_eq)
+ hence "r + \<bar>b\<bar> - \<bar>b\<bar> < 1 / \<bar>xn n\<bar> - \<bar>b\<bar>"
+ by simp
+ also have "... = \<bar>1 / xn n\<bar> - \<bar>b\<bar>" by simp
+ also have "... \<le> \<bar>1 / xn n - b\<bar>" by simp
+ finally show "r \<le> \<bar>1 / xn n - b\<bar>"
+ by simp
+ qed
+ qed
+ qed
+ with LIMSEQ_D[OF assms(3)] show False
+ by (metis less_le_not_le linorder_le_cases real_norm_def zero_less_one)
+qed
+
+lemma obtain_subsequence:
+ fixes xn :: "nat \<Rightarrow> _"
+ assumes "infinite {n. P n (xn n)}"
+ obtains a :: "nat \<Rightarrow> nat" where "strict_mono a" "\<And>n. P (a n) (xn (a n))"
+proof -
+ have inf: "infinite {n. n > m \<and> P n (xn n)}" for m
+ proof
+ assume "finite {n. n > m \<and> P n (xn n)}"
+ then have "finite ({..m} \<union> {n. n > m \<and> P n (xn n)})" by auto
+ hence "finite {n. P n (xn n)}"
+ by(auto intro!: finite_subset[where B="{..m} \<union> {n. n > m \<and> P n (xn n)}"])
+ with assms show False by simp
+ qed
+ define an where "an \<equiv> rec_nat (SOME n. P n (xn n)) (\<lambda>n an. SOME m. m > an \<and> P m (xn m))"
+ have anSome: "an (Suc n) = (SOME m. m > an n \<and> P m (xn m))" for n
+ by(auto simp: an_def)
+ have an1: "P (an n) (xn (an n))" for n
+ proof(cases n)
+ case 0
+ obtain m where m:"P m (xn m)"
+ using assms not_finite_existsD by blast
+ show ?thesis
+ by(simp add: an_def 0,rule someI,rule m)
+ next
+ case (Suc n')
+ obtain m where m:"m > an n'" "P m (xn m)"
+ using inf not_finite_existsD by blast
+ show ?thesis
+ by(simp add: Suc anSome, rule someI2[where a=m],auto simp: m)
+ qed
+ have an2: "strict_mono an"
+ unfolding strict_mono_Suc_iff anSome
+ proof safe
+ fix n
+ obtain m where m:"m > an n" "P m (xn m)"
+ using inf not_finite_existsD by blast
+ show "an n < (SOME m. an n < m \<and> P m (xn m))"
+ by (rule someI2[where a=m],auto simp: m)
+ qed
+ show ?thesis
+ using an1 that[OF an2] by auto
+qed
+
+subsection \<open>Lemmas for Measure Theory\<close>
+lemma measurable_preserve_sigma_sets:
+ assumes "sets M = sigma_sets \<Omega> S" "S \<subseteq> Pow \<Omega>"
+ "\<And>a. a \<in> S \<Longrightarrow> f ` a \<in> sets N" "inj_on f (space M)" "f ` space M \<in> sets N"
+ and "b \<in> sets M"
+ shows "f ` b \<in> sets N"
+proof -
+ have "b \<in> sigma_sets \<Omega> S"
+ using assms(1,6) by simp
+ thus ?thesis
+ proof induction
+ case (Basic a)
+ then show ?case by(rule assms(3))
+ next
+ case Empty
+ then show ?case by simp
+ next
+ case (Compl a)
+ moreover have " \<Omega> = space M"
+ by (metis assms(1) assms(2) sets.sets_into_space sets.top sigma_sets_into_sp sigma_sets_top subset_antisym)
+ ultimately show ?case
+ by (metis Diff_subset assms(2) assms(4) assms(5) inj_on_image_set_diff sets.Diff sigma_sets_into_sp)
+ next
+ case (Union a)
+ then show ?case
+ by (simp add: image_UN)
+ qed
+qed
+
+lemma integral_measurable_subprob_algebra2:
+ fixes f :: "_ \<Rightarrow> _ \<Rightarrow> _::{banach,second_countable_topology}"
+ assumes [measurable]: "(\<lambda>(x, y). f x y) \<in> borel_measurable (M \<Otimes>\<^sub>M N)" "L \<in> measurable M (subprob_algebra N)"
+ shows "(\<lambda>x. integral\<^sup>L (L x) (f x)) \<in> borel_measurable M"
+proof -
+ note integral_measurable_subprob_algebra[measurable]
+ note measurable_distr2[measurable]
+ have "(\<lambda>x. integral\<^sup>L (distr (L x) (M \<Otimes>\<^sub>M N) (\<lambda>y. (x, y))) (\<lambda>(x, y). f x y)) \<in> borel_measurable M"
+ by measurable
+ then show "(\<lambda>x. integral\<^sup>L (L x) (f x)) \<in> borel_measurable M"
+ by (rule measurable_cong[THEN iffD1, rotated])
+ (simp add: integral_distr)
+qed
+
+inductive_set sigma_sets_cinter :: "'a set \<Rightarrow> 'a set set \<Rightarrow> 'a set set"
+ for sp :: "'a set" and A :: "'a set set"
+ where
+ Basic_c[intro, simp]: "a \<in> A \<Longrightarrow> a \<in> sigma_sets_cinter sp A"
+ | Top_c[simp]: "sp \<in> sigma_sets_cinter sp A"
+ | Inter_c: "(\<And>i::nat. a i \<in> sigma_sets_cinter sp A) \<Longrightarrow> (\<Inter>i. a i) \<in> sigma_sets_cinter sp A"
+ | Union_c: "(\<And>i::nat. a i \<in> sigma_sets_cinter sp A) \<Longrightarrow> (\<Union>i. a i) \<in> sigma_sets_cinter sp A"
+
+inductive_set sigma_sets_cinter_dunion :: "'a set \<Rightarrow> 'a set set \<Rightarrow> 'a set set"
+ for sp :: "'a set" and A :: "'a set set"
+ where
+ Basic_cd[intro, simp]: "a \<in> A \<Longrightarrow> a \<in> sigma_sets_cinter_dunion sp A"
+ | Top_cd[simp]: "sp \<in> sigma_sets_cinter_dunion sp A"
+ | Inter_cd: "(\<And>i::nat. a i \<in> sigma_sets_cinter_dunion sp A) \<Longrightarrow> (\<Inter>i. a i) \<in> sigma_sets_cinter_dunion sp A"
+ | Union_cd: "(\<And>i::nat. a i \<in> sigma_sets_cinter_dunion sp A) \<Longrightarrow> disjoint_family a \<Longrightarrow> (\<Union>i. a i) \<in> sigma_sets_cinter_dunion sp A"
+
+lemma sigma_sets_cinter_dunion_subset: "sigma_sets_cinter_dunion sp A \<subseteq> sigma_sets_cinter sp A"
+proof safe
+ fix x
+ assume "x \<in> sigma_sets_cinter_dunion sp A"
+ then show "x \<in> sigma_sets_cinter sp A"
+ by induction (auto intro!: Union_c Inter_c)
+qed
+
+lemma sigma_sets_cinter_into_sp:
+ assumes "A \<subseteq> Pow sp" "x \<in> sigma_sets_cinter sp A"
+ shows "x \<subseteq> sp"
+ using assms(2) by induction (use assms(1) subsetD in blast)+
+
+lemma sigma_sets_cinter_dunion_into_sp:
+ assumes "A \<subseteq> Pow sp" "x \<in> sigma_sets_cinter_dunion sp A"
+ shows "x \<subseteq> sp"
+ using assms(2) by induction (use assms(1) subsetD in blast)+
+
+lemma sigma_sets_cinter_int:
+ assumes "a \<in> sigma_sets_cinter sp A" "b \<in> sigma_sets_cinter sp A"
+ shows "a \<inter> b \<in> sigma_sets_cinter sp A"
+proof -
+ have 1:"a \<inter> b = (\<Inter>i::nat. if i = 0 then a else b)" by auto
+ show ?thesis
+ unfolding 1 by(rule Inter_c,use assms in auto)
+qed
+
+lemma sigma_sets_cinter_dunion_int:
+ assumes "a \<in> sigma_sets_cinter_dunion sp A" "b \<in> sigma_sets_cinter_dunion sp A"
+ shows "a \<inter> b \<in> sigma_sets_cinter_dunion sp A"
+proof -
+ have 1:"a \<inter> b = (\<Inter>i::nat. if i = 0 then a else b)" by auto
+ show ?thesis
+ unfolding 1 by(rule Inter_cd,use assms in auto)
+qed
+
+lemma sigma_sets_cinter_un:
+ assumes "a \<in> sigma_sets_cinter sp A" "b \<in> sigma_sets_cinter sp A"
+ shows "a \<union> b \<in> sigma_sets_cinter sp A"
+proof -
+ have 1:"a \<union> b = (\<Union>i::nat. if i = 0 then a else b)" by auto
+ show ?thesis
+ unfolding 1 by(rule Union_c,use assms in auto)
+qed
+
+text \<open> Measurable isomorphisms.\<close>
+definition measurable_isomorphic_map::"['a measure, 'b measure, 'a \<Rightarrow> 'b] \<Rightarrow> bool" where
+"measurable_isomorphic_map M N f \<longleftrightarrow> bij_betw f (space M) (space N) \<and> f \<in> M \<rightarrow>\<^sub>M N \<and> the_inv_into (space M) f \<in> N \<rightarrow>\<^sub>M M"
+
+lemma measurable_isomorphic_map_sets_cong:
+ assumes "sets M = sets M'" "sets N = sets N'"
+ shows "measurable_isomorphic_map M N f \<longleftrightarrow> measurable_isomorphic_map M' N' f"
+ by(simp add: measurable_isomorphic_map_def sets_eq_imp_space_eq[OF assms(1)] sets_eq_imp_space_eq[OF assms(2)] measurable_cong_sets[OF assms] measurable_cong_sets[OF assms(2,1)])
+
+lemma measurable_isomorphic_map_surj:
+ assumes "measurable_isomorphic_map M N f"
+ shows "f ` space M = space N"
+ using assms by(auto simp: measurable_isomorphic_map_def bij_betw_def)
+
+lemma measurable_isomorphic_mapI:
+ assumes "bij_betw f (space M) (space N)" "f \<in> M \<rightarrow>\<^sub>M N" "the_inv_into (space M) f \<in> N \<rightarrow>\<^sub>M M"
+ shows "measurable_isomorphic_map M N f"
+ using assms by(simp add: measurable_isomorphic_map_def)
+
+lemma measurable_isomorphic_map_byWitness:
+ assumes "f \<in> M \<rightarrow>\<^sub>M N" "g \<in> N \<rightarrow>\<^sub>M M" "\<And>x. x \<in> space M \<Longrightarrow> g (f x) = x" "\<And>x. x \<in> space N \<Longrightarrow> f (g x) = x"
+ shows "measurable_isomorphic_map M N f"
+proof -
+ have *:"bij_betw f (space M) (space N)"
+ using assms by(auto intro!: bij_betw_byWitness[where f'=g] dest:measurable_space)
+ show ?thesis
+ proof(rule measurable_isomorphic_mapI)
+ have "the_inv_into (space M) f x = g x" if "x \<in> space N" for x
+ by (metis * assms(2) assms(4) bij_betw_imp_inj_on measurable_space that the_inv_into_f_f)
+ thus "the_inv_into (space M) f \<in> N \<rightarrow>\<^sub>M M"
+ using measurable_cong assms(2) by blast
+ qed (simp_all add: * assms(1))
+qed
+
+lemma measurable_isomorphic_map_restrict_space:
+ assumes "f \<in> M \<rightarrow>\<^sub>M N" "\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets N" "inj_on f (space M)"
+ shows "measurable_isomorphic_map M (restrict_space N (f ` space M)) f"
+proof(rule measurable_isomorphic_mapI)
+ show "bij_betw f (space M) (space (restrict_space N (f ` space M)))"
+ by (simp add: assms(2,3) inj_on_imp_bij_betw)
+next
+ show "f \<in> M \<rightarrow>\<^sub>M restrict_space N (f ` space M)"
+ by (simp add: assms(1) measurable_restrict_space2)
+next
+ show "the_inv_into (space M) f \<in> restrict_space N (f ` space M) \<rightarrow>\<^sub>M M"
+ proof(rule measurableI)
+ show "x \<in> space (restrict_space N (f ` space M)) \<Longrightarrow> the_inv_into (space M) f x \<in> space M" for x
+ by (simp add: assms(2,3) the_inv_into_into)
+ next
+ fix A
+ assume "A \<in> sets M"
+ have "the_inv_into (space M) f -` A \<inter> space (restrict_space N (f ` space M)) = f ` A"
+ by (simp add: \<open>A \<in> sets M\<close> assms(2,3) sets.sets_into_space the_inv_into_vimage)
+ also note assms(2)[OF \<open>A \<in> sets M\<close>]
+ finally show "the_inv_into (space M) f -` A \<inter> space (restrict_space N (f ` space M)) \<in> sets (restrict_space N (f ` space M))"
+ by (simp add: assms(2) sets_restrict_space_iff)
+ qed
+qed
+
+lemma measurable_isomorphic_mapD':
+ assumes "measurable_isomorphic_map M N f"
+ shows "\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets N" "f \<in> M \<rightarrow>\<^sub>M N"
+ "\<exists>g. bij_betw g (space N) (space M) \<and> g \<in> N \<rightarrow>\<^sub>M M \<and> (\<forall>x \<in> space M. g (f x) = x) \<and> (\<forall>x\<in> space N. f (g x) = x) \<and> (\<forall>A\<in>sets N. g ` A \<in> sets M)"
+proof -
+ have h:"bij_betw f (space M) (space N)" "f \<in> M \<rightarrow>\<^sub>M N" "the_inv_into (space M) f \<in> N \<rightarrow>\<^sub>M M"
+ using assms by(simp_all add: measurable_isomorphic_map_def)
+ show "f ` A \<in> sets N" if "A \<in> sets M" for A
+ proof -
+ have "f ` A = the_inv_into (space M) f -` A \<inter> space N"
+ using the_inv_into_vimage[OF bij_betw_imp_inj_on[OF h(1)] sets.sets_into_space[OF that]]
+ by(simp add: bij_betw_imp_surj_on[OF h(1)])
+ also have "... \<in> sets N"
+ using that h(3) by auto
+ finally show ?thesis .
+ qed
+ show "f \<in> M \<rightarrow>\<^sub>M N"
+ using assms by(simp add: measurable_isomorphic_map_def)
+
+ show "\<exists>g. bij_betw g (space N) (space M) \<and> g \<in> N \<rightarrow>\<^sub>M M \<and> (\<forall>x \<in> space M. g (f x) = x) \<and> (\<forall>x\<in> space N. f (g x) = x) \<and> (\<forall>A\<in>sets N. g ` A \<in> sets M)"
+ proof(rule exI[where x="the_inv_into (space M) f"])
+ have *:"the_inv_into (space M) f ` A \<in> sets M" if "A \<in> sets N" for A
+ proof -
+ have "\<And>x. x \<in> space M \<Longrightarrow> the_inv_into (space N) (the_inv_into (space M) f) x = f x"
+ by (metis bij_betw_imp_inj_on bij_betw_the_inv_into h(1) h(2) measurable_space the_inv_into_f_f)
+ from vimage_inter_cong[of "space M" _ f A,OF this] the_inv_into_vimage[OF bij_betw_imp_inj_on[OF bij_betw_the_inv_into[OF h(1)]] sets.sets_into_space[OF that]]
+ bij_betw_imp_surj_on[OF bij_betw_the_inv_into[OF h(1)]] measurable_sets[OF h(2) that]
+ show ?thesis
+ by fastforce
+ qed
+ show "bij_betw (the_inv_into (space M) f) (space N) (space M) \<and> the_inv_into (space M) f \<in> N \<rightarrow>\<^sub>M M \<and> (\<forall>x\<in>space M. the_inv_into (space M) f (f x) = x) \<and> (\<forall>x\<in>space N. f (the_inv_into (space M) f x) = x) \<and> (\<forall>A\<in>sets N. the_inv_into (space M) f ` A \<in> sets M)"
+ using bij_betw_the_inv_into[OF h(1)]
+ by (meson * bij_betw_imp_inj_on f_the_inv_into_f_bij_betw h(1) h(3) the_inv_into_f_f)
+ qed
+qed
+
+lemma measurable_isomorphic_map_inv:
+ assumes "measurable_isomorphic_map M N f"
+ shows "measurable_isomorphic_map N M (the_inv_into (space M) f)"
+ using assms[simplified measurable_isomorphic_map_def]
+ by(auto intro!: measurable_isomorphic_map_byWitness[where g=f] bij_betw_the_inv_into f_the_inv_into_f_bij_betw[of f] bij_betw_imp_inj_on the_inv_into_f_f)
+
+lemma measurable_isomorphic_map_comp:
+ assumes "measurable_isomorphic_map M N f" and "measurable_isomorphic_map N L g"
+ shows "measurable_isomorphic_map M L (g \<circ> f)"
+proof -
+ obtain f' g' where
+ [measurable]: "f' \<in> N \<rightarrow>\<^sub>M M" and hf:"\<And>x. x\<in>space M \<Longrightarrow> f' (f x) = x" "\<And>x. x\<in>space N \<Longrightarrow> f (f' x) = x"
+ and [measurable]: "g' \<in> L \<rightarrow>\<^sub>M N" and hg:"\<And>x. x\<in>space N \<Longrightarrow> g' (g x) = x" "\<And>x. x\<in>space L \<Longrightarrow> g (g' x) = x"
+ using measurable_isomorphic_mapD'[OF assms(1)] measurable_isomorphic_mapD'[OF assms(2)] by metis
+ have [measurable]: "f \<in> M \<rightarrow>\<^sub>M N" "g \<in> N \<rightarrow>\<^sub>M L"
+ using assms by(auto simp: measurable_isomorphic_map_def)
+ from hf hg measurable_space[OF \<open>f \<in> M \<rightarrow>\<^sub>M N\<close>] measurable_space[OF \<open>g' \<in> L \<rightarrow>\<^sub>M N\<close>] show ?thesis
+ by(auto intro!: measurable_isomorphic_map_byWitness[where g="f'\<circ>g'"])
+qed
+
+definition measurable_isomorphic::"['a measure, 'b measure] \<Rightarrow> bool" (infixr "measurable'_isomorphic" 50) where
+"M measurable_isomorphic N \<longleftrightarrow> (\<exists>f. measurable_isomorphic_map M N f)"
+
+lemma measurable_isomorphic_sets_cong:
+ assumes "sets M = sets M'" "sets N = sets N'"
+ shows "M measurable_isomorphic N \<longleftrightarrow> M' measurable_isomorphic N'"
+ using measurable_isomorphic_map_sets_cong[OF assms]
+ by(auto simp: measurable_isomorphic_def)
+
+
+lemma measurable_isomorphicD:
+ assumes "M measurable_isomorphic N"
+ shows "\<exists>f g. f \<in> M \<rightarrow>\<^sub>M N \<and> g \<in> N \<rightarrow>\<^sub>M M \<and> (\<forall>x\<in>space M. g (f x) = x) \<and> (\<forall>y\<in>space N. f (g y) = y) \<and> (\<forall>A\<in>sets M. f ` A \<in> sets N) \<and> (\<forall>A\<in>sets N. g ` A \<in> sets M)"
+ using assms measurable_isomorphic_mapD'[of M N]
+ by (metis (mono_tags, lifting) measurable_isomorphic_def)
+
+lemma measurable_isomorphic_byWitness:
+ assumes "f \<in> M \<rightarrow>\<^sub>M N" "\<And>x. x\<in>space M \<Longrightarrow> g (f x) = x"
+ and "g \<in> N \<rightarrow>\<^sub>M M" "\<And>y. y\<in>space N \<Longrightarrow> f (g y) = y"
+ shows "M measurable_isomorphic N"
+ by(auto simp: measurable_isomorphic_def assms intro!: exI[where x = f] measurable_isomorphic_map_byWitness[where g=g])
+
+lemma measurable_isomorphic_refl:
+ "M measurable_isomorphic M"
+ by(auto intro!: measurable_isomorphic_byWitness[where f=id and g=id])
+
+lemma measurable_isomorphic_sym:
+ assumes "M measurable_isomorphic N"
+ shows "N measurable_isomorphic M"
+ using assms measurable_isomorphic_map_inv[of M N]
+ by(auto simp: measurable_isomorphic_def)
+
+lemma measurable_isomorphic_trans:
+ assumes "M measurable_isomorphic N" and "N measurable_isomorphic L"
+ shows "M measurable_isomorphic L"
+ using assms measurable_isomorphic_map_comp[of M N _ L]
+ by(auto simp: measurable_isomorphic_def)
+
+lemma measurable_isomorphic_empty:
+ assumes "space M = {}" "space N = {}"
+ shows "M measurable_isomorphic N"
+ using assms by(auto intro!: measurable_isomorphic_byWitness[where f=undefined and g=undefined] simp: measurable_empty_iff)
+
+lemma measurable_isomorphic_empty1:
+ assumes "space M = {}" "M measurable_isomorphic N"
+ shows "space N = {}"
+ using measurable_isomorphicD[OF assms(2)] by(auto simp: measurable_empty_iff[OF assms(1)])
+
+lemma measurable_ismorphic_empty2:
+ assumes "space N = {}" "M measurable_isomorphic N"
+ shows "space M = {}"
+ using measurable_isomorphic_sym[OF assms(2)] assms(1)
+ by(simp add: measurable_isomorphic_empty1)
+
+lemma measurable_lift_product:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> f i \<in> (M i) \<rightarrow>\<^sub>M (N i)"
+ shows "(\<lambda>x i. if i \<in> I then f i (x i) else undefined) \<in> (\<Pi>\<^sub>M i\<in>I. M i) \<rightarrow>\<^sub>M (\<Pi>\<^sub>M i\<in>I. N i)"
+ using measurable_space[OF assms]
+ by(auto intro!: measurable_PiM_single' simp: assms measurable_PiM_component_rev space_PiM PiE_iff)
+
+lemma measurable_isomorphic_map_lift_product:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> measurable_isomorphic_map (M i) (N i) (h i)"
+ shows "measurable_isomorphic_map (\<Pi>\<^sub>M i\<in>I. M i) (\<Pi>\<^sub>M i\<in>I. N i) (\<lambda>x i. if i \<in> I then h i (x i) else undefined)"
+proof -
+ obtain h' where
+ "\<And>i. i \<in> I \<Longrightarrow> h' i \<in> (N i) \<rightarrow>\<^sub>M (M i)" "\<And>i x. i \<in> I \<Longrightarrow> x\<in>space (M i) \<Longrightarrow> h' i (h i x) = x" "\<And>i x. i \<in> I \<Longrightarrow> x\<in>space (N i) \<Longrightarrow> h i (h' i x) = x"
+ using measurable_isomorphic_mapD'(3)[OF assms] by metis
+ thus ?thesis
+ by(auto intro!: measurable_isomorphic_map_byWitness[OF measurable_lift_product[of I h M N,OF measurable_isomorphic_mapD'(2)[OF assms]] measurable_lift_product[of I h' N M,OF \<open>\<And>i. i \<in> I \<Longrightarrow> h' i \<in> (N i) \<rightarrow>\<^sub>M (M i)\<close>]]
+ simp: space_PiM PiE_iff extensional_def)
+qed
+
+lemma measurable_isomorphic_lift_product:
+ assumes "\<And>i. i \<in> I \<Longrightarrow> (M i) measurable_isomorphic (N i)"
+ shows "(\<Pi>\<^sub>M i\<in>I. M i) measurable_isomorphic (\<Pi>\<^sub>M i\<in>I. N i)"
+proof -
+ obtain h where "\<And>i. i \<in> I \<Longrightarrow> measurable_isomorphic_map (M i) (N i) (h i)"
+ using assms by(auto simp: measurable_isomorphic_def) metis
+ thus ?thesis
+ by(auto intro!: measurable_isomorphic_map_lift_product exI[where x="\<lambda>x i. if i \<in> I then h i (x i) else undefined"] simp: measurable_isomorphic_def)
+qed
+
+text \<open>\<^url>\<open>https://math24.net/cantor-schroder-bernstein-theorem.html\<close>\<close>
+lemma Schroeder_Bernstein_measurable':
+ assumes "f ` (space M) \<in> sets N" "g ` (space N) \<in> sets M"
+ and "measurable_isomorphic_map M (restrict_space N (f ` (space M))) f" and "measurable_isomorphic_map N (restrict_space M (g ` (space N))) g"
+ shows "\<exists>h. measurable_isomorphic_map M N h"
+proof -
+ have hset:"\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets (restrict_space N (f ` space M))"
+ "\<And>A. A \<in> sets N \<Longrightarrow> g ` A \<in> sets (restrict_space M (g ` space N))"
+ and hfg[measurable]:"f \<in> M \<rightarrow>\<^sub>M restrict_space N (f ` space M)"
+ "g \<in> N \<rightarrow>\<^sub>M restrict_space M (g ` space N)"
+ using measurable_isomorphic_mapD'(1,2)[OF assms(3)] measurable_isomorphic_mapD'(1,2)[OF assms(4)] assms(1,2)
+ by auto
+ have hset2:"\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets N" "\<And>A. A \<in> sets N \<Longrightarrow> g ` A \<in> sets M"
+ and hfg2[measurable]: "f \<in> M \<rightarrow>\<^sub>M N" "g \<in> N \<rightarrow>\<^sub>M M"
+ using sets.Int_space_eq2[OF assms(1)] sets.Int_space_eq2[OF assms(2)] sets_restrict_space_iff[of "f ` space M" N] sets_restrict_space_iff[of "g ` space N" M] hset
+ measurable_restrict_space2_iff[of f M N] measurable_restrict_space2_iff[of g N M] hfg assms(1,2)
+ by auto
+ have bij1:"bij_betw f (space M) (f ` (space M))" "bij_betw g (space N) (g ` (space N))"
+ using assms(3,4) by(auto simp: measurable_isomorphic_map_def space_restrict_space sets.Int_space_eq2[OF assms(1)] sets.Int_space_eq2[OF assms(2)])
+ obtain f' g' where
+ hfg1'[measurable]: "f' \<in> restrict_space N (f ` (space M)) \<rightarrow>\<^sub>M M" "g' \<in> restrict_space M (g ` (space N)) \<rightarrow>\<^sub>M N"
+ and hfg':"\<And>x. x\<in>space M \<Longrightarrow> f' (f x) = x" "\<And>x. x\<in>f ` space M \<Longrightarrow> f (f' x) = x"
+ "\<And>x. x\<in>space N \<Longrightarrow> g' (g x) = x" "\<And>x. x\<in>g ` space N \<Longrightarrow> g (g' x) = x"
+ "bij_betw f' (f ` space M) (space M)" "bij_betw g' (g ` space N) (space N)"
+ using measurable_isomorphic_mapD'(3)[OF assms(3)] measurable_isomorphic_mapD'(3)[OF assms(4)] sets.Int_space_eq2[OF assms(1)] sets.Int_space_eq2[OF assms(2)]
+ by (metis space_restrict_space)
+
+ have hgfA:"(g \<circ> f) ` A \<in> sets M" if "A \<in> sets M" for A
+ using hset2(2)[OF hset2(1)[OF that]] by(simp add: image_comp)
+ define An where "An \<equiv> (\<lambda>n. ((g \<circ> f)^^n) ` (space M - g ` (space N)))"
+ define A where "A \<equiv> (\<Union>n\<in>UNIV. An n)"
+ have "An n \<in> sets M" for n
+ proof(induction n)
+ case 0
+ thus ?case
+ using hset2[OF sets.top] by(simp add: An_def)
+ next
+ case ih:(Suc n)
+ have "An (Suc n) = (g \<circ> f) ` (An n)"
+ by(auto simp add: An_def)
+ thus ?case
+ using hgfA[OF ih] by simp
+ qed
+ hence Asets:"A \<in> sets M"
+ by(simp add: A_def)
+ have Acompl:"space M - A \<subseteq> g ` space N"
+ proof -
+ have "space M - A \<subseteq> space M - An 0"
+ by(auto simp: A_def)
+ also have "... \<subseteq> g ` space N"
+ by(auto simp: An_def)
+ finally show ?thesis .
+ qed
+ define h where "h \<equiv> (\<lambda>x. if x \<in> A \<union> (- space M) then f x else g' x)"
+ define h' where "h' \<equiv> (\<lambda>x. if x \<in> f ` A then f' x else g x)"
+ have xinA_iff:"x \<in> A \<longleftrightarrow> h x \<in> f ` A" if "x \<in> space M" for x
+ proof
+ assume "h x \<in> f ` A"
+ show "x \<in> A"
+ proof(rule ccontr)
+ assume "x \<notin> A"
+ then have "\<And>n. x \<notin> An n"
+ by(auto simp: A_def)
+ from this[of 0] have "x \<in> g ` (space N)"
+ using that by(auto simp: An_def)
+ have "g' x \<in> f ` A "
+ using \<open>h x \<in> f ` A\<close> \<open>x \<notin> A\<close>
+ by (simp add: h_def that)
+ hence "g (g' x) \<in> (g \<circ> f) ` A"
+ by auto
+ hence "x \<in> (g \<circ> f) ` A"
+ using \<open>x \<in> g ` (space N)\<close> by (simp add: hfg'(4))
+ then obtain n where "x \<in> (g \<circ> f) ` (An n)"
+ by(auto simp: A_def)
+ hence "x \<in> An (Suc n)"
+ by(auto simp: An_def)
+ thus False
+ using \<open>\<And>n. x \<notin> An n\<close> by simp
+ qed
+ qed(simp add: h_def)
+
+ show ?thesis
+ proof(intro exI[where x=h] measurable_isomorphic_map_byWitness[where g=h'])
+ have "{x \<in> space M. x \<in> A \<union> (- space M)} \<in> sets M"
+ using sets.Int_space_eq2[OF Asets] Asets by simp
+ moreover have "f \<in> restrict_space M {x. x \<in> A \<union> - space M} \<rightarrow>\<^sub>M N"
+ by (simp add: measurable_restrict_space1)
+ moreover have "g' \<in> restrict_space M {x. x \<notin> A \<union> (- space M)} \<rightarrow>\<^sub>M N"
+ proof -
+ have "sets (restrict_space (restrict_space M (g ` space N)) {x. x \<notin> A \<union> - space M}) = sets (restrict_space M (g ` space N \<inter> {x. x \<notin> A \<union> - space M}))"
+ by(simp add: sets_restrict_restrict_space)
+ also have "... = sets (restrict_space M (g ` space N \<inter> {x. x \<in> space M - A}))"
+ by (metis Compl_iff DiffE DiffI Un_iff)
+ also have "... = sets (restrict_space M {x. x \<in> space M - A})"
+ by (metis Acompl le_inf_iff mem_Collect_eq subsetI subset_antisym)
+ also have "... = sets (restrict_space M {x. x \<notin> A \<union> (- space M)})"
+ by (metis Compl_iff DiffE DiffI Un_iff)
+ finally have "sets (restrict_space (restrict_space M (g ` space N)) {x. x \<notin> A \<union> - space M}) = sets (restrict_space M {x. x \<notin> A \<union> - space M})" .
+ from measurable_cong_sets[OF this refl] measurable_restrict_space1[OF hfg1'(2),of " {x. x \<notin> A \<union> - space M}"]
+ show ?thesis by auto
+ qed
+ ultimately show "h \<in> M \<rightarrow>\<^sub>M N"
+ by(simp add: h_def measurable_If_restrict_space_iff)
+ next
+ have "{x \<in> space N. x \<in> f ` A} \<in> sets N"
+ using sets.Int_space_eq2[OF hset2(1)[OF Asets]] hset2(1)[OF Asets] by simp
+ moreover have "f' \<in> restrict_space N {x. x \<in> f ` A} \<rightarrow>\<^sub>M M"
+ proof -
+ have "sets (restrict_space (restrict_space N (f ` space M)) {x. x \<in> f ` A}) = sets (restrict_space N (f ` space M \<inter> {x. x \<in> f ` A}))"
+ by(simp add: sets_restrict_restrict_space)
+ also have "... = sets (restrict_space N {x. x \<in> f ` A})"
+ proof -
+ have "f ` space M \<inter> {x. x \<in> f ` A} = {x. x \<in> f ` A}"
+ using sets.sets_into_space[OF Asets] by auto
+ thus ?thesis by simp
+ qed
+ finally have "sets (restrict_space (restrict_space N (f ` space M)) {x. x \<in> f ` A}) = sets (restrict_space N {x. x \<in> f ` A})" .
+ from measurable_cong_sets[OF this refl] measurable_restrict_space1[OF hfg1'(1),of "{x. x \<in> f ` A}"]
+ show ?thesis by auto
+ qed
+ moreover have "g \<in> restrict_space N {x. x \<notin> f ` A} \<rightarrow>\<^sub>M M"
+ by (simp add: measurable_restrict_space1)
+ ultimately show "h' \<in> N \<rightarrow>\<^sub>M M"
+ by(simp add: h'_def measurable_If_restrict_space_iff)
+ next
+ fix x
+ assume "x \<in> space M"
+ then consider "x \<in> A" | "x \<in> space M - A" by auto
+ thus "h' (h x) = x"
+ proof cases
+ case xa:2
+ hence "h x \<notin> f ` A"
+ using \<open>x \<in> space M\<close> xinA_iff by blast
+ thus ?thesis
+ using Acompl hfg'(4) xa by(auto simp add: h_def h'_def)
+ qed(simp add: h_def h'_def \<open>x \<in> space M\<close> hfg'(1))
+ next
+ fix x
+ assume "x \<in> space N"
+ then consider "x \<in> f ` A" | "x \<in> space N - f ` A" by auto
+ thus "h (h' x) = x"
+ proof cases
+ case hx:1
+ hence "x \<in> f ` (space M)"
+ using image_mono[OF sets.sets_into_space[OF Asets],of f] by auto
+ have "h' x = f' x"
+ using hx by(simp add: h'_def)
+ also have "... \<in> A"
+ using hx sets.sets_into_space[OF Asets] hfg'(1) by auto
+ finally show ?thesis
+ using hfg'(2)[OF \<open>x \<in> f ` (space M)\<close>] hx by(auto simp: h_def h'_def)
+ next
+ case hx:2
+ then have "h' x = g x"
+ by(simp add: h'_def)
+ also have "... \<notin> A"
+ proof(rule ccontr)
+ assume "\<not> g x \<notin> A"
+ then have "g x \<in> A" by simp
+ then obtain n where hg:"g x \<in> An n" by(auto simp: A_def)
+ hence "0 < n" using hx by(auto simp: An_def)
+ then obtain n' where [simp]:"n = Suc n'"
+ using not0_implies_Suc by blast
+ then have "g x \<in> g ` f ` An n'"
+ using hg by(auto simp: An_def)
+ hence "x \<in> f ` An n'"
+ using inj_on_image_mem_iff[OF bij_betw_imp_inj_on[OF bij1(2)] \<open>x \<in> space N\<close>,of "f ` An n'"]
+ sets.sets_into_space[OF \<open>An n' \<in> sets M\<close>] measurable_space[OF hfg2(1)] by auto
+ also have "... \<subseteq> f ` A"
+ by(auto simp: A_def)
+ finally show False
+ using hx by simp
+ qed
+ finally show ?thesis
+ using hx hfg'(3)[OF \<open>x \<in> space N\<close>] measurable_space[OF hfg2(2) \<open>x \<in> space N\<close>]
+ by(auto simp: h_def h'_def)
+ qed
+ qed
+qed
+
+lemma Schroeder_Bernstein_measurable:
+ assumes "f \<in> M \<rightarrow>\<^sub>M N" "\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets N" "inj_on f (space M)"
+ and "g \<in> N \<rightarrow>\<^sub>M M" "\<And>A. A \<in> sets N \<Longrightarrow> g ` A \<in> sets M" "inj_on g (space N)"
+ shows "\<exists>h. measurable_isomorphic_map M N h"
+ using Schroeder_Bernstein_measurable'[OF assms(2)[OF sets.top] assms(5)[OF sets.top] measurable_isomorphic_map_restrict_space[OF assms(1-3)] measurable_isomorphic_map_restrict_space[OF assms(4-6)]]
+ by simp
+
+lemma measurable_isomorphic_from_embeddings:
+ assumes "M measurable_isomorphic (restrict_space N B)" "N measurable_isomorphic (restrict_space M A)"
+ and "A \<in> sets M" "B \<in> sets N"
+ shows "M measurable_isomorphic N"
+proof -
+ obtain f g where fg:"measurable_isomorphic_map M (restrict_space N B) f" "measurable_isomorphic_map N (restrict_space M A) g"
+ using assms(1,2) by(auto simp: measurable_isomorphic_def)
+ have [simp]:"f ` space M = B" "g ` space N = A"
+ using measurable_isomorphic_map_surj[OF fg(1)] measurable_isomorphic_map_surj[OF fg(2)] sets.sets_into_space[OF assms(3)] sets.sets_into_space[OF assms(4)]
+ by(auto simp: space_restrict_space)
+ obtain h where "measurable_isomorphic_map M N h"
+ using Schroeder_Bernstein_measurable'[of f M N g] assms(3,4) fg by auto
+ thus ?thesis
+ by(auto simp: measurable_isomorphic_def)
+qed
+
+lemma measurable_isomorphic_antisym:
+ assumes "B measurable_isomorphic (restrict_space C c)" "A measurable_isomorphic (restrict_space B b)"
+ and "c \<in> sets C" "b \<in> sets B" "C measurable_isomorphic A"
+ shows "C measurable_isomorphic B"
+ by(rule measurable_isomorphic_from_embeddings[OF measurable_isomorphic_trans[OF assms(5,2)] assms(1) assms(3,4)])
+
+lemma countable_infinite_isomorphisc_to_nat_index:
+ assumes "countable I" and "infinite I"
+ shows "(\<Pi>\<^sub>M x\<in>I. M) measurable_isomorphic (\<Pi>\<^sub>M (x::nat)\<in>UNIV. M)"
+proof(rule measurable_isomorphic_byWitness[where f="\<lambda>x n. x (from_nat_into I n)" and g="\<lambda>x. \<lambda>i\<in>I. x (to_nat_on I i)"])
+ show "(\<lambda>x n. x (from_nat_into I n)) \<in> (\<Pi>\<^sub>M x\<in>I. M) \<rightarrow>\<^sub>M (\<Pi>\<^sub>M (x::nat)\<in>UNIV. M)"
+ by(auto intro!: measurable_PiM_single' measurable_component_singleton[OF from_nat_into[OF infinite_imp_nonempty[OF assms(2)]]])
+ (simp add: PiE_iff infinite_imp_nonempty space_PiM from_nat_into[OF infinite_imp_nonempty[OF assms(2)]])
+next
+ show "(\<lambda>x. \<lambda>i\<in>I. x (to_nat_on I i)) \<in> (\<Pi>\<^sub>M (x::nat)\<in>UNIV. M) \<rightarrow>\<^sub>M (\<Pi>\<^sub>M x\<in>I. M)"
+ by(auto intro!: measurable_PiM_single')
+next
+ show "x \<in> space (\<Pi>\<^sub>M x\<in>I. M) \<Longrightarrow> (\<lambda>i\<in>I. x (from_nat_into I (to_nat_on I i))) = x" for x
+ by (simp add: assms(1) restrict_ext space_PiM)
+next
+ show "y \<in> space (Pi\<^sub>M UNIV (\<lambda>x. M)) \<Longrightarrow> (\<lambda>n. (\<lambda>i\<in>I. y (to_nat_on I i)) (from_nat_into I n)) = y" for y
+ by (simp add: assms(1) assms(2) from_nat_into infinite_imp_nonempty)
+qed
+
+lemma PiM_PiM_isomorphic_to_PiM:
+ "(\<Pi>\<^sub>M i\<in>I. \<Pi>\<^sub>M j\<in>J. M i j) measurable_isomorphic (\<Pi>\<^sub>M (i,j)\<in>I\<times>J. M i j)"
+proof(rule measurable_isomorphic_byWitness[where f="\<lambda>x (i,j). if (i,j) \<in> I \<times> J then x i j else undefined" and g="\<lambda>x i j. if i \<notin> I then undefined j else if j \<notin> J then undefined else x (i,j)"])
+ have [simp]: "(\<lambda>\<omega>. \<omega> a b) \<in> (\<Pi>\<^sub>M i\<in>I. \<Pi>\<^sub>M j\<in>J. M i j) \<rightarrow>\<^sub>M M a b" if "a \<in> I" "b \<in> J" for a b
+ using measurable_component_singleton[OF that(1),of "\<lambda>i. \<Pi>\<^sub>M j\<in>J. M i j"] measurable_component_singleton[OF that(2),of "M a"]
+ by auto
+ show "(\<lambda>x (i, j). if (i, j) \<in> I \<times> J then x i j else undefined) \<in> (\<Pi>\<^sub>M i\<in>I. \<Pi>\<^sub>M j\<in>J. M i j) \<rightarrow>\<^sub>M (\<Pi>\<^sub>M (i,j)\<in>I\<times>J. M i j)"
+ apply(rule measurable_PiM_single')
+ apply auto[1]
+ apply(auto simp: PiE_def Pi_def space_PiM extensional_def;meson)
+ done
+next
+ have [simp]: "(\<lambda>\<omega>. \<omega> (i, j)) \<in> Pi\<^sub>M (I \<times> J) (\<lambda>(i, j). M i j) \<rightarrow>\<^sub>M M i j" if "i \<in> I" "j \<in> J" for i j
+ using measurable_component_singleton[of "(i,j)" "I \<times> J" "\<lambda>(i, j). M i j"] that by auto
+ show "(\<lambda>x i j. if i \<notin> I then undefined j else if j \<notin> J then undefined else x (i, j)) \<in> (\<Pi>\<^sub>M (i,j)\<in>I\<times>J. M i j) \<rightarrow>\<^sub>M (\<Pi>\<^sub>M i\<in>I. \<Pi>\<^sub>M j\<in>J. M i j)"
+ by(auto intro!: measurable_PiM_single') (simp_all add: PiE_iff space_PiM extensional_def)
+next
+ show "x \<in> space (\<Pi>\<^sub>M i\<in>I. \<Pi>\<^sub>M j\<in>J. M i j) \<Longrightarrow> (\<lambda>i j. if i \<notin> I then undefined j else if j \<notin> J then undefined else case (i, j) of (i, j) \<Rightarrow> if (i, j) \<in> I \<times> J then x i j else undefined) = x" for x
+ by standard+ (auto simp: space_PiM PiE_def Pi_def extensional_def)
+next
+ show "y \<in> space (\<Pi>\<^sub>M (i,j)\<in>I\<times>J. M i j) \<Longrightarrow> (\<lambda>(i, j). if (i, j) \<in> I \<times> J then if i \<notin> I then undefined j else if j \<notin> J then undefined else y (i, j) else undefined) = y" for y
+ by standard+ (auto simp: space_PiM PiE_def Pi_def extensional_def)
+qed
+
+lemma measurable_isomorphic_map_sigma_sets:
+ assumes "sets M = sigma_sets (space M) U" "measurable_isomorphic_map M N f"
+ shows "sets N = sigma_sets (space N) ((`) f ` U)"
+proof -
+ from measurable_isomorphic_mapD'[OF assms(2)]
+ obtain g where h: "\<And>A. A \<in> sets M \<Longrightarrow> f ` A \<in> sets N" "f \<in> M \<rightarrow>\<^sub>M N" "bij_betw g (space N) (space M)" "g \<in> N \<rightarrow>\<^sub>M M" "\<And>x. x\<in>space M \<Longrightarrow> g (f x) = x" "\<And>x. x\<in>space N \<Longrightarrow> f (g x) = x" "\<And>A. A\<in>sets N \<Longrightarrow> g ` A \<in> sets M"
+ by metis
+ interpret s: sigma_algebra "space N" "sigma_sets (space N) ((`) f ` U)"
+ by(auto intro!: sigma_algebra_sigma_sets) (metis assms(1) h(2) measurable_space sets.sets_into_space sigma_sets_superset_generator subsetD)
+ show ?thesis
+ proof safe
+ fix x
+ assume "x \<in> sets N"
+ from h(7)[OF this] assms(1)
+ have "g ` x \<in> sigma_sets (space M) U" by simp
+ hence "f ` (g ` x) \<in> sigma_sets (space N) ((`) f ` U)"
+ proof induction
+ case h:(Compl a)
+ have "f ` (space M - a) = f ` (space M) - f ` a"
+ by(rule inj_on_image_set_diff[where C="space M"], insert assms h) (auto simp: measurable_isomorphic_map_def bij_betw_def sets.sets_into_space)
+ with h show ?case
+ by (metis assms(2) measurable_isomorphic_map_surj s.Diff s.top)
+ qed (auto simp: image_UN)
+ moreover have "f ` (g ` x) = x"
+ using sets.sets_into_space[OF \<open>x \<in> sets N\<close>] h(6) by(fastforce simp: image_def)
+ ultimately show "x \<in> sigma_sets (space N) ((`) f ` U)" by simp
+ next
+ interpret s': sigma_algebra "space M" "sigma_sets (space M) U"
+ by(simp add: assms(1)[symmetric] sets.sigma_algebra_axioms)
+ have 1:"\<And>x. x \<in> U \<Longrightarrow> x \<subseteq> space M"
+ by (simp add: s'.sets_into_space)
+ fix x
+ assume assm:"x \<in> sigma_sets (space N) ((`) f ` U)"
+ then show "x \<in> sets N"
+ by induction (auto simp: assms(1) h(1))
+ qed
+qed
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/ROOT b/thys/Standard_Borel_Spaces/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/ROOT
@@ -0,0 +1,14 @@
+chapter AFP
+
+session "Standard_Borel_Spaces" = "HOL-Probability" +
+ options [timeout = 600]
+ theories
+ "Lemmas_StandardBorel"
+ "Set_Based_Metric_Space"
+ "Set_Based_Metric_Product"
+ "Abstract_Metrizable_Topology"
+ "StandardBorel"
+ "Space_of_Continuous_Maps"
+ document_files
+ "root.tex"
+ "root.bib"
diff --git a/thys/Standard_Borel_Spaces/Set_Based_Metric_Product.thy b/thys/Standard_Borel_Spaces/Set_Based_Metric_Product.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/Set_Based_Metric_Product.thy
@@ -0,0 +1,1433 @@
+(* Title: Set_Based_Metric_Product.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+subsection \<open> Product Metric Spaces \<close>
+
+theory Set_Based_Metric_Product
+ imports Set_Based_Metric_Space
+begin
+
+lemma nsum_of_r':
+ fixes r :: real
+ assumes r:"0 < r" "r < 1"
+ shows "(\<Sum>n. r^(n + k) * K) = r^k / (1 - r) * K"
+ (is "?lhs = _")
+proof -
+ have "?lhs = (\<Sum>n. r^n * K) - (\<Sum>n\<in>{..<k}. r^n * K)"
+ using r by(auto intro!: suminf_minus_initial_segment summable_mult2)
+ also have "... = 1 / (1 - r) * K - (1 - r^k) / (1 - r) * K"
+ proof -
+ have "(\<Sum>n\<in>{..<k}. r^n * K) = (1 - r^k) / (1 - r) * K"
+ using one_diff_power_eq[of r k] r scale_sum_left[of "\<lambda>n. r^n" "{..<k}" K,symmetric]
+ by auto
+ thus ?thesis
+ using r by(auto simp add: suminf_geometric[of "r"] suminf_mult2[where c=K,symmetric])
+ qed
+ finally show ?thesis
+ using r by (simp add: diff_divide_distrib left_diff_distrib)
+qed
+
+lemma nsum_of_r_leq:
+ fixes r :: real and a :: "nat \<Rightarrow> real"
+ assumes r:"0 < r" "r < 1"
+ and a:"\<And>n. 0 \<le> a n" "\<And>n. a n \<le> K"
+ shows "0 \<le> (\<Sum>n. r^(n + k) * a (n + l))" "(\<Sum>n. r^(n + k) * a (n + l)) \<le> r^k / (1 - r) * K"
+proof -
+ have [simp]: "summable (\<lambda>n. r ^ (n + k) * a (n + l))"
+ apply(rule summable_comparison_test'[of "\<lambda>n. r^(n+k) * K"])
+ using r a by(auto intro!: summable_mult2)
+ show "0 \<le> (\<Sum>n. r^(n + k) * a (n + l))"
+ using r a by(auto intro!: suminf_nonneg)
+ have "(\<Sum>n. r^(n + k) * a (n + l)) \<le> (\<Sum>n. r^(n + k) * K)"
+ using a r by(auto intro!: suminf_le summable_mult2)
+ also have "... = r^k / (1 - r) * K"
+ by(rule nsum_of_r'[OF r])
+ finally show "(\<Sum>n. r^(n + k) * a (n + l)) \<le> r^k / (1 - r) * K" .
+qed
+
+lemma nsum_of_r_le:
+ fixes r :: real and a :: "nat \<Rightarrow> real"
+ assumes r:"0 < r" "r < 1"
+ and a:"\<And>n. 0 \<le> a n" "\<And>n. a n \<le> K" "\<exists>n'\<ge> l. a n' < K"
+ shows "(\<Sum>n. r^(n + k) * a (n + l)) < r^k / (1 - r) * K"
+proof -
+ obtain n' where hn': "a (n' + l) < K"
+ using a(3) by (metis add.commute le_iff_add)
+ define a' where "a' = (\<lambda>n. if n = n' + l then K else a n)"
+ have a': "\<And>n. 0 \<le> a' n" "\<And>n. a' n \<le> K"
+ using a(1,2) le_trans order.trans[OF a(1,2)[of 0]] by(auto simp: a'_def)
+ have [simp]: "summable (\<lambda>n. r ^ (n + k) * a (n + l))"
+ apply(rule summable_comparison_test'[of "\<lambda>n. r^(n+k) * K"])
+ using r a by(auto intro!: summable_mult2)
+ have [simp]: "summable (\<lambda>n. r^(n + k) * a' (n + l))"
+ apply(rule summable_comparison_test'[of "\<lambda>n. r^(n+k) * K"])
+ using r a' by(auto intro!: summable_mult2)
+ have "(\<Sum>n. r^(n + k) * a (n + l)) = (\<Sum>n. r^(n + Suc n' + k) * a (n + Suc n'+ l)) + (\<Sum>i<Suc n'. r^(i + k) * a (i + l))"
+ by(rule suminf_split_initial_segment) simp
+ also have "... = (\<Sum>n. r^(n + Suc n' + k) * a (n + Suc n'+ l)) + (\<Sum>i<n'. r^(i + k) * a (i + l)) + r^(n' + k) * a (n' + l)"
+ by simp
+ also have "... < (\<Sum>n. r^(n + Suc n' + k) * a (n + Suc n'+ l)) + (\<Sum>i<n'. r^(i + k) * a (i + l)) + r^(n' + k) * K"
+ using r hn' by auto
+ also have "... = (\<Sum>n. r^(n + Suc n' + k) * a' (n + Suc n'+ l)) + (\<Sum>i<Suc n'. r^(i + k) * a' (i + l))"
+ by(auto simp: a'_def)
+ also have "... = (\<Sum>n. r^(n + k) * a' (n + l))"
+ by(rule suminf_split_initial_segment[symmetric]) simp
+ also have "... \<le> r^k / (1 - r) * K"
+ by(rule nsum_of_r_leq[OF r a'])
+ finally show ?thesis .
+qed
+
+definition product_dist' :: "[real, 'i set, nat \<Rightarrow> 'i, 'i \<Rightarrow> 'a set, 'i \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real] \<Rightarrow> ('i \<Rightarrow> 'a) \<Rightarrow> ('i \<Rightarrow> 'a) \<Rightarrow> real" where
+product_dist_def: "product_dist' r I g S d \<equiv> (\<lambda>x y. if x \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> y \<in> (\<Pi>\<^sub>E i\<in>I. S i) then (\<Sum>n. if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0) else 0)"
+
+text \<open> $d(x,y) = \sum_{n\in \mathbb{N}} r^n * d_{g_I(i)}(x_{g_I(i)},y_{g_I(i)})$.\<close>
+locale product_metric =
+ fixes r :: real
+ and I :: "'i set"
+ and f :: "'i \<Rightarrow> nat"
+ and g :: "nat \<Rightarrow> 'i"
+ and S :: "'i \<Rightarrow> 'a set"
+ and d :: "'i \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real"
+ and K :: real
+ assumes r: "0 < r" "r < 1"
+ and I: "countable I"
+ and gf_comp_id : "\<And>i. i \<in> I \<Longrightarrow> g (f i) = i"
+ and gf_if_finite: "finite I \<Longrightarrow> bij_betw f I {..< card I}"
+ "finite I \<Longrightarrow> bij_betw g {..< card I} I"
+ and gf_if_infinite: "infinite I \<Longrightarrow> bij_betw f I UNIV"
+ "infinite I \<Longrightarrow> bij_betw g UNIV I"
+ "\<And>n. infinite I \<Longrightarrow> f (g n) = n"
+ and sd_metric: "\<And>i. i \<in> I \<Longrightarrow> metric_set (S i) (d i)"
+ and d_nonneg: "\<And>i x y. 0 \<le> d i x y"
+ and d_bound: "\<And>i x y. d i x y \<le> K"
+ and K_pos : "0 < K"
+
+lemma from_nat_into_to_nat_on_product_metric_pair:
+ assumes "countable I"
+ shows "\<And>i. i \<in> I \<Longrightarrow> from_nat_into I (to_nat_on I i) = i"
+ and "finite I \<Longrightarrow> bij_betw (to_nat_on I) I {..< card I}"
+ and "finite I \<Longrightarrow> bij_betw (from_nat_into I) {..< card I} I"
+ and "infinite I \<Longrightarrow> bij_betw (to_nat_on I) I UNIV"
+ and "infinite I \<Longrightarrow> bij_betw (from_nat_into I) UNIV I"
+ and "\<And>n. infinite I \<Longrightarrow> to_nat_on I (from_nat_into I n) = n"
+ by(simp_all add: assms to_nat_on_finite bij_betw_from_nat_into_finite to_nat_on_infinite bij_betw_from_nat_into)
+
+lemma product_metric_pair_finite_nat:
+ "bij_betw id {..n} {..< card {..n}}" "bij_betw id {..< card {..n}} {..n}"
+ by(auto simp: bij_betw_def)
+
+lemma product_metric_pair_finite_nat':
+ "bij_betw id {..<n} {..< card {..<n}}" "bij_betw id {..< card {..<n}} {..<n}"
+ by(auto simp: bij_betw_def)
+
+context product_metric
+begin
+
+abbreviation "product_dist \<equiv> product_dist' r I g S d"
+
+lemma nsum_of_rK: "(\<Sum>n. r^(n + k)*K) = r^k / (1 - r) * K"
+ by(rule nsum_of_r'[OF r])
+
+lemma i_min:
+ assumes "i \<in> I" "g n = i"
+ shows "f i \<le> n"
+proof(cases "finite I")
+ case h:True
+ show ?thesis
+ proof(rule ccontr)
+ assume "\<not> f i \<le> n"
+ then have h0:"n < f i" by simp
+ have "f i \<in> {..<card I}"
+ using bij_betwE[OF gf_if_finite(1)[OF h]] assms(1) by simp
+ moreover have "n \<in> {..<card I}" "n \<noteq> f i"
+ using h0 \<open>f i \<in> {..<card I}\<close> by auto
+ ultimately have "g n \<noteq> g (f i)"
+ using bij_betw_imp_inj_on[OF gf_if_finite(2)[OF h]]
+ by (simp add: inj_on_contraD)
+ thus False
+ by(simp add: gf_comp_id[OF assms(1)] assms(2))
+ qed
+next
+ show "infinite I \<Longrightarrow> f i \<le> n"
+ using assms(2) gf_if_infinite(3)[of n] by simp
+qed
+
+lemma g_surj:
+ assumes "i \<in> I"
+ shows "\<exists>n. g n = i"
+ using gf_comp_id[of i] assms by auto
+
+lemma product_dist_summable'[simp]:
+ "summable (\<lambda>n. r^n * d (g n) (x (g n)) (y (g n)))"
+ apply(rule summable_comparison_test'[of "\<lambda>n. r^n * K"])
+ using r d_nonneg d_bound K_pos by(auto intro!: summable_mult2)
+
+lemma product_dist_summable[simp]:
+ "summable (\<lambda>n. if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0)"
+ by(rule summable_comparison_test'[of "\<lambda>n. r^n * d (g n) (x (g n)) (y (g n))"]) (use r d_nonneg d_bound K_pos in auto)
+
+lemma summable_rK[simp]: "summable (\<lambda>n. r^n * K)"
+ using r by(auto intro!: summable_mult2)
+
+lemma product_dist_distance: "metric_set (\<Pi>\<^sub>E i\<in>I. S i) product_dist"
+proof -
+ have h': "\<And>i xi yi. i \<in> I \<Longrightarrow> xi \<in> S i \<Longrightarrow> yi \<in> S i \<Longrightarrow> xi = yi \<longleftrightarrow> d i xi yi = 0"
+ "\<And>i xi yi. i \<in> I \<Longrightarrow> d i xi yi = d i yi xi"
+ "\<And>i xi yi zi. i \<in> I \<Longrightarrow> xi \<in> S i \<Longrightarrow> yi \<in> S i \<Longrightarrow> zi \<in> S i \<Longrightarrow> d i xi zi \<le> d i xi yi + d i yi zi"
+ using sd_metric by(auto simp: metric_set_def)
+ show ?thesis
+ proof
+ show "\<And>x y. 0 \<le> product_dist x y"
+ using d_nonneg r by(auto simp: product_dist_def intro!: suminf_nonneg product_dist_summable)
+ next
+ show "\<And>x y. x \<notin> (\<Pi>\<^sub>E i\<in>I. S i) \<Longrightarrow> product_dist x y = 0"
+ by(auto simp: product_dist_def)
+ next
+ fix x y
+ assume hxy:"x \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "y \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ show "(x = y) \<longleftrightarrow> (product_dist x y = 0)"
+ proof
+ assume heq:"x = y"
+ then have "(if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0) = 0" for n
+ using hxy h'(1)[of "g n" "x (g n)" "y (g n)"] by(auto simp: product_dist_def)
+ thus "product_dist x y = 0"
+ by(auto simp: product_dist_def)
+ next
+ assume h0:"product_dist x y = 0"
+ have "(\<Sum>n. if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0) = 0
+ \<longleftrightarrow> (\<forall>n. (if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0) = 0)"
+ apply(rule suminf_eq_zero_iff)
+ using d_nonneg r by(auto simp: product_dist_def intro!: product_dist_summable)
+ hence hn0:"\<And>n. (if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0) = 0"
+ using h0 hxy by(auto simp: product_dist_def)
+ show "x = y"
+ proof
+ fix i
+ consider "i \<in> I" | "i \<notin> I" by auto
+ thus "x i = y i"
+ proof cases
+ case 1
+ from g_surj[OF this] obtain n where
+ hn: "g n = i" by auto
+ have "d (g n) (x (g n)) (y (g n)) = 0"
+ using hn h'(1)[OF 1,of "x i" "y i"] hxy hn0[of n] 1 r by simp
+ thus ?thesis
+ using hn h'(1)[OF 1,of "x i" "y i"] hxy 1 by auto
+ next
+ case 2
+ then show ?thesis
+ by(simp add: PiE_arb[OF hxy(1) 2] hxy PiE_arb[OF hxy(2) 2])
+ qed
+ qed
+ qed
+ next
+ show "product_dist x y = product_dist y x" for x y
+ using h'(2) by(auto simp: product_dist_def) (metis (no_types, opaque_lifting))
+ next
+ fix x y z
+ assume hxyz:"x \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "y \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "z \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ have "(if g n \<in> I then r ^ n * d (g n) (x (g n)) (z (g n)) else 0)
+ \<le> (if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0) + (if g n \<in> I then r ^ n * d (g n) (y (g n)) (z (g n)) else 0)" for n
+ using h'(3)[of "g n" "x (g n)" "y (g n)" "z (g n)"] hxyz r
+ by(auto simp: distrib_left[of "r ^ n",symmetric])
+ thus "product_dist x z \<le> product_dist x y + product_dist y z"
+ by(auto simp add: product_dist_def suminf_add[OF product_dist_summable[of x y] product_dist_summable[of y z]] hxyz intro!: suminf_le summable_add)
+ qed
+qed
+
+sublocale metric_set "\<Pi>\<^sub>E i\<in>I. S i" "product_dist"
+ by(rule product_dist_distance)
+
+lemma product_dist_leqr: "product_dist x y \<le> 1 / (1 - r) * K"
+proof -
+ have "product_dist x y \<le> (\<Sum>n. if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0)"
+ proof -
+ consider "x \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> y \<in> (\<Pi>\<^sub>E i\<in>I. S i)" | "\<not> (x \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> y \<in> (\<Pi>\<^sub>E i\<in>I. S i))" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis by(auto simp: product_dist_def)
+ next
+ case 2
+ then have "product_dist x y = 0"
+ by(auto simp: product_dist_def)
+ also have "... \<le> (\<Sum>n. if g n \<in> I then r^n * d (g n) (x (g n)) (y (g n)) else 0)"
+ using d_nonneg r by(auto intro!: suminf_nonneg product_dist_summable)
+ finally show ?thesis .
+ qed
+ qed
+ also have "... \<le> (\<Sum>n. r^n * d (g n) (x (g n)) (y (g n)))"
+ using r d_nonneg d_bound by(auto intro!: suminf_le)
+ also have "... \<le> (\<Sum>n. r^n * K)"
+ using r d_bound d_nonneg by(auto intro!: suminf_le)
+ also have "... = 1 / (1 - r) * K"
+ using r nsum_of_rK[of 0] by simp
+ finally show ?thesis .
+qed
+
+lemma product_dist_geq:
+ assumes "i \<in> I" and "g n = i" "x \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "y \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ shows "d i (x i) (y i) \<le> (1/r)^n * product_dist x y"
+ (is "?lhs \<le> ?rhs")
+proof -
+ interpret mi: metric_set "S i" "d i"
+ by(rule sd_metric[OF assms(1)])
+ have "(\<lambda>m. if m = f i then d (g m) (x (g m)) (y (g m)) else 0) sums d (g (f i)) (x (g (f i))) (y (g (f i)))"
+ by(rule sums_single)
+ also have "... = ?lhs"
+ by(simp add: gf_comp_id[OF assms(1)])
+ finally have 1:"summable (\<lambda>m. if m = f i then d (g m) (x (g m)) (y (g m)) else 0)"
+ "?lhs = (\<Sum>m. (if m = f i then d (g m) (x (g m)) (y (g m)) else 0))"
+ by(auto simp: sums_iff)
+ note 1(2)
+ also have "... \<le> (\<Sum>m. (1/r)^n * (if g m \<in> I then r^m * d (g m) (x (g m)) (y (g m)) else 0))"
+ proof(rule suminf_le)
+ show "summable (\<lambda>m. (1/r)^n * (if g m \<in> I then r^m * d (g m) (x (g m)) (y (g m)) else 0))"
+ by(auto intro!: product_dist_summable)
+ next
+ fix k
+ have **:"1 \<le> (1/r) ^ n * r ^ f i"
+ proof -
+ have "(1/r) ^ n * (r ^ f i) = (1/r)^(n-f i) * (1/r)^(f i) * r ^ f i"
+ using r by(simp add: power_diff[OF _ i_min[OF assms(1,2)],of "1/r",simplified])
+ also have "... = (1/r) ^ (n-f i)"
+ using r by (simp add: power_one_over)
+ finally show ?thesis
+ using r by auto
+ qed
+ have *:"g k \<in> I" if "k = f i"
+ using gf_comp_id[OF assms(1)] assms(1) that by auto
+ show "(if k = f i then d (g k) (x (g k)) (y (g k)) else 0) \<le> (1/r) ^ n * (if g k \<in> I then r ^ k * d (g k) (x (g k)) (y (g k)) else 0)"
+ using * d_nonneg r ** mult_right_mono[OF **] by(auto simp: vector_space_over_itself.scale_scale[of "(1 / r) ^ n"])
+ qed(simp add: 1)
+ also have "... = ?rhs"
+ unfolding product_dist_def
+ using assms by(auto intro!: suminf_mult product_dist_summable)
+ finally show ?thesis .
+qed
+
+lemma converge_to_iff:
+ assumes "xn \<in> sequence" "x \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ shows "converge_to_inS xn x \<longleftrightarrow> (\<forall>i\<in>I. metric_set.converge_to_inS (S i) (d i) (\<lambda>n. xn n i) (x i))"
+proof safe
+ fix i
+ assume h:"converge_to_inS xn x" "i \<in> I"
+ then interpret m: metric_set "S i" "d i"
+ using sd_metric by blast
+ show "m.converge_to_inS (\<lambda>n. xn n i) (x i)"
+ unfolding m.converge_to_inS_def2
+ proof safe
+ show 1:"\<And>x. xn x i \<in> S i" "x i \<in> S i"
+ using h by(auto simp: converge_to_inS_def)
+ next
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ then obtain "r^ f i * \<epsilon> > 0" using r by auto
+ then obtain N where N:"\<And>n. n \<ge> N \<Longrightarrow> product_dist (xn n) x < r^ f i * \<epsilon>"
+ using h(1) by(auto simp: converge_to_inS_def2) metis
+ show "\<exists>N. \<forall>n\<ge>N. d i (xn n i) (x i) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ have "d i (xn n i) (x i) \<le> (1 / r) ^ f i * product_dist (xn n) x"
+ using h by(auto intro!: product_dist_geq[OF h(2) gf_comp_id[OF h(2)]] simp: converge_to_inS_def)
+ also have "... < (1 / r) ^ f i * r^ f i * \<epsilon>"
+ using N[OF \<open>N \<le> n\<close>] r by auto
+ also have "... \<le> \<epsilon>"
+ by (simp add: \<open>0 < \<epsilon>\<close> power_one_over)
+ finally show " d i (xn n i) (x i) < \<epsilon>" .
+ qed
+ qed
+next
+ assume h:"\<forall>i\<in>I. metric_set.converge_to_inS (S i) (d i) (\<lambda>n. xn n i) (x i)"
+ show "converge_to_inS xn x"
+ unfolding converge_to_inS_def2
+ proof safe
+ fix \<epsilon>
+ assume he:"(0::real) < \<epsilon>"
+ then have "0 < \<epsilon>*((1-r)/K)" using r K_pos by auto
+ hence "\<exists>k. r^k < \<epsilon>*((1-r)/K)"
+ using r(2) real_arch_pow_inv by blast
+ then obtain l where "r^l < \<epsilon>*((1-r)/K)" by auto
+ hence hk:"r^l/(1-r)*K < \<epsilon>"
+ using mult_imp_div_pos_less[OF divide_pos_pos[OF _ K_pos,of "1-r"]] r(2) by simp
+ hence hke: "0 < \<epsilon> - r^l/(1-r)*K" by auto
+ consider "l = 0" | "0 < l" by auto
+ then show "\<exists>N. \<forall>n\<ge>N. product_dist (xn n) x < \<epsilon>"
+ proof cases
+ case 1
+ then have he2:"1 / (1 - r)*K < \<epsilon>" using hk by auto
+ show ?thesis
+ using order.strict_trans1[OF product_dist_leqr he2]
+ by(auto simp: complete_metric_set_def intro!: exI[where x=0])
+ next
+ case 2
+ with hke have "0 < 1 / real l * (\<epsilon> - r^l/(1-r)*K)" by auto
+ hence "\<forall>i\<in>I. \<exists>N. \<forall>n\<ge>N. d i (xn n i) (x i) < 1 / real l * (\<epsilon> - r^l/(1-r)*K)"
+ using h metric_set.converge_to_inS_def2[OF sd_metric] by auto
+ then obtain N where hn:
+ "\<And>i n. i \<in> I \<Longrightarrow> n \<ge> N i \<Longrightarrow> d i (xn n i) (x i) < 1 / real l * (\<epsilon> - r^l/(1-r)*K)"
+ by metis
+ show ?thesis
+ proof(safe intro!: exI[where x="Sup {N (g n) | n. n < l}"])
+ fix n
+ assume hsup:"\<Squnion> {N (g n) |n. n < l} \<le> n"
+ have "product_dist (xn n) x = (\<Sum>m. if g m \<in> I then r ^ m * d (g m) (xn n (g m)) (x (g m)) else 0)"
+ using assms by(auto simp: product_dist_def)
+ also have "... = (\<Sum>m. if g (m + l) \<in> I then r ^ (m + l)* d (g (m + l)) (xn n (g (m + l))) (x (g (m + l))) else 0) + (\<Sum>m<l. if g m \<in> I then r ^ m * d (g m) (xn n (g m)) (x (g m)) else 0)"
+ by(auto intro!: suminf_split_initial_segment)
+ also have "... \<le> r^l/(1-r)*K + (\<Sum>m<l. if g m \<in> I then r ^ m * d (g m) (xn n (g m)) (x(g m)) else 0)"
+ proof -
+ have "(\<Sum>m. if g (m + l) \<in> I then r ^ (m + l)* d (g (m + l)) (xn n (g (m + l))) (x (g (m + l))) else 0) \<le> (\<Sum>m. r^(m + l)*K)"
+ using d_bound assms r K_pos by(auto intro!: suminf_le summable_ignore_initial_segment)
+ also have "... = r^l/(1-r)*K"
+ by(rule nsum_of_rK)
+ finally show ?thesis by auto
+ qed
+ also have "... \<le> r^l / (1 - r)*K + (\<Sum>m<l. if g m \<in> I then d (g m) (xn n (g m)) (x (g m)) else 0)"
+ proof -
+ have " (\<Sum>m<l. if g m \<in> I then r ^ m * d (g m) (xn n (g m)) (x (g m)) else 0) \<le> (\<Sum>m<l. if g m \<in> I then d (g m) (xn n (g m)) (x (g m)) else 0)"
+ using d_bound d_nonneg r by(auto intro!: sum_mono simp: mult_left_le_one_le power_le_one)
+ thus ?thesis by simp
+ qed
+ also have "... < r^l / (1 - r)*K + (\<Sum>m<l. 1 / real l * (\<epsilon> - r^l/(1-r)*K))"
+ proof -
+ have "(\<Sum>m<l. if g m \<in> I then d (g m) (xn n (g m)) (x (g m)) else 0) < (\<Sum>m<l. 1 / real l * (\<epsilon> - r^l/(1-r)*K))"
+ proof(rule sum_strict_mono_ex1)
+ show "\<forall>p\<in>{..<l}. (if g p \<in> I then d (g p) (xn n (g p)) (x (g p)) else 0) \<le> 1 / real l * (\<epsilon> - r ^ l / (1 - r)*K)"
+ proof -
+ have "0 \<le> (\<epsilon> - r ^ l * K / (1 - r)) / real l"
+ using hke by auto
+ moreover {
+ fix p
+ assume "p < l" "g p \<in> I"
+ then have "N (g p) \<in> {N (g n) |n. n < l}"
+ by auto
+ from le_cSup_finite[OF _ this] hsup have "N (g p) \<le> n"
+ by auto
+ hence "d (g p) (xn n (g p)) (x (g p)) \<le> (\<epsilon> - r ^ l *K/ (1 - r)) / real l"
+ using hn[OF \<open>g p \<in> I\<close>,of n] by simp
+ }
+ ultimately show ?thesis
+ by auto
+ qed
+ next
+ show "\<exists>a\<in>{..<l}. (if g a \<in> I then d (g a) (xn n (g a)) (x (g a)) else 0) < 1 / real l * (\<epsilon> - r ^ l / (1 - r)*K)"
+ proof -
+ have "0 < (\<epsilon> - r ^ l * K / (1 - r)) / real l"
+ using hke 2 by auto
+ moreover {
+ assume "g 0 \<in> I"
+ have "N (g 0) \<in> {N (g n) |n. n < l}"
+ using 2 by auto
+ from le_cSup_finite[OF _ this] hsup have "N (g 0) \<le> n"
+ by auto
+ hence "d (g 0) (xn n (g 0)) (x (g 0)) < (\<epsilon> - r ^ l * K/ (1 - r)) / real l"
+ using hn[OF \<open>g 0 \<in> I\<close>,of n] by simp
+ }
+ ultimately show ?thesis
+ by(auto intro!: bexI[where x=0] simp: 2)
+ qed
+ qed simp
+ thus ?thesis by simp
+ qed
+ also have "... = \<epsilon>"
+ using 2 by auto
+ finally show "product_dist (xn n) x < \<epsilon>" .
+ qed
+ qed
+ qed (use assms in auto)
+qed
+
+lemma product_dist_mtopology: "product_topology (\<lambda>i. metric_set.mtopology (S i) (d i)) I = mtopology"
+proof -
+ have htopspace:"\<And>i. i \<in> I \<Longrightarrow> topspace (metric_set.mtopology (S i) (d i)) = S i"
+ by (simp add: sd_metric metric_set.mtopology_topspace)
+ hence htopspace':"(\<Pi>\<^sub>E i\<in>I. topspace (metric_set.mtopology (S i) (d i))) = (\<Pi>\<^sub>E i\<in>I. S i)" by auto
+ consider "I = {}" | "I \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then have "product_dist = (\<lambda>x y. 0)"
+ using metric_set_axioms by(simp add: singleton_metric_unique)
+ thus ?thesis
+ by(simp add: product_topology_empty_discrete 1 singleton_metric_mtopology)
+ next
+ case I':2
+ show ?thesis
+ unfolding mtopology_def2 product_topology_def
+ proof(rule topology_generated_by_eq)
+ fix U
+ assume "U \<in> {open_ball a \<epsilon> |a \<epsilon>. a \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> 0 < \<epsilon>}"
+ then obtain a \<epsilon> where hu:
+ "U = open_ball a \<epsilon>" "a \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "0 < \<epsilon>" by auto
+ have "\<exists>X. x \<in> (\<Pi>\<^sub>E i\<in>I. X i) \<and> (\<Pi>\<^sub>E i\<in>I. X i) \<subseteq> U \<and> (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}" if "x \<in> U" for x
+ proof -
+ consider "\<epsilon> \<le> 1 / (1 - r) * K" | "1 / (1 - r) * K < \<epsilon>" by fastforce
+ then show "\<exists>X. x \<in> (\<Pi>\<^sub>E i\<in>I. X i) \<and> (\<Pi>\<^sub>E i\<in>I. X i) \<subseteq> U \<and> (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ proof cases
+ case he2:1
+ note hx = open_ballD[OF that[simplified hu(1)]] open_ballD'(1)[OF that[simplified hu(1)]]
+
+ then have "0 < (\<epsilon> - product_dist a x)*((1-r)/ K)" using r hu K_pos by auto
+ hence "\<exists>k. r^k < (\<epsilon> - product_dist a x)*((1-r)/ K)"
+ using r(2) real_arch_pow_inv by blast
+ then obtain k where "r^k < (\<epsilon> - product_dist a x)*((1-r)/ K)" by auto
+ hence hk:"r^k / (1-r) * K < (\<epsilon> - product_dist a x)"
+ using mult_imp_div_pos_less[OF divide_pos_pos[OF _ K_pos,of "1-r"]] r(2) by auto
+ have hk': "0 < k" apply(rule ccontr) using hk he2 dist_geq0[of a x] by auto
+ define \<epsilon>' where "\<epsilon>' \<equiv> (1/(real k))*(\<epsilon> - product_dist a x - r^k / (1-r) * K)"
+ have h\<epsilon>' : "0 < \<epsilon>'" using hk by(auto simp: \<epsilon>'_def hk')
+ define X where "X \<equiv> (if finite I then (\<lambda>i. if i \<in> I then metric_set.open_ball (S i) (d i) (x i) \<epsilon>' else topspace (metric_set.mtopology (S i) (d i))) else (\<lambda>i. if i \<in> I \<and> f i < k then metric_set.open_ball (S i) (d i) (x i) \<epsilon>' else topspace (metric_set.mtopology (S i) (d i))))"
+ show ?thesis
+ proof(intro exI[where x=X] conjI)
+ have "x i \<in> metric_set.open_ball (S i) (d i) (x i) \<epsilon>'" if "i \<in> I" for i
+ using hx(2) by (simp add: PiE_mem h\<epsilon>' metric_set.open_ball_ina sd_metric that)
+ thus "x \<in> (\<Pi>\<^sub>E i\<in>I. X i)"
+ using hx(2) htopspace by(auto simp: X_def)
+ next
+ show "(\<Pi>\<^sub>E i\<in>I. X i) \<subseteq> U"
+ proof
+ fix y
+ assume "y \<in> (\<Pi>\<^sub>E i\<in>I. X i)"
+ have "\<And>i. X i \<subseteq> topspace (metric_set.mtopology (S i) (d i))"
+ by (simp add: X_def sd_metric htopspace metric_set.open_ball_subset_ofS)
+ hence "y \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ using htopspace' \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. X i)\<close> by blast
+ have "product_dist a y < \<epsilon>"
+ proof -
+ have "product_dist a y \<le> product_dist a x + product_dist x y"
+ by(rule dist_tr[OF hu(2) hx(2) \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. S i)\<close>])
+ also have "... < product_dist a x + (\<epsilon> - product_dist a x)"
+ proof -
+ have "product_dist x y < (\<epsilon> - product_dist a x)"
+ proof -
+ have "product_dist x y = (\<Sum>n. if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0)"
+ by(simp add: product_dist_def hx \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. S i)\<close>)
+ also have "... = (\<Sum>n. if g (n + k) \<in> I then r ^ (n + k)* d (g (n + k)) (x (g (n + k))) (y (g (n + k))) else 0) + (\<Sum>n<k. if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0)"
+ by(rule suminf_split_initial_segment) simp
+ also have "... \<le> r^k / (1 - r) * K + (\<Sum>n<k. if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0)"
+ proof -
+ have "(\<Sum>n. if g (n + k) \<in> I then r ^ (n + k)* d (g (n + k)) (x (g (n + k))) (y (g (n + k))) else 0) \<le> (\<Sum>n. r ^ (n + k) * K)"
+ using d_bound d_nonneg r K_pos by(auto intro!: suminf_le summable_ignore_initial_segment)
+ also have "... = r^k / (1 - r) * K"
+ by(rule nsum_of_rK)
+ finally show ?thesis by simp
+ qed
+ also have "... < r^k / (1 - r) * K + (\<epsilon> - product_dist a x - r^k / (1 - r) * K)"
+ proof -
+ have "(\<Sum>n<k. if g n \<in> I then r ^ n * d (g n) (x (g n)) (y (g n)) else 0) < (\<Sum>n<k. \<epsilon>')"
+ proof(rule sum_strict_mono_ex1)
+ show "\<forall>l\<in>{..<k}. (if g l \<in> I then r ^ l * d (g l) (x (g l)) (y (g l)) else 0) \<le> \<epsilon>'"
+ proof -
+ {
+ fix l
+ assume "g l \<in> I" "l < k"
+ then interpret mbd: metric_set "S (g l)" "d (g l)"
+ by(auto intro!: sd_metric)
+ have "r ^ l * d (g l) (x (g l)) (y (g l)) \<le> d (g l) (x (g l)) (y (g l))"
+ using r by(auto intro!: mult_right_mono[of "r ^ l" 1,OF _ mbd.dist_geq0[of "x (g l)" "y (g l)"],simplified] simp: power_le_one)
+ also have "... < \<epsilon>'"
+ proof -
+ have "y (g l) \<in> mbd.open_ball (x (g l)) \<epsilon>'"
+ proof(cases "finite I")
+ case True
+ then show ?thesis
+ using PiE_mem[OF \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. X i)\<close> \<open>g l \<in> I\<close>]
+ by(simp add: X_def \<open>g l \<in> I\<close>)
+ next
+ case False
+ then show ?thesis
+ using PiE_mem[OF \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. X i)\<close> \<open>g l \<in> I\<close>] gf_if_infinite(3)
+ by(simp add: X_def \<open>g l \<in> I\<close> \<open>l < k\<close>)
+ qed
+ thus ?thesis
+ by(auto dest: mbd.open_ballD)
+ qed
+ finally have "r ^ l * d (g l) (x (g l)) (y (g l)) \<le> \<epsilon>'" by simp
+ }
+ thus ?thesis
+ by(auto simp: order.strict_implies_order[OF h\<epsilon>'])
+ qed
+ next
+ show "\<exists>a\<in>{..<k}. (if g a \<in> I then r ^ a * d (g a) (x (g a)) (y (g a)) else 0) < \<epsilon>'"
+ proof(rule bexI[where x=0])
+ {
+ assume "g 0 \<in> I"
+ then interpret mbd: metric_set "S (g 0)" "d (g 0)"
+ by(auto intro!: sd_metric)
+ have "y (g 0) \<in> mbd.open_ball (x (g 0)) \<epsilon>'"
+ proof(cases "finite I")
+ case True
+ then show ?thesis
+ using PiE_mem[OF \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. X i)\<close> \<open>g 0 \<in> I\<close>]
+ by(simp add: X_def \<open>g 0 \<in> I\<close>)
+ next
+ case False
+ then show ?thesis
+ using PiE_mem[OF \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. X i)\<close> \<open>g 0 \<in> I\<close>] gf_if_infinite(3)
+ by(simp add: X_def \<open>g 0 \<in> I\<close> \<open>0 < k\<close>)
+ qed
+ hence "r ^ 0 * d (g 0) (x (g 0)) (y (g 0)) < \<epsilon>'"
+ by(auto dest: mbd.open_ballD)
+ }
+ thus "(if g 0 \<in> I then r ^ 0 * d (g 0) (x (g 0)) (y (g 0)) else 0) < \<epsilon>'"
+ using h\<epsilon>' by auto
+ qed(use hk' in auto)
+ qed simp
+ also have "... = (\<epsilon> - product_dist a x - r ^ k / (1 - r) * K)"
+ by(simp add: \<epsilon>'_def hk')
+ finally show ?thesis by simp
+ qed
+ finally show ?thesis by simp
+ qed
+ thus ?thesis by simp
+ qed
+ finally show ?thesis by auto
+ qed
+ thus "y \<in> U"
+ by(simp add: hu(1) open_ball_def hu(2) \<open>y \<in> (\<Pi>\<^sub>E i\<in>I. S i)\<close>)
+ qed
+ next
+ have "openin (metric_set.mtopology (S i) (d i)) (metric_set.open_ball (S i) (d i) (x i) \<epsilon>')" if "i \<in> I" for i
+ by (meson PiE_E h\<epsilon>' hx(2) metric_set.mtopology_open_ball_in sd_metric that)
+ moreover have "openin (metric_set.mtopology (S i) (d i)) (topspace (metric_set.mtopology (S i) (d i)))" for i
+ by auto
+ ultimately show "\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)"
+ by(auto simp: X_def)
+ next
+ show "finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ proof(cases "finite I")
+ case True
+ then show ?thesis
+ by(simp add: X_def)
+ next
+ case Iinf:False
+ have "finite {i \<in> I. f i < k}"
+ proof -
+ have "{i \<in> I. f i < k} = inv_into I f ` {..<k}"
+ proof -
+ have *:"\<And>i. i \<in> I \<Longrightarrow> inv_into I f (f i) = i"
+ "\<And>n. f (inv_into I f n) = n"
+ using bij_betw_inv_into_left[OF gf_if_infinite(1)[OF Iinf]]
+ bij_betw_inv_into_right[OF gf_if_infinite(1)[OF Iinf]]
+ by auto
+ show ?thesis
+ proof
+ show "{i \<in> I. f i < k} \<subseteq> inv_into I f ` {..<k}"
+ proof
+ show "p \<in> {i \<in> I. f i < k} \<Longrightarrow> p \<in> inv_into I f ` {..<k}" for p
+ using *(1)[of p] by (auto simp: rev_image_eqI)
+ qed
+ next
+ show " inv_into I f ` {..<k} \<subseteq> {i \<in> I. f i < k} "
+ using *(2) bij_betw_inv_into[OF gf_if_infinite(1)[OF Iinf]]
+ by (auto simp: bij_betw_def)
+ qed
+ qed
+ also have "finite ..." by auto
+ finally show ?thesis .
+ qed
+ thus ?thesis
+ by(simp add: X_def Iinf)
+ qed
+ qed
+ next
+ case 2
+ then have "U = (\<Pi>\<^sub>E i\<in>I. S i)"
+ unfolding hu(1) using order.strict_trans1[OF product_dist_leqr,of \<epsilon>] hu(2)
+ by(simp add: open_ball_def)
+ also have "... = (\<Pi>\<^sub>E i\<in>I. topspace (metric_set.mtopology (S i) (d i)))"
+ using htopspace by auto
+ finally have "U = (\<Pi>\<^sub>E i\<in>I. topspace (metric_set.mtopology (S i) (d i)))" .
+ thus ?thesis
+ using open_ballD'(1)[OF that[simplified hu(1)]] htopspace by(auto intro!: exI[where x="\<lambda>i. topspace (metric_set.mtopology (S i) (d i))"])
+ qed
+ qed
+ hence "\<exists>X. \<forall>x\<in>U. x \<in> (\<Pi>\<^sub>E i\<in>I. X x i) \<and> (\<Pi>\<^sub>E i\<in>I. X x i) \<subseteq> U \<and> (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X x i)) \<and> finite {i. X x i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ by(auto intro!: bchoice)
+ then obtain X where "\<forall>x\<in>U. x \<in> (\<Pi>\<^sub>E i\<in>I. X x i) \<and> (\<Pi>\<^sub>E i\<in>I. X x i) \<subseteq> U \<and> (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X x i)) \<and> finite {i. X x i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ by auto
+ hence hX: "\<And>x. x \<in> U \<Longrightarrow> x \<in> (\<Pi>\<^sub>E i\<in>I. X x i)" "\<And>x. x \<in> U \<Longrightarrow> (\<Pi>\<^sub>E i\<in>I. X x i) \<subseteq> U" "\<And>x. x \<in> U \<Longrightarrow> (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X x i))" "\<And>x. x \<in> U \<Longrightarrow> finite {i. X x i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ by auto
+ hence hXopen: "\<And>x. x \<in> U \<Longrightarrow> (\<Pi>\<^sub>E i\<in>I. X x i) \<in> {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}}"
+ by blast
+ have "U = (\<Union> {(\<Pi>\<^sub>E i\<in>I. X x i) | x. x \<in> U})"
+ using hX(1,2) by blast
+ have "openin (topology_generated_by {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}}) (\<Union> {(\<Pi>\<^sub>E i\<in>I. X x i) | x. x \<in> U})"
+ apply(rule openin_Union)
+ using hXopen by(auto simp: openin_topology_generated_by_iff intro!: generate_topology_on.Basis)
+ thus "openin (topology_generated_by {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}}) U"
+ using \<open>U = (\<Union> {(\<Pi>\<^sub>E i\<in>I. X x i) | x. x \<in> U})\<close> by simp
+ next
+ fix U
+ assume "U \<in> {\<Pi>\<^sub>E i\<in>I. X i |X. (\<forall>i. openin (metric_set.mtopology (S i) (d i)) (X i)) \<and> finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}}"
+ then obtain X where hX:
+ "U = (\<Pi>\<^sub>E i\<in>I. X i)" "\<And>i. openin (metric_set.mtopology (S i) (d i)) (X i)" "finite {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))}"
+ by auto
+ have "\<exists>a \<epsilon>. x \<in> open_ball a \<epsilon> \<and> open_ball a \<epsilon> \<subseteq> U" if "x \<in> U" for x
+ proof -
+ have x_intop:"x \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ unfolding htopspace'[symmetric] using that hX(1) openin_subset[OF hX(2)] by auto
+ define I' where "I' \<equiv> {i. X i \<noteq> topspace (metric_set.mtopology (S i) (d i))} \<inter> I"
+ then have I':"finite I'" "I' \<subseteq> I" using hX(3) by auto
+ consider "I' = {}" | "I' \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then have "\<And>i. i \<in> I \<Longrightarrow> X i = topspace (metric_set.mtopology (S i) (d i))"
+ by(auto simp: I'_def)
+ then have "U = (\<Pi>\<^sub>E i\<in>I. S i)"
+ by (simp add: PiE_eq hX(1) htopspace)
+ thus ?thesis
+ using open_ball_subset_ofS[of x 1] that
+ by(auto intro!: exI[where x=x] exI[where x=1])
+ next
+ case I'_nonempty:2
+ hence "\<And>i. i \<in> I' \<Longrightarrow> openin (metric_set.mtopology (S i) (d i)) (X i)"
+ using hX(2) by(simp add: I'_def)
+ hence "\<exists>\<epsilon>>0. metric_set.open_ball (S i) (d i) (x i) \<epsilon> \<subseteq> (X i)" if "i \<in> I'" for i
+ using metric_set.mtopology_openin_iff[of "S i" "d i" "X i"] sd_metric[of i] hX(1,2) \<open>x \<in> U\<close> that
+ using I'_def by blast
+ then obtain \<epsilon>i' where hei:"\<And>i. i \<in> I' \<Longrightarrow> \<epsilon>i' i > 0" "\<And>i. i \<in> I' \<Longrightarrow> metric_set.open_ball (S i) (d i) (x i) (\<epsilon>i' i) \<subseteq> (X i)"
+ by metis
+ define \<epsilon> where "\<epsilon> \<equiv> Min {\<epsilon>i' i |i. i \<in> I'}"
+ have \<epsilon>min: "\<And>i. i \<in> I' \<Longrightarrow> \<epsilon> \<le> \<epsilon>i' i"
+ using I' by(auto simp: \<epsilon>_def intro!: Min.coboundedI)
+ have h\<epsilon>: "\<epsilon> > 0"
+ using I' I'_nonempty Min_gr_iff[of "{\<epsilon>i' i |i. i \<in> I'}" 0] hei(1)
+ by(auto simp: \<epsilon>_def)
+ define n where "n \<equiv> Max {f i | i. i \<in> I'}"
+ have "\<And>i. i \<in> I' \<Longrightarrow>f i \<le> n"
+ using I' by(auto intro!: Max.coboundedI[of "{f i | i. i \<in> I'}"] simp: n_def)
+ hence hn2:"\<And>i. i \<in> I' \<Longrightarrow> (1 / r) ^ f i \<le> (1 / r)^n"
+ using r by auto
+ have h\<epsilon>' : "0 < \<epsilon>*(r^n)" using h\<epsilon> r by auto
+ show ?thesis
+ proof(safe intro!: exI[where x=x] exI[where x="\<epsilon>*(r^n)"])
+ fix y
+ assume "y \<in> open_ball x (\<epsilon> * r ^ n)"
+ have "y i \<in> X i" if "i \<in> I'" for i
+ proof -
+ interpret mi: metric_set "S i" "d i"
+ using sd_metric that by(simp add: I'_def)
+ have "d i (x i) (y i) < \<epsilon>i' i"
+ proof -
+ have "d i (x i) (y i) \<le> (1 / r) ^ f i * product_dist x y"
+ using that by(auto intro!: product_dist_geq[of i,OF _ gf_comp_id x_intop open_ballD'(1)[OF \<open>y \<in> open_ball x (\<epsilon> * r ^ n)\<close>]] simp: I'_def)
+ also have "... \<le> (1 / r)^n * product_dist x y"
+ by(rule mult_right_mono[OF hn2[OF that] dist_geq0])
+ also have "... < \<epsilon>"
+ using open_ballD[OF \<open>y \<in> open_ball x (\<epsilon> * r ^ n)\<close>] r
+ by (simp add: pos_divide_less_eq power_one_over)
+ also have "... \<le> \<epsilon>i' i"
+ by(rule \<epsilon>min[OF that])
+ finally show ?thesis .
+ qed
+ hence "(y i) \<in> mi.open_ball (x i) (\<epsilon>i' i)"
+ using open_ballD'(1)[OF \<open>y \<in> open_ball x (\<epsilon> * r ^ n)\<close>] x_intop that
+ by(auto simp: mi.open_ball_def I'_def)
+ thus ?thesis
+ using hei[OF that] by auto
+ qed
+ moreover have "y i \<in> X i" if "i \<in> I - I'" for i
+ using that htopspace open_ballD'(1)[OF \<open>y \<in> open_ball x (\<epsilon> * r ^ n)\<close>]
+ by(auto simp: I'_def)
+ ultimately show "y \<in> U"
+ using open_ballD'(1)[OF \<open>y \<in> open_ball x (\<epsilon> * r ^ n)\<close>]
+ by(auto simp: hX(1))
+ qed(use open_ball_ina[OF x_intop h\<epsilon>'] in auto)
+ qed
+ qed
+ then obtain a where "\<forall>x\<in>U. \<exists>\<epsilon>. x \<in> open_ball (a x) \<epsilon> \<and> open_ball (a x) \<epsilon> \<subseteq> U"
+ by metis
+ then obtain \<epsilon> where hae: "\<And>x. x \<in> U \<Longrightarrow> x \<in> open_ball (a x) (\<epsilon> x)" "\<And>x. x \<in> U \<Longrightarrow> open_ball (a x) (\<epsilon> x) \<subseteq> U"
+ by metis
+ hence hae': "\<And>x. x \<in> U \<Longrightarrow> a x \<in> (\<Pi>\<^sub>E i\<in>I. S i)" "\<And>x. x \<in> U \<Longrightarrow> 0 < \<epsilon> x"
+ using open_ballD'(2) by meson (use open_ballD'(2,3) hae in meson)
+ have "openin (topology_generated_by {open_ball a \<epsilon> |a \<epsilon>. a \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> 0 < \<epsilon>}) (\<Union> { open_ball (a x) (\<epsilon> x) |x. x \<in> U})"
+ by(auto intro!: openin_Union[of _ mtopology] simp: mtopology_def2[symmetric] hae' metric_set_axioms metric_set.mtopology_open_ball_in)
+ moreover have "U = (\<Union> {open_ball (a x) (\<epsilon> x) |x. x \<in> U})"
+ using hae by auto
+ ultimately show "openin (topology_generated_by {open_ball a \<epsilon> |a \<epsilon>. a \<in> (\<Pi>\<^sub>E i\<in>I. S i) \<and> 0 < \<epsilon>}) U"
+ by simp
+ qed
+ qed
+qed
+
+end
+
+lemma product_metricI:
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> metric_set (S i) (d i)"
+ and "\<And>i x y. 0 \<le> d i x y" "\<And>i x y. d i x y \<le> K" "0 < K"
+ shows "product_metric r I (to_nat_on I) (from_nat_into I) S d K"
+ using from_nat_into_to_nat_on_product_metric_pair[OF assms(3)] assms
+ by(simp add: product_metric_def metric_set_def)
+
+(* TODO add lemmas for above metric *)
+
+text \<open> Case: all $(S_i,d_i)$ are separable metric spaces.\<close>
+locale product_separable_metric = product_metric +
+ assumes sd_separable_metric: "\<And>i. i \<in> I \<Longrightarrow> separable_metric_set (S i) (d i)"
+begin
+
+sublocale separable_metric_set "\<Pi>\<^sub>E i\<in>I. S i" product_dist
+proof -
+ have "\<And>i. i \<in> I \<Longrightarrow> second_countable (metric_set.mtopology (S i) (d i))"
+ by (simp add: sd_separable_metric separable_metric_set.second_countable)
+ hence "second_countable (product_topology (\<lambda>i. metric_set.mtopology (S i) (d i)) I)"
+ by(rule product_topology_second_countable[OF I])
+ hence "second_countable (metric_set.mtopology (Pi\<^sub>E I S) product_dist)"
+ using product_dist_mtopology sd_metric
+ by(simp add: separable_metric_set_def)
+ thus "separable_metric_set (\<Pi>\<^sub>E i\<in>I. S i) product_dist"
+ by (meson I d_bound d_nonneg metric_set.separable_if_second_countable product_dist_distance r(1) r(2) sd_metric second_countable_def separable_metric_set.axioms(1))
+qed
+
+end
+
+text \<open> Case: all $(S_i,d_i)$ are complete metric spaces.\<close>
+locale product_complete_metric = product_metric +
+ assumes sd_complete_metric: "\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (S i) (d i)"
+begin
+
+lemma product_dist_complete':
+ assumes "I \<noteq> {}"
+ shows "complete_metric_set (\<Pi>\<^sub>E i\<in>I. S i) product_dist"
+proof -
+ show ?thesis
+ proof
+ fix k
+ assume h:"Cauchy_inS k"
+ have *:"i \<in> I \<Longrightarrow> metric_set.Cauchy_inS (S i) (d i) (\<lambda>n. k n i)" for i
+ proof -
+ assume hi:"i \<in> I"
+ then interpret mi: complete_metric_set "S i" "d i"
+ by(simp add: sd_complete_metric)
+ show "mi.Cauchy_inS (\<lambda>n. k n i)"
+ unfolding mi.Cauchy_inS_def2''
+ proof
+ show "(\<lambda>n. k n i) \<in> mi.sequence"
+ using h hi by(auto simp: Cauchy_inS_def)
+ next
+ show "\<forall>\<epsilon>>0. \<exists>x\<in>S i. \<exists>N. \<forall>n\<ge>N. d i x (k n i) < \<epsilon>"
+ proof safe
+ fix \<epsilon>
+ assume he:"(0::real) < \<epsilon>"
+ then have "0 < \<epsilon> * r^(f i)" using r by auto
+ then obtain x N where hxn:
+ "x\<in>(\<Pi>\<^sub>E i\<in>I. S i)" "\<And>n. n\<ge>N \<Longrightarrow> product_dist x (k n) < \<epsilon> * r^(f i)"
+ using h[simplified Cauchy_inS_def2''] by blast
+ hence hxn':"\<And>n. n\<ge>N \<Longrightarrow> (1/r)^(f i) * product_dist x (k n) < \<epsilon>"
+ by (simp add: pos_divide_less_eq power_divide r(1))
+ show "\<exists>x\<in>S i. \<exists>N. \<forall>n\<ge>N. d i x (k n i) < \<epsilon>"
+ proof(safe intro!: bexI[where x="x i"] exI[where x=N])
+ show "x i \<in> S i"
+ using hi hxn by auto
+ next
+ fix n
+ assume hnn:"N \<le> n"
+ have hf:"k n \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ using h by(auto simp: Cauchy_inS_def)
+ have "d i (x i) (k n i) \<le> (1/r)^(f i) * product_dist x (k n)"
+ using product_dist_geq[OF hi gf_comp_id[OF hi] hxn(1) hf]
+ by simp
+ also have "... < \<epsilon>"
+ using hxn'[OF hnn] .
+ finally show "d i (x i) (k n i) < \<epsilon>" .
+ qed
+ qed
+ qed
+ qed
+ have "\<exists>x. metric_set.converge_to_inS (S i) (d i) (\<lambda>n. k n i) x" if "i \<in> I" for i
+ using complete_metric_set.convergence[OF sd_complete_metric[OF that] *[OF that]] metric_set.convergent_inS_def[OF sd_metric[OF that]]
+ by auto
+ then obtain x where hx:"\<And>i. i \<in> I \<Longrightarrow> metric_set.converge_to_inS (S i) (d i) (\<lambda>n. k n i) (x i)"
+ by metis
+ have hx':"(\<lambda>i\<in>I. x i) \<in> (\<Pi>\<^sub>E i\<in>I. S i)"
+ using hx metric_set.converge_to_inS_def[OF sd_metric] by auto
+ show "convergent_inS k"
+ using converge_to_iff[OF _ hx',of k]
+ by(auto intro!: exI[where x="\<lambda>i\<in>I. x i"] simp: h[simplified Cauchy_inS_def] hx convergent_inS_def)
+ qed
+qed
+
+sublocale complete_metric_set "\<Pi>\<^sub>E i\<in>I. S i" product_dist
+proof -
+ consider "I = {}" | "I \<noteq> {}" by auto
+ then show "complete_metric_set (\<Pi>\<^sub>E i\<in>I. S i) product_dist"
+ proof cases
+ case 1
+ then have "product_dist = (\<lambda>x y. 0)"
+ using metric_set_axioms singleton_metric_unique[of "\<lambda>x. undefined"] by auto
+ with 1 singleton_metric_polish[of "\<lambda>x. undefined"]
+ show ?thesis by(auto simp: polish_metric_set_def)
+ next
+ case 2
+ with product_dist_complete' show ?thesis by simp
+ qed
+qed
+
+end
+
+lemma product_complete_metricI:
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (S i) (d i)"
+ and "\<And>i x y. 0 \<le> d i x y" "\<And>i x y. d i x y \<le> K" "0 < K"
+ shows "product_complete_metric r I (to_nat_on I) (from_nat_into I) S d K"
+ using from_nat_into_to_nat_on_product_metric_pair[OF assms(3)] assms
+ by(simp add: product_complete_metric_def product_metric_def product_complete_metric_axioms_def complete_metric_set_def)
+
+lemma product_complete_metric_natI:
+ assumes "0 < r" "r < 1" "\<And>n. complete_metric_set (S n) (d n)"
+ and "\<And>i x y. 0 \<le> d i x y" "\<And>i x y. d i x y \<le> K" "0 < K"
+ shows "product_complete_metric r UNIV id id S d K"
+ using assms by(simp add: product_complete_metric_def product_metric_def product_complete_metric_axioms_def polish_metric_set_def complete_metric_set_def)
+
+locale product_polish_metric = product_complete_metric + product_separable_metric
+begin
+
+sublocale polish_metric_set "\<Pi>\<^sub>E i\<in>I. S i" product_dist
+ by (simp add: complete_metric_set_axioms polish_metric_set_def separable_metric_set_axioms)
+
+end
+
+lemma product_polish_metricI:
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> polish_metric_set (S i) (d i)"
+ and "\<And>i x y. 0 \<le> d i x y" "\<And>i x y. d i x y \<le> K" "0 < K"
+ shows "product_polish_metric r I (to_nat_on I) (from_nat_into I) S d K"
+ using from_nat_into_to_nat_on_product_metric_pair[OF assms(3)] assms
+ by(simp add: product_polish_metric_def product_complete_metric_def product_separable_metric_def product_metric_def product_complete_metric_axioms_def product_separable_metric_axioms_def polish_metric_set_def complete_metric_set_def)
+
+lemma product_polish_metric_natI:
+ assumes "0 < r" "r < 1" "\<And>n. polish_metric_set (S n) (d n)"
+ and "\<And>i x y. 0 \<le> d i x y" "\<And>i x y. d i x y \<le> K" "0 < K"
+ shows "product_polish_metric r UNIV id id S d K"
+ using assms by(simp add: product_polish_metric_def product_complete_metric_def product_separable_metric_def product_metric_def product_complete_metric_axioms_def product_separable_metric_axioms_def polish_metric_set_def complete_metric_set_def)
+
+text \<open> Define a bounded distance function from a distance function \<close>
+definition bounded_dist :: "('a \<Rightarrow> 'a \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real" where
+"bounded_dist d \<equiv> (\<lambda>a b. d a b / (1 + d a b))"
+
+lemma bounded_dist_mono:
+ fixes r l :: real
+ assumes "0 \<le> r" "0 \<le> l" and "r \<le> l"
+ shows "r / (1 + r) \<le> l / (1 + l)"
+proof -
+ have "(1 + l) * r \<le> l* (1 + r)"
+ using assms by (simp add: distrib_left distrib_right)
+ hence "((1 + l) * r) * (1 / (1 + r)) \<le> (l * (1 + r)) * (1 / (1 + r))"
+ using linordered_ring_strict_class.mult_le_cancel_right[of "(1 + l) * r" "1 / (1 + r)" "l * (1 + r)"] assms(1)
+ by auto
+ hence "(1 / (1 + l)) * (((1 + l) * r) * (1 / (1 + r))) \<le> (1 / (1 + l)) * ((l * (1 + r)) * (1 / (1 + r)))"
+ using linordered_ring_strict_class.mult_le_cancel_left[of "1 / (1 + l)" "((1 + l) * r) * (1 / (1 + r))" "(l * (1 + r)) * (1 / (1 + r))"] assms(2)
+ by auto
+ thus ?thesis
+ using assms by auto
+qed
+
+lemma bounded_dist_mono_strict:
+ fixes r l :: real
+ assumes "0 \<le> r" "0 \<le> l" and "r < l"
+ shows "r / (1 + r) < l / (1 + l)"
+proof -
+ have "(1 + l) * r < l* (1 + r)"
+ using assms by (simp add: distrib_left distrib_right)
+ hence "((1 + l) * r) * (1 / (1 + r)) < (l * (1 + r)) * (1 / (1 + r))"
+ using linordered_ring_strict_class.mult_less_cancel_right[of "(1 + l) * r" "1 / (1 + r)" "l * (1 + r)"] assms(1)
+ by auto
+ hence "(1 / (1 + l)) * (((1 + l) * r) * (1 / (1 + r))) < (1 / (1 + l)) * ((l * (1 + r)) * (1 / (1 + r)))"
+ using linordered_ring_strict_class.mult_less_cancel_left[of "1 / (1 + l)" "((1 + l) * r) * (1 / (1 + r))" "(l * (1 + r)) * (1 / (1 + r))"] assms(2)
+ by auto
+ thus ?thesis
+ using assms by auto
+qed
+
+lemma bounded_dist_mono_inverse:
+ fixes r l :: real
+ assumes "0 \<le> r" "0 \<le> l" and "r / (1 + r) \<le> l / (1 + l)"
+ shows "r \<le> l"
+proof -
+ have "(1 / (1 + l)) * (((1 + l) * r) * (1 / (1 + r))) \<le> (1 / (1 + l)) * ((l * (1 + r)) * (1 / (1 + r)))"
+ using assms by auto
+ hence "((1 + l) * r) * (1 / (1 + r)) \<le> (l * (1 + r)) * (1 / (1 + r))"
+ using linordered_ring_strict_class.mult_le_cancel_left[of "1 / (1 + l)" "((1 + l) * r) * (1 / (1 + r))" "(l * (1 + r)) * (1 / (1 + r))"] assms(2)
+ by auto
+ hence "(1 + l) * r \<le> l* (1 + r)"
+ using linordered_ring_strict_class.mult_le_cancel_right[of "(1 + l) * r" "1 / (1 + r)" "l * (1 + r)"] assms(1)
+ by auto
+ thus ?thesis
+ using assms by (simp add: distrib_left distrib_right)
+qed
+
+lemma bounded_dist_mono_strict_inverse:
+ fixes r l :: real
+ assumes "0 \<le> r" "0 \<le> l" and "r / (1 + r) < l / (1 + l)"
+ shows "r < l"
+proof -
+ have "(1 / (1 + l)) * (((1 + l) * r) * (1 / (1 + r))) < (1 / (1 + l)) * ((l * (1 + r)) * (1 / (1 + r)))"
+ using assms by auto
+ hence "((1 + l) * r) * (1 / (1 + r)) < (l * (1 + r)) * (1 / (1 + r))"
+ using linordered_ring_strict_class.mult_less_cancel_left[of "1 / (1 + l)" "((1 + l) * r) * (1 / (1 + r))" "(l * (1 + r)) * (1 / (1 + r))"] assms(2)
+ by auto
+ hence "(1 + l) * r < l* (1 + r)"
+ using linordered_ring_strict_class.mult_less_cancel_right[of "(1 + l) * r" "1 / (1 + r)" "l * (1 + r)"] assms(1)
+ by auto
+ thus ?thesis
+ using assms by (simp add: distrib_left distrib_right)
+qed
+
+lemma bounded_dist_inverse_comp:
+ fixes \<epsilon> :: real
+ assumes "0 < \<epsilon>" and "\<epsilon> < 1"
+ shows "\<epsilon> = (\<epsilon> / (1 - \<epsilon>)) / (1 + (\<epsilon> / (1 - \<epsilon>)))"
+ (is "_ = ?\<epsilon>' / (1 + ?\<epsilon>')")
+proof -
+ have "1 + \<epsilon> / (1 - \<epsilon>) = (1 - \<epsilon>) / (1 - \<epsilon>) + \<epsilon> / (1 - \<epsilon>)"
+ using assms by auto
+ also have "... = 1 / (1 - \<epsilon>)"
+ by(simp only: division_ring_class.add_divide_distrib[symmetric], simp)
+ finally show "\<epsilon> = ?\<epsilon>' / (1 + ?\<epsilon>')"
+ using assms by simp
+qed
+
+lemma(in metric_set) bounded_dist_dist:
+ shows "metric_set S (bounded_dist dist)"
+ and "bounded_dist dist a b < 1"
+proof -
+ show "metric_set S (bounded_dist dist)"
+ proof
+ show "\<And>x y. 0 \<le> bounded_dist dist x y"
+ "\<And>x y. x \<notin> S \<Longrightarrow> bounded_dist dist x y = 0"
+ "\<And>x y. bounded_dist dist x y = bounded_dist dist y x"
+ using dist_geq0 dist_notin dist_sym
+ by(auto simp: bounded_dist_def)
+ next
+ fix x y
+ assume hxy:"x \<in> S" "y \<in> S"
+ show "x = y \<longleftrightarrow> (bounded_dist dist x y = 0)"
+ proof
+ assume "bounded_dist dist x y = 0"
+ then have "dist x y / (1 + dist x y) = 0"
+ by(simp add: bounded_dist_def)
+ hence "dist x y = 0"
+ using field_class.divide_eq_0_iff[of "d x y"] dist_geq0
+ by (simp add: add_nonneg_eq_0_iff)
+ thus "x = y"
+ using dist_0[OF hxy] by simp
+ qed (simp add: bounded_dist_def dist_0[OF hxy])
+ next
+ fix x y z
+ assume hxyz:"x \<in> S" "y \<in> S" "z \<in> S"
+ have "bounded_dist dist x z \<le> (dist x y + dist y z) / (1 + dist x y + dist y z)"
+ using bounded_dist_mono[OF _ _ dist_tr[OF hxyz],simplified semigroup_add_class.add.assoc[symmetric]] dist_geq0
+ by(simp add: bounded_dist_def)
+ also have "... = dist x y / (1 + dist x y + dist y z) + dist y z / (1 + dist x y + dist y z)"
+ using add_divide_distrib by auto
+ also have "... \<le> bounded_dist dist x y + bounded_dist dist y z"
+ apply(rule add_mono_thms_linordered_semiring(1))
+ unfolding bounded_dist_def
+ using dist_geq0
+ by(auto intro!: linordered_field_class.divide_left_mono linordered_semiring_strict_class.mult_pos_pos add_pos_nonneg )
+ finally show "bounded_dist dist x z \<le> bounded_dist dist x y + bounded_dist dist y z" .
+ qed
+ show "bounded_dist dist a b < 1"
+ using dist_geq0[of a b] by(auto simp: bounded_dist_def)
+qed
+
+lemma(in metric_set) bounded_dist_ball_eq:
+ assumes "x \<in> S" and "\<epsilon> > 0"
+ shows "open_ball x \<epsilon> = metric_set.open_ball S (bounded_dist dist) x (\<epsilon> / (1 + \<epsilon>))"
+proof(rule set_eqI)
+ interpret m2: metric_set S "bounded_dist dist"
+ by(rule bounded_dist_dist)
+ fix y
+ have "y \<in> open_ball x \<epsilon> \<longleftrightarrow> y \<in> S \<and> dist x y < \<epsilon>"
+ using assms by(simp add: open_ball_def)
+ also have "... \<longleftrightarrow> y \<in> S \<and> dist x y / (1 + dist x y) < \<epsilon> / (1 + \<epsilon>)"
+ using bounded_dist_mono_strict[of "dist x y" \<epsilon>] bounded_dist_mono_strict_inverse[of "dist x y" \<epsilon>] dist_geq0 assms(2)
+ by auto
+ also have "... \<longleftrightarrow> y \<in> m2.open_ball x (\<epsilon> / (1 + \<epsilon>))"
+ using assms by(simp add: m2.open_ball_def,simp add: bounded_dist_def)
+ finally show "y \<in> open_ball x \<epsilon> \<longleftrightarrow> y \<in> m2.open_ball x (\<epsilon> / (1 + \<epsilon>))" .
+qed
+
+lemma(in metric_set) bounded_dist_ball_ge1:
+ assumes "x \<in> S" and "1 \<le> \<epsilon>"
+ shows "metric_set.open_ball S (bounded_dist dist) x \<epsilon> = S"
+proof -
+ interpret m2: metric_set S "bounded_dist dist"
+ by(rule bounded_dist_dist)
+ show ?thesis
+ using order.strict_trans2[OF bounded_dist_dist(2)[of x] assms(2)] assms(1)
+ by(auto simp: m2.open_ball_def)
+qed
+
+lemma(in metric_set) bounded_dist_generate_same_topology:
+ "mtopology = metric_set.mtopology S (bounded_dist dist)"
+proof -
+ interpret m2: metric_set S "bounded_dist dist"
+ by(rule bounded_dist_dist)
+ show ?thesis
+ proof(rule metric_generates_same_topology[OF metric_set_axioms bounded_dist_dist(1)])
+ fix x U
+ assume h: "U \<subseteq> S" "\<forall>x\<in>U. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U" "x \<in> U"
+ then obtain \<epsilon> where he:
+ "\<epsilon> > 0" "open_ball x \<epsilon> \<subseteq> U" by auto
+ show "\<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U"
+ using he bounded_dist_ball_eq[of x \<epsilon>] h
+ by(auto intro!: exI[where x="\<epsilon> / (1 + \<epsilon>)"])
+ next
+ fix x U
+ assume h: "U \<subseteq> S" "\<forall>x\<in>U. \<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U" "x \<in> U"
+ then obtain \<epsilon> where he:
+ "\<epsilon> > 0" "m2.open_ball x \<epsilon> \<subseteq> U" by auto
+ consider "\<epsilon> < 1" | "1 \<le> \<epsilon>" by fastforce
+ then show "\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U"
+ proof cases
+ case 1
+ let ?\<epsilon>' = "\<epsilon> / (1 - \<epsilon>)"
+ note 2 = bounded_dist_inverse_comp[OF he(1) 1]
+ have 3:"0 < ?\<epsilon>'"
+ using he 1 by auto
+ show ?thesis
+ using h(1,3) he(2) 3 bounded_dist_ball_eq[of x ?\<epsilon>',simplified 2[symmetric]]
+ by(auto intro!: exI[where x="?\<epsilon>'"])
+ next
+ case 2
+ have "U = S"
+ using bounded_dist_ball_ge1[of x,OF _ 2] h(1,3) he(2)
+ by auto
+ thus ?thesis
+ using open_ball_subset_ofS
+ by(auto intro!: exI[where x=1])
+ qed
+ qed
+qed
+
+lemma(in metric_set) bounded_dist_converge_to_inS_iff:
+ "converge_to_inS xn x \<longleftrightarrow> metric_set.converge_to_inS S (bounded_dist dist) xn x"
+ by(simp add: metric_generates_same_topology_converges[OF metric_set_axioms bounded_dist_dist(1) bounded_dist_generate_same_topology])
+
+lemma(in metric_set) bounded_dist_Cauchy_eq:
+ "Cauchy_inS f \<longleftrightarrow> metric_set.Cauchy_inS S (bounded_dist dist) f"
+proof -
+ interpret m2: metric_set S "bounded_dist dist"
+ by(rule bounded_dist_dist)
+ show ?thesis
+ proof
+ assume h:"Cauchy_inS f"
+ show "m2.Cauchy_inS f"
+ unfolding m2.Cauchy_inS_def2'
+ proof safe
+ fix \<epsilon> :: real
+ assume he: "0 < \<epsilon>"
+ consider "\<epsilon> < 1" | "1 \<le> \<epsilon>" by fastforce
+ then show "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> m2.open_ball x \<epsilon>"
+ proof cases
+ case 1
+ let ?\<epsilon> = "\<epsilon> / (1 - \<epsilon>)"
+ note 2 = bounded_dist_inverse_comp[OF he(1) 1]
+ have 3:"0 < ?\<epsilon>"
+ using he 1 by auto
+ then obtain x N where hxn:
+ "x \<in> S" "\<And>n. n\<ge>N \<Longrightarrow> f n \<in> open_ball x ?\<epsilon>"
+ using Cauchy_inS_def2'[of f] h by blast
+ show ?thesis
+ using hxn bounded_dist_ball_eq[OF hxn(1) 3,simplified 2[symmetric]]
+ by(auto intro!: bexI[where x=x] exI[where x=N])
+ next
+ case 2
+ then show ?thesis
+ using bounded_dist_ball_ge1[of "f 0" \<epsilon>] Cauchy_inS_def2'[of f] h
+ by(auto intro!: bexI[where x="f 0"] exI[where x=0])
+ qed
+ qed(rule Cauchy_inS_dest1[OF h])
+ next
+ assume h:"m2.Cauchy_inS f"
+ show "Cauchy_inS f"
+ unfolding Cauchy_inS_def2'
+ proof safe
+ fix \<epsilon> :: real
+ assume he:"0 < \<epsilon>"
+ then have "0 < \<epsilon> / (1 + \<epsilon>)" by simp
+ then obtain x N where
+ "x \<in> S" "\<And>n. n \<ge>N \<Longrightarrow> f n \<in> m2.open_ball x (\<epsilon> / (1 + \<epsilon>))"
+ using h[simplified m2.Cauchy_inS_def2'] by blast
+ thus "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ using he bounded_dist_ball_eq[of x \<epsilon>]
+ by(auto intro!: bexI[where x=x] exI[where x=N])
+ qed(rule m2.Cauchy_inS_dest1[OF h])
+ qed
+qed
+
+lemma(in complete_metric_set) bounded_dist_complete:
+ "complete_metric_set S (bounded_dist dist)"
+ unfolding complete_metric_set_def complete_metric_set_axioms_def
+ by(auto intro!: bounded_dist_dist convergence simp: bounded_dist_Cauchy_eq[symmetric] metric_generates_same_topology_convergent[OF metric_set_axioms bounded_dist_dist(1) bounded_dist_generate_same_topology,symmetric])
+
+lemma(in polish_metric_set) bounded_dist_polish:
+ "polish_metric_set S (bounded_dist dist)"
+ unfolding polish_metric_set_def
+ using metric_generates_same_topology_separable[OF metric_set_axioms bounded_dist_dist(1) bounded_dist_generate_same_topology]
+ by(auto intro!: bounded_dist_complete separable_metric_set_axioms)
+
+lemma(in metric_set) uniform_continuous_map_bounded_dist_equiv:
+ assumes "metric_set T f"
+ shows "uniform_continuous_map S dist T f = uniform_continuous_map S (bounded_dist dist) T f"
+proof
+ fix g
+ interpret bS: metric_set S "bounded_dist dist"
+ by (rule bounded_dist_dist(1))
+ interpret T: metric_set T f by fact
+ show "uniform_continuous_map S dist T f g = uniform_continuous_map S (bounded_dist dist) T f g"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms T.metric_set_axioms] uniform_continuous_map_def[OF bS.metric_set_axioms T.metric_set_axioms]
+ proof safe
+ fix e :: real
+ assume h: "e > 0" "g \<in> S \<rightarrow> T" "\<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> f (g x) (g y) < \<epsilon>"
+ with h(3) obtain d where d: "d > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d \<Longrightarrow> f (g x) (g y) < e"
+ by metis
+ consider "d \<ge> 1" | "d < 1" by fastforce
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. bounded_dist dist x y < \<delta> \<longrightarrow> f (g x) (g y) < e"
+ proof(safe intro!: exI[where x="d / (1 + d)"])
+ fix x y
+ assume xy:"x \<in> S" "y \<in> S" " bounded_dist dist x y < d / (1 + d)"
+ then have "dist x y < d"
+ using d(1) dist_geq0 bounded_dist_mono_strict_inverse[of "dist x y" d] by(auto simp: bounded_dist_def)
+ thus "f (g x) (g y) < e"
+ by(auto intro!: d xy)
+ qed(use d in auto)
+ next
+ fix e :: real
+ assume h: "e > 0" "g \<in> S \<rightarrow> T" "\<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. bounded_dist dist x y < \<delta> \<longrightarrow> f (g x) (g y) < \<epsilon>"
+ with h(3) obtain d where d: "d > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> bounded_dist dist x y < d \<Longrightarrow> f (g x) (g y) < e"
+ by metis
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> f (g x) (g y) < e"
+ proof(safe intro!: exI[where x=d])
+ fix x y
+ assume xy: "x \<in> S" "y \<in> S" "dist x y < d"
+ then have "bounded_dist dist x y < d"
+ using dist_geq0[of x y] by(auto intro!: order.strict_trans1[OF divide_left_mono[OF le_add_same_cancel1[THEN iffD2,OF dist_geq0,of 1] dist_geq0],simplified] simp: bounded_dist_def)
+ from d(2)[OF xy(1,2) this] show "f (g x) (g y) < e" .
+ qed(use d in auto)
+ qed
+qed
+
+lemma(in metric_set) uniform_continuous_map_bounded_dist_equiv':
+ assumes "metric_set T f"
+ shows "uniform_continuous_map S dist T f = uniform_continuous_map S (bounded_dist dist) T (bounded_dist f)"
+proof
+ fix g
+ interpret bS: metric_set S "bounded_dist dist"
+ by (rule bounded_dist_dist(1))
+ interpret T: metric_set T f by fact
+ interpret bT: metric_set T "bounded_dist f"
+ by(rule T.bounded_dist_dist(1))
+ show "uniform_continuous_map S dist T f g = uniform_continuous_map S (bounded_dist dist) T (bounded_dist f) g"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms T.metric_set_axioms] uniform_continuous_map_def[OF bS.metric_set_axioms bT.metric_set_axioms]
+ proof safe
+ fix e :: real
+ assume h: "e > 0" "g \<in> S \<rightarrow> T" "\<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> f (g x) (g y) < \<epsilon>"
+ with h(3) obtain d where d: "d > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d \<Longrightarrow> f (g x) (g y) < e"
+ by metis
+ consider "d \<ge> 1" | "d < 1" by fastforce
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. bounded_dist dist x y < \<delta> \<longrightarrow> bounded_dist f (g x) (g y) < e"
+ proof(safe intro!: exI[where x="d / (1 + d)"])
+ fix x y
+ assume xy:"x \<in> S" "y \<in> S" " bounded_dist dist x y < d / (1 + d)"
+ then have "dist x y < d"
+ using d(1) dist_geq0 bounded_dist_mono_strict_inverse[of "dist x y" d] by(auto simp: bounded_dist_def)
+ then have "f (g x) (g y) < e"
+ by(auto intro!: d xy)
+ thus "bounded_dist f (g x) (g y) < e"
+ using T.dist_geq0[of "g x" "g y"] by(auto intro!: order.strict_trans1[OF divide_left_mono[OF le_add_same_cancel1[THEN iffD2,OF T.dist_geq0,of 1] T.dist_geq0],simplified] simp: bounded_dist_def )
+ qed(use d in auto)
+ next
+ fix e :: real
+ assume h: "e > 0" "g \<in> S \<rightarrow> T" "\<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. bounded_dist dist x y < \<delta> \<longrightarrow> bounded_dist f (g x) (g y) < \<epsilon>"
+ then have "e / (1 + e) > 0" by auto
+ with h(3) obtain d where d: "d > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> bounded_dist dist x y < d \<Longrightarrow> bounded_dist f (g x) (g y) < e / (1 + e)"
+ by metis
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> f (g x) (g y) < e"
+ proof(safe intro!: exI[where x=d])
+ fix x y
+ assume xy: "x \<in> S" "y \<in> S" "dist x y < d"
+ then have "bounded_dist dist x y < d"
+ using dist_geq0[of x y] by(auto intro!: order.strict_trans1[OF divide_left_mono[OF le_add_same_cancel1[THEN iffD2,OF dist_geq0,of 1] dist_geq0],simplified] simp: bounded_dist_def)
+ from d(2)[OF xy(1,2) this] show "f (g x) (g y) < e"
+ using h(1) T.dist_geq0 by(auto intro!: bounded_dist_mono_strict_inverse[of "f (g x) (g y)" e] simp: bounded_dist_def)
+ qed(use d in auto)
+ qed
+qed
+
+lemma(in metric_set) Urysohn_uniform:
+ assumes "closedin mtopology T" "closedin mtopology U" "T \<inter> U = {}" "\<And>x y. x \<in> T \<Longrightarrow> y \<in> U \<Longrightarrow> dist x y \<ge> e" "e > 0"
+ obtains f :: "'a \<Rightarrow> real"
+ where "uniform_continuous_map S dist UNIV dist_typeclass f"
+ "\<And>x. f x \<ge> 0" "\<And>x. f x \<le> 1" "\<And>x. x \<in> T \<Longrightarrow> f x = 1" "\<And>x. x \<in> U \<Longrightarrow> f x = 0"
+proof -
+ consider "T = {}" | "U = {}" | "T \<noteq> {}" "U \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ define f where "f \<equiv> (\<lambda>x::'a. 0::real)"
+ with 1 have "uniform_continuous_map S dist UNIV dist_typeclass f" "\<And>x. f x \<in>{0..1}" "\<And>x. x \<in> T \<Longrightarrow> f x = 1" "\<And>x. x \<in> U \<Longrightarrow> f x = 0"
+ by(auto intro!: uniform_continuous_map_const[OF metric_set_axioms metric_class_metric_set] simp: f_def)
+ then show ?thesis
+ using that by auto
+ next
+ case 2
+ define f where "f \<equiv> (\<lambda>x::'a. 1::real)"
+ with 2 have "uniform_continuous_map S dist UNIV dist_typeclass f" "\<And>x. f x \<in>{0..1}" "\<And>x. x \<in> T \<Longrightarrow> f x = 1" "\<And>x. x \<in> U \<Longrightarrow> f x = 0"
+ by(auto intro!: uniform_continuous_map_const[OF metric_set_axioms metric_class_metric_set] simp: f_def)
+ then show ?thesis
+ using that by auto
+ next
+ case TU:3
+ then have STU:"S \<noteq> {}" "T \<subseteq> S" "U \<subseteq> S"
+ using assms(1,2) closedin_topspace_empty mtopology_topspace closedin_subset by fastforce+
+ interpret bd: metric_set S "bounded_dist dist"
+ by (rule bounded_dist_dist(1))
+ have e:"\<And>x y. x \<in> T \<Longrightarrow> y \<in> U \<Longrightarrow> bounded_dist dist x y \<ge> e / (1 + e)"
+ using assms by(auto intro!: bounded_dist_mono simp: bounded_dist_def dist_geq0)
+ define f where "f \<equiv> (\<lambda>x. bd.dist_set U x / (bd.dist_set U x + bd.dist_set T x))"
+ have "uniform_continuous_map S dist UNIV dist_typeclass f"
+ unfolding f_def
+ proof(rule uniform_continuous_map_real_devide[where Kf=1 and Kg=2])
+ show "uniform_continuous_map S dist UNIV dist_typeclass (bd.dist_set U)"
+ "uniform_continuous_map S dist UNIV dist_typeclass (\<lambda>x. bd.dist_set U x + bd.dist_set T x)"
+ by(auto simp: uniform_continuous_map_bounded_dist_equiv[OF metric_class_metric_set] bd.dist_set_uniform_continuous intro!: bd.uniform_continuous_map_add)
+ next
+ fix x
+ assume x:"x \<in> S"
+ consider "x \<in> (\<Union>a\<in>U. bd.open_ball a ((e / (1 + e)) / 2))" | "x \<notin> (\<Union>a\<in>U. bd.open_ball a ((e / (1 + e)) / 2))" by auto
+ then show "(e / (1 + e)) / 2 \<le> \<bar>bd.dist_set U x + bd.dist_set T x\<bar>"
+ proof cases
+ case 1
+ have "bd.open_ball x ((e / (1 + e)) / 2) \<inter> T = {}"
+ proof(rule ccontr)
+ assume "bd.open_ball x ((e / (1 + e)) / 2) \<inter> T \<noteq> {}"
+ then obtain y where y:"y \<in> bd.open_ball x ((e / (1 + e)) / 2)" "y \<in> T"
+ by auto
+ obtain u where u:"u \<in> U" "x \<in> bd.open_ball u ((e / (1 + e)) / 2)"
+ using 1 by auto
+ have "bounded_dist dist y u \<le> bounded_dist dist y x + bounded_dist dist x u"
+ using STU u y x by(auto intro!: bd.dist_tr)
+ also have "... < (e / (1 + e)) / 2 + (e / (1 + e)) / 2"
+ using bd.open_ballD[OF u(2)] bd.open_ballD[OF y(1)] by(simp add: bd.dist_sym)
+ also have "... = e / (1 + e)" using assms(5) by linarith
+ finally show False
+ using e[OF y(2) u(1)] by simp
+ qed
+ from bd.dist_set_ball_empty[OF TU(1) STU(2) _ x this] assms
+ have "e / (1 + e) / 2 \<le> bd.dist_set T x" by auto
+ also have "... \<le> \<bar>bd.dist_set U x + bd.dist_set T x\<bar>"
+ using bd.dist_set_geq0 by auto
+ finally show ?thesis .
+ next
+ case 2
+ then have "bd.open_ball x ((e / (1 + e)) / 2) \<inter> U = {}"
+ by(auto simp: bd.open_ball_inverse[of x])
+ from bd.dist_set_ball_empty[OF TU(2) STU(3) _ x this] assms
+ have "e / (1 + e) / 2 \<le> bd.dist_set U x" by auto
+ also have "... \<le> \<bar>bd.dist_set U x + bd.dist_set T x\<bar>"
+ using bd.dist_set_geq0 by auto
+ finally show ?thesis .
+ qed
+ thus "bd.dist_set U x + bd.dist_set T x \<noteq> 0"
+ using bd.dist_set_geq0 assms(5) order_antisym_conv by fastforce
+ next
+ show "0 < e / (1 + e) / 2"
+ using assms by auto
+ next
+ fix x
+ have "\<bar>bd.dist_set U x + bd.dist_set T x\<bar> = bd.dist_set U x + bd.dist_set T x"
+ using bd.dist_set_geq0 by auto
+ also have "... < 2"
+ by (metis add_mono_thms_linordered_field(5) one_add_one bd.dist_set_bounded[OF bounded_dist_dist(2),simplified])
+ finally show "\<bar>bd.dist_set U x + bd.dist_set T x\<bar> < 2" .
+ show "\<bar>bd.dist_set U x\<bar> < 1"
+ using bd.dist_set_geq0 bd.dist_set_bounded[OF bounded_dist_dist(2)] by auto
+ qed
+ moreover have "\<And>x. f x \<in>{0..1}"
+ unfolding f_def
+ proof -
+ fix x
+ have "bd.dist_set U x / (bd.dist_set U x + bd.dist_set T x) \<le> bd.dist_set U x / bd.dist_set U x"
+ proof -
+ consider "bd.dist_set U x = 0" | "bd.dist_set U x > 0"
+ using bd.dist_set_geq0 by (auto simp: less_eq_real_def)
+ thus ?thesis
+ proof cases
+ case 2
+ show ?thesis
+ by(rule divide_left_mono[OF _ _ mult_pos_pos]) (insert 2 bd.dist_set_geq0,simp_all add: add.commute add_nonneg_pos)
+ qed simp
+ qed
+ also have "... \<le> 1" by simp
+ finally show "bd.dist_set U x / (bd.dist_set U x + bd.dist_set T x) \<in> {0..1}"
+ using bd.dist_set_geq0 by auto
+ qed
+ moreover have "f x = 1" if x:"x \<in> T" for x
+ proof -
+ { assume h:"bd.dist_set U x = 0"
+ then have "x \<notin> U" using assms STU x by blast
+ hence False
+ using bd.dist_set_closed_ge0[simplified bounded_dist_generate_same_topology[symmetric],OF assms(2) TU(2),of x] STU h x
+ by auto
+ }
+ thus ?thesis
+ by(auto simp: f_def bd.dist_set_inA x)
+ qed
+ moreover have "\<And>x. x \<in> U \<Longrightarrow> f x = 0"
+ by (auto simp: f_def bd.dist_set_inA)
+ ultimately show ?thesis
+ using that by auto
+ qed
+qed
+
+lemma product_metricI':
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> metric_set (S i) (d i)"
+ shows "product_metric r I (to_nat_on I) (from_nat_into I) S (\<lambda>i x y. if i \<in> I then bounded_dist (d i) x y else 0) 1"
+proof -
+ have "\<And>i. i \<in> I \<Longrightarrow> metric_set (S i) (bounded_dist (d i))"
+ "\<And>i x y. i \<in> I \<Longrightarrow> bounded_dist (d i) x y \<le> 1"
+ using assms(4) by(auto intro!: metric_set.bounded_dist_dist(1) less_imp_le[OF metric_set.bounded_dist_dist(2)])
+ thus ?thesis
+ by(auto intro!: product_metricI[OF assms(1-3)] simp: metric_set_def)
+qed
+
+lemma product_complete_metricI':
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (S i) (d i)"
+ shows "product_complete_metric r I (to_nat_on I) (from_nat_into I) S (\<lambda>i x y. if i \<in> I then bounded_dist (d i) x y else 0) 1"
+proof -
+ have "\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (S i) (bounded_dist (d i))"
+ "\<And>i x y. i \<in> I \<Longrightarrow> bounded_dist (d i) x y \<le> 1"
+ using assms(4) by(auto intro!: metric_set.bounded_dist_dist(1) less_imp_le[OF metric_set.bounded_dist_dist(2)] simp: complete_metric_set_def) (simp add: assms(4) complete_metric_set.axioms(2) complete_metric_set.bounded_dist_complete)
+ thus ?thesis
+ by(auto intro!: product_complete_metricI[OF assms(1-3)] simp: complete_metric_set_def) (metis metric_set.dist_geq0)
+qed
+
+lemma product_complete_metric_natI':
+ assumes "0 < r" "r < 1" "\<And>n. complete_metric_set (S n) (d n)"
+ shows "product_complete_metric r UNIV id id S (\<lambda>n. bounded_dist (d n)) 1"
+proof -
+ have "\<And>n. complete_metric_set (S n) (bounded_dist (d n))"
+ "\<And>n x y. bounded_dist (d n) x y \<le> 1"
+ using assms(3) by(auto intro!: metric_set.bounded_dist_dist(1) less_imp_le[OF metric_set.bounded_dist_dist(2)] simp: complete_metric_set_def) (simp add: assms(3) complete_metric_set.axioms(2) complete_metric_set.bounded_dist_complete)
+ thus ?thesis
+ by(auto intro!: product_complete_metric_natI[OF assms(1,2)]) (meson complete_metric_set_def metric_set.dist_geq0)
+qed
+
+lemma product_polish_metricI':
+ assumes "0 < r" "r < 1" "countable I" "\<And>i. i \<in> I \<Longrightarrow> polish_metric_set (S i) (d i)"
+ shows "product_polish_metric r I (to_nat_on I) (from_nat_into I) S (\<lambda>i x y. if i \<in> I then bounded_dist (d i) x y else 0) 1"
+proof -
+ have "\<And>i. i \<in> I \<Longrightarrow> metric_set (S i) (bounded_dist (d i))"
+ "\<And>i x y. i \<in> I \<Longrightarrow> bounded_dist (d i) x y \<le> 1"
+ using assms(4) by(auto intro!: metric_set.bounded_dist_dist(1) less_imp_le[OF metric_set.bounded_dist_dist(2)] simp: polish_metric_set_def complete_metric_set_def)
+ thus ?thesis
+ using assms(4) by(auto intro!: product_polish_metricI[OF assms(1-3)] polish_metric_set.bounded_dist_polish simp: metric_set_def)
+qed
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/Set_Based_Metric_Space.thy b/thys/Standard_Borel_Spaces/Set_Based_Metric_Space.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/Set_Based_Metric_Space.thy
@@ -0,0 +1,5283 @@
+(* Title: Set_Based_Metric_Space.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+section \<open>Set-Based Metric Spaces\<close>
+theory Set_Based_Metric_Space
+ imports Lemmas_StandardBorel
+begin
+
+subsection \<open>Set-Based Metric Spaces \<close>
+locale metric_set =
+ fixes S :: "'a set"
+ and dist :: "'a \<Rightarrow> 'a \<Rightarrow> real"
+ assumes dist_geq0: "\<And>x y. dist x y \<ge> 0"
+ and dist_notin: "\<And>x y. x \<notin> S \<Longrightarrow> dist x y = 0"
+ and dist_0: "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> (x = y) = (dist x y = 0)"
+ and dist_sym: "\<And>x y. dist x y = dist y x"
+ and dist_tr: "\<And>x y z. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> z \<in> S \<Longrightarrow> dist x z \<le> dist x y + dist y z"
+
+lemma metric_class_metric_set[simp]: "metric_set UNIV dist"
+ by standard (auto simp: dist_commute dist_triangle)
+
+context metric_set
+begin
+
+abbreviation "dist_typeclass \<equiv> Real_Vector_Spaces.dist"
+
+lemma dist_notin':
+ assumes "y \<notin> S"
+ shows "dist x y = 0"
+ by(auto simp: dist_sym[of x y] intro!: dist_notin assms)
+
+lemma dist_ge0:
+ assumes "x \<in> S" "y \<in> S"
+ shows "x \<noteq> y \<longleftrightarrow> dist x y > 0"
+ using dist_0[OF assms] dist_geq0[of x y] by auto
+
+lemma dist_0'[simp]: "dist x x = 0"
+ by(cases "x \<in> S") (use dist_notin dist_0 in auto)
+
+lemma dist_tr_abs:
+ assumes "x \<in> S" "y \<in> S" "z \<in> S"
+ shows "\<bar>dist x y - dist y z\<bar> \<le> dist x z"
+ using dist_tr[OF assms(1,3,2),simplified dist_sym[of z]] dist_tr[OF assms(2,1,3),simplified dist_sym[of _ x]]
+ by auto
+
+text \<open> Ball \<close>
+definition open_ball :: "'a \<Rightarrow> real \<Rightarrow> 'a set" where
+"open_ball a r \<equiv> if a \<in> S then {x \<in> S. dist a x < r} else {}"
+
+lemma open_ball_subset_ofS: "open_ball a \<epsilon> \<subseteq> S"
+ by(auto simp: open_ball_def)
+
+lemma open_ballD:
+ assumes "x \<in> open_ball a \<epsilon>"
+ shows "dist a x < \<epsilon>"
+proof -
+ have [simp]:"a \<in> S"
+ apply(rule ccontr) using assms by(simp add: open_ball_def)
+ show ?thesis
+ using assms by(simp add: open_ball_def)
+qed
+
+lemma open_ballD':
+ assumes "x \<in> open_ball a \<epsilon>"
+ shows "x \<in> S" "a \<in> S" "\<epsilon> > 0"
+proof -
+ have 1:"a \<in> S"
+ apply(rule ccontr)
+ using assms by(auto simp: open_ball_def)
+ have 2:"x \<in> S"
+ apply(rule ccontr)
+ using assms 1 by(auto simp: open_ball_def)
+ have 3: "dist a x < \<epsilon>"
+ using assms by(simp add: 1 2 open_ball_def)
+ show "\<epsilon> > 0"
+ apply(rule ccontr)
+ using 3 dist_geq0[of a x] by auto
+ show "x \<in> S" "a \<in> S"
+ by fact+
+qed
+
+lemma open_ball_inverse:
+ "x \<in> open_ball y \<epsilon> \<longleftrightarrow> y \<in> open_ball x \<epsilon>"
+proof -
+ have 0:"\<And>x y. x \<in> open_ball y \<epsilon> \<Longrightarrow> y \<in> open_ball x \<epsilon>"
+ proof -
+ fix x y
+ assume 1:"x \<in> open_ball y \<epsilon>"
+ show "y \<in> open_ball x \<epsilon>"
+ using open_ballD'[OF 1] dist_sym[of y x] 1 by(simp add: open_ball_def)
+ qed
+ show ?thesis
+ using 0[of x y] 0[of y x] by auto
+qed
+
+lemma open_ball_ina[simp]:
+ assumes "a \<in> S" and "\<epsilon> > 0"
+ shows "a \<in> open_ball a \<epsilon>"
+ using assms dist_0[of a a] by(simp add: open_ball_def)
+
+lemma open_ball_nin_le:
+ assumes "a \<in> S" "\<epsilon> > 0" "b \<in> S" "b \<notin> open_ball a \<epsilon>"
+ shows "\<epsilon> \<le> dist a b"
+ using assms by(simp add: open_ball_def)
+
+lemma open_ball_le:
+ assumes "r \<le> l"
+ shows "open_ball a r \<subseteq> open_ball a l"
+ using assms by(auto simp: open_ball_def)
+
+lemma open_ball_le_0:
+ assumes "\<epsilon> \<le> 0"
+ shows "open_ball a \<epsilon> = {}"
+ using assms dist_geq0[of a]
+ by(auto simp: open_ball_def) (meson linorder_not_less order_trans)
+
+lemma open_ball_nin:
+ assumes "a \<notin> S"
+ shows "open_ball a \<epsilon> = {}"
+ by(simp add: open_ball_def assms)
+
+definition closed_ball :: "'a \<Rightarrow> real \<Rightarrow> 'a set" where
+"closed_ball a r \<equiv> if a \<in> S then {x \<in> S. dist a x \<le> r} else {}"
+
+lemma closed_ball_subset_ofS:
+ "closed_ball a \<epsilon> \<subseteq> S"
+ by(auto simp: closed_ball_def)
+
+lemma closed_ballD:
+ assumes "x \<in> closed_ball a \<epsilon>"
+ shows "dist a x \<le> \<epsilon>"
+proof -
+ have [simp]:"a \<in> S"
+ apply(rule ccontr) using assms by(simp add: closed_ball_def)
+ show ?thesis
+ using assms by(simp add: closed_ball_def)
+qed
+
+lemma closed_ballD':
+ assumes "x \<in> closed_ball a \<epsilon>"
+ shows "x \<in> S" "a \<in> S" "\<epsilon> \<ge> 0"
+proof -
+ have 1:"a \<in> S"
+ apply(rule ccontr)
+ using assms by(auto simp: closed_ball_def)
+ have 2:"x \<in> S"
+ apply(rule ccontr)
+ using assms 1 by(auto simp: closed_ball_def)
+ have 3: "dist a x \<le> \<epsilon>"
+ using assms by(simp add: 1 2 closed_ball_def)
+ show "\<epsilon> \<ge> 0"
+ apply(rule ccontr)
+ using 3 dist_geq0[of a x] by auto
+ show "x \<in> S" "a \<in> S"
+ by fact+
+qed
+
+lemma closed_ball_ina[simp]:
+ assumes "a \<in> S" and "\<epsilon> \<ge> 0"
+ shows "a \<in> closed_ball a \<epsilon>"
+ using assms dist_0[of a a] by(simp add: closed_ball_def)
+
+lemma closed_ball_le:
+ assumes "r \<le> l"
+ shows "closed_ball a r \<subseteq> closed_ball a l"
+ using closed_ballD'[of _ a r] closed_ballD[of _ a r] assms
+ by(fastforce simp: closed_ball_def[of _ l])
+
+lemma closed_ball_le_0:
+ assumes "\<epsilon> < 0"
+ shows "closed_ball a \<epsilon> = {}"
+ using assms dist_geq0[of a]
+ by(auto simp: closed_ball_def) (meson linorder_not_less order_trans)
+
+lemma closed_ball_0:
+ assumes "a \<in> S"
+ shows "closed_ball a 0 = {a}"
+ using assms dist_0[OF assms assms] dist_0[OF assms] dist_geq0[of a] order_antisym_conv
+ by(auto simp: closed_ball_def)
+
+lemma closed_ball_nin:
+ assumes "a \<notin> S"
+ shows "closed_ball a \<epsilon> = {}"
+ by(simp add: closed_ball_def assms)
+
+lemma open_ball_closed_ball:
+ "open_ball a \<epsilon> \<subseteq> closed_ball a \<epsilon>"
+ using open_ballD'[of _ a \<epsilon>] open_ballD[of _ a \<epsilon>]
+ by(fastforce simp: closed_ball_def)
+
+lemma closed_ball_open_ball:
+ assumes "e < f"
+ shows "closed_ball a e \<subseteq> open_ball a f"
+ using closed_ballD'[of _ a e] closed_ballD[of _ a e] assms
+ by(fastforce simp: open_ball_def)
+
+lemma closed_ball_open_ball_un1:
+ assumes "e > 0"
+ shows "open_ball a e \<union> {x\<in>S. dist a x = e} = closed_ball a e"
+ using assms dist_notin by(auto simp: open_ball_def closed_ball_def)
+
+lemma closed_ball_open_ball_un2:
+ assumes "a \<in> S"
+ shows "open_ball a e \<union> {x\<in>S. dist a x = e} = closed_ball a e"
+ using assms by(auto simp: open_ball_def closed_ball_def)
+
+definition mtopology :: "'a topology" where
+"mtopology = topology (\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U))"
+
+lemma mtopology_istopology:
+ "istopology (\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U))"
+ unfolding istopology_def
+proof safe
+ fix U1 U2 x
+ assume h1: "U1 \<subseteq> S" "\<forall>y\<in>U1. \<exists>\<epsilon>>0. open_ball y \<epsilon> \<subseteq> U1"
+ and h2: "U2 \<subseteq> S" "\<forall>y\<in>U2. \<exists>\<epsilon>>0. open_ball y \<epsilon> \<subseteq> U2"
+ and hx: "x \<in> U1" "x \<in> U2"
+ obtain \<epsilon>1 \<epsilon>2 where
+ "\<epsilon>1 > 0" "\<epsilon>2 > 0""open_ball x \<epsilon>1 \<subseteq> U1" "open_ball x \<epsilon>2 \<subseteq> U2"
+ using h1 h2 hx by blast
+ thus "\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U1 \<inter> U2"
+ using open_ball_le[of "min \<epsilon>1 \<epsilon>2" \<epsilon>1 x] open_ball_le[of "min \<epsilon>1 \<epsilon>2" \<epsilon>2 x]
+ by(auto intro!: exI[where x="min \<epsilon>1 \<epsilon>2"])
+next
+ fix \<K> U x
+ assume h:"\<forall>K\<in>\<K>. K \<subseteq> S \<and> (\<forall>x\<in>K. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> K)"
+ "U \<in> \<K>" "x \<in> U"
+ then obtain \<epsilon> where
+ "\<epsilon> > 0" "open_ball x \<epsilon> \<subseteq> U"
+ by blast
+ thus "\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> \<Union> \<K>"
+ using h(2) by(auto intro!: exI[where x=\<epsilon>])
+qed auto
+
+lemma mtopology_openin_iff:
+ "openin mtopology U \<longleftrightarrow> U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U)"
+ by (simp add: mtopology_def mtopology_istopology)
+
+lemma mtopology_topspace: "topspace mtopology = S"
+ unfolding topspace_def mtopology_def topology_inverse'[OF mtopology_istopology]
+proof -
+ have "\<forall>x\<in>S. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> S"
+ by(auto intro!: exI[where x=1] simp: open_ball_def)
+ thus "\<Union> {U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U)} = S"
+ by auto
+qed
+
+lemma openin_S[simp]: "openin mtopology S"
+ by (metis openin_topspace mtopology_topspace)
+
+lemma mtopology_open_ball_in':
+ assumes "x \<in> open_ball a \<epsilon>"
+ shows "\<exists>\<epsilon>'>0. open_ball x \<epsilon>' \<subseteq> open_ball a \<epsilon>"
+proof -
+ show "\<exists>\<epsilon>'>0. open_ball x \<epsilon>' \<subseteq> open_ball a \<epsilon>"
+ proof(intro exI[where x="\<epsilon> - dist a x"] conjI)
+ show "0 < \<epsilon> - dist a x"
+ using open_ballD'[OF assms] open_ballD[OF assms] by auto
+ next
+ show "open_ball x (\<epsilon> - dist a x) \<subseteq> open_ball a \<epsilon>"
+ proof
+ fix y
+ assume hy:"y \<in> open_ball x (\<epsilon> - dist a x)"
+ show "y \<in> open_ball a \<epsilon>"
+ using open_ballD[OF hy] open_ballD[OF assms] open_ballD'(2)[OF assms] dist_tr[OF open_ballD'(2)[OF assms] open_ballD'(1)[OF assms] open_ballD'(1)[OF hy]]
+ by(auto simp: open_ball_def assms(1) open_ballD'[OF hy])
+ qed
+ qed
+qed
+
+lemma mtopology_open_ball_in:
+ assumes "a \<in> S" and "\<epsilon> > 0"
+ shows "openin mtopology (open_ball a \<epsilon>)"
+ using mtopology_open_ball_in' topology_inverse'[OF mtopology_istopology] open_ball_subset_ofS mtopology_def
+ by auto
+
+lemma openin_open_ball: "openin mtopology (open_ball a \<epsilon>)"
+proof -
+ consider "a \<in> S \<and> \<epsilon> > 0" | "a \<notin> S" | "\<epsilon> \<le> 0" by fastforce
+ thus ?thesis
+ by cases (simp_all add: mtopology_open_ball_in open_ball_le_0 open_ball_nin)
+qed
+
+lemma closedin_closed_ball: "closedin mtopology (closed_ball a \<epsilon>)"
+ unfolding closedin_def mtopology_topspace mtopology_openin_iff
+proof safe
+ fix x
+ assume h:"x \<in> S" "x \<notin> closed_ball a \<epsilon>"
+ consider "a \<notin> S" | "\<epsilon> < 0" | "a \<in> S" "\<epsilon> \<ge> 0" by fastforce
+ thus "\<exists>\<epsilon>'>0. open_ball x \<epsilon>' \<subseteq> S - closed_ball a \<epsilon>"
+ proof cases
+ case 3
+ then have "dist a x > \<epsilon>"
+ using h by(auto simp: closed_ball_def)
+ show ?thesis
+ proof(intro exI[where x="dist a x - \<epsilon>"] conjI)
+ show "open_ball x (dist a x - \<epsilon>) \<subseteq> S - closed_ball a \<epsilon>"
+ proof safe
+ fix z
+ assume h':"z \<in> open_ball x (dist a x - \<epsilon>)" "z \<in> closed_ball a \<epsilon>"
+ have "dist a x \<le> dist a z + dist z x"
+ by(auto intro!: dist_tr 3 open_ballD'[OF h'(1)])
+ also have "... \<le> \<epsilon> + dist z x"
+ using closed_ballD[OF h'(2)] by simp
+ also have "... < dist a x"
+ using open_ballD[OF h'(1),simplified dist_sym[of x]] by auto
+ finally show False ..
+ qed(use open_ball_subset_ofS \<open>dist a x > \<epsilon>\<close> in auto)
+ qed(use open_ball_subset_ofS \<open>dist a x > \<epsilon>\<close> in auto)
+ qed(auto simp: closed_ball_nin closed_ball_le_0 open_ball_subset_ofS intro!: exI[where x=1])
+qed(use closed_ball_subset_ofS in auto)
+
+lemma mtopology_def2:
+ "mtopology = topology_generated_by {open_ball a \<epsilon> | a \<epsilon>. a \<in> S \<and> \<epsilon> > 0}"
+ (is "?lhs = ?rhs")
+proof -
+ have "\<And>U. openin ?lhs U = openin ?rhs U"
+ proof
+ fix U
+ assume h:"openin mtopology U"
+ then have "\<forall>x\<in> U. \<exists>\<epsilon> > 0. open_ball x \<epsilon> \<subseteq> U"
+ using topology_inverse'[OF mtopology_istopology]
+ by(simp add: mtopology_def)
+ then obtain \<epsilon> where he:
+ "\<And>x. x \<in> U \<Longrightarrow> \<epsilon> x > 0 \<and> open_ball x (\<epsilon> x) \<subseteq> U"
+ using bchoice[of U "\<lambda>x \<epsilon>. \<epsilon> > 0 \<and> open_ball x \<epsilon> \<subseteq> U"]
+ by blast
+ have "U = \<Union>{open_ball x (\<epsilon> x)|x. x\<in> U}"
+ proof
+ show "\<Union> {open_ball x (\<epsilon> x) |x. x \<in> U} \<subseteq> U"
+ using he by auto
+ next
+ show "U \<subseteq> \<Union> {open_ball x (\<epsilon> x) |x. x \<in> U}"
+ proof
+ fix a
+ assume ha:"a \<in> U"
+ then have "a \<in> open_ball a (\<epsilon> a)"
+ using he[of a] open_ball_ina[of a "\<epsilon> a"] openin_subset[OF h,simplified]
+ by(auto simp: mtopology_topspace)
+ thus "a \<in> \<Union> {open_ball x (\<epsilon> x) |x. x \<in> U}"
+ using ha by auto
+ qed
+ qed
+ also have "generate_topology_on {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>} ..."
+ apply(rule generate_topology_on.UN)
+ apply(rule generate_topology_on.Basis)
+ using he openin_subset[OF h,simplified]
+ by(fastforce simp: mtopology_topspace)
+ finally show "openin (topology_generated_by {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}) U"
+ by (simp add: openin_topology_generated_by_iff)
+ next
+ fix U
+ assume "openin (topology_generated_by {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}) U"
+ then have "generate_topology_on {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>} U"
+ by (simp add: openin_topology_generated_by_iff)
+ thus "openin mtopology U"
+ apply induction
+ using mtopology_open_ball_in
+ by auto
+ qed
+ thus ?thesis
+ by(simp add: topology_eq)
+qed
+
+abbreviation mtopology_subbasis :: "'a set set \<Rightarrow> bool" where
+"mtopology_subbasis \<O> \<equiv> subbase_of mtopology \<O>"
+
+lemma mtopology_subbasis1:
+ "mtopology_subbasis {open_ball a \<epsilon> | a \<epsilon>. a \<in> S \<and> \<epsilon> > 0}"
+ by(simp add: mtopology_def2 subbase_of_def)
+
+abbreviation mtopology_basis :: "'a set set \<Rightarrow> bool" where
+"mtopology_basis \<O> \<equiv> base_of mtopology \<O>"
+
+lemma mtopology_basis_ball:
+ "mtopology_basis {open_ball a \<epsilon> | a \<epsilon>. a \<in> S \<and> \<epsilon> > 0}"
+ unfolding base_of_def
+proof -
+ show "\<forall>U. openin mtopology U = (\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>})"
+ proof safe
+ fix U
+ assume "openin mtopology U"
+ then have "U \<subseteq> S" "\<And>x. x\<in>U \<Longrightarrow> \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U"
+ by(auto simp: mtopology_openin_iff)
+ then obtain \<epsilon> where he:
+ "\<And>x. x \<in> U \<Longrightarrow> \<epsilon> x > 0" "\<And>x. x \<in> U \<Longrightarrow> open_ball x (\<epsilon> x) \<subseteq> U"
+ by metis
+ hence "(\<Union> { open_ball x (\<epsilon> x) | x. x \<in> U}) = U"
+ using \<open>U \<subseteq> S\<close> open_ball_ina[of _ "\<epsilon> _"] by fastforce
+ thus "\<exists>\<U>. U = \<Union> \<U> \<and> \<U> \<subseteq> {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}"
+ using he(1) \<open>U \<subseteq> S\<close> by(fastforce intro!: exI[where x="{ open_ball x (\<epsilon> x) | x. x \<in> U}"])
+ qed(use mtopology_open_ball_in in blast)
+qed
+
+abbreviation sequence :: "(nat \<Rightarrow> 'a) set" where
+"sequence \<equiv> UNIV \<rightarrow> S"
+
+lemma sequence_comp:
+ "xn \<in> sequence \<Longrightarrow> (\<lambda>n. (xn (a n))) \<in> sequence"
+ "xn \<in> sequence \<Longrightarrow> xn \<circ> an \<in> sequence"
+ by auto
+
+definition converge_to_inS :: "[nat \<Rightarrow> 'a, 'a] \<Rightarrow> bool" where
+"converge_to_inS f s \<equiv> f \<in> sequence \<and> s \<in> S \<and> (\<lambda>n. dist (f n) s) \<longlonglongrightarrow> 0"
+
+lemma converge_to_inS_const:
+ assumes "x \<in> S"
+ shows "converge_to_inS (\<lambda>n. x) x"
+ using assms dist_0[of x x] by(simp add: converge_to_inS_def)
+
+lemma converge_to_inS_subseq:
+ assumes "strict_mono a" "converge_to_inS f s"
+ shows "converge_to_inS (f \<circ> a) s"
+proof -
+ have "((\<lambda>n. dist (f n) s) \<circ> a) \<longlonglongrightarrow> 0"
+ using assms by(auto intro!: LIMSEQ_subseq_LIMSEQ simp: converge_to_inS_def)
+ thus ?thesis
+ using assms by(auto simp: converge_to_inS_def comp_def)
+qed
+
+lemma converge_to_inS_ignore_initial:
+ assumes "converge_to_inS xn x"
+ shows "converge_to_inS (\<lambda>n. xn (n + k)) x"
+ using LIMSEQ_ignore_initial_segment[of "\<lambda>n. dist (xn n) x" 0 k] assms
+ by(auto simp: converge_to_inS_def)
+
+lemma converge_to_inS_offset:
+ assumes "converge_to_inS (\<lambda>n. xn (n + k)) x" "xn \<in> sequence"
+ shows "converge_to_inS xn x"
+ using LIMSEQ_offset[of "\<lambda>n. dist (xn n) x" k] assms
+ by(auto simp: converge_to_inS_def)
+
+lemma converge_to_inS_def2:
+ "converge_to_inS f s \<longleftrightarrow> (f \<in> sequence \<and> s \<in> S \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>))"
+proof
+ assume h:"converge_to_inS f s "
+ show "f \<in> sequence \<and> s \<in> S \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>)"
+ proof safe
+ fix \<epsilon> :: real
+ assume he:"0 < \<epsilon>"
+ have hs:"\<And>S. open S \<Longrightarrow> 0 \<in> S \<Longrightarrow> (\<exists>N. \<forall>n\<ge>N. dist (f n) s \<in> S)"
+ using h lim_explicit[of "\<lambda>n. dist (f n) s" 0]
+ by(simp add: converge_to_inS_def)
+ then obtain N where
+ "\<forall>n\<ge>N. dist (f n) s \<in> {-1<..<\<epsilon>}"
+ using hs[of "{-1<..<\<epsilon>}"] he by fastforce
+ thus "\<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>"
+ by(auto intro!: exI[where x=N])
+ qed(use h[simplified converge_to_inS_def] in auto)
+next
+ assume h:"f \<in> sequence \<and> s \<in> S \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>)"
+ have "\<forall>S. open S \<longrightarrow> 0 \<in> S \<longrightarrow> (\<exists>N. \<forall>n\<ge>N. dist (f n) s \<in> S)"
+ proof safe
+ fix S :: "real set"
+ assume hs:"open S" "0 \<in> S"
+ then obtain \<epsilon> where he:
+ "\<epsilon> > 0" "ball 0 \<epsilon> \<subseteq> S"
+ using open_contains_ball[of S] by fastforce
+ then obtain N where
+ "\<forall>n\<ge>N. dist (f n) s < \<epsilon>"
+ using h by auto
+ thus "\<exists>N. \<forall>n\<ge>N. dist (f n) s \<in> S"
+ using he dist_geq0 by(auto intro!: exI[where x=N])
+ qed
+ thus "converge_to_inS f s "
+ using lim_explicit[of "\<lambda>n. dist (f n) s" 0] h
+ by(simp add: converge_to_inS_def)
+qed
+
+lemma converge_to_inS_def2':
+ "converge_to_inS f s \<longleftrightarrow> (f \<in> sequence \<and> s \<in> S \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. (f n) \<in> open_ball s \<epsilon>))"
+ unfolding converge_to_inS_def2 open_ball_def dist_sym[of s]
+ by fastforce
+
+lemma converge_to_inS_unique:
+ assumes "converge_to_inS f x" "converge_to_inS f y"
+ shows "x = y"
+proof -
+ have inS:"\<And>n. f n \<in> S" "x \<in> S" "y \<in> S"
+ using assms by(auto simp: converge_to_inS_def)
+ have "\<bar>dist x y\<bar> < \<epsilon>" if "\<epsilon> > 0" for \<epsilon>
+ proof -
+ have "0 < \<epsilon> / 2" using that by simp
+ then obtain N1 N2 where hn:
+ "\<And>n. n \<ge> N1 \<Longrightarrow> dist (f n) x < \<epsilon> / 2" "\<And>n. n \<ge> N2 \<Longrightarrow> dist (f n) y < \<epsilon> / 2"
+ using assms converge_to_inS_def2 by blast
+ have "dist x y \<le> dist (f (max N1 N2)) x + dist (f (max N1 N2)) y"
+ unfolding dist_sym[of "f (max N1 N2)" x] by(rule dist_tr[OF inS(2) inS(1)[of "max N1 N2"] inS(3)])
+ also have "... < \<epsilon> / 2 + \<epsilon> / 2"
+ by(rule add_strict_mono) (use hn[of "max N1 N2"] in auto)
+ finally show ?thesis
+ using dist_geq0[of x y] by simp
+ qed
+ hence "dist x y = 0"
+ using zero_less_abs_iff by blast
+ thus ?thesis
+ using dist_0[OF inS(2,3)] by simp
+qed
+
+lemma mtopology_closedin_iff: "closedin mtopology M \<longleftrightarrow> M \<subseteq> S \<and> (\<forall>f\<in>(UNIV \<rightarrow> M). \<forall>s. converge_to_inS f s \<longrightarrow> s \<in> M)"
+proof
+ assume "closedin mtopology M"
+ then have h:"\<forall>x\<in>S - M. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> S - M"
+ by (simp add: closedin_def mtopology_openin_iff mtopology_topspace)
+ show "M \<subseteq> S \<and> (\<forall>f\<in>UNIV \<rightarrow> M. \<forall>s. converge_to_inS f s \<longrightarrow> s \<in> M)"
+ proof safe
+ fix f :: "nat \<Rightarrow> 'a" and s
+ assume hf:"f \<in> UNIV \<rightarrow> M" "converge_to_inS f s"
+ show "s \<in> M"
+ proof(rule ccontr)
+ assume "s \<notin> M"
+ then have "s \<in> S - M"
+ using hf(2) by(auto simp: converge_to_inS_def)
+ then obtain \<epsilon> where "\<epsilon> > 0" "open_ball s \<epsilon> \<subseteq> S - M"
+ using h by auto
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> open_ball s \<epsilon>"
+ using hf(2) by(auto simp: converge_to_inS_def2') metis
+ from \<open>open_ball s \<epsilon> \<subseteq> S - M\<close> this[of N] hf(1)
+ show False by auto
+ qed
+ qed(rule subsetD[OF closedin_subset[OF \<open>closedin mtopology M\<close>,simplified mtopology_topspace]])
+next
+ assume h:"M \<subseteq> S \<and> (\<forall>f\<in>UNIV \<rightarrow> M. \<forall>s. converge_to_inS f s \<longrightarrow> s \<in> M)"
+ show "closedin mtopology M"
+ unfolding closedin_def mtopology_openin_iff mtopology_topspace
+ proof safe
+ fix x
+ assume "x \<in> S" "x \<notin> M"
+ show "\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> S - M"
+ proof(rule ccontr)
+ assume "\<not> (\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> S - M)"
+ then have "\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {}"
+ by (metis Diff_mono Diff_triv open_ball_subset_ofS subset_refl)
+ hence "\<forall>n. \<exists>a. a \<in> open_ball x (1 / real (Suc n)) \<inter> M"
+ by (meson of_nat_0_less_iff subsetI subset_empty zero_less_Suc zero_less_divide_1_iff)
+ then obtain f where hf:"\<And>n. f n \<in> open_ball x (1 / (Suc n)) \<inter> M" by metis
+ hence "f \<in> UNIV \<rightarrow> M" by auto
+ moreover have "converge_to_inS f x"
+ unfolding converge_to_inS_def2'
+ proof safe
+ show "f x \<in> S" for x
+ using h hf by auto
+ next
+ fix \<epsilon>
+ assume "(0::real) < \<epsilon>"
+ then obtain N where "1 / real (Suc N) < \<epsilon>"
+ using nat_approx_posE by blast
+ show "\<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ proof(rule exI[where x=N])
+ show "\<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ proof safe
+ fix n
+ assume "N \<le> n"
+ then have "1 / real (Suc n) \<le> 1 / real (Suc N)"
+ by (simp add: frac_le)
+ also have "... \<le> \<epsilon>"
+ using \<open>1 / real (Suc N) < \<epsilon>\<close> by simp
+ finally show "f n \<in> open_ball x \<epsilon>"
+ using open_ball_le[of "1 / real (Suc n)" \<epsilon> x] hf by auto
+ qed
+ qed
+ qed fact
+ ultimately show False
+ using h \<open>x \<notin> M\<close> by blast
+ qed
+ qed(use h in auto)
+qed
+
+lemma mtopology_closedin_iff2: "closedin mtopology M \<longleftrightarrow> M \<subseteq> S \<and> (\<forall>x. x \<in> M \<longleftrightarrow> (\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {}))"
+proof
+ assume h:"closedin mtopology M"
+ have 1: "M \<subseteq> S"
+ using h by(auto simp add: mtopology_closedin_iff)
+ show "M \<subseteq> S \<and> (\<forall>x. (x \<in> M) = (\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {}))"
+ proof safe
+ fix \<epsilon> x
+ assume "x \<in> M" "(0 :: real) < \<epsilon>" "open_ball x \<epsilon> \<inter> M = {}"
+ thus False
+ using open_ball_ina[of x \<epsilon>] 1 by blast
+ next
+ fix x
+ assume "\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {}"
+ hence "\<exists>f. f \<in> open_ball x (1 / real (Suc n)) \<inter> M" for n
+ by (meson all_not_in_conv divide_pos_pos of_nat_0_less_iff zero_less_Suc zero_less_one)
+ then obtain f where hf:"\<And>n. f n \<in> open_ball x (1 / real (Suc n)) \<inter> M"
+ by metis
+ hence "x \<in> S" "f \<in> UNIV \<rightarrow> M"
+ using open_ballD'(2)[of "f 0" x] by auto
+ have "converge_to_inS f x"
+ unfolding converge_to_inS_def2'
+ proof safe
+ show "\<And>x. f x \<in> S"
+ using 1 \<open>f \<in> UNIV \<rightarrow> M\<close> by auto
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where hN: "1 / real (Suc N) < \<epsilon>"
+ using nat_approx_posE by blast
+ show "\<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ proof(rule exI[where x="N"])
+ show "\<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ proof safe
+ fix n
+ assume "N \<le> n"
+ then have "1 / real (Suc n) \<le> 1 / real (Suc N)"
+ using inverse_of_nat_le by blast
+ thus "f n \<in> open_ball x \<epsilon> "
+ using hf[of n] open_ball_le[of "1 / real (Suc n)" "\<epsilon>" x] hN
+ by auto
+ qed
+ qed
+ qed fact
+ with \<open>f \<in> UNIV \<rightarrow> M\<close> show "x \<in> M"
+ using h[simplified mtopology_closedin_iff] by simp
+ qed(use 1 in auto)
+next
+ assume"M \<subseteq> S \<and> (\<forall>x. (x \<in> M) \<longleftrightarrow> (\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {}))"
+ hence h:"M \<subseteq> S" "\<And>x. (x \<in> M) \<longleftrightarrow> (\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> M \<noteq> {})"
+ by simp_all
+ show "closedin mtopology M"
+ unfolding mtopology_closedin_iff
+ proof safe
+ fix f s
+ assume h':"f \<in> UNIV \<rightarrow> M" "converge_to_inS f s"
+ hence "s \<in> S" by(simp add: converge_to_inS_def)
+ have "open_ball s \<epsilon> \<inter> M \<noteq> {}" if "\<epsilon> > 0" for \<epsilon>
+ proof -
+ obtain N where hN:"\<And>n. n \<ge> N \<Longrightarrow> dist (f n) s < \<epsilon>"
+ using h'(2) \<open>\<epsilon> > 0\<close> by(auto simp: converge_to_inS_def2) metis
+ have "f N \<in> open_ball s \<epsilon> \<inter> M"
+ using \<open>f \<in> UNIV \<rightarrow> M\<close> \<open>s \<in> S\<close> hN[of N] that open_ball_def[of s \<epsilon>] h(1) dist_sym[of s]
+ by auto
+ thus "open_ball s \<epsilon> \<inter> M \<noteq> {}" by auto
+ qed
+ with h(2)[of s] show "s \<in> M" by simp
+ qed(use h(1) in auto)
+qed
+
+lemma mtopology_openin_iff2:
+ "openin mtopology A \<longleftrightarrow> A \<subseteq> S \<and> (\<forall>f x. converge_to_inS f x \<and> x \<in> A \<longrightarrow> (\<exists>N. \<forall>n\<ge>N. f n \<in> A))"
+proof
+ show "openin mtopology A \<Longrightarrow> A \<subseteq> S \<and> (\<forall>f x. converge_to_inS f x \<and> x \<in> A \<longrightarrow> (\<exists>N. \<forall>n\<ge>N. f n \<in> A))"
+ unfolding mtopology_openin_iff
+ proof safe
+ fix f x
+ assume "\<forall>x\<in>A. \<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> A" "converge_to_inS f x" "x \<in> A"
+ then obtain \<epsilon> where "\<epsilon> > 0" "open_ball x \<epsilon> \<subseteq> A"
+ by auto
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> dist (f n) x < \<epsilon>"
+ using \<open>converge_to_inS f x\<close> by(fastforce simp: converge_to_inS_def2)
+ hence "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> open_ball x \<epsilon>"
+ using \<open>converge_to_inS f x\<close> by(auto simp: dist_sym[of _ x] open_ball_def converge_to_inS_def)
+ with \<open>open_ball x \<epsilon> \<subseteq> A\<close> show "\<exists>N. \<forall>n\<ge>N. f n \<in> A"
+ by(auto intro!: exI[where x=N])
+ qed
+next
+ assume "A \<subseteq> S \<and> (\<forall>f x. converge_to_inS f x \<and> x \<in> A \<longrightarrow> (\<exists>N. \<forall>n\<ge>N. f n \<in> A))"
+ hence h:"A \<subseteq> S" "\<And>f x. converge_to_inS f x \<Longrightarrow> x \<in> A \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. f n \<in> A"
+ by auto
+ have "closedin mtopology (S - A)"
+ unfolding mtopology_closedin_iff
+ proof safe
+ fix f s
+ assume hf:"f \<in> UNIV \<rightarrow> S - A"
+ "converge_to_inS f s"
+ have False if "s \<in> A"
+ proof -
+ from h(2)[OF hf(2) that]
+ obtain N where "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> A" by auto
+ from hf (1) this[of N] show False by auto
+ qed
+ thus "s \<in> S" "s \<in> A \<Longrightarrow> False"
+ using hf(2) by (auto simp: converge_to_inS_def)
+ qed
+ thus "openin mtopology A"
+ using h(1) mtopology_topspace by(simp add: openin_closedin_eq)
+qed
+
+lemma closure_of_mtopology: "mtopology closure_of A = {a. \<forall>\<epsilon>>0. open_ball a \<epsilon> \<inter> A \<noteq> {}}"
+proof safe
+ fix x \<epsilon>
+ assume "x \<in> mtopology closure_of A" "(0 :: real) < \<epsilon>" "open_ball x \<epsilon> \<inter> A = {}"
+ then show False
+ using mtopology_closedin_iff2[of "mtopology closure_of A",simplified]
+ by (simp add: mtopology_open_ball_in' mtopology_openin_iff open_ball_subset_ofS openin_Int_closure_of_eq_empty)
+next
+ fix x
+ assume "\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> A \<noteq> {}"
+ then have "\<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> mtopology closure_of A \<noteq> {}"
+ by (simp add: mtopology_open_ball_in' mtopology_openin_iff open_ball_subset_ofS openin_Int_closure_of_eq_empty)
+ thus "x \<in> mtopology closure_of A"
+ using mtopology_closedin_iff2[of "mtopology closure_of A",simplified]
+ by auto
+qed
+
+lemma closure_of_mtopology':
+ "mtopology closure_of A = {a. \<exists>an\<in>UNIV \<rightarrow> A. converge_to_inS an a}"
+proof safe
+ fix a
+ assume "a \<in> mtopology closure_of A"
+ then have "\<forall>\<epsilon>>0. open_ball a \<epsilon> \<inter> A \<noteq> {}"
+ by(simp add: closure_of_mtopology)
+ hence "\<And>n. \<exists>an. an \<in> open_ball a (1/real (Suc n)) \<inter> A"
+ by (meson all_not_in_conv divide_pos_pos of_nat_0_less_iff zero_less_Suc zero_less_one)
+ then obtain an where han:"\<And>n. an n \<in> open_ball a (1/real (Suc n)) \<inter> A" by metis
+ hence "an \<in> UNIV \<rightarrow> A" by auto
+ show "\<exists>an\<in>UNIV \<rightarrow> A. converge_to_inS an a"
+ proof(safe intro!: bexI[where x=an] \<open>an \<in> UNIV \<rightarrow> A\<close>)
+ show "converge_to_inS an a"
+ unfolding converge_to_inS_def2'
+ proof safe
+ show "an n \<in> S" "a \<in> S" for n
+ using open_ballD'(2)[of "an 0" a] open_ballD'(1)[of "an n"] han by auto
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where "1 / real (Suc N) \<le> \<epsilon>"
+ by (meson less_eq_real_def nat_approx_posE)
+ show "\<exists>N. \<forall>n\<ge>N. an n \<in> open_ball a \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then have "1 / real (Suc n) \<le> 1 / real (Suc N)"
+ by (simp add: frac_le)
+ from open_ball_le[OF order_trans[OF this \<open>1 / real (Suc N) \<le> \<epsilon>\<close>]]
+ show "an n \<in> open_ball a \<epsilon>"
+ using han by auto
+ qed
+ qed
+ qed
+next
+ fix a an
+ assume h:"an \<in> UNIV \<rightarrow> A" "converge_to_inS an a"
+ have "\<forall>\<epsilon>>0. open_ball a \<epsilon> \<inter> A \<noteq> {}"
+ proof safe
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>" "open_ball a \<epsilon> \<inter> A = {}"
+ then obtain N where "an N \<in> open_ball a \<epsilon>"
+ using h(2) converge_to_inS_def2' by blast
+ with \<open>open_ball a \<epsilon> \<inter> A = {}\<close> h(1) show False by auto
+ qed
+ thus "a \<in> mtopology closure_of A"
+ by(simp add: closure_of_mtopology)
+qed
+
+lemma closure_of_mtopology_an:
+ assumes "a \<in> mtopology closure_of A"
+ obtains an where "an\<in>UNIV \<rightarrow> A" "converge_to_inS an a"
+ using assms by(auto simp: closure_of_mtopology')
+
+lemma closure_of_open_ball: "mtopology closure_of open_ball a \<epsilon> \<subseteq> closed_ball a \<epsilon>"
+ by(rule closure_of_minimal_eq[THEN iffD2]) (auto simp: open_ball_subset_ofS mtopology_topspace closedin_closed_ball open_ball_closed_ball)
+
+lemma interior_of_closed_ball: "open_ball a e \<subseteq> mtopology interior_of closed_ball a e"
+ by(auto simp: interior_of_maximal_eq openin_open_ball open_ball_closed_ball)
+
+lemma derived_set_of_mtopology:
+ "mtopology derived_set_of A = {a. \<exists>an\<in>UNIV \<rightarrow> A. (\<forall>n. an n \<noteq> a) \<and> converge_to_inS an a}"
+proof safe
+ fix a
+ assume "a \<in> mtopology derived_set_of A"
+ then have h:"a \<in> S" "\<And>v. a \<in> v \<Longrightarrow> openin mtopology v \<Longrightarrow> \<exists>y. y \<noteq> a \<and> y \<in> v \<and> y \<in> A"
+ by(auto simp: in_derived_set_of mtopology_topspace)
+ hence "a \<in> open_ball a (1 / real (Suc n))" for n
+ by(auto intro!: open_ball_ina)
+ from h(2)[OF this openin_open_ball[of a]]
+ obtain an where an:"\<And>n. an n \<noteq> a" "\<And>n. an n \<in> open_ball a (1 / real (Suc n))" "\<And>n. an n \<in> A"
+ by metis
+ show "\<exists>an\<in>UNIV \<rightarrow> A. (\<forall>n. an n \<noteq> a) \<and> converge_to_inS an a"
+ proof(safe intro!: bexI[where x=an] an(1))
+ show "converge_to_inS an a"
+ unfolding converge_to_inS_def2'
+ proof safe
+ show "\<And>x. an x \<in> S"
+ using an(2) open_ball_subset_ofS by auto
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where hN:"1 / real (Suc N) < \<epsilon>"
+ using nat_approx_posE by blast
+ show "\<exists>N. \<forall>n\<ge>N. an n \<in> open_ball a \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then have "1 / real (Suc n) \<le> 1 / real (Suc N)"
+ by (simp add: frac_le)
+ from order.strict_trans1[OF this hN] open_ball_le[of _ \<epsilon> a] an(2)[of n]
+ show "an n \<in> open_ball a \<epsilon>" by(auto simp: less_le)
+ qed
+ qed(use h in auto)
+ qed(use an in auto)
+next
+ fix a an
+ assume h:"an \<in> UNIV \<rightarrow> A" "\<forall>n. an n \<noteq> a" "converge_to_inS an a"
+ have "\<exists>y. y \<noteq> a \<and> y \<in> v \<and> y \<in> A" if "a \<in> v" "openin mtopology v" for v
+ proof -
+ obtain \<epsilon> where he:"\<epsilon> > 0" "a \<in> open_ball a \<epsilon>" "open_ball a \<epsilon> \<subseteq> v"
+ by (meson \<open>a \<in> v\<close> \<open>openin mtopology v\<close> converge_to_inS_def2 h(3) mtopology_openin_iff open_ball_ina)
+ then obtain N where hn:"\<And>n. n \<ge> N \<Longrightarrow> an n \<in> open_ball a \<epsilon>"
+ using h(3) by(fastforce simp: converge_to_inS_def2')
+ show " \<exists>y. y \<noteq> a \<and> y \<in> v \<and> y \<in> A"
+ using h(1,2) he hn by(auto intro!: exI[where x="an N"])
+ qed
+ thus "a \<in> mtopology derived_set_of A"
+ using h(3) by(auto simp: in_derived_set_of converge_to_inS_def mtopology_topspace)
+qed
+
+lemma isolated_points_of_mtopology:
+ "mtopology isolated_points_of A = {a\<in>S\<inter>A. \<forall>an\<in>UNIV \<rightarrow> A. converge_to_inS an a \<longrightarrow> (\<exists>no. \<forall>n\<ge>no. an n = a)}"
+proof safe
+ fix a an
+ assume h:"a \<in> mtopology isolated_points_of A" "converge_to_inS an a" "an \<in> UNIV \<rightarrow> A"
+ then have ha:"a \<in> topspace mtopology" "a \<in> A" "\<exists>U. a \<in> U \<and> openin mtopology U \<and> U \<inter> (A - {a}) = {}"
+ by(simp_all add: in_isolated_points_of)
+ then obtain U where u:"a \<in> U" "openin mtopology U" "U \<inter> (A - {a}) = {}"
+ by auto
+ then obtain \<epsilon> where e: "\<epsilon> > 0" "open_ball a \<epsilon> \<subseteq> U"
+ by(auto simp: mtopology_openin_iff)
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> an n \<in> open_ball a \<epsilon>"
+ using h(2) by(fastforce simp: converge_to_inS_def2')
+ thus "\<exists>no. \<forall>n\<ge>no. an n = a"
+ using h(3) e(2) u(3) by(auto intro!: exI[where x=N])
+qed (auto simp: derived_set_of_mtopology isolated_points_of_def mtopology_topspace)
+
+lemma perfect_set_open_ball_infinite:
+ assumes "perfect_set mtopology A"
+ shows "closedin mtopology A \<and> (\<forall>a\<in>A. \<forall>\<epsilon>>0. infinite (open_ball a \<epsilon>))"
+proof safe
+ fix a \<epsilon>
+ assume h: "a \<in> A" "0 < \<epsilon>" "finite (open_ball a \<epsilon>)"
+ then have "a \<in> S"
+ using open_ball_ina[OF _ \<open>0 < \<epsilon>\<close>,of a] perfect_setD(2)[OF assms]
+ by(auto simp: mtopology_topspace)
+ have "\<exists>e > 0. open_ball a e = {a}"
+ proof -
+ consider "open_ball a \<epsilon> = {a}" | "{a} \<subset> open_ball a \<epsilon>"
+ using open_ball_ina[OF \<open>a \<in> S\<close> h(2)] by blast
+ thus ?thesis
+ proof cases
+ case 1
+ with h(2) show ?thesis by auto
+ next
+ case 2
+ then have nen:"{dist a b |b. b \<in> open_ball a \<epsilon> \<and> a \<noteq> b} \<noteq> {}"
+ by auto
+ have fin: "finite {dist a b |b. b \<in> open_ball a \<epsilon> \<and> a \<noteq> b}"
+ using h(3) by auto
+ define e where "e \<equiv> Min {dist a b |b. b \<in> open_ball a \<epsilon> \<and> a \<noteq> b}"
+ have "e > 0"
+ using dist_0[OF \<open>a \<in> S\<close> open_ballD'(1)[of _ a \<epsilon>]] dist_geq0[of a]
+ by(auto simp: e_def Min_gr_iff[OF fin nen] order_neq_le_trans)
+ have bd:"\<And>b. b \<in> open_ball a \<epsilon> \<Longrightarrow> a \<noteq> b \<Longrightarrow> e \<le> dist a b"
+ by(auto simp: e_def Min_le_iff[OF fin nen])
+ have "e \<le> \<epsilon>"
+ using nen open_ballD[of _ a \<epsilon>]
+ by(fastforce simp add: e_def Min_le_iff[OF fin nen])
+ show ?thesis
+ proof(safe intro!: exI[where x=e])
+ fix x
+ assume x:"x \<in> open_ball a e"
+ then show "x = a"
+ using open_ball_le[OF \<open>e \<le> \<epsilon>\<close>,of a] open_ballD[OF x] bd[of x]
+ by auto
+ qed (simp_all add: open_ball_ina[OF \<open>a \<in> S\<close> \<open>e > 0\<close>] \<open>0 < e\<close>)
+ qed
+ qed
+ then obtain e where e:"e > 0" "open_ball a e = {a}" by auto
+ show False
+ using perfect_setD(3)[OF assms h(1) open_ball_ina[OF \<open>a \<in> S\<close> \<open>e > 0\<close>]]
+ by(auto simp: openin_open_ball) (use e(2) in auto)
+qed(use perfect_setD[OF assms] in simp)
+
+lemma nbh_subset:
+ assumes A: "A \<subseteq> S" and e: "e > 0"
+ shows "A \<subseteq> (\<Union>a\<in>A. open_ball a e)"
+ using A open_ball_ina[OF _ e] by auto
+
+lemma nbh_decseq:
+ assumes "decseq an"
+ shows "decseq (\<lambda>n. \<Union>a\<in>A. open_ball a (an n))"
+proof(safe intro!: decseq_SucI)
+ fix n a b
+ assume "a \<in> A" "b \<in> open_ball a (an (Suc n))"
+ with open_ball_le[OF decseq_SucD[OF assms]] show "b \<in> (\<Union>c\<in>A. open_ball c (an n))"
+ by(auto intro!: bexI[where x=a] simp: frac_le)
+qed
+
+lemma nbh_Int:
+ assumes A: "A \<noteq> {}" "A \<subseteq> S"
+ and an:"\<And>n. an n > 0" "decseq an" "an \<longlonglongrightarrow> 0"
+ shows "(\<Inter>n. \<Union>a\<in>A. open_ball a (an n)) = mtopology closure_of A"
+proof safe
+ fix x
+ assume "x \<in> (\<Inter>n. \<Union>a\<in>A. open_ball a (an n))"
+ then have h:"\<forall>n. \<exists>a\<in>A. x \<in> open_ball a (an n)"
+ by auto
+ hence x:"x \<in> S"
+ using open_ball_subset_ofS by auto
+ show "x \<in> mtopology closure_of A"
+ unfolding closure_of_mtopology
+ proof safe
+ fix e :: real
+ assume h':"e > 0" "open_ball x e \<inter> A = {}"
+ then obtain n where n:"an n < e"
+ using an(1,3) by(auto simp: LIMSEQ_def abs_of_pos) (metis dual_order.refl)
+ from h obtain a where "a \<in> A" "x \<in> open_ball a (an n)"
+ by auto
+ with h'(2) open_ball_le[of "an n" e x] n
+ show False
+ by(auto simp: open_ball_inverse[of x])
+ qed
+next
+ fix x n
+ assume "x \<in> mtopology closure_of A"
+ with an(1) have "open_ball x (an n) \<inter> A \<noteq> {}"
+ by(auto simp: closure_of_mtopology)
+ thus "x \<in> (\<Union>a\<in>A. open_ball a (an n))"
+ by(auto simp: open_ball_inverse[of x])
+qed
+
+lemma nbh_add: "(\<Union>b\<in>(\<Union>a\<in>A. open_ball a e). open_ball b f) \<subseteq> (\<Union>a\<in>A. open_ball a (e + f))"
+proof safe
+ fix a x b
+ assume h:"a \<in> A" "b \<in> open_ball a e" "x \<in> open_ball b f"
+ show "x \<in> (\<Union>a\<in>A. open_ball a (e + f))"
+ proof(rule UN_I[OF h(1)])
+ have "dist a x \<le> dist a b + dist b x"
+ by(auto intro!: dist_tr open_ballD'(2)[OF h(2)] open_ballD'[OF h(3)])
+ also have "... < e + f"
+ using open_ballD[OF h(2)] open_ballD[OF h(3)] by auto
+ finally show "x \<in> open_ball a (e + f)"
+ using open_ballD'[OF h(2)] open_ballD'[OF h(3)]
+ by(auto simp: open_ball_def)
+ qed
+qed
+
+definition convergent_inS :: "(nat \<Rightarrow> 'a) \<Rightarrow> bool" where
+"convergent_inS f \<equiv> \<exists>s. converge_to_inS f s"
+
+lemma convergent_inS_const:
+ assumes "x \<in> S"
+ shows "convergent_inS (\<lambda>n. x)"
+ using converge_to_inS_const[OF assms] by(auto simp: convergent_inS_def)
+
+lemma convergent_inS_ignore_initial:
+ assumes "convergent_inS xn"
+ shows "convergent_inS (\<lambda>n. xn (n + k))"
+ using converge_to_inS_ignore_initial[of xn] assms
+ by(auto simp: convergent_inS_def)
+
+lemma convergent_inS_offset:
+ assumes "convergent_inS (\<lambda>n. xn (n + k))" "xn \<in> sequence"
+ shows "convergent_inS xn"
+ using converge_to_inS_offset[of xn k] assms
+ by(auto simp: convergent_inS_def)
+
+definition the_limit_of :: "(nat \<Rightarrow> 'a) \<Rightarrow> 'a" where
+"the_limit_of xn \<equiv> THE x. converge_to_inS xn x"
+
+lemma the_limit_if_converge:
+ assumes "convergent_inS xn"
+ shows "converge_to_inS xn (the_limit_of xn)"
+ unfolding the_limit_of_def
+ by(rule theI') (auto simp: assms[simplified convergent_inS_def] converge_to_inS_unique)
+
+lemma the_limit_of_eq:
+ assumes "converge_to_inS xn x"
+ shows "the_limit_of xn = x"
+ using assms converge_to_inS_unique the_limit_of_def by auto
+
+lemma the_limit_of_inS:
+ assumes "convergent_inS xn"
+ shows "the_limit_of xn \<in> S"
+ using the_limit_if_converge[OF assms] by(simp add:converge_to_inS_def)
+
+lemma the_limit_of_const:
+ assumes "x \<in> S"
+ shows "the_limit_of (\<lambda>n. x) = x"
+ by(rule the_limit_of_eq[OF converge_to_inS_const[OF assms]])
+
+lemma convergent_inS_dest1:
+ assumes "convergent_inS f"
+ shows "f n \<in> S"
+ using assms by(auto simp: convergent_inS_def converge_to_inS_def2)
+
+definition Cauchy_inS:: "(nat \<Rightarrow> 'a) \<Rightarrow> bool" where
+"Cauchy_inS f \<equiv> f \<in> sequence \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (f n) (f m) < \<epsilon>)"
+
+lemma Cauchy_inS_def2:
+ "Cauchy_inS f \<longleftrightarrow> f \<in> sequence \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>)"
+ unfolding Cauchy_inS_def
+proof safe
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" " \<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (f n) (f m) < \<epsilon>" "0 < \<epsilon>"
+ then obtain N where hn:
+ "\<And>n m. n \<ge> N \<Longrightarrow> m\<ge>N \<Longrightarrow> dist (f n) (f m) < \<epsilon>"
+ by fastforce
+ show "\<exists>N. \<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then show "f n \<in> open_ball (f N) \<epsilon>"
+ using h(1) hn[of N n] by(auto simp: open_ball_def)
+ qed
+next
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" "\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>" "0 < \<epsilon>"
+ then obtain N where hn:
+ "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> open_ball (f N) (\<epsilon>/2)"
+ using linordered_field_class.half_gt_zero[OF h(3)] by blast
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (f n) (f m) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n m
+ assume "N \<le> n" "N \<le> m"
+ from order.strict_trans1[OF dist_tr [of "f n" "f N" "f m"] strict_ordered_ab_semigroup_add_class.add_strict_mono[OF open_ballD[OF hn[OF this(1)],simplified dist_sym[of _ "f n"]] open_ballD[OF hn[OF this(2)]],simplified]]
+ show "dist (f n) (f m) < \<epsilon>"
+ using h(1) by auto
+ qed
+qed
+
+lemma Cauchy_inS_def2':
+ "Cauchy_inS f \<longleftrightarrow> f \<in> sequence \<and> (\<forall>\<epsilon>>0. \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>)"
+ unfolding Cauchy_inS_def2
+proof safe
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" "\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>" "0 < \<epsilon>"
+ then obtain N where "\<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>" by auto
+ thus "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ using h(1) by(auto intro!: exI[where x=N] bexI[where x="f N"])
+next
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" "\<forall>\<epsilon>>0. \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>" "0 < \<epsilon>"
+ then obtain x N where hxn:
+ "x \<in> S" "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> open_ball x (\<epsilon>/2)"
+ using linordered_field_class.half_gt_zero[OF h(3)] by blast
+ show "\<exists>N. \<forall>n\<ge>N. f n \<in> open_ball (f N) \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ from order.strict_trans1[OF dist_tr strict_ordered_ab_semigroup_add_class.add_strict_mono[OF open_ballD[OF hxn(2)[OF order.refl],simplified dist_sym[of x]] open_ballD[OF hxn(2)[OF this]],simplified]]
+ show "f n \<in> open_ball (f N) \<epsilon>"
+ using hxn(1) h(1) by(auto simp: open_ball_def)
+ qed
+qed
+
+lemma Cauchy_inS_def2'':
+ "Cauchy_inS f \<longleftrightarrow> f \<in> sequence \<and> (\<forall>\<epsilon>>0. \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. dist x (f n) < \<epsilon>)"
+ unfolding Cauchy_inS_def2'
+proof safe
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" "\<forall>\<epsilon>>0. \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>" "0 < \<epsilon>"
+ then obtain x N where
+ "x \<in> S" "\<And>n. n \<ge> N \<Longrightarrow> f n \<in> open_ball x \<epsilon>"
+ by blast
+ then show "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. dist x (f n) < \<epsilon>"
+ by(auto intro!: bexI[where x=x] exI[where x=N] simp: open_ballD[of _ x \<epsilon>])
+next
+ fix \<epsilon> :: real
+ assume h:"f \<in> sequence" "\<forall>\<epsilon>>0. \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. dist x (f n) < \<epsilon>" "0 < \<epsilon>"
+ then obtain x N where
+ "x \<in> S" "\<And>n. n \<ge> N \<Longrightarrow> dist x (f n) < \<epsilon>" by blast
+ then show "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> open_ball x \<epsilon>"
+ using h(1) by(auto intro!: bexI[where x=x] exI[where x=N] simp: open_ball_def)
+qed
+
+lemma Cauchy_inS_dest1:
+ assumes "Cauchy_inS f"
+ shows "f n \<in> S"
+ using assms by(auto simp: Cauchy_inS_def)
+
+lemma Cauchy_if_convergent_inS:
+ assumes "convergent_inS f"
+ shows "Cauchy_inS f"
+ unfolding Cauchy_inS_def
+proof safe
+ fix \<epsilon> :: real
+ assume h:"0 < \<epsilon>"
+ obtain s where hs:
+ "s \<in> S" "\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>"
+ using assms by(auto simp: convergent_inS_def converge_to_inS_def2)
+ then obtain N where hn:
+ "\<And>n. n\<ge>N \<Longrightarrow> dist (f n) s < \<epsilon>/2"
+ using half_gt_zero[OF h] by blast
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (f n) (f m) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n m
+ assume hnm:"N \<le> n" "N \<le> m"
+ have "dist (f n) (f m) \<le> dist (f n) s + dist s (f m)"
+ using convergent_inS_dest1[OF assms] hs
+ by(auto intro!: dist_tr)
+ also have "... = dist (f n) s + dist (f m) s"
+ by(simp add: dist_sym[of s])
+ also have "... < \<epsilon>"
+ using hn[OF hnm(1)] hn[OF hnm(2)] by auto
+ finally show "dist (f n) (f m) < \<epsilon>" .
+ qed
+next
+ show "\<And>x. f x \<in> S"
+ using assms[simplified convergent_inS_def converge_to_inS_def]
+ by auto
+qed
+
+corollary Cauchy_inS_const: "a \<in> S \<Longrightarrow> Cauchy_inS (\<lambda>n. a)"
+ by(auto intro!: Cauchy_if_convergent_inS convergent_inS_const)
+
+lemma converge_if_Cauchy_and_subconverge:
+ assumes "strict_mono a" "converge_to_inS (f \<circ> a) s" "Cauchy_inS f"
+ shows "converge_to_inS f s"
+ unfolding converge_to_inS_def2
+proof safe
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then have 1:"0 < \<epsilon>/2" by auto
+ then obtain N where hn:"\<And>n. n \<ge> N \<Longrightarrow> dist (f (a n)) s < \<epsilon>/2"
+ using assms(2) by(simp only: comp_def converge_to_inS_def2) metis
+ obtain N' where hn':"\<And>n m. n \<ge> N' \<Longrightarrow> m \<ge> N' \<Longrightarrow> dist (f n) (f m) < \<epsilon>/2"
+ using assms(3) 1 by(simp only: Cauchy_inS_def) metis
+ show "\<exists>N. \<forall>n\<ge>N. dist (f n) s < \<epsilon>"
+ proof(safe intro!: exI[where x="max N N'"])
+ fix n
+ assume "max N N' \<le> n"
+ then have "N \<le> n" "N' \<le> n" by auto
+ show "dist (f n) s < \<epsilon>"
+ using add_strict_mono[OF hn'[OF \<open>N' \<le> n\<close> order_trans[OF \<open>N' \<le> n\<close> seq_suble[OF assms(1),of n]]] hn[OF \<open>N \<le> n\<close>]] assms(2)
+ by(auto simp: converge_to_inS_def intro!: order.strict_trans1[OF dist_tr[OF Cauchy_inS_dest1[OF assms(3),of n] Cauchy_inS_dest1[OF assms(3),of "a n"],of s],of \<epsilon>])
+ qed
+qed(auto simp: Cauchy_inS_dest1[OF assms(3)] assms(2)[simplified converge_to_inS_def])
+
+lemma subCauchy_Cahcuy:
+ assumes "Cauchy_inS xn" "strict_mono a"
+ shows "Cauchy_inS (xn \<circ> a)"
+ unfolding Cauchy_inS_def
+proof safe
+ show "\<And>x. (xn \<circ> a) x \<in> S"
+ using assms(1) by(simp add: Cauchy_inS_dest1)
+next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where "\<And>n m. n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> dist (xn n) (xn m) < \<epsilon>"
+ using assms(1) by(auto simp: Cauchy_inS_def) metis
+ thus "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist ((xn \<circ> a) n) ((xn \<circ> a) m) < \<epsilon>"
+ by(auto intro!: exI[where x=N] dest: order_trans[OF seq_suble[OF assms(2)] strict_mono_leD[OF assms(2)]])
+qed
+
+corollary Cauchy_inS_ignore_initial:
+ assumes "Cauchy_inS xn"
+ shows "Cauchy_inS (\<lambda>n. xn (n + k))"
+ using subCauchy_Cahcuy[OF assms,of "\<lambda>n. n + k"]
+ by(auto simp: comp_def strict_monoI)
+
+(* TODO: offset *)
+
+lemma Cauchy_inS_dist_Cauchy:
+ assumes "Cauchy_inS xn" "Cauchy_inS yn"
+ shows "Cauchy (\<lambda>n. dist (xn n) (yn n))"
+ unfolding metric_space_class.Cauchy_altdef2 dist_real_def
+proof safe
+ have h:"\<And>n. xn n \<in> S" "\<And>n. yn n \<in> S"
+ using assms by(auto simp: Cauchy_inS_dest1)
+ fix e :: real
+ assume e:"0 < e"
+ with assms obtain N1 N2 where N: "\<And>n m. n \<ge> N1 \<Longrightarrow> m \<ge> N1 \<Longrightarrow> dist (xn n) (xn m) < e / 2" "\<And>n m. n \<ge> N2 \<Longrightarrow> m \<ge> N2 \<Longrightarrow> dist (yn n) (yn m) < e / 2"
+ by (metis Cauchy_inS_def zero_less_divide_iff zero_less_numeral)
+ define N where "N \<equiv> max N1 N2"
+ then have N': "N \<ge> N1" "N \<ge> N2" by auto
+ show "\<exists>N. \<forall>n\<ge>N. \<bar>dist (xn n) (yn n) - dist (xn N) (yn N)\<bar> < e"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume n:"N \<le> n"
+ have "dist (xn n) (yn n) \<le> dist (xn n) (xn N) + dist (xn N) (yn N) + dist (yn N) (yn n)"
+ "dist (xn N) (yn N) \<le> dist (xn N) (xn n) + dist (xn n) (yn n) + dist (yn n) (yn N)"
+ using dist_tr[OF h(1)[of n] h(1)[of N] h(2)[of n]] dist_tr[OF h(1)[of N] h(2)[of N] h(2)[of n]]
+ dist_tr[OF h(1)[of N] h(2)[of n] h(2)[of N]] dist_tr[OF h(1)[of N] h(1)[of n] h(2)[of n]] by auto
+ thus "\<bar>dist (xn n) (yn n) - dist (xn N) (yn N)\<bar> < e"
+ using N(1)[OF N'(1) order.trans[OF N'(1) n]] N(2)[OF N'(2) order.trans[OF N'(2) n]] N(1)[OF order.trans[OF N'(1) n] N'(1)] N(2)[OF order.trans[OF N'(2) n] N'(2)]
+ by auto
+ qed
+qed
+
+corollary Cauchy_inS_dist_convergent:
+ assumes "Cauchy_inS xn" "Cauchy_inS yn"
+ shows "convergent (\<lambda>n. dist (xn n) (yn n))"
+ using Cauchy_inS_dist_Cauchy[OF assms] Cauchy_convergent_iff by blast
+
+text \<open>\<^url>\<open>https://people.bath.ac.uk/mw2319/ma30252/sec-dense.html.\<close>\<close>
+abbreviation "dense_set \<equiv> dense_of mtopology"
+
+lemma dense_set_def:
+ "dense_set U \<longleftrightarrow> U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {})"
+proof
+ assume h:" U \<subseteq> S \<and>(\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {})"
+ show "dense_of mtopology U"
+ proof(rule dense_ofI)
+ fix V
+ assume h':"openin mtopology V" "V \<noteq> {}"
+ then obtain x where 1:"x \<in> V" by auto
+ then obtain \<epsilon> where 2:"\<epsilon>>0" "open_ball x \<epsilon> \<subseteq> V"
+ using h' mtopology_openin_iff[of V] by blast
+ have "open_ball x \<epsilon> \<inter> U \<noteq> {}"
+ using h 1 2 openin_subset[OF h'(1), simplified mtopology_topspace]
+ by auto
+ thus "U \<inter> V \<noteq> {}" using 2 by auto
+ next
+ show "U \<subseteq> topspace mtopology"
+ using h mtopology_topspace by auto
+ qed
+next
+ assume h:"dense_of mtopology U"
+ have "\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {}"
+ proof safe
+ fix x \<epsilon>
+ assume "x \<in> S" "(0 :: real) < \<epsilon>" "open_ball x \<epsilon> \<inter> U = {}"
+ then have "open_ball x \<epsilon> \<noteq> {}" "openin mtopology (open_ball x \<epsilon>)"
+ using open_ball_ina[of x \<epsilon>] mtopology_open_ball_in[of x \<epsilon>]
+ by blast+
+ thus False
+ using h \<open>open_ball x \<epsilon> \<inter> U = {}\<close> by(auto simp: dense_of_def)
+ qed
+ thus "U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {})"
+ using h mtopology_topspace by(auto simp: dense_of_def)
+qed
+
+corollary dense_set_balls_cover:
+ assumes "dense_set U" and "e > 0"
+ shows "(\<Union>u\<in>U. open_ball u e) = S"
+ using assms open_ball_subset_ofS by(auto simp: dense_set_def) (meson Int_emptyI open_ball_inverse)
+
+lemma dense_set_empty_iff: "dense_set {} \<longleftrightarrow> S = {}"
+ by(auto simp: dense_set_def ) (use zero_less_one in blast)
+
+lemma dense_set_S: "dense_set S"
+ using open_ball_ina dense_set_def by blast
+
+lemma dense_set_def2:
+ "dense_set U \<longleftrightarrow> U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0.\<exists>y\<in>U. dist x y < \<epsilon>)"
+proof
+ assume h: "dense_set U"
+ show "U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. \<exists>y\<in>U. dist x y < \<epsilon>)"
+ proof safe
+ fix x \<epsilon>
+ assume hxe: "x \<in> S" "(0 :: real) < \<epsilon>"
+ then obtain z where
+ "z \<in> open_ball x \<epsilon> \<inter> U"
+ using h by(fastforce simp: dense_set_def)
+ thus "\<exists>y\<in>U. dist x y < \<epsilon>"
+ by(auto intro!: bexI[where x=z] simp: open_ball_def hxe)
+ qed(use h[simplified dense_set_def] in auto)
+next
+ assume h:"U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. \<exists>y\<in>U. dist x y < \<epsilon>)"
+ show "dense_set U"
+ unfolding dense_set_def
+ proof safe
+ fix x \<epsilon>
+ assume hxe: "x \<in> S" "(0 :: real) < \<epsilon>" "open_ball x \<epsilon> \<inter> U = {}"
+ then obtain y where
+ "y \<in> U" "y \<in> S" "dist x y < \<epsilon>"
+ using h by blast
+ hence "y \<in> open_ball x \<epsilon> \<inter> U"
+ by(auto simp: open_ball_def hxe)
+ thus False
+ using hxe(3) by auto
+ qed(use h in auto)
+qed
+
+lemma dense_set_def2':
+ "dense_set U \<longleftrightarrow> U \<subseteq> S \<and> (\<forall>x\<in>S. \<exists>f\<in>UNIV \<rightarrow> U. converge_to_inS f x)"
+ unfolding dense_set_def
+proof
+ show "U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {}) \<Longrightarrow> U \<subseteq> S \<and> (\<forall>x\<in>S. \<exists>f\<in>UNIV \<rightarrow> U. converge_to_inS f x)"
+ proof safe
+ fix x
+ assume h: "U \<subseteq> S" "\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {}" "x \<in> S"
+ then have "\<And>n::nat. open_ball x (1 / (real n + 1)) \<inter> U \<noteq> {}"
+ by auto
+ hence "\<forall>n. \<exists>k. k \<in> open_ball x (1 / (real n + 1)) \<inter> U" by auto
+ hence "\<exists>a. \<forall>n. a n \<in> open_ball x (1 / (real n + 1)) \<inter> U" by(rule choice)
+ then obtain a where hf: "\<And>n :: nat. a n \<in> open_ball x (1 / (real n + 1)) \<inter> U"
+ by auto
+ show "\<exists>f\<in>UNIV \<rightarrow> U. converge_to_inS f x"
+ unfolding converge_to_inS_def2'
+ proof(safe intro!: bexI[where x=a])
+ fix \<epsilon> :: real
+ assume he:"0 < \<epsilon>"
+ then obtain N where hn: "1 / \<epsilon> < real N"
+ using reals_Archimedean2 by blast
+ have hn': "0 < real N"
+ by(rule ccontr) (use hn he in fastforce)
+ hence "1 / real N < \<epsilon>"
+ using he hn by (metis divide_less_eq mult.commute)
+ hence hn'':"1 / (real N + 1) < \<epsilon>"
+ using hn' by(auto intro!: order.strict_trans[OF linordered_field_class.divide_strict_left_mono[of "real N" "real N + 1" 1]])
+ show "\<exists>N. \<forall>n\<ge>N. a n \<in> open_ball x \<epsilon>"
+ proof(safe intro!: exI[where x="N"])
+ fix n
+ assume "N \<le> n"
+ then have 1:"1 / (real n + 1) \<le> 1 / (real N + 1)"
+ using hn' by(auto intro!: linordered_field_class.divide_left_mono)
+ show "a n \<in> open_ball x \<epsilon>"
+ using open_ball_le[OF 1,of x] open_ball_le[OF order.strict_implies_order[OF hn''],of x] hf[of n]
+ by auto
+ qed
+ next
+ show "\<And>x. a x \<in> S" "x \<in> S" "\<And>x. a x \<in> U"
+ using h(1,3) hf by auto
+ qed
+ qed
+next
+ assume h:"U \<subseteq> S \<and> (\<forall>x\<in>S. \<exists>f\<in>UNIV \<rightarrow> U. converge_to_inS f x)"
+ have "\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {}"
+ proof safe
+ fix x \<epsilon>
+ assume hxe:"x \<in> S" "(0 :: real) < \<epsilon>" "open_ball x \<epsilon> \<inter> U = {}"
+ then obtain f N where
+ "f\<in>UNIV \<rightarrow> U" "\<forall>n\<ge>N :: nat. f n \<in> open_ball x \<epsilon>"
+ using h[simplified converge_to_inS_def2'] by blast
+ hence "f N \<in> open_ball x \<epsilon> \<inter> U"
+ by auto
+ thus False using hxe by auto
+ qed
+ thus "U \<subseteq> S \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. open_ball x \<epsilon> \<inter> U \<noteq> {})"
+ using h by auto
+qed
+
+lemma dense_set_infinite:
+ assumes "infinite S" "dense_set U"
+ shows "infinite U"
+proof
+ assume finu:"finite U"
+ with assms(1) obtain x where x:"x \<in> S" "x \<notin> U"
+ by (meson finite_subset subset_iff)
+ define e where "e \<equiv> Min {dist x y |y. y \<in> U}"
+ have nen: "{dist x y |y. y \<in> U} \<noteq> {}"
+ using dense_set_empty_iff assms by auto
+ have fin: "finite {dist x y |y. y \<in> U}"
+ using finu by auto
+ have epos: "0 < e"
+ unfolding Min_gr_iff[OF fin nen] e_def
+ proof safe
+ fix y
+ assume "y \<in> U"
+ then have "y \<in> S" "x \<noteq> y"
+ using assms(2) x(2) by(auto simp: dense_set_def)
+ thus "0 < dist x y"
+ using dist_0[OF x(1),of y] dist_geq0[of x y] by auto
+ qed
+ then obtain y where y:"y\<in>U" "dist x y < e"
+ using assms(2) x(1) by(fastforce simp: dense_set_def2)
+ thus False
+ using Min_le[OF fin,of "dist x y"] by(auto simp: e_def)
+qed
+
+lemma mtopology_Hausdorff: "Hausdorff_space mtopology"
+ unfolding Hausdorff_space_def
+proof safe
+ fix x y
+ assume "x \<in> topspace mtopology" "y \<in> topspace mtopology" "x \<noteq> y"
+ then have [simp]:"x \<in> S" "y \<in> S"
+ using mtopology_topspace by auto
+ with \<open>x \<noteq> y\<close> have 1:"dist x y > 0"
+ using dist_0[of x y] dist_geq0[of x y] by auto
+ show "\<exists>U V. openin mtopology U \<and> openin mtopology V \<and> x \<in> U \<and> y \<in> V \<and> disjnt U V"
+ proof(rule exI[where x="open_ball x (dist x y/2)"])
+ show "\<exists>V. openin mtopology (open_ball x (dist x y / 2)) \<and> openin mtopology V \<and> x \<in> open_ball x (dist x y / 2) \<and> y \<in> V \<and> disjnt (open_ball x (dist x y / 2)) V"
+ proof(safe intro!: exI[where x="open_ball y (dist x y/2)"])
+ show "disjnt (open_ball x (dist x y / 2)) (open_ball y (dist x y / 2))"
+ unfolding disjnt_iff
+ proof safe
+ fix z
+ assume h:"z \<in> open_ball x (dist x y / 2)" "z \<in> open_ball y (dist x y / 2)"
+ show False
+ using dist_tr[OF \<open>x \<in> S\<close> open_ballD'(1)[OF h(1)] \<open>y \<in> S\<close>] open_ballD[OF h(1)] open_ballD[OF h(2)]
+ by (simp add: dist_sym)
+ qed
+ qed(auto intro!: mtopology_open_ball_in 1 open_ball_ina)
+ qed
+qed
+
+text \<open> Diameter\<close>
+definition diam :: "'a set \<Rightarrow> ennreal" where
+"diam A \<equiv> \<Squnion> {ennreal (dist x y) | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S}"
+
+lemma diam_empty[simp]:
+ "diam {} = 0"
+ by(simp add: diam_def bot_ennreal)
+
+lemma diam_def2:
+ assumes "A \<subseteq> S"
+ shows "diam A = \<Squnion> {ennreal (dist x y) | x y. x \<in> A \<and> y \<in> A}"
+ using assms by(auto simp: diam_def) (meson subset_eq)
+
+lemma diam_subset:
+ assumes "A \<subseteq> B"
+ shows "diam A \<le> diam B"
+ unfolding diam_def using assms by(auto intro!: Sup_subset_mono)
+
+lemma diam_cball_leq: "diam (closed_ball a \<epsilon>) \<le> ennreal (2 * \<epsilon>)"
+ unfolding Sup_le_iff diam_def
+proof safe
+ fix x y
+ assume h:"x \<in> closed_ball a \<epsilon>" "y \<in> closed_ball a \<epsilon>" "x \<in> S" "y \<in> S"
+ have "dist x y \<le> 2 * \<epsilon>"
+ using dist_tr[OF h(3) closed_ballD'(2)[OF h(1)] h(4)] closed_ballD[OF h(1),simplified dist_sym[of a x]] closed_ballD[OF h(2)]
+ by auto
+ thus "ennreal (dist x y) \<le> ennreal (2 * \<epsilon>)"
+ using dist_geq0[of x y] ennreal_leI[of _ "2*\<epsilon>"] by simp
+qed
+
+lemma diam_ball_leq:
+ "diam (open_ball a \<epsilon>) \<le> ennreal (2 * \<epsilon>)"
+ using diam_subset[OF open_ball_closed_ball[of a \<epsilon>]] diam_cball_leq[of a \<epsilon>]
+ by auto
+
+lemma diam_is_sup:
+ assumes "x \<in> A \<inter> S" "y \<in> A \<inter> S"
+ shows "dist x y \<le> diam A"
+ using assms by(auto simp: diam_def intro!:Sup_upper)
+
+lemma diam_is_sup':
+ assumes "x \<in> A \<inter> S" "y \<in> A \<inter> S" "diam A \<le> ennreal r" "r \<ge> 0"
+ shows "dist x y \<le> r"
+ using order.trans[OF diam_is_sup[OF assms(1,2)] assms(3)] assms(4) by simp
+
+lemma diam_le:
+ assumes "\<And>x y. x \<in> A \<Longrightarrow> y \<in> A \<Longrightarrow> dist x y \<le> r"
+ shows "diam A \<le> r"
+ using assms by(auto simp: diam_def Sup_le_iff ennreal_leI)
+
+lemma diam_eq_closure: "diam (mtopology closure_of A) = diam A"
+proof(rule antisym)
+ show "diam A \<le> diam (mtopology closure_of A)"
+ by(auto intro!: Sup_subset_mono simp: diam_def) (metis in_closure_of mtopology_topspace)
+next
+ have "{ennreal (dist x y) |x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S} = ennreal ` {dist x y |x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S}"
+ by auto
+ also have "diam (mtopology closure_of A) \<le> \<Squnion> ..."
+ unfolding le_Sup_iff_less
+ proof safe
+ fix r
+ assume "r < diam (mtopology closure_of A)"
+ then obtain x y where xy:"x \<in> mtopology closure_of A" "x \<in> S" "y \<in> mtopology closure_of A" "y \<in> S" "r < ennreal (dist x y)"
+ by(auto simp: diam_def less_Sup_iff)
+ hence "r < \<top>"
+ using dual_order.strict_trans ennreal_less_top by blast
+ define e where "e \<equiv> (dist x y - enn2real r)/2"
+ have "e > 0"
+ using xy(5) \<open>r < \<top>\<close> by(simp add: e_def)
+ then obtain x' y' where xy':"x' \<in> open_ball x e" "x'\<in> A" "y' \<in> open_ball y e" "y'\<in> A"
+ using xy by(fastforce simp: closure_of_mtopology)
+ show "\<exists>i\<in>{dist x y |x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S}. r \<le> ennreal i"
+ proof(safe intro!: bexI[where x="dist x' y'"])
+ have "dist x y \<le> dist x x' + dist x' y' + dist y y'"
+ using dist_tr[OF xy(2) open_ballD'(1)[OF xy'(1)] xy(4)] dist_tr[OF open_ballD'(1)[OF xy'(1)] open_ballD'(1)[OF xy'(3)] xy(4)]
+ by(simp add: dist_sym)
+ also have "... < dist x y - enn2real r + dist x' y'"
+ using open_ballD[OF xy'(1)] open_ballD[OF xy'(3)]
+ by(simp add: e_def)
+ finally have "enn2real r < dist x' y'" by simp
+ thus "r \<le> ennreal (dist x' y')"
+ by (simp add: \<open>r < \<top>\<close>)
+ qed(use open_ballD'(1)[OF xy'(1)] open_ballD'(1)[OF xy'(3)] xy'(2,4) in auto)
+ qed
+ finally show "diam (mtopology closure_of A) \<le> diam A"
+ by(simp add: diam_def)
+qed
+
+definition bounded_set :: "'a set \<Rightarrow> bool" where
+"bounded_set A \<longleftrightarrow> diam A < \<infinity>"
+
+lemma bounded_set_def2': "bounded_set A \<longleftrightarrow> (\<exists>e. \<forall>x\<in>A\<inter>S. \<forall>y\<in>A\<inter>S. dist x y < e)"
+proof
+ assume "bounded_set A"
+ consider "A \<inter> S = {}" | "A \<inter> S \<noteq> {}" by auto
+ then show " \<exists>e. \<forall>x\<in>A \<inter> S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ proof cases
+ case h:2
+ then have 1:"{dist x y |x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S} \<noteq> {}" by auto
+ have eq:"{ennreal (dist x y) | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S} = ennreal ` {dist x y | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S}"
+ by auto
+ hence 2:"diam A = \<Squnion> (ennreal ` {dist x y | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S})"
+ by(simp add: diam_def)
+ obtain x y where hxy:
+ "x \<in> A \<inter> S" "y \<in> A \<inter> S" "diam A < ennreal (dist x y) + ennreal 1"
+ using SUP_approx_ennreal[OF _ 1 2,of 1] \<open>bounded_set A\<close>
+ by(fastforce simp: bounded_set_def)
+ hence "diam A < ennreal (dist x y + 1)"
+ using dist_geq0 by simp
+ from SUP_lessD[OF this[simplified 2]]
+ have "\<And>w z. w \<in> A \<inter> S \<Longrightarrow> z \<in> A \<inter> S \<Longrightarrow> ennreal (dist w z) < ennreal (dist x y + 1)"
+ by blast
+ thus "\<exists>e. \<forall>x\<in>A \<inter> S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ by(auto intro!: exI[where x="dist x y + 1"] simp: ennreal_less_iff[OF dist_geq0])
+ qed simp
+next
+ assume "\<exists>e. \<forall>x\<in>A\<inter>S. \<forall>y\<in>A\<inter>S. dist x y < e"
+ then obtain e where he: "\<And>x y. x \<in> A \<inter> S \<Longrightarrow> y \<in> A \<inter> S \<Longrightarrow> dist x y < e"
+ by auto
+ hence "\<And>z. z \<in> {ennreal (dist x y) | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S} \<Longrightarrow> z < ennreal e"
+ using ennreal_less_iff[OF dist_geq0] by auto
+ hence "\<Squnion> {ennreal (dist x y) | x y. x \<in> A \<inter> S \<and> y \<in> A \<inter> S} \<le> ennreal e"
+ by (meson Sup_least order_less_le)
+ thus "bounded_set A"
+ by(simp add: bounded_set_def diam_def order_le_less_trans[OF _ ennreal_less_top])
+qed
+
+lemma bounded_set_def2:
+ assumes "A \<subseteq> S"
+ shows "bounded_set A \<longleftrightarrow> (\<exists>e. \<forall>x\<in>A. \<forall>y\<in>A. dist x y < e)"
+ using assms by(fastforce simp: bounded_set_def2')
+
+lemma bounded_set_def3':
+ assumes "S \<noteq> {}"
+ shows "bounded_set A \<longleftrightarrow> (\<exists>e. \<exists>x\<in>S. \<forall>y\<in>A\<inter>S. dist x y < e)"
+ unfolding bounded_set_def2'
+proof
+ assume h:"\<exists>e. \<forall>x\<in>A \<inter> S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ obtain s where [simp]:"s \<in> S" using assms by auto
+ consider "A \<inter> S = {}" | "A \<inter> S \<noteq> {}" by auto
+ then show "\<exists>e. \<exists>x\<in>S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto intro!: exI[where x=0] exI[where x=s])
+ next
+ case 2
+ then obtain sa where [simp]:"sa \<in> A" "sa \<in> S" by auto
+ obtain e where "\<forall>x\<in>A \<inter> S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ using h by auto
+ then show ?thesis
+ by(auto intro!: exI[where x=e] bexI[where x=sa])
+ qed
+next
+ assume "\<exists>e. \<exists>x\<in>S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ then obtain e a where
+ [simp]:"a \<in> S" and hea:"\<And>y. y \<in> A \<Longrightarrow> y \<in> S \<Longrightarrow> dist a y < e" by auto
+ show "\<exists>e. \<forall>x\<in>A \<inter> S. \<forall>y\<in>A \<inter> S. dist x y < e"
+ proof(safe intro!: exI[where x="2*e"])
+ fix x y
+ assume [simp]:"x \<in> A" "x \<in> S" "y \<in> A" "y \<in> S"
+ show "dist x y < 2 * e"
+ using dist_tr[of x a y] hea[of x] hea[of y]
+ by(simp add: dist_sym[of x a])
+ qed
+qed
+
+lemma bounded_set_def4':
+ "bounded_set A \<longleftrightarrow> (\<exists>x e. A \<inter> S \<subseteq> open_ball x e)"
+proof
+ assume h:"bounded_set A"
+ consider "A \<inter> S = {}" | "A \<inter> S \<noteq> {}" by auto
+ then show "\<exists>x e. A \<inter> S \<subseteq> open_ball x e"
+ proof cases
+ case 1
+ then show ?thesis by auto
+ next
+ case 2
+ then have "\<exists>e. \<exists>x\<in>S. \<forall>y\<in>A\<inter>S. dist x y < e"
+ using bounded_set_def3' h by blast
+ then obtain e x where
+ [simp]: "x \<in> S" and hex: "\<And>y. y \<in> A \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < e"
+ by auto
+ thus ?thesis
+ by(auto intro!: exI[where x=x] exI[where x=e] simp:open_ball_def)
+ qed
+next
+ assume "\<exists>x e. A \<inter> S \<subseteq> open_ball x e"
+ then obtain a e where hxe:"A \<inter> S \<subseteq> open_ball a e" by auto
+ show "bounded_set A"
+ unfolding bounded_set_def2'
+ proof(safe intro!: exI[where x="2*e"])
+ fix x y
+ assume [simp]:"x \<in> A" "x \<in> S" "y \<in> A" "y \<in> S"
+ then have "x \<in> open_ball a e" "y \<in> open_ball a e"
+ using hxe by auto
+ hence "dist a x < e" "dist a y < e" "a \<in> S"
+ by(auto dest: open_ballD open_ballD')
+ thus "dist x y < 2 * e"
+ using dist_tr[of x a y] by(simp add: dist_sym[of x a])
+ qed
+qed
+
+lemma bounded_set_def4:
+ assumes "A \<subseteq> S"
+ shows "bounded_set A \<longleftrightarrow> (\<exists>x e. A \<subseteq> open_ball x e)"
+ using bounded_set_def4'[of A] assms by blast
+
+
+text \<open> Distance between a point and a set. \<close>
+definition dist_set :: "'a set \<Rightarrow> 'a \<Rightarrow> real" where
+"dist_set A \<equiv> (\<lambda>x. if A = {} then 0 else Inf {dist x y |y. y \<in> A})"
+
+lemma dist_set_geq0:
+ "dist_set A x \<ge> 0"
+proof -
+ have "{dist x y |y. y \<in> A} = dist x ` A" by auto
+ thus ?thesis
+ using dist_geq0[of x] by(auto simp: dist_set_def intro!: cINF_greatest[of _ _ "dist x"])
+qed
+
+lemma dist_set_bdd_below[simp]:
+ "bdd_below {dist x y |y. y \<in> A}"
+ by(auto simp: bdd_below_def dist_geq0 intro!: exI[where x=0])
+
+lemma dist_set_singleton[simp]:
+ "dist_set {y} x = dist x y"
+ by(auto simp: dist_set_def)
+
+lemma dist_set_singleton'[simp]:
+ "dist_set {y} = (\<lambda>x. dist x y)"
+ by auto
+
+lemma dist_set_empty[simp]:
+ "dist_set {} x = 0"
+ by(simp add: dist_set_def)
+
+lemma dist_set_nsubset0[simp]:
+ assumes "\<not> (A \<subseteq> S)"
+ shows "dist_set A x = 0"
+proof -
+ obtain a where "a \<in> A" "a \<notin> S"
+ using assms by auto
+ hence "A \<noteq> {}" "0 \<in> {dist x y |y. y \<in> A}"
+ using dist_notin'[of a x] by auto
+ thus ?thesis
+ using \<open>A \<noteq> {}\<close> dist_set_geq0[of A x] cInf_lower[OF \<open>0 \<in> {dist x y |y. y \<in> A}\<close>]
+ by(auto simp: dist_set_def)
+qed
+
+lemma dist_set_notin[simp]:
+ assumes "x \<notin> S"
+ shows "dist_set A x = 0"
+proof -
+ have "A \<noteq> {} \<Longrightarrow> {dist x y |y. y \<in> A} = {0}"
+ using dist_notin[OF \<open>x \<notin> S\<close>] by auto
+ thus ?thesis
+ by(simp add: dist_set_def)
+qed
+
+lemma dist_set_inA:
+ assumes "x \<in> A"
+ shows "dist_set A x = 0"
+proof(cases "A \<subseteq> S")
+ case h:True
+ hence "A \<noteq> {}" "0 \<in> {dist x y |y. y \<in> A}"
+ using dist_0[of x x] assms by force+
+ thus ?thesis
+ using cInf_lower[OF \<open>0 \<in> {dist x y |y. y \<in> A}\<close>] dist_set_geq0[of A x]
+ by(auto simp: dist_set_def)
+qed (simp add: dist_geq0)
+
+lemma dist_set_nzeroD:
+ assumes "dist_set A x \<noteq> 0"
+ shows "A \<subseteq> S" "x \<notin> A"
+ by(rule ccontr, use assms dist_set_inA in auto)
+
+lemma dist_set_antimono:
+ assumes "A \<subseteq> B" "A \<noteq> {}"
+ shows "dist_set B x \<le> dist_set A x"
+proof(cases "B = {}")
+ case h:False
+ with assms have "{dist x y |y. y \<in> B} \<noteq> {}" "{dist x y |y. y \<in> A} \<subseteq> {dist x y |y. y \<in> B}"
+ by auto
+ thus ?thesis
+ by(simp add: dist_set_def cInf_superset_mono assms(2))
+qed(use assms in simp)
+
+lemma dist_set_bounded:
+ assumes "\<And>y. y \<in> A \<Longrightarrow> dist x y < K" "K > 0"
+ shows "dist_set A x < K"
+proof(cases "A = {}")
+ case True
+ then show ?thesis
+ by(simp add: assms)
+next
+ case 1:False
+ then have 2:"{dist x y |y. y \<in> A} \<noteq> {}" by auto
+ show ?thesis
+ using assms by (auto simp add: dist_set_def cInf_lessD[OF 2] cInf_less_iff[OF 2])
+qed
+
+lemma dist_set_tr:
+ assumes "x \<in> S" "y \<in> S"
+ shows "dist_set A x \<le> dist x y + dist_set A y"
+proof(cases "A \<subseteq> S")
+ case h:True
+ consider "A = {}" | "A \<noteq> {}" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(simp add: dist_set_def dist_geq0)
+ next
+ case 2
+ have "dist_set A x \<le> Inf {dist x y + dist y a |a. a\<in>A}"
+ proof -
+ have "\<Sqinter> {dist x y |y. y \<in> A} \<le> \<Sqinter> {dist x y + dist y a |a. a \<in> A}"
+ proof(rule cInf_mono)
+ fix b
+ assume "b \<in> {dist x y + dist y a |a. a \<in> A}"
+ then obtain a where "a \<in> A" "b = dist x y + dist y a"
+ by auto
+ thus "\<exists>a\<in>{dist x y |y. y \<in> A}. a \<le> b"
+ using h assms by(auto intro!: exI[where x="dist x a"] dist_tr)
+ qed(simp_all add: 2)
+ thus ?thesis
+ by(simp add: dist_set_def 2)
+ qed
+ also have "... = dist x y + Inf {dist y a |a. a\<in>A}"
+ proof -
+ have "ereal (Inf {dist x y + dist y a |a. a\<in>A}) = ereal (dist x y + Inf {dist y a |a. a\<in>A})"
+ (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = Inf (ereal ` {(dist x y + dist y a) |a. a\<in>A})"
+ using dist_geq0 by(auto intro!: ereal_Inf' bdd_belowI[where m=0] simp: 2)
+ also have "... = Inf {ereal (dist x y + dist y a) |a. a\<in>A}"
+ proof -
+ have "ereal ` {(dist x y + dist y a) |a. a\<in>A} = {ereal (dist x y + dist y a) |a. a\<in>A}"
+ by auto
+ thus ?thesis by simp
+ qed
+ also have "... = (\<Sqinter>a\<in>A. ereal (dist x y) + ereal (dist y a))"
+ by (simp add: Setcompr_eq_image)
+ also have "... = ereal (dist x y) + (\<Sqinter>a\<in>A. ereal (dist y a))"
+ by(rule INF_ereal_add_right) (use 2 dist_geq0 in auto)
+ also have "... = ereal (dist x y) + (\<Sqinter> (ereal ` {dist y a | a. a \<in> A}))"
+ by (simp add: Setcompr_eq_image image_image)
+ also have "... = ereal (dist x y) + ereal (Inf {dist y a |a. a\<in>A})"
+ proof -
+ have "ereal (Inf {dist y a |a. a\<in>A}) = (\<Sqinter> (ereal ` {dist y a | a. a \<in> A}))"
+ using dist_geq0 by(auto intro!: ereal_Inf' simp: 2)
+ thus ?thesis by simp
+ qed
+ also have "... = ?rhs" by simp
+ finally show ?thesis .
+ qed
+ thus ?thesis by simp
+ qed
+ also have "... = dist x y + dist_set A y"
+ by(simp add: 2 dist_set_def)
+ finally show ?thesis .
+ qed
+qed (simp add: dist_geq0)
+
+lemma dist_set_abs_le:
+ assumes "x \<in> S" "y \<in> S"
+ shows "\<bar>dist_set A x - dist_set A y\<bar> \<le> dist x y"
+ using dist_set_tr[OF assms,of A] dist_set_tr[OF assms(2,1),of A,simplified dist_sym[of y x]]
+ by auto
+
+lemma dist_set_inA_le:
+ assumes "y \<in> A"
+ shows "dist_set A x \<le> dist x y"
+proof -
+ consider "x \<notin> S \<or> y \<notin> S" | "x \<in> S \<and> y \<in> S" by auto
+ thus ?thesis
+ proof cases
+ case 1
+ have "y \<notin> S \<Longrightarrow> \<not> (A \<subseteq> S)"
+ using assms by auto
+ with 1 dist_geq0 show ?thesis
+ by auto
+ next
+ case 2
+ with dist_set_tr[of x y A] dist_set_inA[OF assms]
+ show ?thesis by simp
+ qed
+qed
+
+lemma dist_set_ball_open:
+ "openin mtopology {x\<in>S. dist_set A x < \<epsilon>}"
+ unfolding mtopology_openin_iff
+proof safe
+ fix x
+ assume h:"x \<in> S" "dist_set A x < \<epsilon>"
+ show "\<exists>\<epsilon>'>0. open_ball x \<epsilon>' \<subseteq> {x \<in> S. dist_set A x < \<epsilon>}"
+ proof(safe intro!: exI[where x="\<epsilon> - dist_set A x"])
+ fix y
+ assume h':"y \<in> open_ball x (\<epsilon> - dist_set A x)"
+ have "dist_set A y \<le> dist x y + dist_set A x"
+ by(rule dist_set_tr[OF open_ballD'(1)[OF h'] h(1),simplified dist_sym[of y x]])
+ also have "... < \<epsilon>"
+ using open_ballD[OF h'] by auto
+ finally show "dist_set A y < \<epsilon>" .
+ qed(use h open_ballD'(1) in auto)
+qed
+
+lemma dist_set_ball_empty:
+ assumes "A \<noteq> {}" "A \<subseteq> S" "e > 0" "x \<in> S" "open_ball x e \<inter> A = {}"
+ shows "dist_set A x \<ge> e"
+ using assms by(auto simp: dist_set_def assms(1) le_cInf_iff intro!: open_ball_nin_le[OF assms(4,3)])
+
+lemma dist_set_closed_ge0:
+ assumes "closedin mtopology A" "A \<noteq> {}" "x \<in> S" "x \<notin> A"
+ shows "dist_set A x > 0"
+proof -
+ have a:"A \<subseteq> S" "openin mtopology (S - A)"
+ using closedin_subset[OF assms(1)] assms(1)
+ by(auto simp: closedin_def mtopology_topspace)
+ with assms(3,4) obtain e where e: "e > 0" "open_ball x e \<subseteq> S - A"
+ by(auto simp: mtopology_openin_iff) (meson Diff_iff)
+ thus ?thesis
+ by(auto intro!: order.strict_trans2[OF e(1) dist_set_ball_empty[OF assms(2) a(1) e(1) assms(3)]])
+qed
+
+lemma g_delta_of_closed:
+ assumes "closedin mtopology M"
+ shows "g_delta_of mtopology M"
+proof(cases "M = {}")
+ case True
+ then show ?thesis by simp
+next
+ case M_ne:False
+ have "M \<subseteq> S"
+ using assms mtopology_topspace by (simp add: closedin_def)
+ define U where "U \<equiv> (\<lambda>n. {x\<in>S. dist_set M x < 1 / real n})"
+ define \<U> where "\<U> \<equiv> {U n| n. n > 0}"
+ have mun:"M \<subseteq> U n" if "n > 0" for n
+ using dist_set_inA[of _ M] that \<open>M \<subseteq> S\<close> by(auto simp: U_def)
+ show ?thesis
+ proof(rule g_delta_ofI[of "\<U>"])
+ show "\<U> \<noteq> {}"
+ by(auto simp: \<U>_def)
+ next
+ have "\<U> = U ` {0<..}" by(auto simp: \<U>_def)
+ thus "countable \<U>" by simp
+ next
+ fix b
+ assume "b \<in> \<U>"
+ then show "openin mtopology b"
+ using dist_set_ball_open by(auto simp: \<U>_def U_def)
+ next
+ show "M = \<Inter> \<U>"
+ proof(standard;standard)
+ fix x
+ assume "x \<in> M"
+ with mun
+ show "x \<in> \<Inter> \<U>"
+ by(auto simp: \<U>_def)
+ next
+ fix x
+ assume "x \<in> \<Inter> \<U>"
+ then have "Inf {dist x m|m. m\<in>M} < 1 / real n" if "n > 0" for n
+ using that by(auto simp: \<U>_def U_def M_ne dist_set_def)
+ hence 1:"Inf {dist x m|m. m\<in>M} < 1 / real (Suc n)" for n
+ by blast
+ have "\<exists>m\<in>M. dist x m < 1 / real (Suc n)" for n
+ using 1[of n] cInf_less_iff[of "{dist x m |m. m \<in> M}" "1 / real (Suc n)"] M_ne
+ by auto
+ then obtain m where hm: "\<And>n. m n \<in> M" "\<And>n. dist x (m n) < 1 / real (Suc n)"
+ by metis
+ hence "m \<in> UNIV \<rightarrow> M" by auto
+ have "converge_to_inS m x"
+ unfolding converge_to_inS_def2
+ proof safe
+ show "\<And>x. m x \<in> S" "x \<in> S"
+ using \<open>x \<in> \<Inter> \<U>\<close> \<open>m \<in> UNIV \<rightarrow> M\<close> \<open>M \<subseteq> S\<close>
+ by(auto simp: \<U>_def U_def)
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where hN: "1 / real (Suc N) < \<epsilon>"
+ using nat_approx_posE by blast
+ show "\<exists>N. \<forall>n\<ge>N. dist (m n) x < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then have "1 / real (Suc n) \<le> 1 / real (Suc N)"
+ by (simp add: frac_le)
+ from order.strict_trans1[OF this hN] hm(2)[of n]
+ show "dist (m n) x < \<epsilon>"
+ by(simp add: dist_sym[of x])
+ qed
+ qed
+ thus "x \<in> M"
+ using assms[simplified mtopology_closedin_iff] \<open>m \<in> UNIV \<rightarrow> M\<close>
+ by simp
+ qed
+ qed
+qed
+
+text \<open> Oscillation\<close>
+definition osc_on :: "['b set, 'b topology, 'b \<Rightarrow> 'a, 'b] \<Rightarrow> ennreal" where
+"osc_on A X f \<equiv> (\<lambda>y. \<Sqinter> {diam (f ` (A \<inter> U)) |U. y \<in> U \<and> openin X U})"
+
+abbreviation "osc X \<equiv> osc_on (topspace X) X"
+
+lemma osc_def: "osc X f = (\<lambda>y. \<Sqinter> {diam (f ` U) |U. y \<in> U \<and> openin X U})"
+ by(standard,auto simp: osc_on_def) (metis (no_types, opaque_lifting) inf.absorb2 openin_subset)
+
+lemma osc_on_less_iff:
+ "osc_on A X f x < t \<longleftrightarrow> (\<exists>v. x \<in> v \<and> openin X v \<and> diam (f ` (A \<inter> v)) < t)"
+ by(auto simp add: osc_on_def Inf_less_iff)
+
+lemma osc_less_iff:
+ "osc X f x < t \<longleftrightarrow> (\<exists>v. x \<in> v \<and> openin X v \<and> diam (f ` v) < t)"
+ by(auto simp add: osc_def Inf_less_iff)
+
+definition sequentially_compact :: bool where
+"sequentially_compact \<longleftrightarrow> (\<forall>xn\<in>sequence. \<exists>a. strict_mono a \<and> convergent_inS (xn \<circ> a))"
+
+definition eps_net_on :: "'a set \<Rightarrow> real \<Rightarrow> 'a set \<Rightarrow> bool" where
+"eps_net_on B \<epsilon> A \<longleftrightarrow> \<epsilon> > 0 \<and> finite A \<and> A \<subseteq> S \<and> B \<subseteq> (\<Union>a\<in>A. open_ball a \<epsilon>)"
+
+abbreviation "eps_net \<equiv> eps_net_on S"
+
+lemma eps_net_def: "eps_net \<epsilon> A \<longleftrightarrow> \<epsilon> > 0 \<and> finite A \<and> A \<subseteq> S \<and> S = \<Union> ((\<lambda>a. open_ball a \<epsilon>) ` A)"
+ using open_ball_subset_ofS by(auto simp: eps_net_on_def)
+
+lemma eps_net_onD:
+ assumes "eps_net_on B e A"
+ shows "e > 0" "finite A" "A \<subseteq> S" "B \<subseteq> (\<Union>a\<in>A. open_ball a e)" "B \<subseteq> S"
+ using assms open_ball_subset_ofS by(auto simp: eps_net_on_def) blast
+
+lemma eps_netD:
+ assumes "eps_net \<epsilon> A"
+ shows "\<epsilon> > 0" "finite A" "A \<subseteq> S" "S = \<Union> ((\<lambda>a. open_ball a \<epsilon>) ` A)"
+ using assms by(auto simp: eps_net_def)
+
+lemma eps_net_le:
+ assumes "eps_net e A" "e \<le> e'"
+ shows "eps_net e' A"
+ using assms open_ball_le[OF assms(2)] open_ballD'(1)
+ by(auto simp: eps_net_def) blast
+
+definition totally_bounded_on :: "'a set \<Rightarrow> bool" where
+"totally_bounded_on B \<longleftrightarrow> (\<forall>e>0. \<exists>A. eps_net_on B e A)"
+
+abbreviation "totally_boundedS \<equiv> totally_bounded_on S"
+
+lemma totally_boundedS_def: "totally_boundedS \<longleftrightarrow> (\<forall>e>0. \<exists>A. eps_net e A)"
+ by(auto simp: totally_bounded_on_def)
+
+lemma totally_bounded_onD_sub:
+ assumes "totally_bounded_on B"
+ shows "B \<subseteq> S"
+ by (meson assms eps_net_onD(5) gt_ex totally_bounded_on_def)
+
+lemma totally_bounded_onD:
+ assumes "totally_bounded_on B" "e > 0"
+ obtains A where "finite A" "A \<subseteq> S" "B \<subseteq> (\<Union>a\<in>A. open_ball a e)"
+ by (metis assms that eps_net_on_def totally_bounded_on_def)
+
+lemma totally_boundedSD:
+ assumes totally_boundedS "e > 0"
+ obtains A where "finite A" "A \<subseteq> S" "S = (\<Union>a\<in>A. open_ball a e)"
+ by (metis assms that eps_net_def totally_boundedS_def)
+
+lemma totally_bounded_on_iff:
+"totally_bounded_on B \<longleftrightarrow> B \<subseteq> S \<and> (\<forall>xn\<in>(UNIV :: nat set) \<rightarrow> B. \<exists>a. strict_mono a \<and> Cauchy_inS (xn \<circ> a))"
+proof safe
+ fix xn :: "nat \<Rightarrow> 'a"
+ assume h:"totally_bounded_on B" "xn \<in> UNIV \<rightarrow> B"
+ then have h': "B \<subseteq> S"
+ by (auto dest: totally_bounded_onD_sub)
+ have 1: "\<exists>b::nat \<Rightarrow> nat. strict_mono b \<and> (\<forall>n m. dist (yn (b n)) (yn (b m)) < e)" if "yn \<in> UNIV \<rightarrow> B" "e > 0" for e yn
+ proof -
+ obtain A where A: "finite A" "A \<subseteq> S" "B \<subseteq> (\<Union>a\<in>A. open_ball a (e/2))"
+ using totally_bounded_onD[OF h(1) half_gt_zero[OF \<open>e > 0\<close>]] by metis
+ have "\<not> (\<forall>a\<in>A. finite {n. yn n \<in> open_ball a (e/2)})"
+ proof
+ assume "\<forall>a\<in>A. finite {n. yn n \<in> open_ball a (e/2)}"
+ then have "finite (\<Union>a\<in>A. {n. yn n \<in> open_ball a (e/2)})"
+ using A by auto
+ moreover have "UNIV = (\<Union>a\<in>A. {n. yn n \<in> open_ball a (e/2)})"
+ using that(1) A(3) by auto
+ ultimately show False by simp
+ qed
+ then obtain a where a:"a \<in> A" "infinite {n. yn n \<in> open_ball a (e/2)}"
+ by auto
+ then obtain b where b:"strict_mono b" "\<And>n::nat. yn (b n) \<in> open_ball a (e/2)"
+ using obtain_subsequence[of "\<lambda>_ ynn. ynn \<in> open_ball a (e/2)" yn] by auto
+ show ?thesis
+ using a A by(auto intro!: exI[where x=b] b order.strict_trans1[OF dist_tr[OF open_ballD'(1)[OF b(2)] _ open_ballD'(1)[OF b(2)],of a] add_strict_mono[OF open_ballD[OF b(2),simplified dist_sym[of a]] open_ballD[OF b(2)]],simplified])
+ qed
+
+ define anm where "anm \<equiv> rec_nat (xn \<circ> (SOME b::nat \<Rightarrow> nat. strict_mono b \<and> (\<forall>n m. dist (xn (b n)) (xn (b m)) < 1))) (\<lambda>n an. an \<circ> (SOME b. strict_mono b \<and> (\<forall>l k. dist (an (b l)) (an (b k)) < 1 / Suc (Suc n))))"
+ have anm_Suc:"anm (Suc n) = anm n \<circ> (SOME b. strict_mono b \<and> (\<forall>l k. dist (anm n (b l)) (anm n (b k)) < 1 / Suc (Suc n)))" for n
+ by(simp add: anm_def)
+ have anm1:"anm n \<in> UNIV \<rightarrow> B \<and> (\<forall>l k. dist (anm n l) (anm n k) < 1 / Suc n)" for n
+ proof(induction n)
+ case 0
+ obtain b ::"nat \<Rightarrow> nat" where b:"strict_mono b" "\<forall>l k. dist (xn (b l)) (xn (b k)) < 1"
+ using 1[OF h(2),of 1] by auto
+ show ?case
+ by(simp add: anm_def,rule someI2[where a=b]) (use b h(2) in auto)
+ next
+ case ih:(Suc n')
+ obtain b ::"nat \<Rightarrow> nat" where b:"strict_mono b" "\<forall>l k. dist (anm n' (b l)) (anm n' (b k)) < 1 / real (Suc (Suc n'))"
+ using 1[of "anm n'" "1 / Suc (Suc n')"] ih by auto
+ show ?case
+ by(simp only: anm_Suc,rule someI2[where a=b]) (use ih b in auto)
+ qed
+
+ define bnm :: "nat \<Rightarrow> nat \<Rightarrow> nat" where "bnm \<equiv> rec_nat (SOME b. strict_mono b \<and> anm 0 = xn \<circ> b) (\<lambda>n bn. SOME b. strict_mono b \<and> anm (Suc n) = anm n \<circ> b)"
+ have bnm_Suc:"bnm (Suc n) = (SOME b. strict_mono b \<and> anm (Suc n) = anm n \<circ> b)" for n
+ by(simp add: bnm_def)
+ have bnm0:"strict_mono (bnm 0) \<and> anm 0 = xn \<circ> (bnm 0)"
+ proof -
+ have b0:"\<exists>b::nat \<Rightarrow> nat. strict_mono b \<and> anm 0 = xn \<circ> b"
+ proof -
+ obtain b ::"nat \<Rightarrow> nat" where b:"strict_mono b" "\<forall>l k. dist (xn (b l)) (xn (b k)) < 1"
+ using 1[OF h(2),of 1] by auto
+ show ?thesis
+ by(simp add: anm_def,rule someI2[where a=b],auto simp: b)
+ qed
+ thus ?thesis
+ unfolding bnm_def by(simp,rule someI_ex)
+ qed
+ have bnm_S: "strict_mono (bnm (Suc n)) \<and> anm (Suc n) = anm n \<circ> (bnm (Suc n))" for n
+ proof -
+ have bn:"\<exists>b::nat \<Rightarrow> nat. strict_mono b \<and> anm (Suc m) = anm m \<circ> b" for m
+ proof -
+ obtain b ::"nat \<Rightarrow> nat" where b:"strict_mono b" "\<forall>l k. dist (anm m (b l)) (anm m (b k)) < 1 / real (Suc (Suc m))"
+ using 1[of "anm m" "1 / Suc (Suc m)"] anm1 by auto
+ show ?thesis
+ by(simp only: anm_Suc,rule someI2[where a=b]) (auto simp: b[simplified])
+ qed
+ thus ?thesis
+ by(simp add: bnm_Suc, rule someI_ex)
+ qed
+ define bnm_r where "bnm_r \<equiv> rec_nat (bnm 0) (\<lambda>n bn. bn \<circ> (bnm (Suc n)))"
+ have bnm_r_Suc: "bnm_r (Suc n) = bnm_r n \<circ> (bnm (Suc n))" for n
+ by(simp add: bnm_r_def)
+ have anm_bnm_r:"anm n = xn \<circ> (bnm_r n)" for n
+ by(induction n,simp add: bnm0 bnm_r_def) (auto simp: bnm_S bnm_r_Suc)
+ have bnm_r_sm:"strict_mono (bnm_r n)" for n
+ by(induction n, simp add: bnm0 bnm_r_def) (insert bnm_S, auto simp: bnm_r_Suc strict_mono_def)
+ have bnm_r_Suc_le:"bnm_r n l \<le> bnm_r (Suc n) l" for l n
+ using bnm_S bnm_r_sm by(auto simp: bnm_r_Suc strict_mono_imp_increasing strict_mono_leD)
+ have sm:"strict_mono (\<lambda>n. bnm_r n n)"
+ by(auto simp add: strict_mono_Suc_iff) (meson lessI order_le_less_trans strict_monoD bnm_r_sm bnm_r_Suc_le)
+ have bnm_r_de:"\<exists>l. bnm_r (n + k) = bnm_r n \<circ> l" for n k
+ by(induction k) (auto simp: bnm_r_Suc)
+ show "\<exists>a::nat \<Rightarrow> nat. strict_mono a \<and> Cauchy_inS (xn \<circ> a)"
+ unfolding Cauchy_inS_def
+ proof(safe intro!: exI[where x="\<lambda>n. bnm_r n n"] sm)
+ fix e :: real
+ assume "e > 0"
+ then obtain N where N:"1 / Suc N < e"
+ using nat_approx_posE by blast
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist ((xn \<circ> (\<lambda>n. bnm_r n n)) n) ((xn \<circ> (\<lambda>n. bnm_r n n)) m) < e"
+ proof(safe intro!: exI[where x=N])
+ fix n m
+ assume "N \<le> n" "N \<le> m"
+ then have "n = N + (n - N)" "m = N + (m - N)" by auto
+ then obtain l1 l2 where l:"bnm_r n = bnm_r N \<circ> l1" "bnm_r m = bnm_r N \<circ> l2"
+ by (metis bnm_r_de)
+ have "dist (xn (bnm_r n n)) (xn (bnm_r m m)) = dist (anm N (l1 n)) (anm N (l2 m))"
+ by(simp add: l anm_bnm_r)
+ also have "... < 1 / Suc N"
+ using anm1 by auto
+ finally show "dist ((xn \<circ> (\<lambda>n. bnm_r n n)) n) ((xn \<circ> (\<lambda>n. bnm_r n n)) m) < e"
+ using N by simp
+ qed
+ qed(use h h' in auto)
+next
+ assume h:"\<forall>xn\<in>(UNIV :: nat set) \<rightarrow> B. \<exists>a. strict_mono a \<and> Cauchy_inS (xn \<circ> a)" "B \<subseteq> S"
+ show "totally_bounded_on B"
+ proof(rule ccontr)
+ assume "\<not> totally_bounded_on B"
+ then obtain e where e:"e > 0" "\<And>A. \<not> eps_net_on B e A"
+ by(auto simp: totally_bounded_on_def)
+ have A:"\<not> B \<subseteq> (\<Union>a\<in>A. open_ball a e)" if "finite A" for A
+ proof -
+ have [simp]:"(\<Union>a\<in>A. open_ball a e) = (\<Union>a\<in>A\<inter> S. open_ball a e)"
+ using Collect_cong IntD1 IntI Sup_set_def UN_iff open_ballD'(2) by auto
+ have "finite (A \<inter> S)" using that by auto
+ thus ?thesis
+ using e by(auto simp: eps_net_on_def)
+ qed
+ obtain a0 where a0:"a0 \<in> B"
+ using A by fastforce
+ define xnl where "xnl \<equiv> rec_nat [a0] (\<lambda>n ln. (SOME x. x \<in> B \<and> x \<notin> (\<Union>a\<in>set ln. open_ball a e)) # ln)"
+ have xnl_Suc:"xnl (Suc n) = (SOME x. x \<in> B \<and> x \<notin> (\<Union>a\<in>set (xnl n). open_ball a e)) # xnl n" for n
+ by(simp add: xnl_def)
+ define xn where "xn = (\<lambda>n. (xnl n) ! 0)"
+ have xn:"xn (Suc n) \<in> B \<and> xn (Suc n) \<notin> (\<Union>a\<in>set (xnl n). open_ball a e)" for n
+ proof -
+ have "\<exists>y. y \<in> B \<and> (\<forall>x\<in>set (xnl n). y \<notin> open_ball x e)"
+ using A[OF finite_set] by fastforce
+ thus ?thesis
+ by(simp add: xn_def xnl_Suc,rule someI_ex)
+ qed
+ have xn0:"xn 0 \<in> B"
+ by(auto simp: xnl_def xn_def a0)
+ with xn have xns:"xn \<in> UNIV \<rightarrow> B"
+ by auto (metis old.nat.exhaust)
+ have xnll:"length (xnl n) = Suc n" for n
+ by(induction n) (simp add: xnl_def, auto simp: xnl_Suc)
+ have xnin:"xn m \<in> set (xnl (m + k))" for m k
+ by(induction k) (auto simp: xn_def xnl_Suc xnll intro!: nth_mem)
+ obtain a where a:"strict_mono a" "Cauchy_inS (xn \<circ> a)"
+ using h xns by auto
+ then obtain N where "\<And>n m. n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> dist (xn (a n)) (xn (a m)) < e"
+ using e Cauchy_inS_def by fastforce
+ hence e1:"dist (xn (a N)) (xn (a (Suc N))) < e"
+ by auto
+ have "xn (a (Suc N)) \<notin> (\<Union>a\<in>set (xnl (a (Suc N) - 1)). open_ball a e)"
+ by (metis a(1) diff_Suc_1 le_0_eq not0_implies_Suc strict_mono_less_eq xn zero_le)
+ moreover have "xn (a N) \<in> set (xnl (a (Suc N) - 1))"
+ using a(1)[simplified strict_mono_Suc_iff] xnin[of "a N" "a (Suc N) - a N - 1"]
+ by (simp add: Suc_leI)
+ ultimately have "xn (a (Suc N)) \<notin> open_ball (xn (a N)) e"
+ by auto
+ from open_ball_nin_le[OF _ e(1) _ this] xns e1 h(2)
+ show False by auto
+ qed
+qed(auto dest: totally_bounded_onD_sub)
+
+corollary totally_boundedS_iff: "totally_boundedS \<longleftrightarrow> (\<forall>xn\<in>sequence. \<exists>a. strict_mono a \<and> Cauchy_inS (xn \<circ> a))"
+ by(auto simp: totally_bounded_on_iff)
+
+text \<open> Metric embedding\<close>
+definition embed_dist_on :: "['b set, 'b \<Rightarrow> 'a, 'b, 'b] \<Rightarrow> real" where
+"embed_dist_on B f a b \<equiv> (if a \<in> B \<and> b \<in> B then dist (f a) (f b) else 0)"
+
+context
+ fixes f B
+ assumes f: "f \<in> B \<rightarrow> S" "inj_on f B"
+begin
+
+abbreviation "ed \<equiv> embed_dist_on B f"
+
+lemma embed_dist_dist: "metric_set B (embed_dist_on B f)"
+proof
+ fix x y
+ assume "x \<in> B" "y \<in> B"
+ then show "x = y \<longleftrightarrow> embed_dist_on B f x y = 0"
+ using inj_onD[OF f(2)] dist_0[of "f x" "f y"] f(1)
+ by(auto simp: embed_dist_on_def)
+next
+ fix x y
+ show "embed_dist_on B f x y = embed_dist_on B f y x"
+ by(simp add: embed_dist_on_def dist_sym[of "f x" "f y"])
+next
+ fix x y z
+ assume "x \<in> B" "y \<in> B" "z \<in> B"
+ then show "embed_dist_on B f x z \<le> embed_dist_on B f x y + embed_dist_on B f y z"
+ using dist_tr[of "f x" "f y" "f z"] f(1) by(auto simp: embed_dist_on_def)
+qed(simp_all add: embed_dist_on_def dist_geq0)
+
+interpretation ed : metric_set B ed
+ by(rule embed_dist_dist)
+
+lemma embed_dist_open_ball:
+ assumes "a \<in> B"
+ shows"f ` (ed.open_ball a e) = open_ball (f a) e \<inter> f ` B"
+ using assms f by(auto simp: ed.open_ball_def open_ball_def embed_dist_on_def)
+
+lemma embed_dist_closed_ball:
+ assumes "a \<in> B"
+ shows"f ` (ed.closed_ball a e) = closed_ball (f a) e \<inter> f ` B"
+ using assms f by(auto simp: ed.closed_ball_def closed_ball_def embed_dist_on_def)
+
+lemma embed_dist_topology_homeomorphic_maps:
+ assumes g1:"\<And>x. x \<in> B \<Longrightarrow> g (f x) = x"
+ shows "homeomorphic_maps ed.mtopology (subtopology mtopology (f ` B)) f g"
+proof -
+ have g2: "\<And>x. x \<in> f ` B \<Longrightarrow> f (g x) = x" "g \<in> (f ` B) \<rightarrow> B"
+ by(auto simp: g1)
+ show ?thesis
+ unfolding homeomorphic_maps_def mtopology_topspace ed.mtopology_topspace
+ proof safe
+ show "continuous_map ed.mtopology (subtopology mtopology (f ` B)) f"
+ unfolding mtopology_def2 subtopology_generated_by
+ proof(rule continuous_on_generated_topo)
+ show "\<And>U. U \<in> {f ` B \<inter> U |U. U \<in> {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}} \<Longrightarrow> openin ed.mtopology (f -` U \<inter> topspace ed.mtopology)"
+ unfolding ed.mtopology_topspace
+ proof safe
+ fix a and e :: real
+ assume h:"a \<in> S" "0 < e"
+ have 1:"(f -` (f ` B \<inter> open_ball a e) \<inter> B) = f -` open_ball a e \<inter> B" by blast
+ show "openin ed.mtopology (f -` (f ` B \<inter> open_ball a e) \<inter> B)"
+ unfolding 1 ed.mtopology_openin_iff
+ proof safe
+ fix x
+ assume h':"x \<in> B" "f x \<in> open_ball a e"
+ then obtain e' where e':"e' > 0" "open_ball (f x) e' \<subseteq> open_ball a e"
+ using mtopology_open_ball_in' by blast
+ show "\<exists>\<epsilon>>0. ed.open_ball x \<epsilon> \<subseteq> f -` open_ball a e \<inter> B"
+ proof(safe intro!: exI[where x=e'])
+ fix y
+ assume "y \<in> ed.open_ball x e'"
+ with e'(2) show "y \<in> f -` open_ball a e"
+ using embed_dist_open_ball[OF h'(1),of e'] by blast
+ qed(use e' ed.open_ball_subset_ofS in auto)
+ qed
+ qed
+ next
+ show "f ` topspace ed.mtopology \<subseteq> \<Union> {f ` B \<inter> U |U. U \<in> {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}} "
+ by(auto simp: ed.mtopology_topspace) (metis (mono_tags, opaque_lifting) IntE IntI closed_ball_def ed.closed_ball_ina ed.dist_set_geq0 ed.dist_set_inA embed_dist_closed_ball ennreal_le_epsilon ennreal_zero_less_top image_eqI le_zero_eq not_gr_zero open_ballD'(2) open_ball_ina open_ball_le_0)
+ qed
+ next
+ show "continuous_map (subtopology mtopology (f ` B)) ed.mtopology g"
+ unfolding ed.mtopology_def2
+ proof(rule continuous_on_generated_topo)
+ show "\<And>U. U \<in> {ed.open_ball a \<epsilon> |a \<epsilon>. a \<in> B \<and> 0 < \<epsilon>} \<Longrightarrow> openin (subtopology mtopology (f ` B)) (g -` U \<inter> topspace (subtopology mtopology (f ` B)))"
+ proof safe
+ fix a and e :: real
+ assume h: "a \<in> B" "0 < e"
+ then have 1: "g -` ed.open_ball a e \<inter> (S \<inter> f ` B) = open_ball (f a) e \<inter> f ` B"
+ using f(1) g1 g2 by(auto simp: ed.open_ball_def open_ball_def embed_dist_on_def)
+ show "openin (subtopology mtopology (f ` B)) (g -` ed.open_ball a e \<inter> (topspace (subtopology mtopology (f ` B))))"
+ by(auto simp: 1 openin_subtopology openin_open_ball mtopology_topspace intro!: exI[where x="open_ball (f a) e"])
+ qed
+ show "g ` topspace (subtopology mtopology (f ` B)) \<subseteq> \<Union> {ed.open_ball a \<epsilon> |a \<epsilon>. a \<in> B \<and> 0 < \<epsilon>}"
+ by(auto simp: mtopology_topspace) (metis ed.mtopology_openin_iff ed.open_ball_ina ed.openin_S g1)
+ qed
+ qed(use g1 g2 in auto)
+qed
+
+lemma embed_dist_topology_homeomorphic_map:
+ "homeomorphic_map ed.mtopology (subtopology mtopology (f ` B)) f"
+proof -
+ define g where "g \<equiv> (\<lambda>y. THE x. x \<in> B \<and> f x = y)"
+ have g1: "g (f b) = b" if "b \<in> B" for b
+ unfolding g_def by(rule theI2[of _ b]) (insert that f(2), auto simp: inj_on_def)
+ thus ?thesis
+ using embed_dist_topology_homeomorphic_maps homeomorphic_map_maps by blast
+qed
+
+corollary embed_dist_topology_homeomorphic:
+ "ed.mtopology homeomorphic_space (subtopology mtopology (f ` B))"
+ using embed_dist_topology_homeomorphic_map
+ by(rule homeomorphic_map_imp_homeomorphic_space)
+
+corollary embed_dist_topology_homeomorphic_map':
+ assumes "f ` B = S"
+ shows "homeomorphic_map ed.mtopology mtopology f"
+ using embed_dist_topology_homeomorphic_map[simplified assms]
+ by(simp add:subtopology_topspace[of mtopology, simplified mtopology_topspace])
+
+corollary embed_dist_topology_homeomorphic':
+ assumes "f ` B = S"
+ shows "ed.mtopology homeomorphic_space mtopology"
+ using embed_dist_topology_homeomorphic_map'[OF assms]
+ by(rule homeomorphic_map_imp_homeomorphic_space)
+
+lemma embed_dist_converge_to_inS_iff:
+ "ed.converge_to_inS xn x \<longleftrightarrow> xn \<in> ed.sequence \<and> x \<in> B \<and> converge_to_inS (\<lambda>n. f (xn n)) (f x)"
+proof safe
+ assume h:"ed.converge_to_inS xn x"
+ then show h':"x \<in> B" "\<And>n. xn n \<in> B"
+ by(auto simp: ed.converge_to_inS_def)
+ thus "converge_to_inS (\<lambda>n. f (xn n)) (f x)"
+ using h f by(auto simp: converge_to_inS_def2 ed.converge_to_inS_def2 embed_dist_on_def)
+next
+ assume h:"xn \<in> ed.sequence" "x \<in> B" "converge_to_inS (\<lambda>n. f (xn n)) (f x)"
+ show "ed.converge_to_inS xn x"
+ using h f by(fastforce simp: ed.converge_to_inS_def2 h embed_dist_on_def converge_to_inS_def2)
+qed
+
+lemma embed_dist_convergent_inS_iff:
+ assumes "closedin mtopology (f ` B)"
+ shows "ed.convergent_inS xn \<longleftrightarrow> xn \<in> ed.sequence \<and> convergent_inS (\<lambda>n. f (xn n))"
+proof -
+ {
+ fix s
+ assume h:"xn \<in> ed.sequence" "converge_to_inS (\<lambda>n. f (xn n)) s"
+ with f have "(\<lambda>n. f (xn n)) \<in> UNIV \<rightarrow> f ` B" by auto
+ hence "s \<in> f ` B"
+ using assms h(2) by(auto simp: mtopology_closedin_iff)
+ hence "\<exists>b \<in> B. s = f b" by auto
+ }
+ thus ?thesis
+ using embed_dist_converge_to_inS_iff[of xn] f(1)
+ by(fastforce simp: ed.convergent_inS_def convergent_inS_def)
+qed
+
+lemma embed_dist_Cauchy_inS_iff:
+ "ed.Cauchy_inS xn \<longleftrightarrow> xn \<in> ed.sequence \<and> Cauchy_inS (\<lambda>n. f (xn n))"
+ using f(1) by(auto simp: ed.Cauchy_inS_def Cauchy_inS_def embed_dist_on_def; meson PiE UNIV_I)
+
+end
+
+end
+
+text \<open> Relations to elementary topology. \<close>
+lemma ball_def_set: "ball a \<epsilon> = metric_set.open_ball UNIV dist a \<epsilon>"
+ using metric_set.open_ball_def metric_class_metric_set
+ by fastforce
+
+lemma converge_to_def_set:
+ fixes xn :: "nat \<Rightarrow> ('a::metric_space)"
+ shows "xn \<longlonglongrightarrow> x \<longleftrightarrow> metric_set.converge_to_inS UNIV dist xn x"
+proof -
+ interpret m: metric_set UNIV dist
+ by simp
+ show ?thesis
+ by(simp add: lim_sequentially m.converge_to_inS_def)
+qed
+
+lemma the_limit_of_limit:
+ fixes xn :: "nat \<Rightarrow> ('a::metric_space)"
+ shows "metric_set.the_limit_of UNIV dist xn = lim xn"
+ by(simp add: metric_set.the_limit_of_def lim_def converge_to_def_set)
+
+lemma convergent_def_set:
+ fixes f :: "nat \<Rightarrow> ('a::metric_space)"
+ shows "convergent f \<longleftrightarrow> metric_set.convergent_inS UNIV dist f"
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ show "convergent f \<longleftrightarrow> m.convergent_inS f"
+ using converge_to_def_set[of f]
+ by(auto simp: convergent_def m.convergent_inS_def)
+qed
+
+lemma Cahuchy_def_set: "Cauchy f \<longleftrightarrow> metric_set.Cauchy_inS UNIV dist f"
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ show "Cauchy f = m.Cauchy_inS f"
+ by(simp add: Cauchy_def m.Cauchy_inS_def dist_real_def)
+qed
+
+lemma open_openin_set: "open U \<longleftrightarrow> openin (metric_set.mtopology UNIV dist) U"
+ (is "?LHS \<longleftrightarrow> ?RHS")
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ have "?LHS \<longleftrightarrow> (\<forall>x\<in>U. \<exists>e>0. ball x e \<subseteq> U)"
+ by(simp add: open_contains_ball)
+ also have "... \<longleftrightarrow> (\<forall>x\<in>U. \<exists>e>0. m.open_ball x e \<subseteq> U)"
+ by(simp add: ball_def_set)
+ also have "... \<longleftrightarrow> ?RHS"
+ by(simp add: m.mtopology_openin_iff[of U])
+ finally show ?thesis .
+qed
+
+lemma topological_basis_set: "topological_basis \<O> \<longleftrightarrow> metric_set.mtopology_basis UNIV dist \<O>"
+ (is "?LHS = ?RHS")
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ have "?LHS \<longleftrightarrow> (\<forall>b\<in>\<O>. open b) \<and> (\<forall>x. open x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x))"
+ by(simp add: topological_basis_def)
+ also have "... \<longleftrightarrow> (\<forall>b\<in>\<O>. openin m.mtopology b) \<and> (\<forall>x. openin m.mtopology x \<longrightarrow> (\<exists>B'\<subseteq>\<O>. \<Union> B' = x))"
+ by(simp add: open_openin_set)
+ also have "... \<longleftrightarrow> ?RHS"
+ by(simp add: base_of_def2')
+ finally show ?thesis .
+qed
+
+lemma euclidean_mtopology: "metric_set.mtopology UNIV dist = euclidean"
+ using open_openin open_openin_set topology_eq by blast
+
+text \<open> Distances generate the same topological space.\<close>
+lemma metric_generates_same_topology:
+ assumes "metric_set S d" "metric_set S d'"
+ "\<And>x U. U \<subseteq> S \<Longrightarrow> (\<forall>y\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball S d y \<epsilon> \<subseteq> U) \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. metric_set.open_ball S d' x \<epsilon> \<subseteq> U"
+ and "\<And>x U. U \<subseteq> S \<Longrightarrow> (\<forall>y\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball S d' y \<epsilon> \<subseteq> U) \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. metric_set.open_ball S d x \<epsilon> \<subseteq> U"
+ shows "metric_set.mtopology S d = metric_set.mtopology S d'"
+proof -
+ interpret m1: metric_set S d by fact
+ interpret m2: metric_set S d' by fact
+ have "(\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m1.open_ball x \<epsilon> \<subseteq> U)) = (\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U))"
+ by standard (use assms(3,4) in auto)
+ thus ?thesis
+ using topology.topology_inject m1.mtopology_istopology m2.mtopology_istopology
+ by(simp add: m2.mtopology_def m1.mtopology_def)
+qed
+
+lemma metric_generates_same_topology_inverse:
+ assumes "metric_set S d" "metric_set S d'"
+ and "metric_set.mtopology S d = metric_set.mtopology S d'"
+ shows "U \<subseteq> S \<Longrightarrow> (\<forall>y\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball S d y \<epsilon> \<subseteq> U) \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. metric_set.open_ball S d' x \<epsilon> \<subseteq> U"
+ and "U \<subseteq> S \<Longrightarrow> (\<forall>y\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball S d' y \<epsilon> \<subseteq> U) \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. metric_set.open_ball S d x \<epsilon> \<subseteq> U"
+proof -
+ interpret m1: metric_set S d by fact
+ interpret m2: metric_set S d' by fact
+ have "(\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m1.open_ball x \<epsilon> \<subseteq> U)) = (\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U))"
+ using topology.topology_inject[of "\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m1.open_ball x \<epsilon> \<subseteq> U)" "\<lambda>U. U \<subseteq> S \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U)"] m1.mtopology_istopology m2.mtopology_istopology assms(3)
+ by(auto simp: m2.mtopology_def m1.mtopology_def)
+ thus "U \<subseteq> S \<Longrightarrow> \<forall>y\<in>U. \<exists>\<epsilon>>0. m1.open_ball y \<epsilon> \<subseteq> U \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. m2.open_ball x \<epsilon> \<subseteq> U"
+ "U \<subseteq> S \<Longrightarrow> \<forall>y\<in>U. \<exists>\<epsilon>>0. m2.open_ball y \<epsilon> \<subseteq> U \<Longrightarrow> x \<in> U \<Longrightarrow> \<exists>\<epsilon>>0. m1.open_ball x \<epsilon> \<subseteq> U"
+ by(auto dest: fun_cong[where x=U])
+qed
+
+lemma metric_generates_same_topology_converges':
+ assumes "metric_set S d" "metric_set S d'"
+ "metric_set.mtopology S d = metric_set.mtopology S d'"
+ and "metric_set.converge_to_inS S d f x"
+ shows "metric_set.converge_to_inS S d' f x"
+proof -
+ interpret m1: metric_set S d by fact
+ interpret m2: metric_set S d' by fact
+ show ?thesis
+ unfolding m2.converge_to_inS_def2'
+ proof safe
+ fix \<epsilon> :: real
+ assume h:"0 < \<epsilon>"
+ obtain \<epsilon>' where he:
+ "\<epsilon>'>0" "m1.open_ball x \<epsilon>' \<subseteq> m2.open_ball x \<epsilon>"
+ using m2.mtopology_open_ball_in'[of _ x] assms(4)[simplified m1.converge_to_inS_def2'] metric_generates_same_topology_inverse(2)[OF assms(1-3) m2.open_ball_subset_ofS, of x \<epsilon>,OF _ m2.open_ball_ina[OF _ h,of x]]
+ by auto
+ then obtain N where hn:
+ "\<forall>n\<ge>N. f n \<in> m1.open_ball x \<epsilon>'"
+ using assms(4)[simplified m1.converge_to_inS_def2'] by auto
+ show "\<exists>N. \<forall>n\<ge>N. f n \<in> m2.open_ball x \<epsilon>"
+ using hn he(2) by(auto intro!: exI[where x=N])
+ next
+ show "\<And>x. f x \<in> S" "x \<in> S"
+ using assms(4)[simplified m1.converge_to_inS_def2'] by auto
+ qed
+qed
+
+lemma metric_generates_same_topology_converges:
+ assumes "metric_set S d" "metric_set S d'"
+ and "metric_set.mtopology S d = metric_set.mtopology S d'"
+ shows "metric_set.converge_to_inS S d f x \<longleftrightarrow> metric_set.converge_to_inS S d' f x"
+ using metric_generates_same_topology_converges'[OF assms(2,1) assms(3)[symmetric]] metric_generates_same_topology_converges'[OF assms(1-3)]
+ by auto
+
+lemma metric_generates_same_topology_convergent:
+ assumes "metric_set S d" "metric_set S d'"
+ and "metric_set.mtopology S d = metric_set.mtopology S d'"
+ shows "metric_set.convergent_inS S d f \<longleftrightarrow> metric_set.convergent_inS S d' f"
+ using metric_generates_same_topology_converges[OF assms,of f]
+ by (simp add: assms(1) assms(2) metric_set.convergent_inS_def)
+
+subsubsection \<open> Sub-Metric Spaces\<close>
+definition submetric :: "['a set, 'a \<Rightarrow> 'a \<Rightarrow> real] \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real" where
+"submetric S' d \<equiv> (\<lambda>x y. if x \<in> S' \<and> y \<in> S' then d x y else 0)"
+
+lemma(in metric_set) submetric_metric_set:
+ assumes "S' \<subseteq> S"
+ shows "metric_set S' (submetric S' dist)"
+proof
+ show "\<And>x y. 0 \<le> submetric S' dist x y"
+ "\<And>x y. x \<notin> S' \<Longrightarrow> submetric S' dist x y = 0"
+ "\<And>x y. x \<in> S' \<Longrightarrow> y \<in> S' \<Longrightarrow> (x = y) = (submetric S' dist x y = 0)"
+ "\<And>x y. submetric S' dist x y = submetric S' dist y x"
+ using assms dist_geq0 dist_tr dist_0 dist_sym
+ by(fastforce simp: submetric_def)+
+next
+ show "\<And>x y z. x \<in> S' \<Longrightarrow> y \<in> S' \<Longrightarrow> z \<in> S' \<Longrightarrow> submetric S' dist x z \<le> submetric S' dist x y + submetric S' dist y z"
+ by (metis assms dist_tr submetric_def subset_iff)
+qed
+
+lemma(in metric_set) submetric_open_ball:
+ assumes "S' \<subseteq> S" and "a \<in> S'"
+ shows "open_ball a \<epsilon> \<inter> S' = metric_set.open_ball S' (submetric S' dist) a \<epsilon>"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ using assms by(auto simp: open_ball_def m.open_ball_def,simp_all add: submetric_def)
+qed
+
+lemma(in metric_set) submetric_open_ball_subset:
+ assumes "S' \<subseteq> S"
+ shows "metric_set.open_ball S' (submetric S' dist) a \<epsilon> \<subseteq> open_ball a \<epsilon>"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ by (metis assms empty_subsetI inf_commute inf_sup_ord(2) m.open_ball_nin submetric_open_ball)
+qed
+
+lemma(in metric_set) submetric_subtopology:
+ assumes "S' \<subseteq> S"
+ shows "subtopology mtopology S' = metric_set.mtopology S' (submetric S' dist)"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ unfolding topology_eq
+ proof safe
+ fix U
+ assume "openin (subtopology mtopology S') U"
+ then obtain T where ht: "openin mtopology T" "U = T \<inter> S'"
+ by(auto simp: openin_subtopology)
+ have "U \<subseteq> S'"
+ by (simp add: ht(2))
+ show "openin m.mtopology U"
+ unfolding m.mtopology_openin_iff
+ proof safe
+ fix x
+ assume "x \<in> U"
+ then obtain \<epsilon> where he: "\<epsilon> > 0" "open_ball x \<epsilon> \<subseteq> T"
+ using ht by(auto simp: mtopology_openin_iff)
+ thus "\<exists>\<epsilon>>0. m.open_ball x \<epsilon> \<subseteq> U"
+ using ht(2) \<open>x \<in> U\<close> submetric_open_ball[OF assms(1),of x \<epsilon>]
+ by(auto intro!: exI[where x=\<epsilon>])
+ qed(use \<open>U \<subseteq> S'\<close> in auto)
+ next
+ fix U
+ assume "openin m.mtopology U"
+ then have "\<forall>x\<in>U. \<exists>\<epsilon>>0. m.open_ball x \<epsilon> \<subseteq> U"
+ by(simp add: m.mtopology_openin_iff)
+ then obtain \<epsilon> where he:
+ "\<And>x. x \<in> U \<Longrightarrow> \<epsilon> x > 0" "\<And>x. x \<in> U \<Longrightarrow> m.open_ball x (\<epsilon> x) \<subseteq> U"
+ by metis
+ have "U \<subseteq> S'"
+ using \<open>openin m.mtopology U\<close> m.mtopology_openin_iff by auto
+
+ show "openin (subtopology mtopology S') U"
+ unfolding openin_subtopology
+ proof(intro exI[where x="\<Union> { open_ball x (\<epsilon> x) | x. x\<in>U}"] conjI)
+ show "openin mtopology (\<Union> { open_ball x (\<epsilon> x) | x. x\<in>U})"
+ by(rule openin_Union) (use he(1) open_ball_def mtopology_open_ball_in in fastforce)
+ next
+ have *:"U = (\<Union> { m.open_ball x (\<epsilon> x) | x. x\<in>U})"
+ using he m.open_ball_ina \<open>U \<subseteq> S'\<close> by fastforce
+ also have "... = (\<Union> { open_ball x (\<epsilon> x) \<inter> S' | x. x\<in>U})"
+ using submetric_open_ball[OF assms(1)] \<open>U \<subseteq> S'\<close> by auto
+ also have "... = (\<Union> { open_ball x (\<epsilon> x) | x. x\<in>U}) \<inter> S'"
+ by auto
+ finally show "U = \<Union> {open_ball x (\<epsilon> x) |x. x \<in> U} \<inter> S' " .
+ qed
+ qed
+qed
+
+lemma(in metric_set) converge_to_insub_converge_to_inS:
+ assumes "S' \<subseteq> S" and "metric_set.converge_to_inS S' (submetric S' dist) f x"
+ shows "converge_to_inS f x"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ have *:"f \<in> m.sequence" "x \<in> S'"
+ using assms(2) by(auto simp: m.converge_to_inS_def)
+ show ?thesis
+ unfolding converge_to_inS_def2 using * assms[simplified m.converge_to_inS_def2]
+ by(auto simp: submetric_def funcset_mem)
+qed
+
+lemma(in metric_set) convergent_insub_convergent_inS:
+ assumes "S' \<subseteq> S" and "metric_set.convergent_inS S' (submetric S' dist) f"
+ shows "convergent_inS f"
+ by (meson assms(1) assms(2) converge_to_insub_converge_to_inS convergent_inS_def in_mono metric_set.convergent_inS_def submetric_metric_set)
+
+lemma(in metric_set) Cauchy_insub_Cauchy:
+ assumes "S' \<subseteq> S" and "metric_set.Cauchy_inS S' (submetric S' dist) f"
+ shows "Cauchy_inS f"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ have *:"f \<in> m.sequence"
+ using assms(2) by(auto simp: m.Cauchy_inS_def)
+ show ?thesis
+ unfolding Cauchy_inS_def using * assms[simplified m.Cauchy_inS_def]
+ by(auto simp: submetric_def funcset_mem[OF *])
+qed
+
+lemma(in metric_set) Cauchy_insub_Cauchy_inverse:
+ assumes "S' \<subseteq> S" "f \<in> UNIV \<rightarrow> S'" "Cauchy_inS f"
+ shows "metric_set.Cauchy_inS S' (submetric S' dist) f"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ using assms by(auto simp: m.Cauchy_inS_def Cauchy_inS_def,simp add: submetric_def) metis
+qed
+
+lemma(in metric_set) convergent_insubmetric:
+ assumes "S' \<subseteq> S" "f \<in> UNIV \<rightarrow> S'" "x \<in> S'" "converge_to_inS f x"
+ shows "metric_set.converge_to_inS S' (submetric S' dist) f x"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ unfolding m.converge_to_inS_def using assms
+ by(auto simp: converge_to_inS_def funcset_mem[OF assms(2)] submetric_def)
+qed
+
+lemma(in metric_set) the_limit_of_submetric_eq:
+ assumes "S' \<subseteq> S" "metric_set.convergent_inS S' (submetric S' dist) f"
+ shows "metric_set.the_limit_of S' (submetric S' dist) f = the_limit_of f"
+ by (meson assms(1) assms(2) converge_to_insub_converge_to_inS convergent_insub_convergent_inS metric_set.converge_to_inS_unique metric_set.the_limit_if_converge metric_set_axioms submetric_metric_set)
+
+lemma submetric_of_euclidean:
+ "metric_set A (submetric A dist)" "metric_set.mtopology A (submetric A dist) = top_of_set A"
+ using metric_set.submetric_metric_set[OF metric_class_metric_set,of A] metric_set.submetric_subtopology[OF metric_class_metric_set,of A]
+ by(auto simp: euclidean_mtopology)
+
+lemma(in metric_set)
+ assumes "B \<subseteq> S"
+ shows totally_bounded_on_submetric: "totally_bounded_on B \<longleftrightarrow> metric_set.totally_boundedS B (submetric B dist)"
+proof -
+ interpret m: metric_set B "submetric B dist"
+ by(rule submetric_metric_set[OF assms(1)])
+ show ?thesis
+ unfolding totally_bounded_on_def m.totally_boundedS_def
+ proof safe
+ fix e :: real
+ assume h:"\<forall>e>0. \<exists>A. eps_net_on B e A" "e > 0"
+ then obtain A where A:"eps_net_on B (e / 2) A"
+ by fastforce
+ define A' where "A' \<equiv> A \<inter> {z. open_ball z (e / 2) \<inter> B \<noteq> {}}"
+ have A': "eps_net_on B (e / 2) A'"
+ unfolding eps_net_on_def
+ proof safe
+ fix x
+ assume x:"x \<in> B"
+ then obtain a where a:"a \<in> A" "x \<in> open_ball a (e / 2)"
+ using A by(auto dest: eps_net_onD)
+ with x have "a \<in> A'"
+ by(auto simp: A'_def)
+ with a show "x \<in> (\<Union>a\<in>A'. open_ball a (e / 2))" by auto
+ qed(use h eps_net_on_def A'_def A in auto)
+ define b where "b \<equiv> (\<lambda>a. SOME b. b \<in> B \<and> b \<in> open_ball a (e / 2))"
+ have b:"b a \<in> B" "b a \<in> open_ball a (e / 2)" if a: "a \<in> A'" for a
+ proof -
+ have "b a \<in> B \<and> b a \<in> open_ball a (e / 2)"
+ unfolding b_def by(rule someI_ex) (insert that, auto simp: A'_def)
+ thus "b a \<in> B" "b a \<in> open_ball a (e / 2)" by auto
+ qed
+ show "\<exists>A. m.eps_net e A"
+ unfolding m.eps_net_on_def
+ proof(safe intro!: exI[where x="b ` A'"])
+ fix x
+ assume "x \<in> B"
+ then obtain a where a: "a \<in> A'" "x \<in> open_ball a (e / 2)"
+ using A' by(auto simp: eps_net_on_def)
+ show "x \<in> (\<Union>a\<in>b ` A'. m.open_ball a e)"
+ proof
+ show "b a \<in> b ` A'"
+ using a by auto
+ next
+ have [simp]: "b a \<in> S" "x \<in> S" "b a \<in> B" "x \<in> B" "a \<in> S"
+ using b(1)[OF a(1)] assms \<open>x \<in> B\<close> a A' by (auto simp: eps_net_on_def)
+ note order.strict_trans1[OF dist_tr add_strict_mono[OF open_ballD[OF a(2),simplified dist_sym[of a]] open_ballD[OF b(2)[OF a(1)]]],simplified]
+ hence "submetric B dist x (b a) < e"
+ by(auto simp: submetric_def)
+ thus "x \<in> m.open_ball (b a) e"
+ by(auto simp: m.open_ball_def m.dist_sym)
+ qed
+ qed(insert h(2) A' b, auto simp: eps_net_on_def)
+ next
+ fix e :: real
+ assume "\<forall>e>0. \<exists>A. m.eps_net e A" "e > 0"
+ then obtain A where A: "m.eps_net e A" by auto
+ thus "\<exists>A. eps_net_on B e A"
+ using assms submetric_open_ball_subset[OF assms] by(auto intro!: exI[where x=A] simp: eps_net_on_def m.eps_net_def) blast
+ qed
+qed
+
+text \<open> Continuous functions \<close>
+context
+ fixes S :: "'a set" and d
+ and S':: "'b set" and d'
+ assumes "metric_set S d" "metric_set S' d'"
+begin
+
+interpretation m1: metric_set S d by fact
+interpretation m2: metric_set S' d' by fact
+
+lemma metric_set_continuous_map_eq:
+ shows "continuous_map m1.mtopology m2.mtopology f
+ \<longleftrightarrow> f \<in> S \<rightarrow> S' \<and> (\<forall>x\<in>S. \<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>)"
+proof safe
+ show "\<And>x. continuous_map m1.mtopology m2.mtopology f \<Longrightarrow> x \<in> S \<Longrightarrow> f x \<in> S'"
+ using m1.mtopology_topspace m2.mtopology_topspace by(auto dest: continuous_map_image_subset_topspace)
+next
+ fix x \<epsilon>
+ assume "continuous_map m1.mtopology m2.mtopology f"
+ "x \<in> S" "(0 :: real) < \<epsilon>"
+ then have "openin m1.mtopology {z \<in> S. f z \<in> m2.open_ball (f x) \<epsilon>}" "f x \<in> S'"
+ using openin_continuous_map_preimage[OF \<open>continuous_map m1.mtopology m2.mtopology f\<close>] m2.mtopology_open_ball_in[of "f x",OF _ \<open>0 < \<epsilon>\<close>] continuous_map_image_subset_topspace[OF \<open>continuous_map m1.mtopology m2.mtopology f\<close>] m1.mtopology_topspace m2.mtopology_topspace
+ by auto
+ moreover have "x \<in> {z \<in> S. f z \<in> m2.open_ball (f x) \<epsilon>}"
+ using \<open>x \<in> S\<close> \<open>0 < \<epsilon>\<close> continuous_map_image_subset_topspace[OF \<open>continuous_map m1.mtopology m2.mtopology f\<close>] m1.mtopology_topspace m2.mtopology_topspace m2.dist_0[of "f x" "f x"]
+ by(auto simp: m2.open_ball_def)
+ ultimately obtain \<delta> where
+ "\<delta>>0" "m1.open_ball x \<delta> \<subseteq> {z \<in> S. f z \<in> m2.open_ball (f x) \<epsilon>}"
+ by (auto simp: m1.mtopology_openin_iff)
+ thus "\<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>"
+ using \<open>x \<in> S\<close> \<open>f x \<in> S'\<close> by(auto intro!: exI[where x=\<delta>] simp: m1.open_ball_def m2.open_ball_def)
+next
+ assume "f \<in> S \<rightarrow> S'"
+ and h:"\<forall>x\<in>S. \<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>"
+ show "continuous_map m1.mtopology m2.mtopology f"
+ unfolding continuous_map
+ proof safe
+ show "\<And>x. x \<in> topspace m1.mtopology \<Longrightarrow> f x \<in> topspace m2.mtopology"
+ using \<open>f \<in> S \<rightarrow> S'\<close> m1.mtopology_topspace m2.mtopology_topspace by auto
+ next
+ fix U
+ assume "openin m2.mtopology U"
+ show "openin m1.mtopology {x \<in> topspace m1.mtopology. f x \<in> U}"
+ unfolding m1.mtopology_openin_iff
+ proof safe
+ show "\<And>x. x \<in> topspace m1.mtopology \<Longrightarrow> f x \<in> U \<Longrightarrow> x \<in> S"
+ using \<open>f \<in> S \<rightarrow> S'\<close> m1.mtopology_topspace m2.mtopology_topspace by auto
+ next
+ fix x
+ assume "x \<in> topspace m1.mtopology" "f x \<in> U"
+ then obtain \<epsilon> where he:
+ "\<epsilon> > 0" "m2.open_ball (f x) \<epsilon> \<subseteq> U"
+ using \<open>openin m2.mtopology U\<close> by(auto simp: m2.mtopology_openin_iff)
+ then obtain \<delta> where hd:
+ "\<delta> > 0" "\<And>y. y \<in> S \<Longrightarrow> d x y < \<delta> \<Longrightarrow> d' (f x) (f y) < \<epsilon>"
+ using \<open>x \<in> topspace m1.mtopology\<close> m1.mtopology_topspace h by metis
+ thus "\<exists>\<epsilon>>0. m1.open_ball x \<epsilon> \<subseteq> {x \<in> topspace m1.mtopology. f x \<in> U}"
+ using m1.open_ballD m1.open_ballD' m1.mtopology_topspace he(2) \<open>f \<in> S \<rightarrow> S'\<close>
+ by(auto intro!: exI[where x=\<delta>] simp: m2.open_ball_def) fastforce
+ qed
+ qed
+qed
+
+lemma metric_set_continuous_map_eq':
+ shows "continuous_map m1.mtopology m2.mtopology f
+ \<longleftrightarrow> f \<in> S \<rightarrow> S' \<and> (\<forall>x z. m1.converge_to_inS x z \<longrightarrow> m2.converge_to_inS (\<lambda>n. f (x n)) (f z))"
+proof
+ show "continuous_map m1.mtopology m2.mtopology f \<Longrightarrow> f \<in> S \<rightarrow> S' \<and> (\<forall>x z. m1.converge_to_inS x z \<longrightarrow> m2.converge_to_inS (\<lambda>n. f (x n)) (f z))"
+ unfolding metric_set_continuous_map_eq
+ proof safe
+ fix x z
+ assume h:"f \<in> S \<rightarrow> S'" "\<forall>x\<in>S. \<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>" "m1.converge_to_inS x z"
+ hence h':"x \<in> m1.sequence" "z \<in> S" "\<And>\<epsilon>. \<epsilon> > 0 \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. d (x n) z < \<epsilon>"
+ by(auto simp: m1.converge_to_inS_def2)
+ show "m2.converge_to_inS (\<lambda>n. f (x n)) (f z)"
+ unfolding m2.converge_to_inS_def2
+ proof safe
+ show "f (x n) \<in> S'" "f z \<in> S'" for n
+ using h'(1,2) h(1) by auto
+ next
+ fix \<epsilon>
+ assume he:"(0 :: real) < \<epsilon>"
+ then obtain \<delta> where hd:"\<delta> > 0" "\<And>y. y \<in> S \<Longrightarrow> d z y < \<delta> \<Longrightarrow> d' (f z) (f y) < \<epsilon>"
+ using h(2) h'(2) by metis
+ obtain N where hn: "\<And>n. n \<ge> N \<Longrightarrow> d z (x n) < \<delta>"
+ using h'(3)[OF hd(1),simplified m1.dist_sym[of _ z]] by auto
+ show "\<exists>N. \<forall>n\<ge>N. d' (f (x n)) (f z) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "n \<ge> N"
+ then have "x n \<in> S" "d z (x n) < \<delta>"
+ using hn[OF \<open>n \<ge> N\<close>] h'(1) by auto
+ thus "d' (f (x n)) (f z) < \<epsilon>"
+ by(auto intro!: hd(2) simp: m2.dist_sym[of _ "f z"])
+ qed
+ qed
+ qed
+next
+ assume "f \<in> S \<rightarrow> S' \<and> (\<forall>x z. m1.converge_to_inS x z \<longrightarrow> m2.converge_to_inS (\<lambda>n. f (x n)) (f z))"
+ hence h:"f \<in> S \<rightarrow> S'" "\<And>x z. m1.converge_to_inS x z \<Longrightarrow> m2.converge_to_inS (\<lambda>n. f (x n)) (f z)" by auto
+ show "continuous_map m1.mtopology m2.mtopology f"
+ unfolding continuous_map_closedin
+ proof safe
+ show "x \<in> topspace m1.mtopology \<Longrightarrow> f x \<in> topspace m2.mtopology" for x
+ using m1.mtopology_topspace m2.mtopology_topspace h(1) by auto
+ next
+ fix C
+ assume hcl:"closedin m2.mtopology C"
+ show "closedin m1.mtopology {x \<in> topspace m1.mtopology. f x \<in> C}"
+ unfolding m1.mtopology_closedin_iff
+ proof safe
+ fix y s
+ assume hg:"y \<in> UNIV \<rightarrow> {x \<in> topspace m1.mtopology. f x \<in> C}" " m1.converge_to_inS y s"
+ hence "(\<lambda>n. f (y n)) \<in> UNIV \<rightarrow> C"
+ by auto
+ thus "f s \<in> C" "s \<in> topspace m1.mtopology"
+ using h(2)[OF hg(2)] hcl[simplified m2.mtopology_closedin_iff] hg(2)[simplified m1.converge_to_inS_def] m1.mtopology_topspace
+ by auto
+ qed(simp add: m1.mtopology_topspace)
+ qed
+qed
+
+lemma continuous_map_limit_of:
+ assumes "continuous_map m1.mtopology m2.mtopology f" "m1.convergent_inS xn"
+ shows "m2.the_limit_of (\<lambda>n. f (xn n)) = f (m1.the_limit_of xn)"
+ using assms m1.the_limit_if_converge m2.the_limit_of_eq
+ by(simp add: metric_set_continuous_map_eq')
+
+text \<open> Uniform continuous functions. \<close>
+definition uniform_continuous_map :: "('a \<Rightarrow> 'b) \<Rightarrow> bool" where
+"uniform_continuous_map f \<longleftrightarrow> f \<in> S \<rightarrow> S' \<and> (\<forall>\<epsilon>>0. \<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>)"
+
+lemma uniform_continuous_map_const:
+ assumes "y \<in> S'"
+ shows "uniform_continuous_map (\<lambda>x. y)"
+ using assms by(auto simp: uniform_continuous_map_def)
+
+lemma continuous_if_uniform_continuous:
+ assumes "uniform_continuous_map f"
+ shows "continuous_map m1.mtopology m2.mtopology f"
+ unfolding metric_set_continuous_map_eq
+proof safe
+ show "x \<in> S \<Longrightarrow> f x \<in> S'" for x
+ using assms by(auto simp: uniform_continuous_map_def)
+next
+ fix x \<epsilon>
+ assume [simp]:"x \<in> S" and "(0 :: real) < \<epsilon>"
+ then obtain \<delta> where "\<delta> > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> d x y < \<delta> \<Longrightarrow> d' (f x) (f y) < \<epsilon>"
+ using assms by(auto simp: uniform_continuous_map_def)
+ thus "\<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < \<epsilon>"
+ by(auto intro!: exI[where x=\<delta>])
+qed
+
+definition converges_uniformly :: "[nat \<Rightarrow> 'a \<Rightarrow> 'b, 'a \<Rightarrow> 'b] \<Rightarrow> bool" where
+"converges_uniformly fn f \<longleftrightarrow> (\<forall>n. fn n \<in> S \<rightarrow> S') \<and> (f \<in> S \<rightarrow> S') \<and> (\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<forall>x\<in>S. d' (fn n x) (f x) < e)"
+
+lemma converges_uniformly_continuous:
+ assumes "\<And>n. continuous_map m1.mtopology m2.mtopology (fn n)"
+ and "converges_uniformly fn f"
+ shows "continuous_map m1.mtopology m2.mtopology f"
+ unfolding metric_set_continuous_map_eq
+proof safe
+ fix x e
+ assume h:"x \<in> S" "e > (0 :: real)"
+ then obtain N where N: "\<And>z n. n \<ge> N \<Longrightarrow> z \<in> S \<Longrightarrow> d' (fn n z) (f z) < e / 3"
+ using assms(2) by(simp only: converges_uniformly_def) (meson zero_less_divide_iff zero_less_numeral)
+ have f: "\<And>n x. x \<in> S \<Longrightarrow> fn n x \<in> S'" "\<And>x. x \<in> S \<Longrightarrow> f x \<in> S'"
+ using assms(2) by(auto simp: converges_uniformly_def)
+ from assms(1)[of N] h obtain \<delta> where h': "\<delta> > 0" "\<And>y. y \<in> S \<Longrightarrow> d x y < \<delta> \<Longrightarrow> d' (fn N x) (fn N y) < e / 3"
+ by (metis metric_set_continuous_map_eq zero_less_divide_iff zero_less_numeral)
+ show "\<exists>\<delta>>0. \<forall>y\<in>S. d x y < \<delta> \<longrightarrow> d' (f x) (f y) < e"
+ proof(safe intro!: exI[where x=\<delta>])
+ fix y
+ assume y:"y \<in> S" "d x y < \<delta>"
+ have "d' (f x) (f y) \<le> d' (f x) (fn N x) + d' (fn N x) (fn N y) + d' (fn N y) (f y)"
+ using m2.dist_tr[of "f x" "fn N x" "f y"] m2.dist_tr[of "fn N x" "fn N y" "f y"] f[OF y(1)] f[OF h(1)]
+ by auto
+ also have "... < e"
+ using N[OF order_refl h(1),simplified m2.dist_sym] N[OF order_refl y(1)] h'(2)[OF y]
+ by auto
+ finally show "d' (f x) (f y) < e" .
+ qed(use h' in auto)
+qed(use assms(2) converges_uniformly_def in auto)
+
+text \<open> Lemma related @{term osc_on}.\<close>
+lemma osc_on_inA_0:
+ assumes "x \<in> A \<inter> S" "continuous_map (subtopology m1.mtopology (A \<inter> S)) m2.mtopology f"
+ shows "m2.osc_on A m1.mtopology f x = 0"
+proof -
+ interpret subm1: metric_set "A \<inter> S" "submetric (A \<inter> S) d"
+ by(auto intro!: m1.submetric_metric_set)
+ have cont: "continuous_map subm1.mtopology m2.mtopology f"
+ using assms(2) by (simp add: m1.submetric_subtopology)
+ have "m2.osc_on A m1.mtopology f x < ennreal \<epsilon>" if e:"\<epsilon> > 0" for \<epsilon>
+ unfolding m2.osc_on_less_iff
+ proof -
+ obtain \<epsilon>' where "\<epsilon>' > 0" "2*\<epsilon>' < \<epsilon>"
+ using e field_lbound_gt_zero[of "\<epsilon>/2" "\<epsilon>/2"] by auto
+ then obtain \<delta> where hd:"\<delta>>0" "\<And>y. y \<in> A \<Longrightarrow> y\<in>S \<Longrightarrow> d x y < \<delta> \<Longrightarrow> d' (f x) (f y) < \<epsilon>'"
+ using assms(1) cont[simplified Set_Based_Metric_Space.metric_set_continuous_map_eq[OF subm1.metric_set_axioms m2.metric_set_axioms]]
+ by(fastforce simp: submetric_def)
+ show "\<exists>v. x \<in> v \<and> openin m1.mtopology v \<and> m2.diam (f ` (A \<inter> v)) < ennreal \<epsilon>"
+ proof(safe intro!: exI[where x="m1.open_ball x \<delta>"] m1.open_ball_ina m1.mtopology_open_ball_in)
+ have "m2.diam (f ` (A \<inter> m1.open_ball x \<delta>)) \<le> ennreal (2*\<epsilon>')"
+ unfolding m2.diam_def Sup_le_iff
+ proof safe
+ fix a1 a2
+ assume h:"a1 \<in> A" "a1 \<in> m1.open_ball x \<delta>" "f a1 \<in> S'"
+ "a2 \<in> A" "a2 \<in> m1.open_ball x \<delta>" "f a2 \<in> S'"
+ have "f x \<in> S'"
+ using cont assms(1) by(auto simp: Set_Based_Metric_Space.metric_set_continuous_map_eq[OF subm1.metric_set_axioms m2.metric_set_axioms])
+ have "d' (f a1) (f a2) < 2*\<epsilon>'"
+ using hd(2)[OF \<open>a1 \<in> A\<close> m1.open_ballD'(1)[OF h(2)] m1.open_ballD[OF h(2)]] hd(2)[OF \<open>a2 \<in> A\<close> m1.open_ballD'(1)[OF h(5)] m1.open_ballD[OF h(5)]] m2.dist_tr[OF \<open>f a1 \<in> S'\<close> \<open>f x \<in> S'\<close> \<open>f a2 \<in> S'\<close>,simplified m2.dist_sym[of "f a1" "f x"]]
+ by auto
+ thus "ennreal (d' (f a1) (f a2)) \<le> ennreal (2*\<epsilon>')"
+ by (simp add: ennreal_leI)
+ qed
+ also have "... < ennreal \<epsilon>"
+ using \<open>2*\<epsilon>' < \<epsilon>\<close> ennreal_lessI e by presburger
+ finally show "m2.diam (f ` (A \<inter> m1.open_ball x \<delta>)) < ennreal \<epsilon>" .
+ qed(use hd(1) IntD2[OF assms(1)] in auto)
+ qed
+ hence "m2.osc_on A m1.mtopology f x < \<epsilon>" if "\<epsilon> > 0" for \<epsilon>
+ by (metis ennreal_enn2real ennreal_le_epsilon ennreal_less_zero_iff linorder_not_le order_le_less_trans that)
+ thus ?thesis
+ by fastforce
+qed
+
+end
+
+context metric_set
+begin
+
+interpretation rnv: metric_set "UNIV :: ('b :: real_normed_vector) set" dist_typeclass
+ by simp
+
+lemma dist_set_uniform_continuous:
+ "uniform_continuous_map S dist UNIV dist_typeclass (dist_set A)"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms rnv.metric_set_axioms] dist_real_def
+proof safe
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ then show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> \<bar>dist_set A x - dist_set A y\<bar> < \<epsilon>"
+ using order.strict_trans1[OF dist_set_abs_le] by(auto intro!: exI[where x=\<epsilon>])
+qed simp
+
+lemma dist_set_continuous: "continuous_map mtopology euclideanreal (dist_set A)"
+ unfolding euclidean_mtopology[symmetric]
+ by(auto intro!: continuous_if_uniform_continuous simp: dist_set_uniform_continuous metric_set_axioms)
+
+
+lemma uniform_continuous_map_add:
+ fixes f :: "'a \<Rightarrow> 'b::real_normed_vector"
+ assumes "uniform_continuous_map S dist UNIV dist_typeclass f" "uniform_continuous_map S dist UNIV dist_typeclass g"
+ shows "uniform_continuous_map S dist UNIV dist_typeclass (\<lambda>x. f x + g x)"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms rnv.metric_set_axioms]
+proof safe
+ fix e :: real
+ assume "e > 0"
+ from half_gt_zero[OF this] assms obtain d1 d2 where d: "d1 > 0" "d2 > 0"
+ "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d1 \<Longrightarrow> dist_typeclass (f x) (f y) < e / 2" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d2 \<Longrightarrow> dist_typeclass (g x) (g y) < e / 2"
+ by(simp only: uniform_continuous_map_def[OF metric_set_axioms rnv.metric_set_axioms]) metis
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> dist_typeclass (f x + g x) (f y + g y) < e"
+ using d by(fastforce intro!: exI[where x="min d1 d2"] order.strict_trans1[OF dist_triangle_add])
+qed simp
+
+lemma uniform_continuous_map_real_devide:
+ fixes f :: "'a \<Rightarrow> real"
+ assumes "uniform_continuous_map S dist UNIV dist_typeclass f" "uniform_continuous_map S dist UNIV dist_typeclass g"
+ and "\<And>x. x \<in> S \<Longrightarrow> g x \<noteq> 0" "\<And>x. x \<in> S \<Longrightarrow> \<bar>g x\<bar> \<ge> a" "a > 0" "\<And>x. x \<in> S \<Longrightarrow> \<bar>g x\<bar> < Kg"
+ and "\<And>x. x \<in> S \<Longrightarrow> \<bar>f x\<bar> < Kf"
+ shows "uniform_continuous_map S dist UNIV dist_typeclass (\<lambda>x. f x / g x)"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms rnv.metric_set_axioms]
+proof safe
+ fix e :: real
+ assume e[arith]:"e > 0"
+ consider "S = {}" | "S \<noteq> {}" by auto
+ then show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> dist_typeclass (f x / g x) (f y / g y) < e"
+ proof cases
+ case 1
+ then show ?thesis by (auto intro!: exI[where x=1])
+ next
+ case S:2
+ then have Kfg_pos[arith]: "Kg > 0" "Kf \<ge> 0"
+ using assms(4-7) by auto fastforce+
+ define e' where "e' \<equiv> a^2 / (Kf + Kg) * e"
+ have e':"e' > 0"
+ using assms(5) by(auto simp: e'_def)
+ with assms obtain d1 d2 where d: "d1 > 0" "d2 > 0"
+ "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d1 \<Longrightarrow> \<bar>f x - f y\<bar> < e'" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < d2 \<Longrightarrow> \<bar>g x - g y\<bar> < e'"
+ by(auto simp: uniform_continuous_map_def[OF metric_set_axioms rnv.metric_set_axioms] dist_real_def) metis
+ show ?thesis
+ unfolding dist_real_def
+ proof(safe intro!: exI[where x="min d1 d2"])
+ fix x y
+ assume x:"x \<in> S" and y:"y \<in> S" and "dist x y < min d1 d2"
+ then have dist[arith]: "dist x y < d1" "dist x y < d2" by auto
+ note [arith] = assms(3,4,6,7)[OF x] assms(3,4,6,7)[OF y]
+ have "\<bar>f x / g x - f y / g y\<bar> = \<bar>(f x * g y - f y * g x) / (g x * g y)\<bar>"
+ by(simp add: diff_frac_eq)
+ also have "... = \<bar>(f x * g y - f x * g x + (f x * g x - f y * g x)) / (g x * g y)\<bar>"
+ by simp
+ also have "... = \<bar>(f x - f y) * g x - f x * (g x - g y)\<bar> / (\<bar>g x\<bar> * \<bar>g y\<bar>)"
+ by(simp add: left_diff_distrib right_diff_distrib abs_mult)
+ also have "... \<le> (\<bar>f x - f y\<bar> * \<bar>g x\<bar> + \<bar>f x\<bar> * \<bar>g x - g y\<bar>) / (\<bar>g x\<bar> * \<bar>g y\<bar>)"
+ by(rule divide_right_mono) (use abs_triangle_ineq4 abs_mult in metis,auto)
+ also have "... < (e' * Kg + Kf * e') / (\<bar>g x\<bar> * \<bar>g y\<bar>)"
+ by(rule divide_strict_right_mono[OF add_less_le_mono]) (auto intro!: mult_mono' mult_strict_mono, use d(3,4)[OF x y] in auto)
+ also have "... \<le> (e' * Kg + Kf * e') / a^2"
+ by(auto intro!: divide_left_mono simp: power2_eq_square) (insert assms(5) e', auto simp: \<open>a \<le> \<bar>g x\<bar>\<close> mult_mono')
+ also have "... = (Kf + Kg) / a^2 * e'"
+ by (simp add: distrib_left mult.commute)
+ also have "... = e"
+ using assms(5) by(auto simp: e'_def)
+ finally show " \<bar>f x / g x - f y / g y\<bar> < e" .
+ qed(use d in auto)
+ qed
+qed simp
+
+lemma the_limit_of_dist_converge:
+ assumes "converge_to_inS xn x"
+ shows "(\<lambda>n. dist (xn n) y) \<longlonglongrightarrow> dist (the_limit_of xn) y"
+proof -
+ have "continuous_map mtopology euclideanreal (\<lambda>z. dist z y)"
+ using dist_set_continuous[of "{y}"] by simp
+ hence "(\<lambda>n. dist (xn n) y) \<longlonglongrightarrow> dist x y"
+ using assms
+ by(auto simp: metric_set_continuous_map_eq'[OF metric_set_axioms rnv.metric_set_axioms,simplified euclidean_mtopology] converge_to_def_set)
+ thus ?thesis
+ by(simp add: the_limit_of_eq[OF assms])
+qed
+
+lemma the_limit_of_dist_converge':
+ assumes "converge_to_inS xn x" "\<epsilon> > 0"
+ shows "\<exists>N. \<forall>n\<ge>N. \<bar> dist (xn n) y - dist (the_limit_of xn) y \<bar> < \<epsilon>"
+ using the_limit_of_dist_converge[OF assms(1)] assms(2) by(simp add: LIMSEQ_iff)
+
+lemma the_limit_of_dist:
+ assumes "converge_to_inS xn x"
+ shows "lim (\<lambda>n. dist (xn n) y) = dist (the_limit_of xn) y"
+ using the_limit_of_dist_converge[OF assms] limI by blast
+
+text \<open> Upper-semicontinuous functions.\<close>
+lemma upper_semicontinuous_map_def2:
+ fixes f :: "'a \<Rightarrow> ('b :: {complete_linorder,linorder_topology})"
+ shows "upper_semicontinuous_map mtopology f \<longleftrightarrow> (\<forall>x y. converge_to_inS x y \<longrightarrow> limsup (\<lambda>n. f (x n)) \<le> f y)"
+proof
+ show "upper_semicontinuous_map mtopology f \<Longrightarrow> \<forall>x y. converge_to_inS x y \<longrightarrow> limsup (\<lambda>n. f (x n)) \<le> f y"
+ unfolding upper_semicontinuous_map_def
+ proof safe
+ fix x y
+ assume h:"\<forall>a. openin mtopology {x \<in> topspace mtopology. f x < a}" "converge_to_inS x y"
+ show "limsup (\<lambda>n. f (x n)) \<le> f y"
+ unfolding Limsup_le_iff eventually_sequentially
+ proof safe
+ fix c
+ assume "f y < c"
+ show "\<exists>N. \<forall>n\<ge>N. f (x n) < c"
+ proof(rule ccontr)
+ assume "\<nexists>N. \<forall>n\<ge>N. f (x n) < c"
+ then have hc:"\<And>N. \<exists>n\<ge>N. f (x n) \<ge> c"
+ using linorder_not_less by blast
+ define a :: "nat \<Rightarrow> nat" where "a \<equiv> rec_nat (SOME n. f (x n) \<ge> c) (\<lambda>n an. SOME m. m > an \<and> f (x m) \<ge> c)"
+ have "strict_mono a"
+ proof(rule strict_monoI_Suc)
+ fix n
+ have [simp]:"a (Suc n) = (SOME m. m > a n \<and> f (x m) \<ge> c)"
+ by(auto simp: a_def)
+ show "a n < a (Suc n)"
+ by simp (metis (mono_tags, lifting) Suc_le_lessD hc someI)
+ qed
+ have *:"f (x (a n)) \<ge> c" for n
+ proof(cases n)
+ case 0
+ then show ?thesis
+ using hc[of 0] by(auto simp: a_def intro!: someI_ex)
+ next
+ case (Suc n')
+ then show ?thesis
+ by(simp add: a_def) (metis (mono_tags, lifting) Suc_le_lessD hc someI_ex)
+ qed
+ obtain N where "\<And>n. n \<ge> N \<Longrightarrow> x (a n) \<in> {x \<in> S. f x < c}"
+ using converge_to_inS_subseq[OF \<open>strict_mono a\<close> h(2)] mtopology_openin_iff2[of "{x \<in> S. f x < c}"] h(2)[simplified converge_to_inS_def] mtopology_topspace \<open>f y < c\<close> h
+ by fastforce
+ from *[of N] this[of N] show False by auto
+ qed
+ qed
+ qed
+next
+ assume h:"\<forall>x y. converge_to_inS x y \<longrightarrow> limsup (\<lambda>n. f (x n)) \<le> f y"
+ show "upper_semicontinuous_map mtopology f"
+ unfolding upper_semicontinuous_map_def mtopology_openin_iff2 mtopology_topspace
+ proof safe
+ fix a y s
+ assume "converge_to_inS y s" "s \<in> S" "f s < a"
+ then have "limsup (\<lambda>n. f (y n)) \<le> f s"
+ using h by auto
+ with \<open>f s < a\<close> obtain N where "\<And>n. n\<ge>N \<Longrightarrow> f (y n) < a"
+ by(auto simp: Limsup_le_iff eventually_sequentially)
+ thus "\<exists>N. \<forall>n\<ge>N. y n \<in> {x \<in> S. f x < a}"
+ using \<open>converge_to_inS y s\<close> by(auto intro!: exI[where x=N] simp: converge_to_inS_def)
+ qed
+qed
+
+lemma upper_semicontinuous_map_def2real:
+ fixes f :: "'a \<Rightarrow> real"
+ shows "upper_semicontinuous_map mtopology f \<longleftrightarrow> (\<forall>x y. converge_to_inS x y \<longrightarrow> limsup (\<lambda>n. f (x n)) \<le> f y)"
+ unfolding upper_semicontinuous_map_real_iff upper_semicontinuous_map_def2
+ by auto
+
+lemma osc_upper_semicontinuous_map:
+ "upper_semicontinuous_map X (osc X f)"
+proof -
+ have "{x \<in> topspace X. osc X f x < a} = \<Union> {V. openin X V \<and> diam (f ` V) < a}" for a
+ using openin_subset by(auto simp add: osc_less_iff)
+ thus ?thesis
+ by(auto simp: upper_semicontinuous_map_def)
+qed
+
+end
+
+text \<open> Open maps.\<close>
+lemma metric_set_opem_map_from_dist:
+ assumes "metric_set S d" "metric_set S' d'" "f \<in> S \<rightarrow> S'"
+ and "\<And>x \<epsilon>. x \<in> S \<Longrightarrow> \<epsilon> > 0 \<Longrightarrow> \<exists>\<delta>>0. \<forall>y\<in>S. d' (f x) (f y) < \<delta> \<longrightarrow> d x y < \<epsilon>"
+ shows "open_map (metric_set.mtopology S d) (subtopology (metric_set.mtopology S' d') (f ` S)) f"
+proof -
+ interpret m1: metric_set S d by fact
+ interpret m2: metric_set S' d' by fact
+ interpret m2': metric_set "f ` S" "submetric (f ` S) d'"
+ using assms(3) by(auto intro!: m2.submetric_metric_set)
+ show ?thesis
+ proof(rule open_map_with_base[OF m1.mtopology_basis_ball])
+ fix A
+ assume "A \<in> {m1.open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}"
+ then obtain a \<epsilon> where hae:
+ "a \<in> S" "0 < \<epsilon>" "A = m1.open_ball a \<epsilon>" by auto
+ show "openin (subtopology m2.mtopology (f ` S)) (f ` A)"
+ unfolding m2.submetric_subtopology[OF funcset_image[OF assms(3)]] m2'.mtopology_openin_iff
+ proof
+ show "f ` A \<subseteq> f ` S"
+ using m1.open_ball_subset_ofS[of a \<epsilon>] by(auto simp: hae(3))
+ next
+ show "\<forall>x\<in>f ` A. \<exists>\<epsilon>>0. m2'.open_ball x \<epsilon> \<subseteq> f ` A"
+ proof safe
+ fix x
+ assume "x \<in> A"
+ hence "x \<in> S"
+ using m1.open_ball_subset_ofS[of a \<epsilon>] by(auto simp: hae(3))
+ moreover have "0 < \<epsilon> - d a x"
+ using \<open>x \<in> A\<close> m1.open_ballD[of x a \<epsilon>] by(auto simp: hae(3))
+ ultimately obtain \<delta> where hd:"\<delta> > 0" "\<And>y. y\<in>S \<Longrightarrow> d' (f x) (f y) < \<delta> \<Longrightarrow> d x y < \<epsilon> - d a x"
+ using assms(4) by metis
+ show "\<exists>\<epsilon>>0. m2'.open_ball (f x) \<epsilon> \<subseteq> f ` A"
+ proof(safe intro!: exI[where x=\<delta>])
+ fix z
+ assume "z \<in> m2'.open_ball (f x) \<delta>"
+ note hz = m2'.open_ballD'[OF this]
+ then obtain y where "y \<in> S" "z = f y" by auto
+ hence "d' (f x) (f y) < \<delta>"
+ using m2'.open_ballD[OF \<open>z \<in> m2'.open_ball (f x) \<delta>\<close>] \<open>x \<in> A\<close> m1.open_ball_subset_ofS[of a \<epsilon>]
+ by(auto simp: submetric_def hae(3))
+ hence "d x y < \<epsilon> - d a x"
+ by(auto intro!: hd(2)[OF \<open>y \<in> S\<close>])
+ hence "d a y < \<epsilon>"
+ using m1.dist_tr[OF \<open>a \<in> S\<close> \<open>x \<in> S\<close> \<open>y \<in> S\<close>] by auto
+ thus "z \<in> f ` A"
+ by (simp add: \<open>y \<in> S\<close> \<open>z = f y\<close> hae(1) hae(3) m1.open_ball_def)
+ qed(use hd in auto)
+ qed
+ qed
+ qed
+qed
+
+subsubsection \<open> Complete Metric Spaces\<close>
+locale complete_metric_set = metric_set +
+ assumes convergence: "\<And>f. Cauchy_inS f \<Longrightarrow> convergent_inS f"
+
+lemma complete_space_complete_metric_set:
+ "complete_metric_set (UNIV :: 'a :: complete_space set) dist"
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ show ?thesis
+ by standard (simp add: Cahuchy_def_set[symmetric] convergent_def_set[symmetric] Cauchy_convergent_iff)
+qed
+
+lemma(in complete_metric_set) submetric_complete_iff:
+ assumes "M \<subseteq> S"
+ shows "complete_metric_set M (submetric M dist) \<longleftrightarrow> closedin mtopology M"
+proof
+ assume "complete_metric_set M (submetric M dist)"
+ then interpret m: complete_metric_set M "submetric M dist" .
+ show "closedin mtopology M"
+ proof(rule ccontr)
+ assume "\<not> closedin mtopology M"
+ then have "\<exists>f\<in>m.sequence. \<exists>s. converge_to_inS f s \<and> s \<notin> M"
+ using assms mtopology_closedin_iff by auto
+ then obtain f s where hfs:"f \<in> m.sequence" "converge_to_inS f s" "s \<notin> M"
+ by auto
+ hence "convergent_inS f"
+ by(auto simp: convergent_inS_def converge_to_inS_def)
+ have "m.Cauchy_inS f"
+ using Cauchy_if_convergent_inS[OF \<open>convergent_inS f\<close>] hfs(1)
+ by(auto simp: m.Cauchy_inS_def Cauchy_inS_def) (fastforce simp: submetric_def)
+ then obtain s' where "s' \<in> M" "m.converge_to_inS f s'"
+ using m.convergence by(auto simp: m.convergent_inS_def m.converge_to_inS_def)
+ from converge_to_insub_converge_to_inS[OF assms this(2)] hfs(2)
+ have "s' = s"
+ by(rule converge_to_inS_unique)
+ thus False
+ using \<open>s' \<in> M\<close> \<open>s \<notin> M\<close> by simp
+ qed
+next
+ interpret m: metric_set M "submetric M dist"
+ by(rule submetric_metric_set[OF assms])
+ assume cls:"closedin mtopology M"
+ show "complete_metric_set M (submetric M dist)"
+ proof
+ fix f
+ assume "m.Cauchy_inS f"
+ then have "f \<in> m.sequence" by(simp add: m.Cauchy_inS_def)
+ have "Cauchy_inS f"
+ by(rule Cauchy_insub_Cauchy[OF assms \<open>m.Cauchy_inS f\<close>])
+ then obtain x where hx:"x \<in> S" "converge_to_inS f x"
+ using convergence by(auto simp: convergent_inS_def converge_to_inS_def)
+ hence "x \<in> M"
+ using cls[simplified mtopology_closedin_iff] \<open>f \<in> m.sequence\<close> assms
+ by auto
+ hence "m.converge_to_inS f x"
+ using convergent_insubmetric[OF assms \<open>f \<in> m.sequence\<close>] hx by auto
+ thus "m.convergent_inS f"
+ using \<open>x \<in> M\<close> by(auto simp: m.convergent_inS_def)
+ qed
+qed
+
+lemma(in complete_metric_set) embed_dist_complete:
+ assumes "f \<in> B \<rightarrow> S" "inj_on f B" "closedin mtopology (f ` B)"
+ shows "complete_metric_set B (embed_dist_on B f)"
+proof -
+ interpret m: metric_set B "embed_dist_on B f"
+ by(rule embed_dist_dist[OF assms(1,2)])
+ show ?thesis
+ proof
+ fix xn
+ assume "m.Cauchy_inS xn"
+ hence h:"xn \<in> m.sequence" "Cauchy_inS (\<lambda>n. f (xn n))"
+ by(auto simp add: embed_dist_Cauchy_inS_iff[OF assms(1,2)])
+ with convergence obtain x where x: "converge_to_inS (\<lambda>n. f (xn n)) x"
+ by(auto simp: convergent_inS_def)
+ have x': "x \<in> f ` B"
+ proof -
+ have "(\<lambda>n. f (xn n)) \<in> UNIV \<rightarrow> f ` B"
+ using assms(1) h(1) by auto
+ thus ?thesis
+ using assms(3) x by(auto simp: mtopology_closedin_iff)
+ qed
+ then obtain b where b: "b \<in> B" "f b = x" by auto
+ show "m.convergent_inS xn"
+ by(auto simp: m.convergent_inS_def embed_dist_converge_to_inS_iff[OF assms(1,2)] b x h intro!: exI[where x=b])
+ qed
+qed
+
+lemma(in metric_set) Cantor_intersection_theorem:
+ "complete_metric_set S dist \<longleftrightarrow> (\<forall>Fn. (\<forall>n. Fn n \<noteq> {}) \<and> (\<forall>n. closedin mtopology (Fn n)) \<and> decseq Fn \<and> (\<forall>\<epsilon> > 0. \<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>) \<longrightarrow> (\<exists>x\<in>S. \<Inter> (range Fn) = {x}))"
+proof safe
+ fix Fn
+ assume "complete_metric_set S dist"
+ interpret complete_metric_set S dist by fact
+ assume h: "\<forall>n. Fn n \<noteq> {}" " \<forall>n. closedin mtopology (Fn n)" "decseq Fn" "\<forall>\<epsilon> > 0. \<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>"
+ then obtain xn where xn1: "\<And>n. xn n \<in> Fn n"
+ by (meson all_not_in_conv)
+ hence xn2: "xn \<in> sequence"
+ using closedin_subset[of mtopology] h(2) by(auto simp: mtopology_topspace)
+ have "Cauchy_inS xn"
+ unfolding Cauchy_inS_def
+ proof safe
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ then obtain N where N:"\<And>n. n\<ge>N \<Longrightarrow> diam (Fn n) < ennreal \<epsilon>"
+ using h(4) ennreal_less_zero_iff by blast
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (xn n) (xn m) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n m
+ assume "n \<ge> N" "m \<ge> N"
+ define nm where "nm = min m n"
+ have "nm \<ge> N" "nm \<le> n" "nm \<le> m"
+ using \<open>n \<ge> N\<close> \<open>m \<ge> N\<close> by(auto simp: nm_def)
+ hence "xn n \<in> Fn nm" "xn m \<in> Fn nm"
+ using decseqD[OF h(3)] xn1[of n] xn1[of m] by auto
+ hence "ennreal (dist (xn n) (xn m)) \<le> diam (Fn nm)"
+ using xn2 by(auto intro!: diam_is_sup mtopology_topspace)
+ also have "... < ennreal \<epsilon>"
+ by(rule N[OF \<open>nm \<ge> N\<close>])
+ finally show "dist (xn n) (xn m) < \<epsilon>"
+ by (simp add: dist_geq0 ennreal_less_iff)
+ qed
+ qed(use xn2 in auto)
+ then obtain x where x:"x \<in> S" "converge_to_inS xn x"
+ using convergence[of xn] by(auto simp: convergent_inS_def converge_to_inS_def)
+ show "\<exists>x\<in>S. \<Inter> (range Fn) = {x}"
+ proof(safe intro!: bexI[where x=x])
+ fix n
+ show "x \<in> Fn n"
+ proof(rule ccontr)
+ assume "x \<notin> Fn n"
+ moreover have "openin mtopology (S - Fn n)"
+ using h(2) by (simp add: openin_diff)
+ ultimately obtain \<epsilon> where e: "\<epsilon> > 0" "open_ball x \<epsilon> \<subseteq> S - Fn n"
+ using x(1) by(auto simp: mtopology_openin_iff)
+ then have "\<exists>N. \<forall>n\<ge>N. xn n \<in> open_ball x \<epsilon>"
+ using mtopology_openin_iff2[of "open_ball x \<epsilon>"] open_ball_ina[OF x(1) e(1)] x(2)
+ by(auto simp: openin_open_ball)
+ then obtain N where N:"\<And>m. m \<ge> N \<Longrightarrow> xn m \<in> open_ball x \<epsilon>"
+ by auto
+ hence "xn m \<in> S - Fn m" if "m \<ge> N" "m \<ge> n" for m
+ using e(2) decseqD[OF h(3) that(2)] using that(1) by blast
+ from xn1[of "max N n"] this[of "max N n"]
+ show False by auto
+ qed
+ next
+ fix y
+ assume "y \<in> \<Inter> (range Fn)"
+ then have hy:"\<forall>n. y \<in> Fn n" by auto
+ have "y \<in> S"
+ using closedin_subset[of mtopology] h(2) hy mtopology_topspace by auto
+ have "converge_to_inS xn y"
+ unfolding converge_to_inS_def2
+ proof safe
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ then obtain N where N:"\<And>n. n \<ge> N \<Longrightarrow> diam (Fn n) < ennreal \<epsilon>"
+ using ennreal_less_zero_iff h(4) by presburger
+ show "\<exists>N. \<forall>n\<ge>N. dist (xn n) y < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "n \<ge> N"
+ then have "ennreal (dist (xn n) y) < ennreal \<epsilon>"
+ using \<open>y \<in> S\<close> hy xn1[of n] xn2
+ by(auto intro!: order.strict_trans1[OF diam_is_sup[of "xn n" "Fn n" y] N[of n]])
+ thus "dist (xn n) y < \<epsilon>"
+ by (simp add: dist_geq0 ennreal_less_iff)
+ qed
+ qed(use xn2 \<open>y \<in> S\<close> in auto)
+ with converge_to_inS_unique[OF x(2)]
+ show "y = x" by simp
+ qed(use x in auto)
+next
+ assume h:"\<forall>Fn. (\<forall>n. Fn n \<noteq> {}) \<and> (\<forall>n. closedin mtopology (Fn n)) \<and> decseq Fn \<and> (\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>) \<longrightarrow> (\<exists>x\<in>S. \<Inter> (range Fn) = {x})"
+ show "complete_metric_set S dist"
+ proof
+ fix xn
+ assume cauchy:"Cauchy_inS xn"
+ hence xn: "xn \<in> sequence"
+ by (simp add: Cauchy_inS_dest1)
+ define Fn where "Fn \<equiv> (\<lambda>n. mtopology closure_of {xn m|m. m \<ge> n})"
+ have Fn0': "{xn m|m. m \<ge> n} \<subseteq> Fn n" for n
+ using xn by(auto intro!: closure_of_subset simp: Fn_def mtopology_topspace)
+ have Fn0: "\<And>n. Fn n \<subseteq> S"
+ using xn by(auto simp: Fn_def in_closure_of metric_set.mtopology_topspace metric_set_axioms)
+ have Fn1: "Fn n \<noteq> {}" for n
+ using xn closure_of_eq_empty[of "{xn m|m. m \<ge> n}" mtopology,simplified mtopology_topspace]
+ by(auto simp: Fn_def)
+ have Fn2:"\<And>n. closedin mtopology (Fn n)"
+ by(simp add: Fn_def)
+ have Fn3: "decseq Fn"
+ by standard (auto simp: Fn_def intro!: closure_of_mono)
+ have Fn4:"\<forall>\<epsilon>>0. \<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>"
+ proof safe
+ fix \<epsilon> :: ennreal
+ assume "0 < \<epsilon>"
+ define e where "e \<equiv> min 1 \<epsilon>"
+ have he: "e \<le> \<epsilon>" "enn2real e > 0" "ennreal (enn2real e) = e"
+ using \<open>0 < \<epsilon>\<close> by(auto simp: e_def enn2real_positive_iff min_less_iff_disj)
+ then obtain e' where e':"e' > 0" "e' < enn2real e"
+ using field_lbound_gt_zero by auto
+ then obtain N where N:"\<And>n m. n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> dist (xn n) (xn m) \<le> e'"
+ using cauchy by(fastforce simp: Cauchy_inS_def)
+ show "\<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then have "diam (Fn n) \<le> ennreal e'"
+ by(auto intro!: diam_le N simp: Fn_def diam_eq_closure)
+ also have "... < e"
+ using e'(2) ennreal_lessI he(2) he(3) by fastforce
+ finally show "diam (Fn n) < \<epsilon>"
+ using he(1) by auto
+ qed
+ qed
+ obtain x where x:"x\<in>S" "\<Inter> (range Fn) = {x}"
+ using h Fn1 Fn2 Fn3 Fn4 by metis
+ show "convergent_inS xn"
+ unfolding convergent_inS_def converge_to_inS_def2
+ proof(safe intro!: exI[where x=x])
+ fix \<epsilon> :: real
+ assume he:"0 < \<epsilon>"
+ then have "0 < ennreal \<epsilon>" by simp
+ then obtain N where N: "\<And>n. n \<ge> N \<Longrightarrow> diam (Fn n) < ennreal \<epsilon>"
+ using Fn4 by metis
+ show "\<exists>N. \<forall>n\<ge>N. dist (xn n) x < \<epsilon>"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume "N \<le> n"
+ then have "xn n \<in> Fn N" "x \<in> Fn N"
+ using x(2) Fn0'[of N] by auto
+ hence "ennreal (dist (xn n) x) \<le> diam (Fn N)"
+ using Fn0 by(auto intro!: diam_is_sup)
+ also have "... < ennreal \<epsilon>"
+ by(auto intro!: N)
+ finally show "dist (xn n) x < \<epsilon>"
+ by (simp add: dist_geq0 ennreal_less_iff)
+ qed
+ qed(use xn x in auto)
+ qed
+qed
+
+lemma(in complete_metric_set) closed_decseq_Inter':
+ assumes "\<And>n. Fn n \<noteq> {}" "\<And>n. closedin mtopology (Fn n)" "decseq Fn"
+ and "\<And>\<epsilon>. \<epsilon> > 0 \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>"
+ shows "\<exists>x\<in>S. \<Inter> (range Fn) = {x}"
+ using assms Cantor_intersection_theorem by(simp add: complete_metric_set_axioms)
+
+lemma(in complete_metric_set) closed_decseq_Inter:
+ assumes "\<And>n. Fn n \<noteq> {}" "\<And>n. closedin mtopology (Fn n)" "decseq Fn"
+ and "\<And>\<epsilon>. \<epsilon> > 0 \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. diam (Fn n) < ennreal \<epsilon>"
+ shows "\<exists>x\<in>S. \<Inter> (range Fn) = {x}"
+proof -
+ have "\<exists>N. \<forall>n\<ge>N. diam (Fn n) < \<epsilon>" if "\<epsilon> > 0" for \<epsilon>
+ proof -
+ consider "\<epsilon> < \<infinity>" | "\<epsilon> = \<infinity>"
+ using top.not_eq_extremum by fastforce
+ then show ?thesis
+ proof cases
+ case 1
+ with that have 2:"ennreal (enn2real \<epsilon>) = \<epsilon>"
+ by simp
+ have "0 < enn2real \<epsilon>"
+ using 1 that by(simp add: enn2real_positive_iff)
+ from assms(4)[OF this] show ?thesis
+ by(simp add: 2)
+ next
+ case 2
+ then show ?thesis
+ by (metis assms(4) ennreal_less_top gt_ex infinity_ennreal_def order_less_imp_not_less top.not_eq_extremum)
+ qed
+ qed
+ thus ?thesis
+ using closed_decseq_Inter'[OF assms(1-3)] by simp
+qed
+
+subsubsection \<open> Separable Metric Spaces \<close>
+locale separable_metric_set = metric_set +
+ assumes separable: "\<exists>U. countable U \<and> dense_set U"
+
+lemma(in metric_set) separable_if_countable:
+ assumes "countable S"
+ shows "separable_metric_set S dist"
+ apply standard
+ using assms by(auto intro!: exI[where x=S] simp: dense_set_S)
+
+lemma(in metric_set) separable_iff_topological_separable:
+ "separable_metric_set S dist \<longleftrightarrow> separable mtopology"
+ by(simp add: separable_metric_set_def separable_metric_set_axioms_def separable_def metric_set_axioms)
+
+lemma(in separable_metric_set) topological_separable_if_separable:
+ "separable mtopology"
+ using separable_iff_topological_separable
+ by (simp add: separable_metric_set_axioms)
+
+lemma separable_metric_setI:
+ assumes "metric_set S d" "separable (metric_set.mtopology S d)"
+ shows "separable_metric_set S d"
+ by (simp add: assms(1) assms(2) metric_set.separable_iff_topological_separable)
+
+text \<open> For a metric space $X$, $X$ is separable iff $X$ is second countable.\<close>
+lemma(in metric_set) generated_by_countable_balls:
+ assumes "countable U" and "dense_set U"
+ shows "mtopology = topology_generated_by {open_ball y (1 / real n) | y n. y \<in> U}"
+proof -
+ have hu: "U \<subseteq> S" "\<And>x \<epsilon>. x \<in> S \<Longrightarrow> \<epsilon> > 0 \<Longrightarrow> open_ball x \<epsilon> \<inter> U \<noteq> {}"
+ using assms by(auto simp: dense_set_def)
+ show ?thesis
+ unfolding mtopology_def2
+ proof(rule topology_generated_by_eq)
+ fix K
+ assume "K \<in> {open_ball y (1 / real n) |y n. y \<in> U}"
+ then obtain y n where hyn:
+ "y \<in> U" "y \<in> S" "K = open_ball y (1 / real n)"
+ using hu(1) by auto
+ consider "n = 0" | "n > 0" by auto
+ then show "openin (topology_generated_by {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}) K"
+ proof cases
+ case 1
+ then have "K = {}"
+ using hyn dist_geq0[of y] not_less by(auto simp: open_ball_def)
+ thus ?thesis
+ by auto
+ next
+ case 2
+ then have "1 / real n > 0" by auto
+ thus ?thesis
+ using hyn mtopology_open_ball_in[simplified mtopology_def2] by auto
+ qed
+ next
+ have h0:"\<And>x \<epsilon>. x \<in> S \<Longrightarrow> \<epsilon> > 0 \<Longrightarrow> \<exists>y\<in>U. \<exists>n. x \<in> open_ball y (1 / real n) \<and> open_ball y (1 / real n) \<subseteq> open_ball x \<epsilon>"
+ proof -
+ fix x \<epsilon>
+ assume h: "x \<in> S" "(0 :: real) < \<epsilon>"
+ then obtain N where hn: "1 / \<epsilon> < real N"
+ using reals_Archimedean2 by blast
+ have hn0: "0 < real N"
+ by(rule ccontr) (use hn h in fastforce)
+ hence hn':"1 / real N < \<epsilon>"
+ using h hn by (metis divide_less_eq mult.commute)
+ have "open_ball x (1 / (2 * real N)) \<inter> U \<noteq> {}"
+ using dense_set_def[of U] assms(2) h(1) hn0 by fastforce
+ then obtain y where hy:
+ "y\<in>U" "y \<in> S" "y \<in> open_ball x (1 / (real (2 * N)))"
+ using hu by auto
+ show "\<exists>y\<in>U. \<exists>n. x \<in> open_ball y (1 / real n) \<and> open_ball y (1 / real n) \<subseteq> open_ball x \<epsilon>"
+ proof(intro bexI[where x=y] exI[where x="2 * N"] conjI)
+ show "x \<in> open_ball y (1 / real (2 * N))"
+ using hy(3) by(simp add: open_ball_inverse[of x y])
+ next
+ show "open_ball y (1 / real (2 * N)) \<subseteq> open_ball x \<epsilon>"
+ proof
+ fix y'
+ assume hy':"y' \<in> open_ball y (1 / real (2 * N))"
+ have "dist x y' < \<epsilon>" (is "?lhs < ?rhs")
+ proof -
+ have "?lhs \<le> dist x y + dist y y'"
+ using hy(2) open_ballD'(1)[OF hy'] h(1) by(auto intro!: dist_tr)
+ also have "... < 1 / real (2 * N) + 1 / real (2 * N)"
+ apply(rule strict_ordered_ab_semigroup_add_class.add_strict_mono)
+ using hy(3) hy(2) open_ballD'(1)[OF hy'] h(1) hy' by(simp_all add: open_ball_def dist_sym[of x y])
+ finally show ?thesis
+ using hn' by auto
+ qed
+ thus "y' \<in> open_ball x \<epsilon>"
+ using open_ballD'(1)[OF hy'] h(1) by(simp add: open_ball_def)
+ qed
+ qed fact
+ qed
+ fix K
+ assume hk: "K \<in> {open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>}"
+ then obtain x \<epsilon>x where hxe:
+ "x \<in> S" "0 < \<epsilon>x" "K = open_ball x \<epsilon>x" by auto
+ have gh:"K = (\<Union>{open_ball y (1 / real n) | y n. y \<in> U \<and> open_ball y (1 / real n) \<subseteq> K})"
+ proof
+ show "K \<subseteq> (\<Union> {open_ball y (1 / real n) |y n. y \<in> U \<and> open_ball y (1 / real n) \<subseteq> K})"
+ proof
+ fix k
+ assume hkink:"k \<in> K"
+ then have hkinS:"k \<in> S"
+ using open_ballD'(1)[of k] by(simp add: hxe)
+ obtain \<epsilon>k where hek:
+ "\<epsilon>k > 0" "open_ball k \<epsilon>k \<subseteq> K"
+ using mtopology_open_ball_in'[of k x] hkink
+ by(auto simp: hxe)
+ obtain y n where hyey:
+ "y \<in> U" "k \<in> open_ball y (1 / real n)" "open_ball y (1 / real n) \<subseteq> open_ball k \<epsilon>k"
+ using h0[OF hkinS hek(1)] by auto
+ show "k \<in> \<Union> {open_ball y (1 / real n) |y n. y \<in> U \<and> open_ball y (1 / real n) \<subseteq> K}"
+ using hek(2) hyey by blast
+ qed
+ qed auto
+ show "openin (topology_generated_by {open_ball y (1 / real n) |y n. y \<in> U}) K"
+ unfolding openin_topology_generated_by_iff
+ apply(rule generate_topology_on.UN[of "{open_ball y (1 / real n) |y n. y \<in> U \<and> open_ball y (1 / real n) \<subseteq> K}", simplified gh[symmetric]])
+ apply(rule generate_topology_on.Basis) by auto
+ qed
+qed
+
+lemma(in separable_metric_set) second_countable':
+ "\<exists>\<O>. countable \<O> \<and> mtopology_basis \<O>"
+proof -
+ obtain U where hu:
+ "countable U" "dense_set U"
+ using separable by auto
+ show ?thesis
+ proof(rule countable_base_from_countable_subbase[where \<O>="{open_ball y (1 / real n) | y n. y \<in> U}",simplified second_countable_def])
+ have "{open_ball y (1 / real n) |y n. y \<in> U} = (\<lambda>(y,n). open_ball y (1 / real n)) ` (U \<times> UNIV)"
+ by auto
+ also have "countable ..."
+ using hu by auto
+ finally show "countable {open_ball y (1 / real n) |y n. y \<in> U}" .
+ qed (simp add: generated_by_countable_balls[OF hu] subbase_of_def)
+qed
+
+lemma(in separable_metric_set) second_countable: "second_countable mtopology"
+ by(simp add: second_countable_def second_countable')
+
+lemma(in metric_set) separable_if_second_countable:
+ assumes "countable \<O>" and "mtopology_basis \<O>"
+ shows "separable_metric_set S dist"
+proof
+ have 1:"mtopology = topology_generated_by {U \<in> \<O>. U \<noteq> {}}"
+ by(simp add: topology_generated_by_without_empty[symmetric] base_is_subbase[OF assms(2),simplified subbase_of_def])
+ have "\<forall>U \<in> {U \<in>\<O>. U \<noteq> {} }. \<exists>x. x \<in> U"
+ by auto
+ then have "\<exists>x. \<forall>U \<in> { U \<in> \<O>. U \<noteq> {} }. x U \<in> U"
+ by(rule bchoice)
+ then obtain x where hx:
+ "\<forall>U \<in> { U \<in> \<O>. U \<noteq> {} }. x U \<in> U"
+ by auto
+ show "\<exists>U. countable U \<and> dense_set U"
+ proof(intro exI[where x="{ x U | U. U \<in> \<O> \<and> U \<noteq> {}}"] conjI)
+ have "{x U |U. U \<in> \<O> \<and> U \<noteq> {}} = (\<lambda>U. x U) ` { U \<in> \<O>. U \<noteq> {} }"
+ by auto
+ also have "countable ..."
+ using assms(1) by auto
+ finally show "countable {x U |U. U \<in> \<O> \<and> U \<noteq> {}}" .
+ next
+ show "dense_set {x U |U. U \<in> \<O> \<and> U \<noteq> {}}"
+ unfolding dense_set_def
+ proof
+ have "\<And>U. U \<in> \<O> \<Longrightarrow> U \<subseteq> topspace mtopology"
+ using assms(2)[simplified base_of_def2']
+ by(auto intro!: openin_subset)
+ then show "{x U |U. U \<in> \<O> \<and> U \<noteq> {}} \<subseteq> S"
+ using hx by(auto simp add: mtopology_topspace)
+ next
+ show "\<forall>xa\<in>S. \<forall>\<epsilon>>0. open_ball xa \<epsilon> \<inter> {x U |U. U \<in> \<O> \<and> U \<noteq> {}} \<noteq> {}"
+ proof safe
+ fix s \<epsilon>
+ assume h:"s \<in> S" "(0::real) < \<epsilon>" "open_ball s \<epsilon> \<inter> {x U |U. U \<in> \<O> \<and> U \<noteq> {}} = {}"
+ then have "openin mtopology (open_ball s \<epsilon>)"
+ by(auto intro!: mtopology_open_ball_in)
+ moreover have "open_ball s \<epsilon> \<noteq> {}"
+ using h open_ball_ina by blast
+ ultimately obtain U' where
+ "U'\<in>\<O>" "U' \<noteq> {}" "U' \<subseteq> open_ball s \<epsilon>"
+ using assms(2)[simplified base_of_def] by fastforce
+ then have "x U' \<in> open_ball s \<epsilon> \<inter> {x U |U. U \<in> \<O> \<and> U \<noteq> {}}"
+ using hx by blast
+ with h show False
+ by auto
+ qed
+ qed
+ qed
+qed
+
+lemma metric_generates_same_topology_separable_if:
+ assumes "metric_set S d" "metric_set S d'"
+ and "metric_set.mtopology S d = metric_set.mtopology S d'"
+ and "separable_metric_set S d"
+ shows "separable_metric_set S d'"
+proof -
+ interpret m1: separable_metric_set S d by fact
+ interpret m2: metric_set S d' by fact
+ obtain \<O> where "countable \<O>" "m1.mtopology_basis \<O>"
+ using m1.second_countable' by auto
+ thus ?thesis
+ by(auto intro!: m2.separable_if_second_countable simp: assms(3)[symmetric])
+qed
+
+lemma metric_generates_same_topology_separable:
+ assumes "metric_set S d" "metric_set S d'"
+ and "metric_set.mtopology S d = metric_set.mtopology S d'"
+ shows "separable_metric_set S d \<longleftrightarrow> separable_metric_set S d'"
+ using metric_generates_same_topology_separable_if[OF assms] metric_generates_same_topology_separable_if[OF assms(2,1) assms(3)[symmetric]]
+ by auto
+
+lemma(in metric_set) separable_if_totally_bounded:
+ assumes totally_boundedS
+ shows "separable_metric_set S dist"
+ unfolding separable_iff_topological_separable
+proof -
+ have "\<exists>A. finite A \<and> A \<subseteq> S \<and> S = \<Union> ((\<lambda>a. open_ball a (1 / real (Suc n))) ` A)" for n
+ using totally_boundedSD[OF assms,of "1 / Suc n"] by fastforce
+ then obtain A where A:"\<And>n. finite (A n)" "\<And>n. A n \<subseteq> S" "\<And>n. S = \<Union> ((\<lambda>a. open_ball a (1 / real (Suc n))) ` (A n))"
+ by metis
+ define K where "K \<equiv> \<Union> (range A)"
+ have 1: "countable K"
+ using A(1) by(auto intro!: countable_UN[of _ id,simplified] simp: K_def countable_finite)
+ show "separable mtopology"
+ unfolding dense_set_def2 separable_def
+ proof(safe intro!: exI[where x=K] 1)
+ fix x and \<epsilon> :: real
+ assume h: "x \<in> S" "0 < \<epsilon>"
+ then obtain n where n:"1 / real (Suc n) \<le> \<epsilon>"
+ by (meson nat_approx_posE order.strict_iff_not)
+ then obtain y where y: "y \<in> A n" "x \<in> open_ball y (1 / real (Suc n))"
+ using h(1) A(3)[of n] by auto
+ then show "\<exists>y\<in>K. dist x y < \<epsilon>"
+ using open_ballD[OF y(2)] n by(auto intro!: bexI[where x=y] simp: dist_sym[of y x] K_def)
+ qed(use K_def A(2) in auto)
+qed
+
+lemma second_countable_metric_class_separable_set:
+ "separable_metric_set (UNIV :: 'a ::{metric_space,second_countable_topology} set) dist"
+proof -
+ interpret m: metric_set UNIV dist
+ by(rule metric_class_metric_set)
+ obtain B :: "'a set set" where "countable B \<and> topological_basis B"
+ using second_countable_topology_class.ex_countable_basis by auto
+ then show ?thesis
+ by(auto intro!: m.separable_if_second_countable[where \<O>=B] simp: topological_basis_set)
+qed
+
+lemma second_countable_euclidean[simp]:
+ "second_countable (euclidean :: 'a :: {metric_space,second_countable_topology} topology)"
+ by (metis euclidean_mtopology second_countable_metric_class_separable_set separable_metric_set.second_countable)
+
+lemma separable_euclidean[simp]:
+ "separable (euclidean :: 'a :: {metric_space,second_countable_topology} topology)"
+ by(auto intro!: separable_if_second_countable)
+
+lemma(in separable_metric_set) submetric_separable:
+ assumes "S' \<subseteq> S"
+ shows "separable_metric_set S' (submetric S' dist)"
+proof -
+ interpret m: metric_set S' "submetric S' dist"
+ by(rule submetric_metric_set[OF assms])
+ obtain \<O> where ho:"countable \<O>" "mtopology_basis \<O>"
+ using second_countable' by auto
+ show ?thesis
+ proof(rule m.separable_if_second_countable[where \<O>="{S' \<inter> U | U. U\<in>\<O>}"])
+ show "countable {S' \<inter> U |U. U \<in> \<O>}"
+ using countable_image[where f="(\<inter>) S'",OF ho(1)]
+ by (simp add: Setcompr_eq_image)
+ next
+ show "m.mtopology_basis {S' \<inter> U |U. U \<in> \<O>}"
+ by(auto simp: submetric_subtopology[OF assms,symmetric] intro!: subtopology_base_of ho(2))
+ qed
+qed
+
+lemma(in separable_metric_set) Lindelof_diam:
+ assumes "0 < e"
+ shows "\<exists>U. countable U \<and> \<Union> U = S \<and> (\<forall>u\<in>U. diam u < ennreal e)"
+proof -
+ have "(\<And>u. u \<in> {open_ball x (e / 3) |x. x \<in> S} \<Longrightarrow> openin mtopology u)"
+ by(auto simp: openin_open_ball)
+ moreover have "\<Union> {open_ball x (e / 3) |x. x \<in> S} = S"
+ using open_ball_ina open_ball_subset_ofS assms by auto
+ ultimately have "\<exists>U'. countable U' \<and> U' \<subseteq> {open_ball x (e / 3) |x. x \<in> S} \<and> \<Union> U' = S"
+ by(rule Lindelof_of[OF second_countable,simplified mtopology_topspace]) auto
+ then obtain U' where U': "countable U'" "U' \<subseteq> {open_ball x (e / 3) |x. x \<in> S}" "\<Union> U' = S"
+ by auto
+ show ?thesis
+ proof(safe intro!: exI[where x=U'])
+ fix u
+ assume "u \<in> U'"
+ then obtain x where u:"u = open_ball x (e / 3)"
+ using U' by auto
+ have "diam u \<le> ennreal (2 * (e / 3))"
+ by(simp only: u diam_ball_leq)
+ also have "... < ennreal e"
+ by(auto intro!: ennreal_lessI assms)
+ finally show "diam u < ennreal e" .
+ qed(use U' in auto)
+qed
+
+subsubsection \<open> Polish Metric Spaces \<close>
+locale polish_metric_set = complete_metric_set + separable_metric_set
+
+lemma polish_class_polish_set[simp]:
+ "polish_metric_set (UNIV :: 'a :: polish_space set) dist"
+ using second_countable_metric_class_separable_set complete_space_complete_metric_set
+ by(simp add: polish_metric_set_def)
+
+lemma(in polish_metric_set) submetric_polish:
+ assumes "M \<subseteq> S" and "closedin mtopology M"
+ shows "polish_metric_set M (submetric M dist)"
+ using submetric_separable[OF assms(1)] submetric_complete_iff[OF assms(1)]
+ by(simp add: polish_metric_set_def assms(2))
+
+lemma polish_metric_setI:
+ assumes "complete_metric_set S d" "separable (metric_set.mtopology S d)"
+ shows "polish_metric_set S d"
+ using assms by(auto intro!: separable_metric_setI simp: polish_metric_set_def complete_metric_set_def)
+
+subsubsection \<open> Compact Metric Spaces\<close>
+locale compact_metric_set = metric_set +
+ assumes mtopology_compact:"compact_space mtopology"
+begin
+
+context
+ fixes S' :: "'b set" and dist'
+ assumes S'_dist: "metric_set S' dist'"
+begin
+
+interpretation m': metric_set S' dist' by fact
+
+lemma continuous_map_is_uniform:
+ assumes "continuous_map mtopology m'.mtopology f"
+ shows "uniform_continuous_map S dist S' dist' f"
+ unfolding uniform_continuous_map_def[OF metric_set_axioms m'.metric_set_axioms]
+proof safe
+ show goal1:"\<And>x. x \<in> S \<Longrightarrow> f x \<in> S'"
+ using assms by(auto simp: continuous_map_def mtopology_topspace m'.mtopology_topspace)
+ fix e :: real
+ assume e:"0 < e"
+ { fix x
+ assume x:"x \<in> S"
+ then have "\<exists>\<delta>>0. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> dist' (f x) (f y) < e / 2"
+ using assms(1)[simplified metric_set_continuous_map_eq[OF metric_set_axioms m'.metric_set_axioms]] half_gt_zero[OF e]
+ by metis
+ }
+ then obtain \<delta> where delta:"\<And>x. x \<in> S \<Longrightarrow> \<delta> x > 0" "\<And>x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> dist x y < \<delta> x \<Longrightarrow> dist' (f x) (f y) < e / 2"
+ by metis
+ show "\<exists>\<delta>>0. \<forall>x\<in>S. \<forall>y\<in>S. dist x y < \<delta> \<longrightarrow> dist' (f x) (f y) < e"
+ proof(cases "S = {}")
+ case True
+ then show ?thesis
+ by (auto intro!: exI[where x=1])
+ next
+ case nem:False
+ have "\<exists>\<F>. finite \<F> \<and> \<F> \<subseteq> {open_ball x (\<delta> x / 2)|x. x \<in> S} \<and> S \<subseteq> \<Union> \<F>"
+ using open_ball_ina[OF _ half_gt_zero[OF delta(1)]] mtopology_compact
+ by(auto intro!: compactinD simp: compact_space_def mtopology_topspace openin_open_ball)
+ then obtain F where F: "finite F" "F \<subseteq> {open_ball x (\<delta> x / 2)|x. x \<in> S}" "S \<subseteq> \<Union> F"
+ by auto
+ have F_nem:"F \<noteq> {}"
+ using nem F by auto
+ have "a \<in> F \<Longrightarrow> (\<exists>x\<in>S. a = open_ball x (\<delta> x / 2))" for a
+ using F(2) by auto
+ then obtain xa where xa:"\<And>a. a \<in> F \<Longrightarrow> xa a \<in> S" "\<And>a. a \<in> F \<Longrightarrow> a = open_ball (xa a) (\<delta> (xa a) / 2)"
+ by metis
+ define \<delta>' where "\<delta>' \<equiv> (MIN a\<in>F. \<delta> (xa a) / 2)"
+ have fin:"finite ((\<lambda>a. \<delta> (xa a)/ 2) ` F)"
+ using F by auto
+ have nemd: "((\<lambda>a. \<delta> (xa a)/ 2) ` F) \<noteq> {}"
+ using F_nem by auto
+ have d_pos: "\<delta>' > 0"
+ by(auto simp: \<delta>'_def linorder_class.Min_gr_iff[OF fin nemd] intro!: delta(1) xa)
+ show ?thesis
+ proof(safe intro!: exI[where x=\<delta>'])
+ fix x y
+ assume h:"x \<in> S" "y \<in> S" "dist x y < \<delta>'"
+ then obtain a where a:"x \<in> a" "a \<in> F"
+ using F(3) by auto
+ have "dist (xa a) y \<le> dist (xa a) x + dist x y"
+ by(auto intro!: dist_tr xa a simp: h)
+ also have "... < \<delta>' + \<delta> (xa a) / 2"
+ using h xa(2)[OF a(2)] a(1) open_ballD[of x "xa a"] by fastforce
+ also have "... \<le> \<delta> (xa a) / 2 + \<delta> (xa a) / 2"
+ proof -
+ have "\<delta>' \<le> \<delta> (xa a) / 2"
+ by(simp only: \<delta>'_def,rule Min.coboundedI[OF fin]) (use a in auto)
+ thus ?thesis by simp
+ qed
+ finally have 2:"dist (xa a) y < \<delta> (xa a)" by simp
+ have "dist' (f x) (f y) \<le> dist' (f x) (f (xa a)) + dist' (f (xa a)) (f y)"
+ by(auto intro!: m'.dist_tr goal1 h xa a)
+ also have "... < e"
+ proof -
+ have [simp]:"dist (xa a) x < \<delta> (xa a)"
+ using a(1) xa[OF a(2)] delta(1) open_ballD by fastforce
+ have "dist' (f x) (f (xa a)) < e / 2"
+ by(simp only: m'.dist_sym[where x="f x"],rule delta(2)) (auto intro!: xa a h)
+ moreover have "dist' (f (xa a)) (f y) < e / 2"
+ by(rule delta(2)[OF _ _ 2]) (auto intro!: h xa a)
+ ultimately show ?thesis by simp
+ qed
+ finally show "dist' (f x) (f y) < e" .
+ qed(rule d_pos)
+ qed
+qed
+
+end
+
+
+lemma totally_bounded: totally_boundedS
+ unfolding totally_boundedS_def
+proof safe
+ fix \<epsilon> :: real
+ assume "0 < \<epsilon>"
+ define \<U> where "\<U> \<equiv> (\<lambda>a. open_ball a \<epsilon>) ` S"
+ have 1: "\<And>U. U \<in> \<U> \<Longrightarrow> openin mtopology U"
+ by(auto simp: \<U>_def openin_open_ball)
+ have 2:"\<Union> \<U> = S"
+ using open_ball_ina[OF _ \<open>0 < \<epsilon>\<close>] open_ball_subset_ofS
+ by(auto simp: \<U>_def)
+ obtain \<F> where "\<F> \<subseteq> \<U>" "finite \<F>" "\<Union> \<F> = S"
+ using 1 2 compact_space[of mtopology,simplified mtopology_compact mtopology_topspace] by metis
+ then obtain A where "A \<subseteq> S" "finite A" "\<Union> ((\<lambda>a. open_ball a \<epsilon>) ` A) = S"
+ by(simp add: \<U>_def) (metis finite_subset_image)
+ thus "\<exists>A. eps_net \<epsilon> A"
+ by(auto intro!: exI[where x=A] simp: eps_net_def \<open>0 < \<epsilon>\<close>)
+qed
+
+lemma sequentially_compact: sequentially_compact
+ unfolding sequentially_compact_def
+proof safe
+ fix xn
+ assume "xn \<in> sequence"
+ then have xn:"\<And>n. xn n \<in> S" by auto
+ have "\<not> (\<forall>x\<in>S. \<exists>e>0. finite {n. xn n \<in> open_ball x e})"
+ proof
+ assume contr:"\<forall>x\<in>S. \<exists>e>0. finite {n. xn n \<in> open_ball x e}"
+ then obtain e where e: "\<And>x. x \<in> S \<Longrightarrow> e x > 0" "\<And>x. x \<in> S \<Longrightarrow> finite {n. xn n \<in> open_ball x (e x)}"
+ by metis
+ define U where "U \<equiv> {open_ball x (e x)|x. x \<in> S}"
+ have "\<And>u. u \<in> U \<Longrightarrow> openin mtopology u" "topspace mtopology \<subseteq> \<Union>U"
+ by(auto simp: U_def openin_open_ball mtopology_topspace open_ball_ina[OF _ e(1)])
+ then obtain F where F: "finite F" "F \<subseteq> U" "S \<subseteq> \<Union> F"
+ using mtopology_compact compactinD by (metis compact_space_def mtopology_topspace)
+ then have "finite (\<Union>f\<in>F. {n. xn n \<in> f})"
+ using e(2) by(auto simp: U_def)
+ moreover have "UNIV = (\<Union>f\<in>F. {n. xn n \<in> f})"
+ using F(3) xn by auto
+ ultimately show False by simp
+ qed
+ then obtain x where x:"x \<in> S" "\<And>e. e > 0 \<Longrightarrow> infinite {n. xn n \<in> open_ball x e}"
+ by metis
+ have inf:"infinite {n. n > m \<and> xn n \<in> open_ball x e}" if "e > 0" for e m
+ proof
+ assume "finite {n. m < n \<and> xn n \<in> open_ball x e}"
+ then have "finite ({..m} \<union> {n. m < n \<and> xn n \<in> open_ball x e})"
+ by auto
+ moreover have "{n. xn n \<in> open_ball x e} \<subseteq> {..m} \<union> {n. m < n \<and> xn n \<in> open_ball x e}"
+ by auto
+ ultimately show False
+ using x(2)[OF that] finite_subset by blast
+ qed
+ define a where "a \<equiv> rec_nat (SOME n. xn n \<in> open_ball x 1) (\<lambda>n an. SOME m. m > an \<and> xn m \<in> open_ball x (1 / Suc n))"
+ have an: "xn (a n) \<in> open_ball x (1 / n)" if "n > 0" for n
+ proof(cases n)
+ case 0
+ with that show ?thesis by simp
+ next
+ case (Suc n)
+ have [simp]:"a (Suc n) = (SOME m. m > a n \<and> xn m \<in> open_ball x (1 / Suc n))"
+ by(auto simp: a_def)
+ obtain m where m:"a n < m" "xn m \<in> open_ball x (1 / (Suc n))"
+ using inf[of "1 / (real (Suc n))" "a n"] not_finite_existsD by auto
+ have "a (Suc n) > a n \<and> xn (a (Suc n)) \<in> open_ball x (1 / (Suc n))"
+ by(simp,rule someI2[of _ m]) (use m in auto)
+ then show ?thesis
+ by(simp only: Suc)
+ qed
+ have as:"strict_mono a"
+ unfolding strict_mono_Suc_iff
+ proof safe
+ fix n
+ have [simp]:"a (Suc n) = (SOME m. m > a n \<and> xn m \<in> open_ball x (1 / Suc n))"
+ by(auto simp: a_def)
+ obtain m where m:"a n < m" "xn m \<in> open_ball x (1 / (Suc n))"
+ using inf[of "1 / (real (Suc n))" "a n"] not_finite_existsD by auto
+ have "a (Suc n) > a n \<and> xn (a (Suc n)) \<in> open_ball x (1 / (Suc n))"
+ by(simp,rule someI2[of _ m]) (use m in auto)
+ thus "a n < a (Suc n)" by simp
+ qed
+ show "\<exists>a. strict_mono a \<and> convergent_inS (xn \<circ> a)"
+ unfolding convergent_inS_def converge_to_inS_def2'
+ proof(safe intro!: exI[where x=a] exI[where x=x])
+ fix e :: real
+ assume "0 < e"
+ then obtain N ::nat where N: "N > 0" "1 / N < e"
+ by (meson nat_approx_posE zero_less_Suc)
+ show "\<exists>N. \<forall>n\<ge>N. (xn \<circ> a) n \<in> open_ball x e"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume n:"n \<ge> N"
+ show "(xn \<circ> a) n \<in> open_ball x e"
+ using order.trans[OF open_ball_le[of "1 / n"] open_ball_le[of "1 / N" e]] N n an[of n] inverse_of_nat_le
+ by auto
+ qed
+ qed(auto simp: simp: as x xn)
+qed
+
+lemma polish: "polish_metric_set S dist"
+ using separable_if_totally_bounded[OF totally_bounded]
+ by(simp add: polish_metric_set_def complete_metric_set_def complete_metric_set_axioms_def separable_metric_set_def)
+ (meson Cauchy_inS_def converge_if_Cauchy_and_subconverge convergent_inS_def sequentially_compact sequentially_compact_def)
+
+sublocale polish_metric_set
+ by(rule polish)
+
+end
+
+lemma(in metric_set) ex_lebesgue_number:
+ assumes "S \<noteq> {}" sequentially_compact "\<And>u. u \<in> U \<Longrightarrow> openin mtopology u" "S \<subseteq> \<Union> U"
+ shows "\<exists>d>0. \<forall>a\<subseteq>S. diam a < ennreal d \<longrightarrow> (\<exists>u\<in>U. a \<subseteq> u)"
+proof(rule ccontr)
+ assume "\<not> (\<exists>d>0. \<forall>a\<subseteq>S. diam a < ennreal d \<longrightarrow> (\<exists>u\<in>U. a \<subseteq> u))"
+ then have "\<And>n. \<exists>a\<subseteq>S. diam a < ennreal (1 / Suc n) \<and> (\<forall>x\<in>U. \<not> a \<subseteq> x)" by auto
+ then obtain An where an: "\<And>n. An n \<subseteq> S" "\<And>n. diam (An n) < ennreal (1 / Suc n)" "\<And>n u. u \<in> U \<Longrightarrow> \<not> (An n) \<subseteq> u"
+ by metis
+ have "An n \<noteq> {}" for n
+ proof
+ assume "An n = {}"
+ then have "U = {} \<or> (\<forall>u\<in>U. u = {})"
+ using an(3)[of _ n] by auto
+ thus False
+ using assms(1,4) by blast
+ qed
+ then obtain xn where xn:"\<And>n. xn n \<in> An n"
+ by (meson ex_in_conv)
+ then have xn':"\<And>n. xn n \<in> S" using an by auto
+ then obtain a x where ax:"strict_mono a" "converge_to_inS (xn \<circ> a) x"
+ using assms(2) by(fastforce simp: sequentially_compact_def convergent_inS_def)
+ then have x: "x \<in> S" by(auto simp: converge_to_inS_def)
+ then obtain u where u:"x \<in> u" "u \<in> U"
+ using assms(4) by auto
+ obtain e where e:"e > 0" "open_ball x e \<subseteq> u"
+ using assms(3)[OF u(2)] u(1) mtopology_openin_iff by fastforce
+ obtain n ::nat where n: "1 / Suc n < e / 2"
+ using e(1) half_gt_zero nat_approx_posE by blast
+ obtain n' where n':"\<And>n. n \<ge> n' \<Longrightarrow> xn (a n) \<in> open_ball x (e / 2)"
+ using e(1) ax(2) by(auto simp: converge_to_inS_def2') (meson half_gt_zero)
+ define n0 where "n0 \<equiv> max (a (Suc n)) (a n')"
+ have n0:"1 / Suc n0 < e / 2" "xn n0 \<in> open_ball x (e / 2)"
+ proof -
+ have "Suc n0 \<ge> Suc n"
+ using seq_suble[OF ax(1),of "Suc n"] by (simp add: n0_def)
+ hence "1 / Suc n0 \<le> 1 / Suc n"
+ using inverse_of_nat_le by blast
+ thus "1 / Suc n0 < e / 2"
+ using n by auto
+ show "xn n0 \<in> open_ball x (e / 2)"
+ by (cases "a (Suc n) \<le> a n'") (auto intro!: n' simp: n0_def ax(1) strict_mono_less_eq)
+ qed
+ have "An n0 \<subseteq> open_ball x e"
+ unfolding open_ball_def
+ proof safe
+ fix y
+ assume y:"y \<in> An n0"
+ have "dist x y \<le> dist x (xn n0) + dist (xn n0) y"
+ using y xn' an by(auto intro!: dist_tr simp: x)
+ also have "... < e / 2 + dist (xn n0) y"
+ using open_ballD[OF n0(2)] by auto
+ also have "... \<le> e / 2 + 1 / Suc n0"
+ using xn[of n0] xn' y an by(auto intro!: diam_is_sup'[OF _ _ order.strict_implies_order[OF an(2)[of n0]],simplified])
+ also have "... < e"
+ using n0(1) by auto
+ finally show "y \<in> (if x \<in> S then {xa \<in> S. dist x xa < e} else {})"
+ using an(1) x y by auto
+ qed
+ hence "An n0 \<subseteq> u"
+ using e by auto
+ with an(3)[OF u(2)] show False by auto
+qed
+
+lemma(in metric_set) sequentially_compact_iff1:
+ "sequentially_compact \<longleftrightarrow> totally_boundedS \<and> complete_metric_set S dist"
+proof safe
+ assume h:sequentially_compact
+ then show totally_boundedS
+ using Cauchy_if_convergent_inS by(fastforce simp: totally_boundedS_iff sequentially_compact_def)
+ show "complete_metric_set S dist"
+ proof
+ fix xn
+ assume 1:"Cauchy_inS xn"
+ with h obtain a x where 2:"strict_mono a" "converge_to_inS (xn \<circ> a) x"
+ by(fastforce dest: Cauchy_inS_dest1 simp: sequentially_compact_def convergent_inS_def)
+ thus "convergent_inS xn"
+ by(auto simp: convergent_inS_def converge_if_Cauchy_and_subconverge[OF 2 1] intro!: exI[where x=x])
+ qed
+next
+ assume h:"totally_boundedS" "complete_metric_set S dist"
+ show sequentially_compact
+ unfolding sequentially_compact_def
+ proof safe
+ fix xn
+ assume "xn \<in> sequence"
+ then obtain a where a:"strict_mono a" "Cauchy_inS (xn \<circ> a)"
+ using h by(auto simp: totally_boundedS_iff)
+ thus "\<exists>a. strict_mono a \<and> convergent_inS (xn \<circ> a)"
+ using h by(auto intro!: exI[where x=a] simp: complete_metric_set_def complete_metric_set_axioms_def)
+ qed
+qed
+
+lemma(in metric_set) sequentially_compact_compact:
+ assumes sequentially_compact
+ shows "compact_metric_set S dist"
+proof
+ show "compact_space mtopology"
+ proof(cases "S = {}")
+ case True
+ have [simp]:"topspace mtopology = {}"
+ by(simp add: mtopology_topspace,fact)
+ show ?thesis
+ by(auto simp: compact_space intro!: exI[where x="{}"])
+ next
+ case 1:False
+ {
+ fix U
+ assume h:"\<And>u. u \<in> U \<Longrightarrow> openin mtopology u" "S \<subseteq> \<Union> U"
+ obtain d where d:"d > 0" "\<And>a. a \<subseteq> S \<Longrightarrow> diam a < ennreal d \<Longrightarrow> \<exists>u\<in>U. a \<subseteq> u"
+ using ex_lebesgue_number[OF 1 assms h] by metis
+ obtain B where B:"finite B" "B \<subseteq> S" "S = (\<Union>a\<in>B. open_ball a (d / 3))"
+ using totally_boundedSD[of "d / 3"] d(1) assms
+ by(auto simp: sequentially_compact_iff1)
+ have "\<exists>u\<in>U. open_ball b (d / 3) \<subseteq> u" if "b \<in> B" for b
+ using open_ballD' d(1) by(auto intro!: d(2) order.strict_trans1[OF diam_ball_leq[of b "d / 3"]] simp: ennreal_less_iff)
+ then obtain u where u:"\<And>b. b \<in> B \<Longrightarrow> u b \<in> U" "\<And>b. b \<in> B \<Longrightarrow> open_ball b (d / 3) \<subseteq> u b"
+ by metis
+ have "\<exists>F. finite F \<and> F \<subseteq> U \<and> S \<subseteq> (\<Union> F)"
+ using B u by(fastforce intro!: exI[where x="u ` B"])
+ }
+ thus ?thesis
+ by (simp add: compact_space_alt mtopology_topspace)
+ qed
+qed
+
+corollary(in metric_set) compact_iff_sequentially_compact:
+"compact_space mtopology \<longleftrightarrow> sequentially_compact"
+ using compact_metric_set.sequentially_compact sequentially_compact_compact compact_metric_set_axioms_def compact_metric_set_def metric_set_axioms
+ by blast
+
+corollary(in metric_set) compact_iff2:
+"compact_space mtopology \<longleftrightarrow> totally_boundedS \<and> complete_metric_set S dist"
+ by(simp add: compact_iff_sequentially_compact sequentially_compact_iff1)
+
+corollary(in complete_metric_set) compactin_closed_iff:
+ assumes "closedin mtopology C"
+ shows "compactin mtopology C \<longleftrightarrow> totally_bounded_on C"
+proof -
+ from assms have C:"C \<subseteq> S"
+ using mtopology_closedin_iff by blast
+ then interpret C: complete_metric_set C "submetric C dist"
+ by(auto simp: submetric_complete_iff assms)
+ show ?thesis
+ by(simp add: compactin_subspace submetric_subtopology[OF C] totally_bounded_on_submetric[OF C] mtopology_topspace C C.compact_iff2 C.complete_metric_set_axioms)
+qed
+
+subsubsection \<open> Completion \<close>
+context metric_set
+begin
+
+abbreviation "Cauchys \<equiv> Collect Cauchy_inS"
+
+definition Cauchy_r :: "((nat \<Rightarrow> 'a) \<times> (nat \<Rightarrow> 'a)) set" where
+"Cauchy_r \<equiv> {(xn,yn)|xn yn. Cauchy_inS xn \<and> Cauchy_inS yn \<and> (\<lambda>n. dist (xn n) (yn n)) \<longlonglongrightarrow> 0}"
+
+lemma Cauchy_r_equiv[simp]: "equiv Cauchys Cauchy_r"
+proof(rule equivI)
+ show "refl_on Cauchys Cauchy_r"
+ by(auto simp: refl_on_def Cauchy_r_def)
+next
+ show "sym Cauchy_r"
+ using dist_sym by(auto simp: sym_def Cauchy_r_def)
+next
+ show "trans Cauchy_r"
+ proof(rule transI)
+ show "\<And>x y z. (x, y) \<in> Cauchy_r \<Longrightarrow> (y, z) \<in> Cauchy_r \<Longrightarrow> (x, z) \<in> Cauchy_r"
+ unfolding Cauchy_r_def
+ proof safe
+ fix xn yn zn
+ assume h:"Cauchy_inS xn" "Cauchy_inS yn" "Cauchy_inS zn"
+ "(\<lambda>n. dist (xn n) (yn n)) \<longlonglongrightarrow> 0" "(\<lambda>n. dist (yn n) (zn n)) \<longlonglongrightarrow> 0"
+ then show "\<exists>xn' yn'. (xn, zn) = (xn', yn') \<and> Cauchy_inS xn' \<and> Cauchy_inS yn' \<and> (\<lambda>n. dist (xn' n) (yn' n)) \<longlonglongrightarrow> 0"
+ by(auto intro!: tendsto_0_le[OF tendsto_add_zero[OF h(4,5)],of _ 1] dist_tr eventuallyI simp: dist_geq0 Cauchy_inS_dest1)
+ qed
+ qed
+qed
+
+abbreviation S_completion :: "(nat \<Rightarrow> 'a) set set" ("S\<^sup>*") where
+"S_completion \<equiv> Cauchys // Cauchy_r"
+
+lemma S_c_represent:
+ assumes "X \<in> S\<^sup>*"
+ obtains xn where "xn \<in> X" "Cauchy_inS xn"
+ using equiv_Eps_in[OF _ assms] equiv_Eps_preserves[OF _ assms] by auto
+
+lemma Cauchy_inS_ignore_initial_eq:
+ assumes "Cauchy_inS xn"
+ shows "(xn, (\<lambda>n. xn (n + k))) \<in> Cauchy_r"
+ by(auto simp: Cauchy_r_def Cauchy_inS_ignore_initial[OF assms] assms,insert assms)
+ (auto simp: LIMSEQ_def dist_real_def dist_geq0 Cauchy_inS_def,metis add.commute trans_le_add2)
+
+corollary Cauchy_inS_r: "a \<in> S \<Longrightarrow> (\<lambda>n. a, \<lambda>n. a) \<in> Cauchy_r"
+ by(auto intro!: Cauchy_inS_ignore_initial_eq Cauchy_inS_const)
+
+abbreviation dist_completion' :: "[nat \<Rightarrow> 'a, nat \<Rightarrow> 'a] \<Rightarrow> real" where
+"dist_completion' xn yn \<equiv> lim (\<lambda>n. dist (xn n) (yn n))"
+
+lemma dist_of_completion_congruent2: "dist_completion' respects2 Cauchy_r"
+proof(safe intro!: congruent2_commuteI[OF Cauchy_r_equiv])
+ fix xn yn zn
+ assume h:"(xn,yn) \<in> Cauchy_r" "Cauchy_inS zn"
+ then have h':"Cauchy_inS xn" "Cauchy_inS yn" "(\<lambda>n. dist (xn n) (yn n)) \<longlonglongrightarrow> 0"
+ by(auto simp: Cauchy_r_def)
+ have 1:"(\<lambda>n. dist (zn n) (xn n)) \<longlonglongrightarrow> lim (\<lambda>n. dist (zn n) (xn n))"
+ using Cauchy_inS_dist_convergent[OF h(2) h'(1)] by(simp add: convergent_LIMSEQ_iff)
+ have 2:"(\<lambda>n. dist (zn n) (yn n)) \<longlonglongrightarrow> lim (\<lambda>n. dist (zn n) (xn n))"
+ using h(2) h'(1,2) dist_tr_abs[of "zn _" "xn _" "yn _",simplified abs_diff_le_iff]
+ by(auto intro!: real_tendsto_sandwich[OF _ _ tendsto_diff[OF 1 h'(3),simplified] tendsto_add[OF 1 h'(3),simplified]] eventuallyI dist_tr dest: Cauchy_inS_dest1) (simp add: Cauchy_inS_dest1 add.commute diff_le_eq)
+ show "dist_completion' zn xn = dist_completion' zn yn"
+ using 1 2 by(auto dest: limI)
+qed(auto simp: dist_sym)
+
+definition dist_completion :: "[(nat \<Rightarrow> 'a) set, (nat \<Rightarrow> 'a) set] \<Rightarrow> real" ("dist\<^sup>*") where
+"dist\<^sup>* X Y \<equiv> (if X \<in> S\<^sup>* \<and> Y \<in> S\<^sup>* then dist_completion' (SOME xn. xn \<in> X) (SOME yn. yn \<in> Y) else 0)"
+
+lemma dist_c_def:
+ assumes "xn \<in> X" "yn \<in> Y" "X \<in> S\<^sup>*" "Y \<in> S\<^sup>*"
+ shows "dist\<^sup>* X Y = dist_completion' xn yn"
+ by(auto simp: assms dist_completion_def,rule someI2[of "\<lambda>x. x \<in> X",OF assms(1)],rule someI2[of "\<lambda>x. x \<in> Y",OF assms(2)])
+ (auto simp: congruent2D[OF dist_of_completion_congruent2 quotient_eq_iff[OF _ assms(3,3,1),simplified] quotient_eq_iff[OF _ assms(4,4,2),simplified]])
+
+
+lemma completion_metric_set: "metric_set S\<^sup>* dist\<^sup>*"
+proof
+ fix X Y
+ consider "X \<in> S\<^sup>*" "Y \<in> S\<^sup>*" | "X \<notin> S\<^sup>*" | "Y \<notin> S\<^sup>*" by blast
+ then show "0 \<le> dist\<^sup>* X Y"
+ proof cases
+ case 1
+ then obtain xn yn where h: "xn \<in> X" "yn \<in> Y" "Cauchy_inS xn" "Cauchy_inS yn"
+ by (meson S_c_represent)
+ with 1 show ?thesis
+ by(auto simp: dist_c_def intro!: Lim_bounded2[OF Cauchy_inS_dist_convergent[OF h(3,4),simplified convergent_LIMSEQ_iff]] dist_geq0)
+ qed(auto simp: dist_completion_def)
+next
+ fix X Y
+ show "dist\<^sup>* X Y = dist\<^sup>* Y X"
+ by(auto simp: dist_completion_def dist_sym)
+next
+ fix X Y
+ assume h:"X \<in> S\<^sup>*" "Y \<in> S\<^sup>*"
+ then obtain xn yn where h': "xn \<in> X" "yn \<in> Y" "Cauchy_inS xn" "Cauchy_inS yn"
+ by (meson S_c_represent)
+ show "X = Y \<longleftrightarrow> dist\<^sup>* X Y = 0"
+ proof
+ assume "X = Y"
+ then show "dist\<^sup>* X Y = 0"
+ using h' h by(auto simp: dist_c_def)
+ next
+ assume "dist\<^sup>* X Y = 0"
+ then have "(xn, yn) \<in> Cauchy_r"
+ using h h' convergent_LIMSEQ_iff[THEN iffD1,OF Cauchy_inS_dist_convergent[OF h'(3,4)]]
+ by(auto simp: dist_c_def Cauchy_r_def)
+ thus "X = Y"
+ by(simp add: quotient_eq_iff[OF _ h h'(1,2)])
+ qed
+next
+ fix X Y Z
+ assume h:"X \<in> S\<^sup>*" "Y \<in> S\<^sup>*" "Z \<in> S\<^sup>*"
+ then obtain xn yn zn where h': "xn \<in> X" "yn \<in> Y" "zn \<in> Z" "Cauchy_inS xn" "Cauchy_inS yn" "Cauchy_inS zn"
+ by (meson S_c_represent)
+ have "dist\<^sup>* X Z = dist_completion' xn zn"
+ using h h' by(simp add: dist_c_def)
+ also have "... \<le> lim (\<lambda>n. dist (xn n) (yn n) + dist (yn n) (zn n))"
+ using h' by(auto intro!: lim_mono[OF _ convergent_LIMSEQ_iff[THEN iffD1,OF Cauchy_inS_dist_convergent[OF h'(4,6)]] convergent_LIMSEQ_iff[THEN iffD1,OF convergent_add[OF Cauchy_inS_dist_convergent[OF h'(4,5)] Cauchy_inS_dist_convergent[OF h'(5,6)]]]] dist_tr dest: Cauchy_inS_dest1)
+ also have "... = dist_completion' xn yn + dist_completion' yn zn"
+ using tendsto_add[OF convergent_LIMSEQ_iff[THEN iffD1,OF Cauchy_inS_dist_convergent[OF h'(4,5)]] convergent_LIMSEQ_iff[THEN iffD1,OF Cauchy_inS_dist_convergent[OF h'(5,6)]]]
+ by(simp add: limI)
+ also have "... = dist\<^sup>* X Y + dist\<^sup>* Y Z"
+ using h h' by(simp add: dist_c_def)
+ finally show "dist\<^sup>* X Z \<le> dist\<^sup>* X Y + dist\<^sup>* Y Z" .
+qed(simp add: dist_completion_def)
+
+interpretation c:metric_set "S\<^sup>*" "dist\<^sup>*"
+ by(rule completion_metric_set)
+
+definition into_S_c :: "'a \<Rightarrow> (nat \<Rightarrow> 'a) set" where
+"into_S_c a \<equiv> Cauchy_r `` {(\<lambda>n. a)}"
+
+lemma into_S_c_in:
+ assumes "a \<in> S"
+ shows "(\<lambda>n. a) \<in> into_S_c a"
+ using Cauchy_inS_const[OF assms] Cauchy_inS_r[OF assms]
+ by(auto simp: into_S_c_def)
+
+lemma into_S_c_into:
+ assumes "a \<in> S"
+ shows "into_S_c a \<in> S\<^sup>*"
+ by(auto simp: into_S_c_def intro!: quotientI Cauchy_if_convergent_inS convergent_inS_const assms)
+
+lemma into_S_inj: "inj_on into_S_c S"
+proof
+ fix x y
+ assume "x \<in> S" "y \<in> S" "into_S_c x = into_S_c y"
+ with eq_equiv_class_iff[THEN iffD1,OF Cauchy_r_equiv _ _ this(3)[simplified into_S_c_def]]
+ have "(\<lambda>n. x, \<lambda>n. y) \<in> Cauchy_r"
+ by(auto simp: Cauchy_if_convergent_inS convergent_inS_const)
+ thus "x = y"
+ using dist_0[OF \<open>x \<in> S\<close> \<open>y \<in> S\<close>]
+ by(auto simp: Cauchy_r_def LIMSEQ_const_iff)
+qed
+
+lemma dist_into_S_c:
+ assumes "x \<in> S" "y \<in> S"
+ shows "dist\<^sup>* (into_S_c x) (into_S_c y) = dist x y"
+ using into_S_c_in[OF assms(1)] into_S_c_in[OF assms(2)] into_S_c_into[OF assms(1)] into_S_c_into[OF assms(2)]
+ by(simp add: dist_c_def)
+
+lemma S_c_isometry:
+ "c.ed into_S_c S = dist"
+ by standard+ (auto simp: c.embed_dist_on_def dist_into_S_c dist_notin dist_notin')
+
+corollary mtopology_embedding_S_c_map:
+ "homeomorphic_map mtopology (subtopology c.mtopology (into_S_c ` S)) into_S_c"
+ using into_S_c_into by(auto intro!: c.embed_dist_topology_homeomorphic_map[OF _ into_S_inj,simplified S_c_isometry])
+
+corollary mtopology_embedding_S_c:
+ "mtopology homeomorphic_space subtopology c.mtopology (into_S_c ` S)"
+ using mtopology_embedding_S_c_map homeomorphic_space by blast
+
+lemma into_S_c_image_dense: "c.dense_set (into_S_c ` S)"
+ unfolding c.dense_set_def2'
+proof safe
+ fix X
+ assume X:"X \<in> S\<^sup>*"
+ from S_c_represent[OF this] obtain xn where xn:"xn \<in> X" "Cauchy_inS xn"
+ by auto
+ show "\<exists>f\<in>UNIV \<rightarrow> into_S_c ` S. c.converge_to_inS f X"
+ proof(safe intro!: bexI[where x="\<lambda>n. into_S_c (xn n)"])
+ show "c.converge_to_inS (\<lambda>n. into_S_c (xn n)) X"
+ unfolding c.converge_to_inS_def2
+ proof safe
+ fix e :: real
+ assume e:"e > 0"
+ then obtain N where N:"\<And>n m. n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> dist (xn n) (xn m) < e / 2"
+ using xn(2) by (meson Cauchy_inS_def half_gt_zero)
+ show "\<exists>N. \<forall>n\<ge>N. dist\<^sup>* (into_S_c (xn n)) X < e"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume n:"N \<le> n"
+ have "dist\<^sup>* (into_S_c (xn n)) X = dist_completion' (\<lambda>na. xn n) xn"
+ by(rule dist_c_def[OF into_S_c_in[OF Cauchy_inS_dest1[OF xn(2),of n]] xn(1) into_S_c_into[OF Cauchy_inS_dest1[OF xn(2),of n]] X])
+ also have "... \<le> e / 2"
+ by(rule Lim_bounded[OF Cauchy_inS_dist_convergent[OF Cauchy_inS_const[OF Cauchy_inS_dest1[OF xn(2),of n]] xn(2),simplified convergent_LIMSEQ_iff],of N "e/2"],auto dest: N[OF n])
+ also have "... < e"
+ using e by auto
+ finally show "dist\<^sup>* (into_S_c (xn n)) X < e" .
+ qed
+ qed(auto simp: Cauchy_inS_dest1[OF xn(2)] into_S_c_into X)
+ qed(auto simp: Cauchy_inS_dest1[OF xn(2)] into_S_c_into)
+qed (use into_S_c_into in auto)
+
+lemma completion_complete:"complete_metric_set S\<^sup>* dist\<^sup>*"
+proof
+ fix Xn
+ assume h:"c.Cauchy_inS Xn"
+ have "\<And>n. \<exists>xn\<in>S. dist\<^sup>* (Xn n) (into_S_c xn) < 1 / (Suc n)"
+ using into_S_c_image_dense c.Cauchy_inS_dest1[OF h]
+ by(auto simp: c.dense_set_def2)
+ then obtain xn where xn: "\<And>n. xn n \<in> S" "\<And>n. dist\<^sup>* (Xn n) (into_S_c (xn n)) < 1 / (Suc n)"
+ by metis
+ have xnC:"Cauchy_inS xn"
+ unfolding Cauchy_inS_def
+ proof safe
+ fix e :: real
+ assume e:"0 < e"
+ then obtain N1 where N1: "1 / Suc N1 < e / 3"
+ by (meson nat_approx_posE zero_less_divide_iff zero_less_numeral)
+ obtain N2 where N2: "\<And>n m. n \<ge> N2 \<Longrightarrow> m \<ge> N2 \<Longrightarrow> dist\<^sup>* (Xn n) (Xn m) < e / 3"
+ using e h by(simp only: c.Cauchy_inS_def) (meson zero_less_divide_iff zero_less_numeral)
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. dist (xn n) (xn m) < e"
+ proof(safe intro!: exI[where x="max N1 N2"])
+ fix n m
+ assume "max N1 N2 \<le> n" "max N1 N2 \<le> m"
+ hence n: "N1 \<le> n" "N2 \<le> n"
+ and m: "N1 \<le> m" "N2 \<le> m" by auto
+ have "dist (xn n) (xn m) = c.ed into_S_c S (xn n) (xn m)"
+ by(simp add: S_c_isometry)
+ also have "... = dist\<^sup>* (into_S_c (xn n)) (into_S_c (xn m))"
+ using xn by(simp add: c.embed_dist_on_def)
+ also have "... \<le> dist\<^sup>* (into_S_c (xn n)) (Xn n) + dist\<^sup>* (Xn n) (Xn m) + dist\<^sup>* (Xn m) (into_S_c (xn m))"
+ using c.dist_tr[OF into_S_c_into[OF xn(1)[of n]] c.Cauchy_inS_dest1[OF h,of m] into_S_c_into[OF xn(1)[of m]]] c.dist_tr[OF into_S_c_into[OF xn(1)[of n]] c.Cauchy_inS_dest1[OF h,of n] c.Cauchy_inS_dest1[OF h,of m]]
+ by simp
+ also have "... < 1 / Suc n + e / 3 + 1 / Suc m"
+ using N2[OF n(2) m(2)] xn(2)[of m] xn(2)[of n,simplified c.dist_sym[of "Xn n"]] by auto
+ also have "... < e"
+ proof -
+ have "1 / Suc n \<le> 1 / Suc N1" "1 / Suc m \<le> 1 / Suc N1"
+ using n m inverse_of_nat_le by blast+
+ thus ?thesis
+ using N1 by linarith
+ qed
+ finally show "dist (xn n) (xn m) < e" .
+ qed
+ qed(simp add: xn)
+ show "c.convergent_inS Xn"
+ unfolding c.convergent_inS_def c.converge_to_inS_def2
+ proof(safe intro!: exI[where x="Cauchy_r `` {xn}"] quotientI xnC)
+ fix e :: real
+ assume e:"0 < e"
+ then obtain N1 where N1: "1 / Suc N1 < e / 2"
+ by (meson nat_approx_posE zero_less_divide_iff zero_less_numeral)
+ hence 1:"dist\<^sup>* (Xn n) (into_S_c (xn n)) < e / 2" if "n \<ge> N1" for n
+ proof -
+ have "1 / Suc n \<le> 1 / Suc N1"
+ using that inverse_of_nat_le by blast
+ thus ?thesis
+ using xn(2)[of n] N1 by linarith
+ qed
+ then obtain N2 where N2:"\<And>n m. n \<ge> N2 \<Longrightarrow> m \<ge> N2 \<Longrightarrow> dist (xn n) (xn m) < e / 3"
+ using xnC e by (meson Cauchy_inS_def zero_less_divide_iff zero_less_numeral)
+ have 2:"dist\<^sup>* (into_S_c (xn n)) (Cauchy_r `` {xn}) < e / 2" if "n \<ge> N2" for n
+ proof -
+ have "dist\<^sup>* (into_S_c (xn n)) (Cauchy_r `` {xn}) = dist_completion' (\<lambda>m. xn n) xn"
+ using dist_c_def[OF into_S_c_in[OF Cauchy_inS_dest1[OF xnC,of n]] equiv_class_self[OF Cauchy_r_equiv,of xn] into_S_c_into[OF Cauchy_inS_dest1[OF xnC,of n]]] xnC
+ by (simp add: quotientI)
+ also have "... \<le> e / 3"
+ by(rule Lim_bounded[OF Cauchy_inS_dist_convergent[OF Cauchy_inS_const[OF Cauchy_inS_dest1[OF xnC,of n]] xnC,simplified convergent_LIMSEQ_iff],of N2 "e/3"], auto dest: N2[OF that])
+ also have "... < e / 2" using e by simp
+ finally show "dist\<^sup>* (into_S_c (xn n)) (Cauchy_r `` {xn}) < e / 2" .
+ qed
+ show "\<exists>N. \<forall>n\<ge>N. dist\<^sup>* (Xn n) (Cauchy_r `` {xn}) < e"
+ proof(safe intro!: exI[where x="max N1 N2"])
+ fix n
+ assume "max N1 N2 \<le> n"
+ then have n:"n \<ge> N1" "n \<ge> N2" by auto
+ show "dist\<^sup>* (Xn n) (Cauchy_r `` {xn}) < e"
+ using c.dist_tr[OF c.Cauchy_inS_dest1[OF h,of n] into_S_c_into[OF Cauchy_inS_dest1[OF xnC],of n] quotientI[of xn]] xnC 1[OF n(1)] 2[OF n(2)]
+ by auto
+ qed
+ qed(use c.Cauchy_inS_dest1[OF h] in auto)
+qed
+
+lemma dense_set_c_dense:
+ assumes "dense_set U"
+ shows "c.dense_set (into_S_c ` U)"
+ unfolding c.dense_set_def2
+proof safe
+ fix X and e :: real
+ assume h:"X \<in> S\<^sup>*" "0 < e"
+ then obtain xn where xn:"xn \<in> X" "Cauchy_inS xn"
+ by(auto dest: S_c_represent)
+ obtain y where y:"y \<in> S" "dist\<^sup>* X (into_S_c y) < e / 2"
+ using h into_S_c_image_dense half_gt_zero[OF h(2)] by(simp only: c.dense_set_def2) blast
+ obtain z where z:"z \<in> U" "dist y z < e / 2"
+ using half_gt_zero[OF h(2)] y(1) assms by(simp only: dense_set_def2) blast
+ show "\<exists>y\<in>into_S_c ` U. dist\<^sup>* X y < e"
+ proof(rule bexI[OF _ imageI[OF z(1)]])
+ have "dist\<^sup>* X (into_S_c z) \<le> dist\<^sup>* X (into_S_c y) + dist\<^sup>* (into_S_c y) (into_S_c z)"
+ using z(1) assms by(auto intro!: c.dist_tr h into_S_c_into y simp: dense_set_def)
+ also have "... = dist\<^sup>* X (into_S_c y) + dist y z"
+ using z(1) assms y(1) dist_into_S_c[of y z] by(auto simp: dense_set_def)
+ also have "... < e"
+ using y(2) z(2) by simp
+ finally show "dist\<^sup>* X (into_S_c z) < e" .
+ qed
+qed(insert assms, auto simp: dense_set_def intro!: into_S_c_into)
+
+end
+
+lemma(in separable_metric_set) completion_polish: "polish_metric_set S\<^sup>* dist\<^sup>*"
+proof -
+ interpret c:complete_metric_set "S\<^sup>*" "dist\<^sup>*"
+ by(rule completion_complete)
+ show ?thesis
+ proof
+ obtain U where U: "countable U" "dense_set U"
+ using separable by blast
+ show "\<exists>U. countable U \<and> c.dense_set U"
+ using U by(auto intro!: exI[where x="into_S_c ` U"] dense_set_c_dense)
+ qed
+qed
+
+subsection \<open>Discrete Distance\<close>
+definition discrete_dist :: "'a set \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real" where
+"discrete_dist S \<equiv> (\<lambda>a b. if a \<in> S \<and> b \<in> S \<and> a \<noteq> b then 1 else 0)"
+
+lemma
+ assumes "a \<in> S" and "b \<in> S"
+ shows discrete_dist_iff_1: "discrete_dist S a b = 1 \<longleftrightarrow> a \<noteq> b"
+ and discrete_dist_iff_0: "discrete_dist S a b = 0 \<longleftrightarrow> a = b"
+ using assms by(auto simp: discrete_dist_def)
+
+lemma discrete_dist_metric:
+ "metric_set S (discrete_dist S)"
+ by(auto simp: discrete_dist_def metric_set_def)
+
+lemma
+ shows discrete_dist_ball_ge1: "x \<in> S \<Longrightarrow> 1 < \<epsilon> \<Longrightarrow> metric_set.open_ball S (discrete_dist S) x \<epsilon> = S"
+ and discrete_dist_ball_leq1: "x \<in> S \<Longrightarrow> 0 < \<epsilon> \<Longrightarrow> \<epsilon> \<le> 1 \<Longrightarrow> metric_set.open_ball S (discrete_dist S) x \<epsilon> = {x}"
+ apply(auto simp: metric_set.open_ball_def[OF discrete_dist_metric],simp_all add: discrete_dist_def)
+ using less_le_not_le by fastforce
+
+
+lemma discrete_dist_complete_metric:
+ "complete_metric_set S (discrete_dist S)"
+proof -
+ interpret m: metric_set S "discrete_dist S"
+ by(rule discrete_dist_metric)
+ show ?thesis
+ proof
+ fix f
+ assume h:"m.Cauchy_inS f"
+ then have "\<And>\<epsilon>. \<epsilon>>0 \<Longrightarrow> \<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. f n \<in> m.open_ball x \<epsilon>"
+ by(auto simp: m.Cauchy_inS_def2')
+ from this[of 1] obtain x N where hxn:
+ "x \<in> S" "\<forall>n\<ge>N. f n \<in> m.open_ball x 1"
+ by auto
+ hence "\<And>n. n \<ge> N \<Longrightarrow> f n = x"
+ using discrete_dist_ball_leq1[of x S 1] by auto
+ thus "m.convergent_inS f"
+ unfolding m.convergent_inS_def using h hxn(1)
+ by(auto intro!: bexI[where x=x] exI[where x=N] simp:m.converge_to_inS_def2' m.Cauchy_inS_def)
+ qed
+qed
+
+lemma discrete_dist_dense_set:
+ "metric_set.dense_set S (discrete_dist S) U \<longleftrightarrow> S = U"
+proof -
+ interpret m: metric_set S "discrete_dist S"
+ by(rule discrete_dist_metric)
+ show ?thesis
+ proof
+ assume h:"m.dense_set U"
+ show "S = U"
+ proof safe
+ fix x
+ assume hx:"x \<in> S"
+ then have "\<And>\<epsilon>. \<epsilon>>0 \<Longrightarrow> m.open_ball x \<epsilon> \<inter> U \<noteq> {}"
+ using h by(simp add: m.dense_set_def)
+ hence "m.open_ball x 1 \<inter> U \<noteq> {}" by auto
+ thus "x \<in> U"
+ using discrete_dist_ball_leq1[OF hx,of 1]
+ by auto
+ next
+ show "\<And>x. x \<in> U \<Longrightarrow> x \<in> S"
+ using h by(auto simp: m.dense_set_def)
+ qed
+ next
+ show "S = U \<Longrightarrow> m.dense_set U "
+ using m.dense_set_S by auto
+ qed
+qed
+
+lemma discrete_dist_separable_iff:
+ "separable_metric_set S (discrete_dist S) \<longleftrightarrow> countable S"
+proof -
+ interpret m: metric_set S "discrete_dist S"
+ by(rule discrete_dist_metric)
+ show ?thesis
+ proof
+ assume "separable_metric_set S (discrete_dist S)"
+ then obtain U where "countable U" "m.dense_set U"
+ by(auto simp: separable_metric_set_def separable_metric_set_axioms_def)
+ thus "countable S"
+ using discrete_dist_dense_set[of S] by auto
+ next
+ assume "countable S"
+ then show "separable_metric_set S (discrete_dist S)"
+ by(auto simp: separable_metric_set_def separable_metric_set_axioms_def intro!:exI[where x=S] m.dense_set_S discrete_dist_metric)
+ qed
+qed
+
+lemma discrete_dist_polish_iff: "polish_metric_set S (discrete_dist S) \<longleftrightarrow> countable S"
+ using discrete_dist_separable_iff[of S] discrete_dist_complete_metric[of S]
+ by(auto simp: polish_metric_set_def)
+
+
+lemma discrete_dist_topology_x:
+ assumes "x \<in> S"
+ shows "openin (metric_set.mtopology S (discrete_dist S)) {x}"
+proof -
+ interpret m: metric_set S "discrete_dist S"
+ by(rule discrete_dist_metric)
+ show ?thesis
+ by(auto simp: m.mtopology_open_ball_in[OF assms,of 1, simplified discrete_dist_ball_leq1[OF assms]])
+qed
+
+lemma discrete_dist_topology:
+ "openin (metric_set.mtopology S (discrete_dist S)) U \<longleftrightarrow> U \<subseteq> S"
+proof -
+ interpret m: metric_set S "discrete_dist S"
+ by(rule discrete_dist_metric)
+ show ?thesis
+ proof
+ show "openin m.mtopology U \<Longrightarrow> U \<subseteq> S"
+ using m.mtopology_topspace
+ by(auto simp: topspace_def)
+ next
+ assume "U \<subseteq> S"
+ then have "\<And>x. x \<in> U \<Longrightarrow> openin m.mtopology {x}"
+ by(auto simp: discrete_dist_topology_x)
+ hence "openin m.mtopology (\<Union>{{x} | x. x \<in> U})"
+ by auto
+ moreover have "\<Union>{{x} | x. x \<in> U} = U" by blast
+ ultimately show "openin m.mtopology U"
+ by simp
+ qed
+qed
+
+lemma discrete_dist_topology':
+ "metric_set.mtopology S (discrete_dist S) = discrete_topology S"
+ by (simp add: discrete_dist_topology topology_eq)
+
+text \<open> Empty space. \<close>
+lemma empty_metric_compact: "compact_metric_set {} (\<lambda>x y. 0)"
+proof -
+ interpret metric_set "{}" "\<lambda>x y. 0"
+ by(auto simp: metric_set_def)
+ show ?thesis
+ by standard (use Hausdorff_space_finite_topspace[OF mtopology_Hausdorff,simplified mtopology_topspace] in blast)
+qed
+
+corollary
+ shows empty_metric_polish: "polish_metric_set {} (\<lambda>x y. 0)"
+ and empty_metric_complete: "complete_metric_set {} (\<lambda>x y. 0)"
+ and empty_metric_separable: "separable_metric_set {} (\<lambda>x y. 0)"
+ and empty_metric: "metric_set {} (\<lambda>x y. 0)"
+proof -
+ interpret compact_metric_set "{}" "\<lambda>x y. 0"
+ by(rule empty_metric_compact)
+ show "polish_metric_set {} (\<lambda>x y. 0)" "complete_metric_set {} (\<lambda>x y. 0)"
+ "separable_metric_set {} (\<lambda>x y. 0)" "metric_set {} (\<lambda>x y. 0)"
+ using polish_metric_set_axioms complete_metric_set_axioms separable_metric_set_axioms metric_set_axioms
+ by blast+
+qed
+
+lemma empty_metric_unique:
+ assumes "metric_set {} d"
+ shows "d = (\<lambda>x y. 0)"
+ apply standard+
+ using assms by(auto simp: metric_set_def)
+
+lemma empty_metric_mtopology:
+ "metric_set.mtopology {} (\<lambda>x y. 0) = discrete_topology {}"
+proof -
+ have 1:"(\<lambda>U. U = {} \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball {} (\<lambda>x y. 0) x \<epsilon> \<subseteq> U)) = (\<lambda>U. U = {})"
+ by standard auto
+ thus ?thesis
+ using metric_set.mtopology_def[of "{}" "\<lambda>x y. 0"]
+ by(simp add: metric_set_def discrete_topology_def 1)
+qed
+
+text \<open> Singleton space \<close>
+lemma singleton_metric_compact:
+ "compact_metric_set {a} (\<lambda>x y. 0)"
+proof -
+ interpret metric_set "{a}" "\<lambda>x y. 0"
+ by(auto simp: metric_set_def)
+ show ?thesis
+ by standard (use Hausdorff_space_finite_topspace[OF mtopology_Hausdorff,simplified mtopology_topspace] in blast)
+qed
+
+corollary
+ shows singleton_metric_polish: "polish_metric_set {a} (\<lambda>x y. 0)"
+ and singleton_metric_complete: "complete_metric_set {a} (\<lambda>x y. 0)"
+ and singleton_metric_separable: "separable_metric_set {a} (\<lambda>x y. 0)"
+ and singleton_metric: "metric_set {a} (\<lambda>x y. 0)"
+proof -
+ interpret compact_metric_set "{a}" "\<lambda>x y. 0"
+ by(rule singleton_metric_compact)
+ show "polish_metric_set {a} (\<lambda>x y. 0)" "complete_metric_set {a} (\<lambda>x y. 0)"
+ "separable_metric_set {a} (\<lambda>x y. 0)" "metric_set {a} (\<lambda>x y. 0)"
+ using polish_metric_set_axioms complete_metric_set_axioms separable_metric_set_axioms metric_set_axioms
+ by blast+
+qed
+
+lemma singleton_metric_unique:
+ assumes "metric_set {a} d"
+ shows "d = (\<lambda>x y. 0)"
+ by standard+ (insert assms,auto simp: metric_set_def, metis)
+
+lemma singleton_metric_mtopology:
+ "metric_set.mtopology {a} (\<lambda>x y. 0) = discrete_topology {a}"
+proof -
+ have "(\<lambda>U. U \<subseteq> {a} \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball {a} (\<lambda>x y. 0) x \<epsilon> \<subseteq> U)) = (\<lambda>U. U \<subseteq> {a})"
+ proof
+ fix U
+ have "(U \<subseteq> {a} \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball {a} (\<lambda>x y. 0) x \<epsilon> \<subseteq> U))" if "U \<subseteq> {a}"
+ proof safe
+ fix x
+ assume "x \<in> U"
+ then have "x = a" using that by auto
+ thus "\<exists>\<epsilon>>0. metric_set.open_ball {a} (\<lambda>x y. 0) x \<epsilon> \<subseteq> U"
+ by(auto intro!: exI[where x=1]) (metis \<open>x \<in> U\<close> complete_metric_set_def empty_iff metric_set.open_ballD'(1) polish_metric_set_def singleton_metric_polish subset_singletonD that)
+ qed(use that in auto)
+ thus "(U \<subseteq> {a} \<and> (\<forall>x\<in>U. \<exists>\<epsilon>>0. metric_set.open_ball {a} (\<lambda>x y. 0) x \<epsilon> \<subseteq> U)) = (U \<subseteq> {a})"
+ by auto
+ qed
+ thus ?thesis
+ using metric_set.mtopology_def[of "{a}" "\<lambda>x y. 0"]
+ by(simp add: metric_set_def discrete_topology_def )
+qed
+
+subsection \<open>Binary Product Metric Spaces\<close>
+text \<open> We define the $L^{1}$-distance. $L^{1}$-distance and $L^{2}$ distance (Euclid distance)
+ generate the same topological space.\<close>
+
+definition binary_distance :: "['a set, 'a \<Rightarrow> 'a \<Rightarrow> real, 'b set, 'b \<Rightarrow> 'b \<Rightarrow> real] \<Rightarrow> 'a \<times> 'b \<Rightarrow> 'a \<times> 'b \<Rightarrow> real" where
+"binary_distance S d S' d' \<equiv> (\<lambda>(x,x') (y,y'). if (x,x') \<in> S \<times> S' \<and> (y,y') \<in> S \<times> S' then d x y + d' x' y' else 0)"
+
+
+context
+ fixes S S' d d'
+ assumes "metric_set S d" "metric_set S' d'"
+begin
+
+interpretation m1: metric_set S d by fact
+interpretation m2: metric_set S' d' by fact
+
+lemma binary_metric_set:
+ "metric_set (S \<times> S') (binary_distance S d S' d')"
+proof
+ fix x y z
+ assume "x \<in> S \<times> S'" "y \<in> S \<times> S'" "z \<in> S \<times> S'"
+ then show "binary_distance S d S' d' x z \<le> binary_distance S d S' d' x y + binary_distance S d S' d' y z"
+ using m1.dist_tr[of "fst x" "fst y" "fst z"] m2.dist_tr[of "snd x" "snd y" "snd z"]
+ by(fastforce simp: binary_distance_def split_beta')
+next
+ show "\<And>x y. 0 \<le> binary_distance S d S' d' x y"
+ "\<And>x y. x \<notin> S \<times> S' \<Longrightarrow> binary_distance S d S' d' x y = 0"
+ using m1.dist_geq0 m2.dist_geq0 m1.dist_notin m2.dist_notin by(auto simp: binary_distance_def split_beta')
+next
+ fix x y
+ assume "x \<in> S \<times> S'" "y \<in> S \<times> S'"
+ then show "(x = y) = (binary_distance S d S' d' x y = 0)"
+ using m1.dist_0[of "fst x" "fst y"] m2.dist_0[of "snd x" "snd y"] m1.dist_geq0[of "fst x" "fst y"] m2.dist_geq0[of "snd x" "snd y"]
+ by(auto simp: binary_distance_def split_beta)
+next
+ show "\<And>x y. binary_distance S d S' d' x y = binary_distance S d S' d' y x"
+ using m1.dist_sym m2.dist_sym by(auto simp: binary_distance_def split_beta')
+qed
+
+interpretation m: metric_set "S \<times> S'" "binary_distance S d S' d'"
+ by (rule binary_metric_set)
+
+lemma binary_distance_geq:
+ assumes "x \<in> S" "y \<in> S" "x' \<in> S'" "y' \<in> S'"
+ shows "d x y \<le> binary_distance S d S' d' (x,x') (y,y')"
+ "d' x' y' \<le> binary_distance S d S' d' (x,x') (y,y')"
+ using m1.dist_geq0 m2.dist_geq0 assms by(auto simp: binary_distance_def)
+
+
+lemma binary_distance_ball:
+ assumes "(x,x') \<in> m.open_ball (a,a') \<epsilon>"
+ shows "x \<in> m1.open_ball a \<epsilon>"
+ and "x' \<in> m2.open_ball a' \<epsilon>"
+proof -
+ have 1:"x \<in> S" "x' \<in> S'" "\<epsilon> > 0" "a \<in> S" "a' \<in> S'"
+ using m.open_ballD'[OF assms(1)] by auto
+ thus "x \<in> metric_set.open_ball S d a \<epsilon>"
+ and "x' \<in> metric_set.open_ball S' d' a' \<epsilon>"
+ using m.open_ballD[OF assms(1)] binary_distance_geq[OF 1(4,1,5,2)] 1
+ by(auto simp: m1.open_ball_def m2.open_ball_def)
+qed
+
+lemma binary_distance_ball':
+ assumes "z \<in> m.open_ball a \<epsilon>"
+ shows "fst z \<in> m1.open_ball (fst a) \<epsilon>"
+ and "snd z \<in> m2.open_ball (snd a) \<epsilon>"
+ using binary_distance_ball[of "fst z" "snd z" "fst a" "snd a" \<epsilon>] assms by auto
+
+lemma binary_distance_ball1':
+ assumes "a \<in> S" "\<epsilon> > 0" "a'\<in> S'" "\<epsilon>' > 0"
+ shows "\<exists>\<epsilon>''>0. m.open_ball (a,a') \<epsilon>'' \<subseteq> m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>'"
+proof(rule exI[where x="min \<epsilon> \<epsilon>'"])
+ show "0 < min \<epsilon> \<epsilon>' \<and> m.open_ball (a, a') (min \<epsilon> \<epsilon>') \<subseteq> m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>'"
+ proof
+ show "0 < min \<epsilon> \<epsilon>'"
+ using assms by auto
+ next
+ show "m.open_ball (a, a') (min \<epsilon> \<epsilon>') \<subseteq> m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>'"
+ proof safe
+ fix x x'
+ assume h:"(x,x') \<in> m.open_ball (a, a') (min \<epsilon> \<epsilon>')"
+ then have hx:"x \<in> S" "x' \<in> S'"
+ using m.open_ballD'(1)[of "(x,x')" "(a, a')" "min \<epsilon> \<epsilon>'"] by auto
+ hence "d a x + d' a' x' < min \<epsilon> \<epsilon>'"
+ using h assms by(auto simp: m.open_ball_def,auto simp: binary_distance_def)
+ thus "x \<in> m1.open_ball a \<epsilon>" "x' \<in> m2.open_ball a' \<epsilon>'"
+ using m1.dist_geq0[of a x] m2.dist_geq0[of a' x'] assms hx
+ by(auto simp: m1.open_ball_def m2.open_ball_def)
+ qed
+ qed
+qed
+
+lemma binary_distance_ball1:
+ assumes "b \<in> m1.open_ball a \<epsilon>" "b' \<in> m2.open_ball a' \<epsilon>'"
+ shows "\<exists>\<epsilon>''>0. m.open_ball (b,b') \<epsilon>'' \<subseteq> m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>'"
+proof -
+ obtain \<epsilon>a \<epsilon>a' where he:
+ "\<epsilon>a > 0" "\<epsilon>a' > 0" "m1.open_ball b \<epsilon>a \<subseteq> m1.open_ball a \<epsilon>" "m2.open_ball b' \<epsilon>a' \<subseteq> m2.open_ball a' \<epsilon>'"
+ using m1.mtopology_open_ball_in'[OF assms(1)] m2.mtopology_open_ball_in'[OF assms(2)] by auto
+ thus ?thesis
+ using binary_distance_ball1'[OF m1.open_ballD'(1)[OF assms(1)] he(1) m2.open_ballD'(1)[OF assms(2)] he(2)]
+ by blast
+qed
+
+
+lemma binary_distance_ball2':
+ assumes "a \<in> S" "\<epsilon>'' > 0" "a'\<in> S'"
+ shows "\<exists>\<epsilon>>0. \<exists>\<epsilon>'>0. m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' \<subseteq> m.open_ball (a,a') \<epsilon>''"
+proof(safe intro!: exI[where x="\<epsilon>''/2"])
+ fix x x'
+ assume "x \<in> m1.open_ball a (\<epsilon>'' / 2)" "x' \<in> m2.open_ball a' (\<epsilon>'' / 2)"
+ then have "x \<in> S" "x' \<in> S'" "d a x < \<epsilon>'' / 2" "d' a' x' < \<epsilon>'' / 2"
+ using assms by(auto simp: m1.open_ball_def m2.open_ball_def)
+ thus "(x,x') \<in> m.open_ball (a, a') \<epsilon>''"
+ using assms by(auto simp: m.open_ball_def,auto simp: binary_distance_def)
+qed (use assms in auto)
+
+lemma binary_distance_ball2:
+ assumes "(b,b') \<in> m.open_ball (a,a') \<epsilon>''"
+ shows "\<exists>\<epsilon>>0. \<exists>\<epsilon>'>0. m1.open_ball b \<epsilon> \<times> m2.open_ball b' \<epsilon>' \<subseteq> m.open_ball (a,a') \<epsilon>''"
+proof -
+ obtain \<epsilon>''' where "\<epsilon>''' > 0" "m.open_ball (b,b') \<epsilon>''' \<subseteq> m.open_ball (a,a') \<epsilon>''"
+ using m.mtopology_open_ball_in'[OF assms(1)] by blast
+ thus ?thesis
+ using binary_distance_ball2'[of b \<epsilon>''' b'] m.open_ballD'[OF assms(1),simplified]
+ by blast
+qed
+
+lemma binary_distance_mtopology:
+ "m.mtopology = prod_topology m1.mtopology m2.mtopology"
+proof -
+ have "m.mtopology = topology_generated_by { m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' | a a' \<epsilon> \<epsilon>'. a \<in> S \<and> a' \<in> S' \<and> \<epsilon> > 0 \<and> \<epsilon>' > 0}"
+ unfolding m.mtopology_def2
+ proof(rule topology_generated_by_eq)
+ fix U
+ assume "U \<in> {m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' |a a' \<epsilon> \<epsilon>'. a \<in> S \<and> a' \<in> S' \<and> 0 < \<epsilon> \<and> 0 < \<epsilon>'}"
+ then obtain a \<epsilon> a' \<epsilon>' where hae:
+ "U = m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>'" "a \<in> S" "a' \<in> S'" "0 < \<epsilon>" "0 < \<epsilon>'"
+ by auto
+ show "openin (topology_generated_by {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<times> S' \<and> 0 < \<epsilon>}) U"
+ unfolding m.mtopology_def2[symmetric] m.mtopology_openin_iff hae(1)
+ using binary_distance_ball1[of _ a \<epsilon> _ a' \<epsilon>'] m1.open_ball_subset_ofS m2.open_ball_subset_ofS
+ by fastforce
+ next
+ fix U
+ assume "U \<in> {m.open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<times> S' \<and> 0 < \<epsilon>}"
+ then obtain a a' \<epsilon> where hae:
+ "U = m.open_ball (a,a') \<epsilon>" "a \<in> S" "a' \<in> S'" "0 < \<epsilon>"
+ by auto
+ show "openin (topology_generated_by {m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' |a a' \<epsilon> \<epsilon>'. a \<in> S \<and> a' \<in> S' \<and> 0 < \<epsilon> \<and> 0 < \<epsilon>'}) U"
+ unfolding openin_subopen[of _ " m.open_ball (a,a') \<epsilon>"] hae(1)
+ proof
+ fix x
+ assume h:"x \<in> m.open_ball (a, a') \<epsilon>"
+ with binary_distance_ball2[of "fst x" "snd x" a a' \<epsilon>]
+ obtain \<epsilon>' \<epsilon>'' where he:
+ "\<epsilon>' > 0" "\<epsilon>'' > 0" "m1.open_ball (fst x) \<epsilon>' \<times> m2.open_ball (snd x) \<epsilon>'' \<subseteq> m.open_ball (a, a') \<epsilon>"
+ by auto
+ show "\<exists>T. openin (topology_generated_by {m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' |a a' \<epsilon> \<epsilon>'. a \<in> S \<and> a' \<in> S' \<and> 0 < \<epsilon> \<and> 0 < \<epsilon>'}) T \<and> x \<in> T \<and> T \<subseteq> m.open_ball (a, a') \<epsilon>"
+ unfolding openin_topology_generated_by_iff
+ using he m1.open_ball_ina[of "fst x",OF _ he(1)] m.open_ballD'(1,2)[OF h] m2.open_ball_ina[of "snd x",OF _ he(2)]
+ by(fastforce intro!: generate_topology_on.Basis exI[where x="m1.open_ball (fst x) \<epsilon>' \<times> m2.open_ball (snd x) \<epsilon>''"] exI[where x="fst x"] exI[where x="snd x"])
+ qed
+ qed
+ also have "... = prod_topology m1.mtopology m2.mtopology"
+ proof -
+ have "{m1.open_ball a \<epsilon> \<times> m2.open_ball a' \<epsilon>' |a a' \<epsilon> \<epsilon>'. a \<in> S \<and> a' \<in> S' \<and> 0 < \<epsilon> \<and> 0 < \<epsilon>'} = {U \<times> V |U V. U \<in> {m1.open_ball a \<epsilon> |a \<epsilon>. a \<in> S \<and> 0 < \<epsilon>} \<and> V \<in> {m2.open_ball a \<epsilon> |a \<epsilon>. a \<in> S' \<and> 0 < \<epsilon>}}"
+ by blast
+ thus ?thesis
+ unfolding m1.mtopology_def2 m2.mtopology_def2
+ by(simp only: prod_topology_generated_by[symmetric])
+ qed
+ finally show ?thesis .
+qed
+
+lemma binary_distance_converge_to_inS_iff:
+ "m.converge_to_inS zn (x,y) \<longleftrightarrow> m1.converge_to_inS (\<lambda>n. fst (zn n)) x \<and> m2.converge_to_inS (\<lambda>n. snd (zn n)) y"
+proof safe
+ assume "m.converge_to_inS zn (x, y)"
+ then have h:"zn \<in> UNIV \<rightarrow> S \<times> S'" "x \<in> S" "y \<in> S'" "\<And>e. e>0 \<Longrightarrow> \<exists>N. \<forall>n\<ge>N. zn n \<in> m.open_ball (x, y) e"
+ by(auto simp: m.converge_to_inS_def2')
+ show "m1.converge_to_inS (\<lambda>n. fst (zn n)) x"
+ "m2.converge_to_inS (\<lambda>n. snd (zn n)) y"
+ unfolding m1.converge_to_inS_def2' m2.converge_to_inS_def2'
+ proof safe
+ fix e :: real
+ assume "e > 0"
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> zn n \<in> m.open_ball (x, y) e"
+ using h(4) by auto
+ thus "\<exists>N. \<forall>n\<ge>N. fst (zn n) \<in> m1.open_ball x e"
+ "\<exists>N. \<forall>n\<ge>N. snd (zn n) \<in> m2.open_ball y e"
+ using binary_distance_ball'[of "zn _" "(x,y)"]
+ by(auto intro!: exI[where x=N])
+ qed(insert h(1-3),simp_all add: Pi_iff mem_Times_iff)
+next
+ assume h:"m1.converge_to_inS (\<lambda>n. fst (zn n)) x" "m2.converge_to_inS (\<lambda>n. snd (zn n)) y"
+ show "m.converge_to_inS zn (x, y)"
+ unfolding m.converge_to_inS_def2'
+ proof safe
+ show goal1:"x \<in> S" "y \<in> S'" "zn n \<in> S \<times> S'" for n
+ using h by(auto simp: m1.converge_to_inS_def m2.converge_to_inS_def Pi_iff mem_Times_iff)
+ fix e :: real
+ assume "e > 0"
+ from binary_distance_ball2'[OF goal1(1) this goal1(2)]
+ obtain e1 e2 where e12:"e1 > 0" "e2 > 0" "m1.open_ball x e1 \<times> m2.open_ball y e2 \<subseteq> m.open_ball (x, y) e " by auto
+ then obtain N1 N2 where N12: "\<And>n. n \<ge> N1 \<Longrightarrow> fst (zn n) \<in> m1.open_ball x e1" "\<And>n. n \<ge> N2 \<Longrightarrow> snd (zn n) \<in> m2.open_ball y e2"
+ using h by(auto simp: m1.converge_to_inS_def2' m2.converge_to_inS_def2') metis
+ with e12 have "\<And>n. n \<ge> max N1 N2 \<Longrightarrow> zn n \<in> m1.open_ball x e1 \<times> m2.open_ball y e2"
+ by (simp add: mem_Times_iff)
+ with e12(3) show "\<exists>N. \<forall>n\<ge>N. zn n \<in> m.open_ball (x, y) e"
+ by(auto intro!: exI[where x="max N1 N2"])
+ qed
+qed
+
+lemma binary_distance_converge_to_inS_iff':
+ "m.converge_to_inS zn z \<longleftrightarrow> m1.converge_to_inS (\<lambda>n. fst (zn n)) (fst z) \<and> m2.converge_to_inS (\<lambda>n. snd (zn n)) (snd z)"
+ using binary_distance_converge_to_inS_iff[of _ "fst z" "snd z"] by simp
+
+corollary binary_distance_convergent_inS_iff:
+ "m.convergent_inS zn \<longleftrightarrow> m1.convergent_inS (\<lambda>n. fst (zn n)) \<and> m2.convergent_inS (\<lambda>n. snd (zn n))"
+ by(auto simp: m.convergent_inS_def m1.convergent_inS_def m2.convergent_inS_def binary_distance_converge_to_inS_iff)
+
+lemma binary_distance_Cauchy_inS_iff:
+ "m.Cauchy_inS zn \<longleftrightarrow> m1.Cauchy_inS (\<lambda>n. fst (zn n)) \<and> m2.Cauchy_inS (\<lambda>n. snd (zn n))"
+proof safe
+ assume h:"m.Cauchy_inS zn"
+ show "m1.Cauchy_inS (\<lambda>n. fst (zn n))" "m2.Cauchy_inS (\<lambda>n. snd (zn n))"
+ unfolding m1.Cauchy_inS_def2' m2.Cauchy_inS_def2'
+ proof safe
+ fix e :: real
+ assume "e > 0"
+ then obtain x y N where "x \<in> S" "y \<in> S'" "\<And>n. n \<ge> N \<Longrightarrow> zn n \<in> m.open_ball (x,y) e"
+ using h by(auto simp: m.Cauchy_inS_def2') metis
+ thus "\<exists>x\<in>S. \<exists>N. \<forall>n\<ge>N. fst (zn n) \<in> m1.open_ball x e"
+ "\<exists>y\<in>S'. \<exists>N. \<forall>n\<ge>N. snd (zn n) \<in> m2.open_ball y e"
+ using binary_distance_ball'[of "zn _" "(x,y)"]
+ by(auto intro!: exI[where x=x] exI[where x=y] exI[where x=N]) blast
+ qed(insert h, simp_all add: m.Cauchy_inS_def Pi_iff mem_Times_iff)
+next
+ assume h: "m1.Cauchy_inS (\<lambda>n. fst (zn n))" "m2.Cauchy_inS (\<lambda>n. snd (zn n))"
+ show "m.Cauchy_inS zn"
+ unfolding m.Cauchy_inS_def
+ proof safe
+ show 1:"zn n \<in> S \<times> S'" for n
+ using h(1,2) m1.Cauchy_inS_dest1 m2.Cauchy_inS_dest1 mem_Times_iff by blast
+ fix e :: real
+ assume "e > 0"
+ then obtain N1 N2 where N:"\<And>n m. n \<ge> N1 \<Longrightarrow> m \<ge> N1 \<Longrightarrow> d (fst (zn n)) (fst (zn m)) < e / 2" "\<And>n m. n \<ge> N2 \<Longrightarrow> m \<ge> N2 \<Longrightarrow> d' (snd (zn n)) (snd (zn m)) < e / 2"
+ by (metis h(1) h(2) less_divide_eq_numeral1(1) m1.Cauchy_inS_def m2.Cauchy_inS_def mult_zero_left)
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. binary_distance S d S' d' (zn n) (zn m) < e"
+ proof(safe intro!: exI[where x="max N1 N2"])
+ fix n m
+ assume "max N1 N2 \<le> n" "max N1 N2 \<le> m"
+ then have le:"N1 \<le> n" "N1 \<le> m" "N2 \<le> n" "N2 \<le> m" by auto
+ show "binary_distance S d S' d' (zn n) (zn m) < e"
+ using N(1)[OF le(1,2)] N(2)[OF le(3,4)] \<open>e > 0\<close>
+ by(auto simp: binary_distance_def split_beta')
+ qed
+ qed
+qed
+
+end
+
+lemma binary_distance_separable:
+ assumes "separable_metric_set S d" "separable_metric_set S' d'"
+ shows "separable_metric_set (S \<times> S') (binary_distance S d S' d')"
+proof -
+ interpret m1:separable_metric_set S d by fact
+ interpret m2:separable_metric_set S' d' by fact
+ interpret m : metric_set "S \<times> S'" "binary_distance S d S' d'"
+ by(auto intro!: binary_metric_set m1.metric_set_axioms m2.metric_set_axioms)
+ show ?thesis
+ using m.separable_iff_topological_separable separable_prod[OF m1.topological_separable_if_separable m2.topological_separable_if_separable] binary_distance_mtopology[OF m1.metric_set_axioms m2.metric_set_axioms]
+ by auto
+qed
+
+lemma binary_distance_complete:
+ assumes "complete_metric_set S d" "complete_metric_set S' d'"
+ shows "complete_metric_set (S \<times> S') (binary_distance S d S' d')"
+proof -
+ interpret m1:complete_metric_set S d by fact
+ interpret m2:complete_metric_set S' d' by fact
+ interpret m : metric_set "S \<times> S'" "binary_distance S d S' d'"
+ by(auto intro!: binary_metric_set m1.metric_set_axioms m2.metric_set_axioms)
+ show ?thesis
+ by standard (simp add: binary_distance_Cauchy_inS_iff[OF m1.metric_set_axioms m2.metric_set_axioms] binary_distance_convergent_inS_iff[OF m1.metric_set_axioms m2.metric_set_axioms] m1.convergence m2.convergence)
+qed
+
+lemma binary_distance_polish:
+ assumes "polish_metric_set S d" and "polish_metric_set S' d'"
+ shows "polish_metric_set (S\<times>S') (binary_distance S d S' d')"
+ using assms by(simp add: polish_metric_set_def binary_distance_separable binary_distance_complete)
+
+subsection \<open>Sum Metric Spaces\<close>
+
+locale sum_metric =
+ fixes I :: "'i set"
+ and Si :: "'i \<Rightarrow> 'a set"
+ and di :: "'i \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> real"
+ assumes disj_fam: "disjoint_family_on Si I"
+ and d_nonneg: "\<And>i x y. 0 \<le> di i x y"
+ and d_bounded: "\<And>i x y. di i x y < 1"
+ and sd_metric: "\<And>i. i \<in> I \<Longrightarrow> metric_set (Si i) (di i)"
+begin
+
+abbreviation "S \<equiv> \<Union>i\<in>I. Si i"
+
+lemma Si_inj_on:
+ assumes "i \<in> I" "j \<in> I" "a \<in> Si i" "a \<in> Si j"
+ shows "i = j"
+ using disj_fam assms by(auto simp: disjoint_family_on_def)
+
+definition sum_dist :: "['a, 'a] \<Rightarrow> real" where
+"sum_dist x y \<equiv> (if x \<in> S \<and> y \<in> S then (if \<exists>i\<in>I. x \<in> Si i \<and> y \<in> Si i then di (THE i. i \<in> I \<and> x \<in> Si i \<and> y \<in> Si i) x y else 1) else 0)"
+
+lemma sum_dist_simps:
+ shows "\<And>i. \<lbrakk>i \<in> I; x \<in> Si i; y \<in> Si i\<rbrakk> \<Longrightarrow> sum_dist x y = di i x y"
+ and "\<And>i j. \<lbrakk>i \<in> I; j \<in> I; i \<noteq> j; x \<in> Si i; y \<in> Si j\<rbrakk> \<Longrightarrow> sum_dist x y = 1"
+ and "\<And>i. \<lbrakk>i \<in> I; y \<in> S; x \<in> Si i; y \<notin> Si i\<rbrakk> \<Longrightarrow> sum_dist x y = 1"
+ and "\<And>i. \<lbrakk>i \<in> I; x \<in> S; y \<in> Si i; x \<notin> Si i\<rbrakk> \<Longrightarrow> sum_dist x y = 1"
+ and "x \<notin> S \<Longrightarrow> sum_dist x y = 0"
+proof -
+ { fix i
+ assume h:"i \<in> I" "x \<in> Si i" "y \<in> Si i"
+ then have "sum_dist x y = di (THE i. i \<in> I \<and> x \<in> Si i \<and> y \<in> Si i) x y"
+ by(auto simp: sum_dist_def)
+ also have "... = di i x y"
+ proof -
+ have "(THE i. i \<in> I \<and> x \<in> Si i \<and> y \<in> Si i) = i"
+ using disj_fam h by(auto intro!: the1_equality simp: disjoint_family_on_def)
+ thus ?thesis by simp
+ qed
+ finally show "sum_dist x y = di i x y" . }
+ show "\<And>i j. \<lbrakk>i \<in> I; j \<in> I; i \<noteq> j; x \<in> Si i; y \<in> Si j\<rbrakk> \<Longrightarrow> sum_dist x y = 1"
+ "\<And>i. \<lbrakk>i \<in> I; y \<in> S; x \<in> Si i; y \<notin> Si i\<rbrakk> \<Longrightarrow> sum_dist x y = 1" "\<And>i. \<lbrakk>i \<in> I; x \<in> S; y \<in> Si i; x \<notin> Si i\<rbrakk> \<Longrightarrow> sum_dist x y = 1"
+ "x \<notin> S \<Longrightarrow> sum_dist x y = 0"
+ using disj_fam by(auto simp: sum_dist_def disjoint_family_on_def dest:Si_inj_on)
+qed
+
+lemma sum_dist_if_less1:
+ assumes "i \<in> I" "x \<in> Si i" "y \<in> S" "sum_dist x y < 1"
+ shows "y \<in> Si i"
+ using assms sum_dist_simps(3) by fastforce
+
+lemma inS_cases:
+ assumes "x \<in> S" "y \<in> S"
+ and "\<And>i. \<lbrakk>i \<in> I; x \<in> Si i; y \<in> Si i\<rbrakk> \<Longrightarrow> P x y"
+ and "\<And>i j. \<lbrakk>i \<in> I; j \<in> I; i \<noteq> j; x \<in> Si i; y \<in> Si j; x \<noteq> y\<rbrakk> \<Longrightarrow> P x y"
+ shows "P x y" using assms by auto
+
+sublocale metric_set S sum_dist
+proof
+ fix x y
+ assume "x \<in> S" "y \<in> S"
+ then show "x = y \<longleftrightarrow> sum_dist x y = 0"
+ by(rule inS_cases, insert sd_metric) (auto simp: sum_dist_simps metric_set_def)
+next
+ { fix i x y
+ assume h: "i \<in> I" "x \<in> Si i" "y \<in> Si i"
+ then have "sum_dist x y = di i x y"
+ "sum_dist y x = di i x y"
+ using sd_metric by(auto simp: sum_dist_simps metric_set_def) }
+ thus "\<And>x y. sum_dist x y = sum_dist y x"
+ by (metis (no_types, lifting) sum_dist_def)
+next
+ show 1:"\<And>x y. 0 \<le> sum_dist x y"
+ using d_nonneg by(simp add: sum_dist_def)
+ fix x y z
+ assume h: "x \<in> S" "y \<in> S" "z \<in> S"
+ show "sum_dist x z \<le> sum_dist x y + sum_dist y z" (is "?lhs \<le> ?rhs")
+ proof(rule inS_cases[OF h(1,3)])
+ fix i
+ assume h':"i \<in> I" "x \<in> Si i" "z \<in> Si i"
+ consider "y \<in> Si i" | "y \<notin> Si i" by auto
+ thus "?lhs \<le> ?rhs"
+ proof cases
+ case 1
+ with h' sd_metric [OF h'(1)]show ?thesis
+ by(simp add: sum_dist_simps metric_set_def)
+ next
+ case 2
+ with h' h(2) d_bounded[of i x z] 1[of y z]
+ show ?thesis
+ by(auto simp: sum_dist_simps)
+ qed
+ next
+ fix i j
+ assume h': "i \<in> I" "j \<in> I" "i \<noteq> j" "x \<in> Si i" "z \<in> Si j"
+ consider "y \<notin> Si i" | "y \<notin> Si j"
+ using h' h(2) disj_fam by(auto simp: disjoint_family_on_def)
+ thus "?lhs \<le> ?rhs"
+ by (cases, insert 1[of x y] 1[of y z] h' h(2)) (auto simp: sum_dist_simps)
+ qed
+qed(simp add: sum_dist_simps)
+
+lemma sum_dist_le1: "sum_dist x y \<le> 1"
+ using d_bounded[of _ x y] by(auto simp: sum_dist_def less_eq_real_def)
+
+
+lemma sum_dist_ball_eq_ball:
+ assumes "i \<in> I" "e \<le> 1" "x \<in> Si i"
+ shows "metric_set.open_ball (Si i) (di i) x e = open_ball x e"
+proof -
+ interpret m: metric_set "Si i" "di i"
+ by(simp add: assms sd_metric)
+ show ?thesis
+ using assms sum_dist_simps(1)[OF assms(1) assms(3)] sum_dist_if_less1[OF assms(1,3)]
+ by(auto simp: m.open_ball_def open_ball_def) fastforce+
+qed
+
+lemma ball_le_sum_dist_ball:
+ assumes "i \<in> I"
+ shows "metric_set.open_ball (Si i) (di i) x e \<subseteq> open_ball x e"
+proof -
+ interpret m: metric_set "Si i" "di i"
+ by(simp add: assms sd_metric)
+ show ?thesis
+ proof safe
+ fix y
+ assume y: "y \<in> m.open_ball x e"
+ show "y \<in> open_ball x e"
+ using m.open_ballD[OF y] m.open_ballD'[OF y] assms
+ by(auto simp: open_ball_def sum_dist_simps)
+ qed
+qed
+
+lemma openin_sum_mtopology_iff:
+ "openin mtopology U \<longleftrightarrow> U \<subseteq> S \<and> (\<forall>i\<in>I. openin (metric_set.mtopology (Si i) (di i)) (U \<inter> Si i))"
+proof safe
+ fix i
+ assume h:"openin mtopology U" "i \<in> I"
+ then interpret m: metric_set "Si i" "di i"
+ using sd_metric by simp
+ show "openin m.mtopology (U \<inter> Si i)"
+ unfolding m.mtopology_openin_iff
+ proof safe
+ fix x
+ assume x:"x \<in> U" "x \<in> Si i"
+ with h obtain e where e: "e > 0" "open_ball x e \<subseteq> U"
+ by(auto simp: mtopology_openin_iff)
+ show "\<exists>\<epsilon>>0. m.open_ball x \<epsilon> \<subseteq> U \<inter> Si i"
+ proof(safe intro!: exI[where x=e])
+ fix y
+ assume "y \<in> m.open_ball x e"
+ from m.open_ballD[OF this] x(2) m.open_ballD'(1)[OF this] h(2)
+ have "y \<in> open_ball x e"
+ by(auto simp: open_ball_def sum_dist_simps)
+ with e show "y \<in> U" by auto
+ qed(use e m.open_ball_subset_ofS in auto)
+ qed
+next
+ show "\<And>x. openin mtopology U \<Longrightarrow> x \<in> U \<Longrightarrow> x \<in> S"
+ by(auto simp: mtopology_openin_iff)
+next
+ assume h: "U \<subseteq> S" "\<forall>i\<in>I. openin (metric_set.mtopology (Si i) (di i)) (U \<inter> Si i)"
+ show "openin mtopology U"
+ unfolding mtopology_openin_iff
+ proof safe
+ fix x
+ assume x: "x \<in> U"
+ then obtain i where i: "i \<in> I" "x \<in> Si i"
+ using h(1) by auto
+ then interpret m: metric_set "Si i" "di i"
+ using sd_metric by simp
+ obtain e where e: "e > 0" "m.open_ball x e \<subseteq> U \<inter> Si i"
+ using i h(2) by (meson IntI m.mtopology_openin_iff x)
+ show "\<exists>\<epsilon>>0. open_ball x \<epsilon> \<subseteq> U"
+ proof(safe intro!: exI[where x="min e 1"])
+ fix y
+ assume y:"y \<in> open_ball x (min e 1)"
+ then show "y \<in> U"
+ using sum_dist_ball_eq_ball[OF i(1) _ i(2),of "min e 1"] e m.open_ball_le[of "min e 1" e x]
+ by auto
+ qed(simp add: e)
+ qed(use h(1) in auto)
+qed
+
+corollary openin_sum_mtopology_Si:
+ assumes "i \<in> I"
+ shows "openin mtopology (Si i)"
+ unfolding openin_sum_mtopology_iff
+proof safe
+ fix j
+ assume j:"j \<in> I"
+ then interpret m: metric_set "Si j" "di j"
+ by(simp add: sd_metric)
+ show "openin m.mtopology (Si i \<inter> Si j)"
+ by (cases "i = j", insert assms disj_fam j) (auto simp: disjoint_family_on_def)
+qed(use assms in auto)
+
+lemma converge_to_inSi_converge_to_inS:
+ assumes "i \<in> I" "metric_set.converge_to_inS (Si i) (di i) xn x"
+ shows "converge_to_inS xn x"
+proof -
+ interpret m: metric_set "Si i" "di i"
+ by(simp add: assms sd_metric)
+ {
+ fix e :: real
+ assume "e > 0"
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> xn n \<in> m.open_ball x e"
+ using assms(2) by(auto simp: m.converge_to_inS_def2') metis
+ hence "\<exists>N. \<forall>n\<ge>N. xn n \<in> open_ball x e"
+ using ball_le_sum_dist_ball[OF assms(1),of x e]
+ by(auto intro!: exI[where x=N]) }
+ thus ?thesis
+ using assms by(auto simp: m.converge_to_inS_def2' converge_to_inS_def2')
+qed
+
+corollary convergent_inSi_convergent_inS:
+ assumes "i \<in> I" "metric_set.convergent_inS (Si i) (di i) xn"
+ shows "convergent_inS xn"
+ using converge_to_inSi_converge_to_inS[OF assms(1)] assms(1) assms(2) convergent_inS_def metric_set.the_limit_if_converge sd_metric
+ by blast
+
+lemma converge_to_inS_converge_to_inSi_off_set:
+ assumes "converge_to_inS xn x"
+ shows "\<exists>n. \<exists>j\<in>I. metric_set.converge_to_inS (Si j) (di j) (\<lambda>i. xn (i + n)) x"
+proof -
+ obtain i where i: "i \<in> I" "x \<in> Si i"
+ using assms by(auto simp: converge_to_inS_def)
+ then interpret m: metric_set "Si i" "di i"
+ by(simp add: sd_metric)
+ obtain N where N: "\<And>n. n \<ge> N \<Longrightarrow> sum_dist (xn n) x < 1"
+ using assms by(fastforce simp: converge_to_inS_def2)
+ hence N': "n \<ge> N \<Longrightarrow> xn n \<in> Si i" for n
+ using assms by(auto intro!: sum_dist_if_less1[OF i,of "xn n"] simp: dist_sym[of _ x] converge_to_inS_def)
+ show ?thesis
+ proof(safe intro!: exI[where x=N] bexI[OF _ i(1)])
+ show "m.converge_to_inS (\<lambda>i. xn (i + N)) x"
+ unfolding m.converge_to_inS_def2
+ proof(safe intro!: N' i(2))
+ fix e :: real
+ assume "0 < e"
+ then obtain M where M: "\<And>n. n \<ge> M \<Longrightarrow> sum_dist (xn n) x < e"
+ using assms by(fastforce simp: converge_to_inS_def2)
+ hence "n \<ge> max N M \<Longrightarrow> di i (xn n) x < e" for n
+ using sum_dist_simps(1)[OF i(1) N'[of n] i(2),symmetric] by auto
+ thus "\<exists>M. \<forall>n\<ge>M. di i (xn (n + N)) x < e"
+ by(auto intro!: exI[where x=M])
+ qed simp
+ qed
+qed
+
+corollary convergent_inS_convergent_inSi_off_set:
+ assumes "convergent_inS xn"
+ shows "\<exists>n. \<exists>j\<in>I. metric_set.convergent_inS (Si j) (di j) (\<lambda>i. xn (i + n))"
+ using converge_to_inS_converge_to_inSi_off_set
+ by (meson assms metric_set.convergent_inS_def metric_set_axioms sd_metric)
+
+
+lemma Cauchy_inSi_Cauchy_inS:
+ assumes "i \<in> I" "metric_set.Cauchy_inS (Si i) (di i)xn"
+ shows "Cauchy_inS xn"
+proof -
+ interpret m: metric_set "Si i" "di i"
+ by(simp add: assms sd_metric)
+ have [simp]:"sum_dist (xn n) (xn m) = di i (xn n) (xn m)" for n m
+ using assms sum_dist_simps(1)[OF assms(1)]
+ by(auto simp: m.Cauchy_inS_def Cauchy_inS_def)
+ show ?thesis
+ using assms by(auto simp: m.Cauchy_inS_def Cauchy_inS_def)
+qed
+
+lemma Cauchy_inS_Cauchy_inSi:
+ assumes "Cauchy_inS xn"
+ shows "\<exists>n. \<exists>j\<in>I. metric_set.Cauchy_inS (Si j) (di j) (\<lambda>i. xn (i + n))"
+proof -
+ obtain x i N where xiN: "i \<in> I" "x \<in> Si i" "\<And>n. n \<ge> N \<Longrightarrow> xn n \<in> open_ball x 1"
+ using assms by(auto simp: Cauchy_inS_def2') (metis UNION_empty_conv(2) d_bounded d_nonneg dist_0 empty_subsetI less_eq_real_def open_ball_le_0 subsetI subset_antisym sum_dist_le1)
+ then interpret m: metric_set "Si i" "di i"
+ by(simp add: sd_metric)
+ have xn: "n \<ge> N \<Longrightarrow> xn n \<in> Si i" for n
+ using xiN(3)[of n] by(auto simp: sum_dist_ball_eq_ball[OF xiN(1) order_refl xiN(2),symmetric] dest: m.open_ballD')
+ show ?thesis
+ proof(safe intro!: exI[where x=N] bexI[OF _ xiN(1)])
+ show "m.Cauchy_inS (\<lambda>i. xn (i + N))"
+ unfolding m.Cauchy_inS_def
+ proof safe
+ fix e :: real
+ assume "0 < e"
+ then obtain M where M: "\<And>n m. n \<ge> M \<Longrightarrow> m \<ge> M \<Longrightarrow> sum_dist (xn n) (xn m) < e"
+ using assms by(auto simp: Cauchy_inS_def) metis
+ have [simp]: "n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> di i (xn n) (xn m) = sum_dist (xn n) (xn m)" for n m
+ using xn sum_dist_simps(1)[OF xiN(1) xn[of n] xn[of m]] by simp
+ show "\<exists>N'. \<forall>n\<ge>N'. \<forall>m\<ge>N'. di i (xn (n + N)) (xn (m + N)) < e"
+ using M by(auto intro!: exI[where x="max N M"])
+ qed(use xn in auto)
+ qed
+qed
+
+end
+
+lemma sum_metricI:
+ fixes Si
+ assumes "disjoint_family_on Si I"
+ and "\<And>i x y. i \<notin> I \<Longrightarrow> 0 \<le> di i x y"
+ and "\<And>i x y. di i x y < 1"
+ and "\<And>i. i \<in> I \<Longrightarrow> metric_set (Si i) (di i)"
+ shows "sum_metric I Si di"
+ using assms by(auto simp: sum_metric_def) (meson metric_set.dist_geq0)
+
+locale sum_separable_metric = sum_metric +
+ assumes I: "countable I"
+ and sd_separable_metric: "\<And>i. i \<in> I \<Longrightarrow> separable_metric_set (Si i) (di i)"
+begin
+
+sublocale separable_metric_set S sum_dist
+proof
+ obtain Ui where Ui: "\<And>i. i \<in> I \<Longrightarrow> countable (Ui i)" "\<And>i. i \<in> I \<Longrightarrow> metric_set.dense_set (Si i) (di i) (Ui i)"
+ using sd_separable_metric by(auto simp: separable_metric_set_def separable_metric_set_axioms_def) metis
+ define U where "U \<equiv> \<Union>i\<in>I. Ui i"
+ show "\<exists>U. countable U \<and> dense_set U"
+ proof(safe intro!: exI[where x=U])
+ show "countable U"
+ using Ui(1) I by(auto simp: U_def)
+ next
+ show "dense_set U"
+ unfolding dense_set_def U_def
+ proof safe
+ fix i x
+ assume "i \<in> I" "x \<in> Ui i"
+ then show "x \<in> S"
+ using sd_separable_metric Ui by(auto intro!: bexI[where x=i] simp: separable_metric_set_def metric_set.dense_set_def)
+ next
+ fix i x e
+ assume h:"i \<in> I" "x \<in> Si i" "(0 :: real) < e" "open_ball x e \<inter> \<Union> (Ui ` I) = {}"
+ then interpret sd: separable_metric_set "Si i" "di i"
+ by(simp add: sd_separable_metric)
+ have "sd.open_ball x e \<inter> Ui i \<noteq> {}"
+ using Ui(2)[OF h(1)] h(1-3) by(auto simp: U_def sd.dense_set_def)
+ hence "sd.open_ball x e \<inter> \<Union> (Ui ` I) \<noteq> {}"
+ using h(1) by blast
+ thus False
+ using ball_le_sum_dist_ball[OF \<open>i \<in> I\<close>,of x e] h(4) by blast
+ qed
+ qed
+qed
+
+end
+
+locale sum_complete_metric = sum_metric +
+ assumes sd_complete_metric: "\<And>i. i \<in> I \<Longrightarrow> complete_metric_set (Si i) (di i)"
+begin
+
+sublocale complete_metric_set S sum_dist
+proof
+ fix xn
+ assume 1:"Cauchy_inS xn"
+ from Cauchy_inS_Cauchy_inSi[OF this] obtain n j where h: "j \<in> I" "metric_set.Cauchy_inS (Si j) (di j) (\<lambda>i. xn (i + n))"
+ by auto
+ then have "metric_set.convergent_inS (Si j) (di j) (\<lambda>i. xn (i + n))"
+ by (simp add: complete_metric_set.convergence sd_complete_metric)
+ from convergent_inS_offset[OF convergent_inSi_convergent_inS[OF h(1) this]] 1
+ show "convergent_inS xn"
+ by(simp add: Cauchy_inS_def)
+qed
+
+end
+
+locale sum_polish_metric = sum_complete_metric + sum_separable_metric
+begin
+
+sublocale polish_metric_set S sum_dist
+ by (simp add: complete_metric_set_axioms polish_metric_set_def separable_metric_set_axioms)
+
+end
+
+lemma sum_polish_metricI:
+ fixes Si
+ assumes "countable I"
+ and "disjoint_family_on Si I"
+ and "\<And>i x y. i \<notin> I \<Longrightarrow> 0 \<le> di i x y"
+ and "\<And>i x y. di i x y < 1"
+ and "\<And>i. i \<in> I \<Longrightarrow> polish_metric_set (Si i) (di i)"
+ shows "sum_polish_metric I Si di"
+ using assms by(auto simp: sum_polish_metric_def sum_complete_metric_def sum_separable_metric_def sum_complete_metric_axioms_def sum_separable_metric_axioms_def polish_metric_set_def complete_metric_set_def sum_metricI)
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/Space_of_Continuous_Maps.thy b/thys/Standard_Borel_Spaces/Space_of_Continuous_Maps.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/Space_of_Continuous_Maps.thy
@@ -0,0 +1,446 @@
+(* Title: Space_of_Continuous_Maps.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+subsection \<open>Example: The Metric Space of Continuous Functions\<close>
+theory Space_of_Continuous_Maps
+ imports "StandardBorel"
+begin
+
+definition cmaps :: "['a topology, 'b topology] \<Rightarrow> ('a \<Rightarrow> 'b) set" where
+"cmaps X Y \<equiv> {f. f \<in> extensional (topspace X) \<and> continuous_map X Y f}"
+
+definition cmaps_dist :: "['a topology, 'b topology, 'b \<Rightarrow> 'b \<Rightarrow> real, 'a \<Rightarrow> 'b, 'a \<Rightarrow> 'b] \<Rightarrow> real" where
+"cmaps_dist X Y d f g \<equiv> if f \<in> cmaps X Y \<and> g \<in> cmaps X Y \<and> topspace X \<noteq> {} then (\<Squnion> {d (f x) (g x) |x. x \<in> topspace X}) else 0"
+
+lemma cmaps_X_empty:
+ assumes "topspace X = {}"
+ shows "cmaps X Y = {\<lambda>x. undefined}"
+ by(auto simp: cmaps_def assms simp flip: null_topspace_iff_trivial)
+
+lemma cmaps_Y_empty:
+ assumes "topspace X \<noteq> {}" "topspace Y = {}"
+ shows "cmaps X Y = {}"
+ by(auto simp: cmaps_def assms continuous_map_def Pi_def simp flip: null_topspace_iff_trivial)
+
+lemma cmaps_dist_X_empty:
+ assumes "topspace X = {}"
+ shows "cmaps_dist X = (\<lambda>Y d f g. 0)"
+ by standard+ (auto simp: cmaps_dist_def assms)
+
+lemma cmaps_dist_Y_empty:
+ assumes "topspace X \<noteq> {}" "topspace Y = {}"
+ shows "cmaps_dist X Y = (\<lambda>d f g. 0)"
+ by standard+ (auto simp: cmaps_dist_def assms cmaps_Y_empty)
+
+subsubsection \<open>Definition\<close>
+context metric_set
+begin
+
+context
+ fixes K and X :: "'b topology"
+ assumes m_bounded :"\<And>x y. dist x y \<le> K"
+begin
+
+lemma cm_dest:
+ shows "\<And>f x. f \<in> (cmaps X mtopology) \<Longrightarrow> x \<in> topspace X \<Longrightarrow> f x \<in> S"
+ and "\<And>f x. f \<in> (cmaps X mtopology) \<Longrightarrow> x \<notin> topspace X \<Longrightarrow> f x = undefined"
+ and "\<And>f. f \<in> (cmaps X mtopology) \<Longrightarrow> continuous_map X mtopology f"
+ using continuous_map_image_subset_topspace[of X mtopology,simplified mtopology_topspace]
+ by(auto simp: cmaps_def extensional_def)
+
+lemma cmaps_dist_bdd_above[simp]: "bdd_above {dist (f x) (g x) |x. x \<in> A}"
+ using m_bounded by(auto intro!: bdd_aboveI[where M=K])
+
+lemma cmaps_metric_set: "metric_set (cmaps X mtopology) (cmaps_dist X mtopology dist)"
+proof(cases "topspace X = {}")
+ case True
+ then show ?thesis
+ by(simp add: singleton_metric cmaps_X_empty cmaps_dist_X_empty)
+next
+ case h:False
+ then have nen[simp]:"{dist (f x) (g x)|x. x \<in> topspace X} \<noteq> {}" for f g
+ by auto
+ show ?thesis
+ proof
+ show "(cmaps_dist X mtopology dist) f g \<ge> 0" for f g
+ by(auto simp: cmaps_dist_def dist_geq0 intro!: cSup_upper2[where x="dist _ _"]
+ simp flip: null_topspace_iff_trivial)
+ next
+ fix f g
+ assume "f \<notin> (cmaps X mtopology)"
+ then show "(cmaps_dist X mtopology dist) f g = 0"
+ by(simp add: cmaps_dist_def)
+ next
+ show "(cmaps_dist X mtopology dist) f g = (cmaps_dist X mtopology dist) g f" for f g
+ by(simp add: cmaps_dist_def dist_sym)
+ next
+ fix f g
+ assume fg:"f \<in> (cmaps X mtopology)" "g \<in> (cmaps X mtopology)"
+ show "f = g \<longleftrightarrow> (cmaps_dist X mtopology dist) f g = 0"
+ proof safe
+ have "{dist (g x) (g x) |x. x \<in> topspace X} = {0}"
+ using h by fastforce
+ thus "(cmaps_dist X mtopology dist) g g = 0"
+ by(simp add: cmaps_dist_def)
+ next
+ assume "(cmaps_dist X mtopology dist) f g = 0"
+ with fg h have "\<Squnion> {dist (f x) (g x)|x. x \<in> topspace X} \<le> 0"
+ by(auto simp: cmaps_dist_def)
+ hence "\<And>x. x \<in> topspace X \<Longrightarrow> dist (f x) (g x) \<le> 0"
+ by(auto simp: cSup_le_iff[OF nen])
+ from antisym[OF this dist_geq0] have fgeq:"\<And>x. x \<in> topspace X \<Longrightarrow> f x = g x"
+ using dist_0[OF cm_dest(1)[OF fg(1)] cm_dest(1)[OF fg(2)]] by auto
+ show "f = g"
+ proof
+ fix x
+ show "f x = g x"
+ by(cases "x \<in> topspace X",insert fg) (auto simp: cm_dest fgeq)
+ qed
+ qed
+ next
+ fix f g h
+ assume fgh: "f \<in> (cmaps X mtopology)" "g \<in> (cmaps X mtopology)" "h \<in> (cmaps X mtopology)"
+ show "(cmaps_dist X mtopology dist) f h \<le> (cmaps_dist X mtopology dist) f g + (cmaps_dist X mtopology dist) g h" (is "?lhs \<le> ?rhs")
+ proof -
+ have bdd1:"bdd_above {dist (f x) (g x) + dist (g x) (h x) | x. x \<in> topspace X}"
+ using add_mono[OF m_bounded m_bounded] by(auto simp: bdd_above_def intro!: exI[where x="K + K"])
+ have nen1:"{dist (f x) (g x) + dist (g x) (h x) |x. x \<in> topspace X} \<noteq> {}"
+ using h by auto
+ have "?lhs \<le> (\<Squnion> {dist (f x) (g x) + dist (g x) (h x)|x. x \<in> topspace X})"
+ proof -
+ {
+ fix x
+ assume "x \<in> topspace X"
+ hence "\<exists>z. (\<exists>x. z = dist (f x) (g x) + dist (g x) (h x) \<and> x \<in> topspace X) \<and> dist (f x) (h x) \<le> z"
+ by(auto intro!: exI[where x="dist (f x) (g x) + dist (g x) (h x)"] exI[where x=x] dist_tr cm_dest fgh)
+ }
+ thus ?thesis
+ by(auto simp: cmaps_dist_def fgh h intro!: cSup_mono bdd1 simp flip: null_topspace_iff_trivial)
+ qed
+ also have "... \<le> ?rhs"
+ by(auto simp: cSup_le_iff[OF nen1 bdd1] cmaps_dist_def fgh h intro!: add_mono cSup_upper)
+ finally show ?thesis .
+ qed
+ qed
+qed
+
+end
+
+end
+
+subsubsection \<open>Topology of Uniform Convergence\<close>
+locale topology_of_uniform_convergence_c = complete_metric_set + compact_metrizable X for X
+ + fixes K
+assumes d_bounded: "\<And>x y. dist x y \<le> K"
+begin
+
+lemmas cm_dist_bdd_above[simp] = cmaps_dist_bdd_above[OF d_bounded]
+
+abbreviation "cm \<equiv> cmaps X mtopology"
+abbreviation "cm_dist \<equiv> cmaps_dist X mtopology dist"
+
+lemma cm_complete_metric_set: "complete_metric_set cm cm_dist"
+proof -
+ interpret m: metric_set cm cm_dist
+ by(auto intro!: cmaps_metric_set d_bounded)
+ show ?thesis
+ proof
+ obtain dx where dx: "compact_metric_set (topspace X) dx" "metric_set.mtopology (topspace X) dx = X"
+ by(rule compact_metric)
+ interpret dx: compact_metric_set "topspace X" dx
+ by fact
+ fix fn
+ assume h:"m.Cauchy_inS fn"
+ note fn_cm = m.Cauchy_inS_dest1[OF this]
+ have c:"\<exists>N. \<forall>n\<ge>N. \<forall>m\<ge>N. \<forall>x\<in>topspace X. dist (fn n x) (fn m x) < e" if e:"e > 0" for e
+ proof -
+ obtain N where N:"\<And>n m. n \<ge> N \<Longrightarrow> m \<ge> N \<Longrightarrow> cm_dist (fn n) (fn m) < e"
+ by(metis e h m.Cauchy_inS_def)
+ show ?thesis
+ proof(safe intro!: exI[where x=N])
+ fix n m x
+ assume nmx: "n \<ge> N" "m \<ge> N" "x \<in> topspace X"
+ then have "dist (fn n x) (fn m x) \<le> cm_dist (fn n) (fn m)"
+ using fn_cm by(auto simp: cmaps_dist_def intro!: cSup_upper)
+ also have "... < e"
+ by(auto intro!: N nmx)
+ finally show "dist (fn n x) (fn m x) < e" .
+ qed
+ qed
+ have "convergent_inS (\<lambda>n. fn n x)" if x:"x \<in> topspace X" for x
+ by (rule convergence,auto simp: Cauchy_inS_def,insert c x fn_cm)
+ (auto simp: cmaps_def continuous_map_def mtopology_topspace, blast, meson)
+ then obtain f where f:"\<And>x. x \<in> topspace X \<Longrightarrow> converge_to_inS (\<lambda>n. fn n x) (f x)"
+ by(auto simp: convergent_inS_def) metis
+ define f' where "f' \<equiv> (\<lambda>x\<in>topspace X. f x)"
+ have f':"\<And>x. x \<in> topspace X \<Longrightarrow> converge_to_inS (\<lambda>n. fn n x) (f' x)"
+ using f by(auto simp: f'_def)
+ have cu:"converges_uniformly (topspace X) S dist fn f'"
+ unfolding converges_uniformly_def[OF dx.metric_set_axioms metric_set_axioms]
+ proof safe
+ fix e :: real
+ assume e:"0 < e"
+ obtain N where N: "\<And>n m x. n\<ge>N \<Longrightarrow> m\<ge>N \<Longrightarrow> x\<in>topspace X \<Longrightarrow> dist (fn n x) (fn m x) < e / 2"
+ by(metis c[OF half_gt_zero[OF e]])
+ show "\<exists>N. \<forall>n\<ge>N. \<forall>x\<in>topspace X. dist (fn n x) (f' x) < e"
+ proof(rule ccontr)
+ assume "\<nexists>N. \<forall>n\<ge>N. \<forall>x\<in>topspace X. dist (fn n x) (f' x) < e"
+ with N obtain n x where nx: "n \<ge> N" "x \<in> topspace X" "e \<le> dist (fn n x) (f' x)"
+ by (meson linorder_le_less_linear)
+ from f'[OF this(2)] half_gt_zero[OF e]
+ obtain N' where N':"\<And>n. n \<ge> N' \<Longrightarrow> dist (fn n x) (f' x) < e / 2"
+ by(metis converge_to_inS_def2)
+ define N0 where "N0 \<equiv> max N N'"
+ have N0 : "N0 \<ge> N" "N0 \<ge> N'" by(auto simp: N0_def)
+ have "e \<le> dist (fn n x) (f' x)" by fact
+ also have "... \<le> dist (fn n x) (fn N0 x) + dist (fn N0 x) (f' x)"
+ using f'[OF nx(2)] by(auto intro!: dist_tr simp: converge_to_inS_def)
+ also have "... < e"
+ using N[OF nx(1) N0(1) nx(2)] N'[OF N0(2)] by auto
+ finally show False ..
+ qed
+ qed(use f' converge_to_inS_def in auto)
+ show "m.convergent_inS fn"
+ unfolding m.convergent_inS_def m.converge_to_inS_def2
+ proof(safe intro!: exI[where x=f'])
+ have "continuous_map dx.mtopology mtopology f'"
+ using fn_cm by(auto intro!: converges_uniformly_continuous[OF dx.metric_set_axioms metric_set_axioms _ cu] simp: cmaps_def,auto simp: dx)
+ thus f'_cm:"f' \<in> cm"
+ by(auto simp: cmaps_def dx f'_def)
+ fix e :: real
+ assume e:"0 < e"
+ obtain N where N:"\<And>n x. n \<ge> N \<Longrightarrow> x \<in> topspace X \<Longrightarrow> dist (fn n x) (f' x) < e / 2"
+ by(metis half_gt_zero[OF e] cu[simplified converges_uniformly_def[OF dx.metric_set_axioms metric_set_axioms]])
+ show "\<exists>N. \<forall>n\<ge>N. cm_dist (fn n) f' < e"
+ proof(safe intro!: exI[where x=N])
+ fix n
+ assume n:"N \<le> n"
+ have "cm_dist (fn n) f' \<le> e / 2"
+ proof(cases "topspace X = {}")
+ case True
+ then show ?thesis
+ by(auto simp: order.strict_implies_order[OF e] cmaps_X_empty cmaps_dist_X_empty)
+ next
+ case False
+ then have 1:"{dist (fn n x) (f' x) |x. x \<in> topspace X} \<noteq> {}" by auto
+ hence "cm_dist (fn n) f' = (\<Squnion> {dist (fn n x) (f' x) |x. x \<in> topspace X})"
+ by(auto simp: f'_cm fn_cm cmaps_dist_def)
+ also have "... \<le> e / 2"
+ by(simp only: cSup_le_iff[OF 1,simplified]) (insert N[OF n], auto intro!: order.strict_implies_order)
+ finally show ?thesis .
+ qed
+ also have "... < e"
+ using e by simp
+ finally show "cm_dist (fn n) f' < e" .
+ qed
+ qed(use fn_cm in auto)
+ qed
+qed
+
+end
+
+locale topology_of_uniform_convergence = polish_metric_set + compact_metrizable X for X
+ + fixes K
+assumes d_bounded: "\<And>x y. dist x y \<le> K"
+begin
+
+sublocale topology_of_uniform_convergence_c
+ by (simp add: compact_metrizable_axioms complete_metric_set_axioms d_bounded topology_of_uniform_convergence_c_axioms_def topology_of_uniform_convergence_c_def)
+
+lemma cm_polish_metric_set: "polish_metric_set cm cm_dist"
+proof -
+ consider "topspace X = {}" | "topspace X \<noteq> {}" "S = {}" | "topspace X \<noteq> {}" "S \<noteq> {}" by auto
+ thus ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(simp add: singleton_metric_polish cmaps_X_empty cmaps_dist_X_empty)
+ next
+ case 2
+ then show ?thesis
+ by(simp add: empty_metric_polish cmaps_Y_empty[of _ mtopology,simplified mtopology_topspace] cmaps_dist_Y_empty[of _ mtopology,simplified mtopology_topspace])
+ next
+ case XS_nem:3
+ interpret m: complete_metric_set cm cm_dist
+ by(rule cm_complete_metric_set)
+ show ?thesis
+ proof
+ obtain dx where dx: "compact_metric_set (topspace X) dx" "metric_set.mtopology (topspace X) dx = X"
+ by(rule compact_metric)
+ interpret dx: compact_metric_set "topspace X" dx
+ by fact
+ have "\<exists>B. finite B \<and> B \<subseteq> topspace X \<and> topspace X = (\<Union>a\<in>B. dx.open_ball a (1 / Suc m))" for m
+ using dx.totally_boundedSD[OF dx.totally_bounded,of "1 / Suc m"] by fastforce
+ then obtain Xm where Xm: "\<And>m. finite (Xm m)" "\<And>m. (Xm m) \<subseteq> topspace X" "\<And>m. topspace X = (\<Union>a\<in>Xm m. dx.open_ball a (1 / Suc m))"
+ by metis
+ have Xm_nem:"\<And>m. (Xm m) \<noteq> {}"
+ using XS_nem Xm(3) by fastforce
+ define xmk where "xmk \<equiv> (\<lambda>m. from_nat_into (Xm m))"
+ define km where "km \<equiv> (\<lambda>m. card (Xm m))"
+ have km_pos:"km m > 0" for m
+ by(simp add: km_def card_gt_0_iff Xm Xm_nem)
+ have xmk_bij: "bij_betw (xmk m) {..<km m} (Xm m)" for m
+ using bij_betw_from_nat_into_finite[OF Xm(1)] by(simp add: km_def xmk_def)
+ have xmk_into: "xmk m i \<in> Xm m" for m i
+ by (simp add: Xm_nem from_nat_into xmk_def)
+ have "\<exists>U. countable U \<and> \<Union> U = S \<and> (\<forall>u\<in>U. diam u < 1 / (Suc l))" for l
+ by(rule Lindelof_diam) auto
+ then obtain U where U: "\<And>l. countable (U l)" "\<And>l. (\<Union> (U l)) = S" "\<And>l u. u \<in> U l \<Longrightarrow> diam u < 1 / Suc l"
+ by metis
+ have Ul_nem: "U l \<noteq> {}" for l
+ using XS_nem U(2) by auto
+ define uli where "uli \<equiv> (\<lambda>l. from_nat_into (U l))"
+ have uli_into:"uli l i \<in> U l" for l i
+ by (simp add: Ul_nem from_nat_into uli_def)
+ hence uli_diam: "diam (uli l i) < 1 / Suc l" for l i
+ using U(3) by auto
+ have uli_un:"S = (\<Union>i. uli l i)" for l
+ by(auto simp: range_from_nat_into[OF Ul_nem[of l] U(1)] uli_def U)
+ define Cmn where "Cmn \<equiv> (\<lambda>m n. {f \<in> cm. \<forall>x\<in>topspace X. \<forall>y\<in>topspace X. dx x y < 1 / (Suc m) \<longrightarrow> dist (f x) (f y) < 1 / Suc n})"
+ define fmnls where "fmnls \<equiv> (\<lambda>m n l s. SOME f. f \<in> Cmn m n \<and> (\<forall>j<km m. f (xmk m j) \<in> uli l (s j)))"
+ define Dmnl where "Dmnl \<equiv> (\<lambda>m n l. {fmnls m n l s |s. s \<in> {..<km m} \<rightarrow>\<^sub>E UNIV \<and> (\<exists>f \<in> Cmn m n. (\<forall>j<km m. f (xmk m j) \<in> uli l (s j))) })"
+ have in_Dmnl: "fmnls m n l s \<in> Dmnl m n l" if "s\<in>{..<km m} \<rightarrow>\<^sub>E UNIV" "f\<in> Cmn m n" "\<forall>j<km m. f (xmk m j) \<in> uli l (s j)"for m n l s f
+ using Dmnl_def that by blast
+ define Dmn where "Dmn \<equiv> (\<lambda>m n. \<Union>l. Dmnl m n l)"
+ have Dmn_subset: "Dmn m n \<subseteq> Cmn m n" for m n
+ proof -
+ have "Dmnl m n l \<subseteq> Cmn m n" for l
+ by(auto simp: Dmnl_def fmnls_def someI[of "\<lambda>f. f \<in> Cmn m n \<and> (\<forall>j<km m. f (xmk m j) \<in> uli l (_ j))"])
+ thus ?thesis by(auto simp: Dmn_def)
+ qed
+ have c_Dmn: "countable (Dmn m n)" for m n
+ proof -
+ have "countable (Dmnl m n l)" for l
+ proof -
+ have 1:"Dmnl m n l \<subseteq> (\<lambda>s. fmnls m n l s) ` ({..<km m} \<rightarrow>\<^sub>E UNIV)"
+ by(auto simp: Dmnl_def)
+ have "countable ..."
+ by(auto intro!: countable_PiE)
+ with 1 show ?thesis
+ using countable_subset by blast
+ qed
+ thus ?thesis
+ by(auto simp: Dmn_def)
+ qed
+ have claim: "\<exists>g\<in>Dmn m n. \<forall>y\<in>Xm m. dist (f y) (g y) < e" if f:"f \<in> Cmn m n" and e:"e > 0" for f m n e
+ proof -
+ obtain l where l:"1 / Suc l < e"
+ using e nat_approx_posE by blast
+ define s where "s \<equiv> (\<lambda>i\<in>{..<km m}. SOME j. f (xmk m i) \<in> uli l j)"
+ have s1:"s\<in>{..<km m} \<rightarrow>\<^sub>E UNIV" by(simp add: s_def)
+ have s2:"\<forall>i<km m. f (xmk m i) \<in> uli l (s i)"
+ proof -
+ fix i
+ have "f (xmk m i) \<in> uli l (SOME j. f (xmk m i) \<in> uli l j)" for i
+ proof(rule someI_ex)
+ have "xmk m i \<in> topspace X"
+ using Xm(2) xmk_into by auto
+ hence "f (xmk m i) \<in> S"
+ using f by(auto simp: Cmn_def cmaps_def continuous_map_def mtopology_topspace)
+ thus "\<exists>x. f (xmk m i) \<in> uli l x"
+ using uli_un by auto
+ qed
+ thus ?thesis
+ by (auto simp: s_def)
+ qed
+ have fmnls:"fmnls m n l s \<in> Cmn m n \<and> (\<forall>j<km m. fmnls m n l s (xmk m j) \<in> uli l (s j))"
+ by(simp add: fmnls_def,rule someI[where x=f],auto simp: s2 f)
+ show "\<exists>g\<in>Dmn m n. \<forall>y\<in>Xm m. dist (f y) (g y) < e"
+ proof(safe intro!: bexI[where x="fmnls m n l s"])
+ fix y
+ assume y:"y \<in> Xm m"
+ then obtain i where i:"i < km m" "xmk m i = y"
+ by (meson xmk_bij[of m] bij_betw_iff_bijections lessThan_iff)
+ have "f y \<in> uli l (s i)" "fmnls m n l s y \<in> uli l (s i)"
+ using i(1) s2 fmnls by(auto simp: i(2)[symmetric])
+ moreover have "f y \<in> S" "fmnls m n l s y \<in> S"
+ using f fmnls y Xm(2)[of m] by(auto simp: Cmn_def cmaps_def continuous_map_def mtopology_topspace)
+ ultimately have "ennreal (dist (f y) (fmnls m n l s y)) \<le> diam (uli l (s i))"
+ by(auto intro!: diam_is_sup)
+ also have "... < ennreal (1 / Suc l)"
+ by(rule uli_diam)
+ also have "... < ennreal e"
+ using l e by(auto intro!: ennreal_lessI)
+ finally show "dist (f y) (fmnls m n l s y) < e"
+ by(simp add: ennreal_less_iff[OF dist_geq0])
+ qed(use in_Dmnl[OF s1 f s2] Dmn_def in auto)
+ qed
+
+ show "\<exists>U. countable U \<and> m.dense_set U"
+ unfolding m.dense_set_def2
+ proof(safe intro!: exI[where x="\<Union>n. (\<Union>m. Dmn m n)"])
+ fix f and e :: real
+ assume h:"f \<in> cm" "0 < e"
+ then obtain n where n:"1 / Suc n < e / 4"
+ by (metis zero_less_divide_iff zero_less_numeral nat_approx_posE)
+ have "\<exists>m. \<forall>l\<ge> m. f \<in> Cmn l n"
+ proof -
+ have "uniform_continuous_map (topspace X) dx S dist f"
+ using h by(auto intro!: dx.continuous_map_is_uniform[OF metric_set_axioms] simp: cmaps_def dx)
+ then obtain d where d:"d > 0" "\<And>x y. x\<in>topspace X \<Longrightarrow> y\<in>topspace X \<Longrightarrow> dx x y < d \<Longrightarrow> dist (f x) (f y) < 1 / (Suc n)"
+ by(auto simp: uniform_continuous_map_def[OF dx.metric_set_axioms metric_set_axioms]) (metis less_add_same_cancel2 linorder_neqE_linordered_idom of_nat_Suc of_nat_less_0_iff zero_less_divide_1_iff zero_less_one)
+ then obtain m where m:"1 / Suc m < d"
+ using nat_approx_posE by blast
+ have l: "l \<ge> m \<Longrightarrow> 1 / Suc l \<le> 1 / Suc m" for l
+ by (simp add: frac_le)
+ show ?thesis
+ using d(2)[OF _ _ order.strict_trans[OF _ order.strict_trans1[OF l m]]] by(auto simp: Cmn_def h)
+ qed
+ then obtain m where m:"f \<in> Cmn m n" by auto
+ obtain g where g:"g\<in>Dmn m n" "\<And>y. y\<in>Xm m \<Longrightarrow> dist (f y) (g y) < e / 4"
+ by (metis claim[OF m] h(2) zero_less_divide_iff zero_less_numeral)
+ have "\<exists>n m. \<exists>g\<in>Dmn m n. cm_dist f g < e"
+ proof(rule exI[where x=n])
+ show "\<exists>m. \<exists>g\<in>Dmn m n. cm_dist f g < e"
+ proof(intro exI[where x=m] bexI[OF _ g(1)])
+ have g_cm:"g \<in> cm"
+ using g(1) Dmn_subset[of m n] by(auto simp: Cmn_def)
+ hence "cm_dist f g = (\<Squnion> {dist (f x) (g x) |x. x \<in> topspace X})"
+ by(auto simp: cmaps_dist_def h XS_nem simp flip: null_topspace_iff_trivial)
+ also have "... \<le> 3 * e / 4"
+ proof -
+ have 1:"{dist (f x) (g x) |x. x \<in> topspace X} \<noteq> {}"
+ using XS_nem by auto
+ have 2:"dist (f x) (g x) \<le> 3 * e / 4" if x:"x \<in> topspace X" for x
+ proof -
+ obtain y where y:"y \<in> Xm m" "x \<in> dx.open_ball y (1 / real (Suc m))"
+ using Xm(3) x by auto
+ hence ytop:"y \<in> topspace X"
+ using Xm(2) by auto
+ have "dist (f x) (g x) \<le> dist (f x) (f y) + dist (f y) (g x)"
+ using x g_cm h(1) ytop by(auto intro!: dist_tr simp: cmaps_def continuous_map_def mtopology_topspace)
+ also have "... \<le> dist (f x) (f y) + dist (f y) (g y) + dist (g y) (g x)"
+ using x g_cm h(1) ytop by(auto intro!: dist_tr simp: cmaps_def continuous_map_def mtopology_topspace)
+ also have "... \<le> e / 4 + e / 4 + e / 4"
+ proof -
+ have dxy: "dx x y < 1 / Suc m" "dx y x < 1 / Suc m"
+ using dx.open_ballD[OF y(2)] by(auto simp: dx.dist_sym)
+ hence "dist (f x) (f y) < 1 / (Suc n)" "dist (g y) (g x) < 1 / (Suc n)"
+ using m x ytop g Dmn_subset[of m n] by(auto simp: Cmn_def)
+ hence "dist (f x) (f y) < e / 4" "dist (g y) (g x) < e / 4"
+ using n by auto
+ thus ?thesis
+ using g(2)[OF y(1)] by auto
+ qed
+ finally show "dist (f x) (g x) \<le> 3 * e / 4" by simp
+ qed
+ show ?thesis
+ using 2 by(auto simp only: cSup_le_iff[OF 1,simplified])
+ qed
+ also have "... < e"
+ using h by auto
+ finally show "cm_dist f g < e" .
+ qed
+ qed
+ thus "\<exists>y\<in>\<Union>n m. Dmn m n. cm_dist f y < e"
+ by auto
+ qed(use Dmn_subset c_Dmn Cmn_def in auto)
+ qed
+ qed
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/StandardBorel.thy b/thys/Standard_Borel_Spaces/StandardBorel.thy
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/StandardBorel.thy
@@ -0,0 +1,1546 @@
+(* Title: StandardBorel.thy
+ Author: Michikazu Hirata, Tokyo Institute of Technology
+*)
+
+section \<open>Standard Borel Spaces\<close>
+subsection \<open>Standard Borel Spaces\<close>
+theory StandardBorel
+ imports Abstract_Metrizable_Topology
+begin
+
+locale standard_borel =
+ fixes M :: "'a measure"
+ assumes polish_topology: "\<exists>S. polish_topology S \<and> sets M = sets (borel_of S)"
+begin
+
+lemma singleton_sets:
+ assumes "x \<in> space M"
+ shows "{x} \<in> sets M"
+proof -
+ obtain S where s:"polish_topology S" "sets M = sets (borel_of S)"
+ using polish_topology by blast
+ interpret s:polish_topology S by fact
+ have "closedin S {x}"
+ using s.closedin_singleton[of x] assms sets_eq_imp_space_eq[OF s(2)]
+ by(simp add: space_borel_of)
+ thus ?thesis
+ using borel_of_closed s by simp
+qed
+
+corollary countable_sets:
+ assumes "A \<subseteq> space M" "countable A"
+ shows "A \<in> sets M"
+ using sets.countable[OF singleton_sets assms(2)] assms(1)
+ by auto
+
+lemma standard_borel_restrict_space:
+ assumes "A \<in> sets M"
+ shows "standard_borel (restrict_space M A)"
+proof -
+ obtain S where s:"polish_topology S" "sets M = sets (borel_of S)"
+ using polish_topology by blast
+ obtain S' where S':"polish_topology S'" "sets M = sets (borel_of S')" "openin S' A"
+ using polish_topology.sets_clopen_topology[OF s(1),simplified s(2)[symmetric],OF assms] by auto
+ show ?thesis
+ using polish_topology.openin_polish[OF S'(1,3)] S'(2)
+ by(auto simp: standard_borel_def borel_of_subtopology sets_restrict_space intro!: exI[where x="subtopology S' A"] )
+qed
+
+end
+
+locale standard_borel_ne = standard_borel +
+ assumes space_ne: "space M \<noteq> {}"
+begin
+
+lemma standard_borel_ne_restrict_space:
+ assumes "A \<in> sets M" "A \<noteq> {}"
+ shows "standard_borel_ne (restrict_space M A)"
+ using assms by(auto simp: standard_borel_ne_def standard_borel_ne_axioms_def standard_borel_restrict_space)
+
+lemma standard_borel: "standard_borel M"
+ by(rule standard_borel_axioms)
+
+end
+
+lemma standard_borel_sets:
+ assumes "standard_borel M" and "sets M = sets N"
+ shows "standard_borel N"
+ using assms by(simp add: standard_borel_def)
+
+lemma standard_borel_ne_sets:
+ assumes "standard_borel_ne M" and "sets M = sets N"
+ shows "standard_borel_ne N"
+ using assms by(simp add: standard_borel_def standard_borel_ne_def sets_eq_imp_space_eq[OF assms(2)] standard_borel_ne_axioms_def)
+
+lemma pair_standard_borel:
+ assumes "standard_borel M" "standard_borel N"
+ shows "standard_borel (M \<Otimes>\<^sub>M N)"
+proof -
+ obtain S S' where hs:
+ "polish_topology S" "sets M = sets (borel_of S)" "polish_topology S'" "sets N = sets (borel_of S')"
+ using assms by(auto simp: standard_borel_def)
+ have "sets (M \<Otimes>\<^sub>M N) = sets (borel_of (prod_topology S S'))"
+ unfolding borel_of_prod[OF polish_topology.S_second_countable[OF hs(1)] polish_topology.S_second_countable[OF hs(3)],symmetric]
+ using sets_pair_measure_cong[OF hs(2,4)] .
+ thus ?thesis
+ unfolding standard_borel_def by(auto intro!: exI[where x="prod_topology S S'"] simp: polish_topology_prod[OF hs(1,3)])
+qed
+
+lemma pair_standard_borel_ne:
+ assumes "standard_borel_ne M" "standard_borel_ne N"
+ shows "standard_borel_ne (M \<Otimes>\<^sub>M N)"
+ using assms by(auto simp: pair_standard_borel standard_borel_ne_def standard_borel_ne_axioms_def space_pair_measure)
+
+lemma product_standard_borel:
+ assumes "countable I"
+ and "\<And>i. i \<in> I \<Longrightarrow> standard_borel (M i)"
+ shows "standard_borel (\<Pi>\<^sub>M i\<in>I. M i)"
+proof -
+ obtain S where hs:
+ "\<And>i. i \<in> I \<Longrightarrow> polish_topology (S i)" "\<And>i. i \<in> I \<Longrightarrow> sets (M i) = sets (borel_of (S i))"
+ using assms(2) by(auto simp: standard_borel_def) metis
+ have "sets (\<Pi>\<^sub>M i\<in>I. M i) = sets (\<Pi>\<^sub>M i\<in>I. borel_of (S i))"
+ using hs(2) by(auto intro!: sets_PiM_cong)
+ also have "... = sets (borel_of (product_topology S I))"
+ using assms(1) polish_topology.S_second_countable[OF hs(1)] by(auto intro!: sets_PiM_equal_borel_of)
+ finally have 1:"sets (\<Pi>\<^sub>M i\<in>I. M i) = sets (borel_of (product_topology S I))".
+ show ?thesis
+ unfolding standard_borel_def
+ using assms(1) hs(1) by(auto intro!: exI[where x="product_topology S I"] polish_topology_product simp: 1)
+qed
+
+lemma product_standard_borel_ne:
+ assumes "countable I"
+ and "\<And>i. i \<in> I \<Longrightarrow> standard_borel_ne (M i)"
+ shows "standard_borel_ne (\<Pi>\<^sub>M i\<in>I. M i)"
+ using assms by(auto simp: standard_borel_ne_def standard_borel_ne_axioms_def product_standard_borel)
+
+lemma closed_set_standard_borel[simp]:
+ fixes U :: "'a :: topological_space set"
+ assumes "polish_topology (euclidean :: 'a topology)" "closed U"
+ shows "standard_borel (restrict_space borel U)"
+ by(auto simp: standard_borel_def borel_of_euclidean borel_of_subtopology assms intro!: exI[where x="subtopology euclidean U"] polish_topology_closedin_polish)
+
+lemma closed_set_standard_borel_ne[simp]:
+ fixes U :: "'a :: topological_space set"
+ assumes "polish_topology (euclidean :: 'a topology)" "closed U" "U \<noteq> {}"
+ shows "standard_borel_ne (restrict_space borel U)"
+ using assms by(simp add: standard_borel_ne_def standard_borel_ne_axioms_def)
+
+lemma open_set_standard_borel[simp]:
+ fixes U :: "'a :: topological_space set"
+ assumes "polish_topology (euclidean :: 'a topology)" "open U"
+ shows "standard_borel (restrict_space borel U)"
+ by(auto simp: standard_borel_def borel_of_euclidean borel_of_subtopology assms intro!: exI[where x="subtopology euclidean U"] polish_topology.openin_polish)
+
+lemma open_set_standard_borel_ne[simp]:
+ fixes U :: "'a :: topological_space set"
+ assumes "polish_topology (euclidean :: 'a topology)" "open U" "U \<noteq> {}"
+ shows "standard_borel_ne (restrict_space borel U)"
+ using assms by(simp add: standard_borel_ne_def standard_borel_ne_axioms_def)
+
+
+lemma standard_borel_ne_borel[simp]: "standard_borel_ne (borel :: ('a :: polish_space) measure)"
+ and standard_borel_ne_lborel[simp]: "standard_borel_ne lborel"
+ unfolding standard_borel_def standard_borel_ne_def standard_borel_ne_axioms_def
+ by(auto intro!: exI[where x=euclidean] simp: borel_of_euclidean)
+
+lemma count_space_standard'[simp]:
+ assumes "countable I"
+ shows "standard_borel (count_space I)"
+proof -
+ interpret polish_metric_set I "discrete_dist I"
+ by(simp add: discrete_dist_polish_iff assms)
+ show ?thesis
+ unfolding standard_borel_def
+ proof(intro exI[where x="mtopology"] conjI)
+ have "\<And>x. x \<in> I \<Longrightarrow> {x} \<in> sets (borel_of mtopology)"
+ unfolding sets_borel_of by(rule sigma_sets.Basic) (simp add: discrete_dist_topology)
+ hence "sets (borel_of mtopology) = Pow I"
+ by(auto intro!: sets_eq_countable[OF assms] simp: space_borel_of mtopology_topspace)
+ thus "sets (count_space I) = sets (borel_of mtopology)"
+ by simp
+ qed (rule polish_topology_axioms)
+qed
+
+lemma count_space_standard_ne[simp]: "standard_borel_ne (count_space (UNIV :: (_ :: countable) set))"
+ by (simp add: standard_borel_ne_def standard_borel_ne_axioms_def)
+
+corollary measure_pmf_standard_borel_ne[simp]: "standard_borel_ne (measure_pmf (p :: (_ :: countable) pmf))"
+ using count_space_standard_ne sets_measure_pmf_count_space standard_borel_ne_sets by blast
+
+corollary measure_spmf_standard_borel_ne[simp]: "standard_borel_ne (measure_spmf (p :: (_ :: countable) spmf))"
+ using count_space_standard_ne sets_measure_spmf standard_borel_ne_sets by blast
+
+corollary countable_standard_ne[simp]:
+ "standard_borel_ne (borel :: 'a :: {countable,t2_space} measure)"
+ by(simp add: standard_borel_sets[OF _ sets_borel_eq_count_space[symmetric]] standard_borel_ne_def standard_borel_ne_axioms_def)
+
+lemma(in standard_borel) countable_discrete_space:
+ assumes "countable (space M)"
+ shows "sets M = Pow (space M)"
+proof safe
+ fix A
+ assume "A \<subseteq> space M"
+ with assms have "countable A"
+ by(simp add: countable_subset)
+ thus "A \<in> sets M"
+ using \<open>A \<subseteq> space M\<close> singleton_sets
+ by(auto intro!: sets.countable[of A])
+qed(use sets.sets_into_space in auto)
+
+lemma(in standard_borel) measurable_isomorphic_standard:
+ assumes "M measurable_isomorphic N"
+ shows "standard_borel N"
+proof -
+ obtain S where S:"polish_topology S" "sets M = sets (borel_of S)"
+ using polish_topology by auto
+ from measurable_isomorphic_borels[OF S(2) assms]
+ obtain S' where S': "S homeomorphic_space S' \<and> sets N = sets (borel_of S')"
+ by auto
+ thus ?thesis
+ by(auto simp: standard_borel_def polish_topology.homeomorphic_polish_topology[OF S(1)] intro!:exI[where x=S'])
+qed
+
+lemma(in standard_borel_ne) measurable_isomorphic_standard_ne:
+ assumes "M measurable_isomorphic N"
+ shows "standard_borel_ne N"
+ using measurable_ismorphic_empty2[OF _ assms] by(auto simp: measurable_isomorphic_standard[OF assms] standard_borel_ne_def standard_borel_ne_axioms_def space_ne)
+
+lemma ereal_standard_ne: "standard_borel_ne (borel :: ereal measure)"
+proof -
+ interpret s: standard_borel_ne "restrict_space borel {0..1::real}"
+ by auto
+ define f :: "real \<Rightarrow> ereal"
+ where "f \<equiv> (\<lambda>r. if r = 0 then bot else if r = 1 then top else tan (pi * r - (pi / 2)))"
+ define g :: "ereal \<Rightarrow> real"
+ where "g \<equiv> (\<lambda>r. if r = top then 1 else if r = bot then 0 else arctan (real_of_ereal r) / pi + 1 / 2)"
+ show ?thesis
+ proof(rule s.measurable_isomorphic_standard_ne[OF measurable_isomorphic_byWitness[where f=f and g = g]])
+ show "f \<in> borel_measurable (restrict_space borel {0..1})"
+ proof -
+ have 1:"{0..1} \<inter> {r. r \<noteq> 0} \<inter> {x. x \<noteq> 1} = {0<..<1::real}" by auto
+ have 2:"(\<lambda>x. ereal (tan (pi * x - pi / 2))) \<in> borel_measurable (restrict_space borel ({0..1} \<inter> {r. r \<noteq> 0} \<inter> {x. x \<noteq> 1}))"
+ unfolding 1
+ proof(safe intro!: borel_measurable_continuous_on_restrict continuous_on_ereal Transcendental.continuous_on_tan)
+ show "continuous_on {0<..<1} (\<lambda>x::real. pi * x - pi / 2)"
+ by(auto intro!: continuous_at_imp_continuous_on)
+ next
+ fix x :: real
+ assume h:"cos (pi * x - pi / 2) = 0" "x \<in> {0<..<1}"
+ hence "- (pi / 2) < pi * x - pi / 2" "pi * x - pi / 2 < pi / 2"
+ by simp_all
+ from cos_gt_zero_pi[OF this] h(1)
+ show False by simp
+ qed
+ have "{r:: real. r = 0 \<and> 0 \<le> r \<and> r \<le> 1} \<in> sets (restrict_space borel {0..1})" "{x::real. x = 1 \<and> 0 \<le> x \<and> x \<le> 1 \<and> x \<noteq> 0} \<in> sets (restrict_space borel ({0..1} \<inter> {r. r \<noteq> 0}))"
+ by(auto simp: sets_restrict_space)
+ with 2 show ?thesis
+ by(auto intro!: measurable_If_restrict_space_iff[THEN iffD2] simp: restrict_restrict_space f_def)
+ qed
+ next
+ show "g \<in> borel \<rightarrow>\<^sub>M restrict_space borel {0..1}"
+ unfolding g_def measurable_restrict_space2_iff
+ proof safe
+ fix x :: ereal
+ have "-1 / 2 < arctan (real_of_ereal x) / pi" "arctan (real_of_ereal x) / pi < 1 / 2"
+ using arctan_lbound[of "real_of_ereal x"] arctan_ubound[of "real_of_ereal x"]
+ by (simp_all add: mult_imp_less_div_pos)
+ hence "0 \<le> arctan (real_of_ereal x) / pi + 1 / 2" "arctan (real_of_ereal x) / pi + 1 / 2 \<le> 1"
+ by linarith+
+ thus "(if x = \<top> then 1 else if x = \<bottom> then 0 else arctan (real_of_ereal x) / pi + 1 / 2) \<in> {0..1}"
+ by auto
+ qed measurable
+ next
+ fix r ::real
+ assume "r \<in> space (restrict_space borel {0..1})"
+ then consider "r = 0" | "r = 1" | "0 < r" "r < 1" by auto linarith
+ then show " g (f r) = r"
+ proof cases
+ case 3
+ then have 1:"- (pi / 2) < pi * r - pi / 2" "pi * r - pi / 2 < pi / 2"
+ by simp_all
+ have "arctan (tan (pi * r - pi / 2)) / pi + 1 / 2 = r"
+ by(simp add: arctan_tan[OF 1] diff_divide_distrib)
+ thus ?thesis
+ by(auto simp: f_def g_def top_ereal_def bot_ereal_def)
+ qed(auto simp: g_def f_def top_ereal_def bot_ereal_def)
+ next
+ fix y :: ereal
+ consider "y = top" | "y = bot" | "y \<noteq> bot" "y \<noteq> top" by auto
+ then show "f (g y) = y"
+ proof cases
+ case 3
+ hence [simp]: "\<bar>y\<bar> \<noteq> \<infinity>" by(auto simp: top_ereal_def bot_ereal_def)
+ have "-1 / 2 < arctan (real_of_ereal y) / pi" "arctan (real_of_ereal y) / pi < 1 / 2"
+ using arctan_lbound[of "real_of_ereal y"] arctan_ubound[of "real_of_ereal y"]
+ by (simp_all add: mult_imp_less_div_pos)
+ hence "arctan (real_of_ereal y) / pi + 1 / 2 < 1" "arctan (real_of_ereal y) / pi + 1 / 2 > 0"
+ by linarith+
+ thus ?thesis
+ using arctan_lbound[of "real_of_ereal y"] arctan_ubound[of "real_of_ereal y"]
+ by(auto simp: f_def g_def distrib_left tan_arctan ereal_real')
+ qed(auto simp: f_def g_def)
+ qed
+qed
+
+corollary ennreal_stanndard_ne: "standard_borel_ne (borel :: ennreal measure)"
+ by(auto intro!: standard_borel_ne.measurable_isomorphic_standard_ne[OF standard_borel_ne.standard_borel_ne_restrict_space[OF ereal_standard_ne,of "{0..}",simplified]] measurable_isomorphic_byWitness[where f=e2ennreal and g=enn2ereal] measurable_restrict_space1 measurable_restrict_space2 enn2ereal_e2ennreal)
+
+text \<open> Cantor space $\mathscr{C}$ \<close>
+definition Cantor_space :: "(nat \<Rightarrow> real) measure" where
+"Cantor_space \<equiv> (\<Pi>\<^sub>M i\<in> UNIV. restrict_space borel {0,1})"
+
+lemma Cantor_space_standard_ne: "standard_borel_ne Cantor_space"
+ by(auto simp: Cantor_space_def intro!: product_standard_borel_ne)
+
+lemma Cantor_space_borel:
+ "sets (borel_of Cantor_space_as_topology) = sets Cantor_space"
+ (is "?lhs = _")
+proof -
+ have "?lhs = sets (\<Pi>\<^sub>M i\<in> UNIV. borel_of (top_of_set {0,1}))"
+ by(auto intro!: sets_PiM_equal_borel_of[symmetric] second_countable_subtopology)
+ thus ?thesis
+ by(simp add: borel_of_subtopology Cantor_space_def borel_of_euclidean)
+qed
+
+text \<open> Baire space \<close>
+definition Baire_space :: "(nat \<Rightarrow> nat) measure" where
+"Baire_space \<equiv> (\<Pi>\<^sub>M i\<in> UNIV. borel)"
+
+lemma Baire_space_standard: "standard_borel_ne Baire_space"
+ by(auto simp: Baire_space_def intro!: product_standard_borel_ne)
+
+text \<open> Hilbert cube $\mathscr{H}$ \<close>
+definition Hilbert_cube :: "(nat \<Rightarrow> real) measure" where
+"Hilbert_cube \<equiv> (\<Pi>\<^sub>M i\<in> UNIV. restrict_space borel {0..1})"
+
+lemma Hilbert_cube_standard_ne: "standard_borel_ne Hilbert_cube"
+ by(auto simp: Hilbert_cube_def intro!: product_standard_borel_ne)
+
+lemma Hilbert_cube_borel:
+ "sets (borel_of Hilbert_cube_as_topology) = sets Hilbert_cube" (is "?lhs = _")
+proof -
+ have "?lhs = sets (\<Pi>\<^sub>M i\<in> UNIV. borel_of (top_of_set {0..1}))"
+ by(auto intro!: sets_PiM_equal_borel_of[symmetric] second_countable_subtopology)
+ thus ?thesis
+ by(simp add: borel_of_subtopology Hilbert_cube_def borel_of_euclidean)
+qed
+
+subsection \<open> Isomorphism between $\mathscr{C}$ and $\mathscr{H}$\<close>
+lemma space_Cantor_space: "space Cantor_space = (\<Pi>\<^sub>E i\<in> UNIV. {0,1})"
+ by(simp add: Cantor_space_def space_PiM)
+
+lemma space_Cantor_space_01[simp]:
+ assumes "x \<in> space Cantor_space"
+ shows "0 \<le> x n" "x n \<le> 1" "x n \<in> {0,1}"
+ using PiE_mem[OF assms[simplified space_Cantor_space],of n]
+ by auto
+
+lemma Cantor_minus_abs_cantor:
+ assumes "x \<in> space Cantor_space" "y \<in> space Cantor_space"
+ shows "(\<lambda>n. \<bar>x n - y n\<bar>) \<in> space Cantor_space"
+ unfolding space_Cantor_space
+proof safe
+ fix n
+ assume "\<bar>x n - y n\<bar> \<noteq> 0"
+ then consider "x n = 0 \<and> y n = 1" | "x n = 1 \<and> y n = 0"
+ using space_Cantor_space_01[OF assms(1),of n] space_Cantor_space_01[OF assms(2),of n]
+ by auto
+ thus "\<bar>x n - y n\<bar> = 1"
+ by cases auto
+qed simp
+
+text \<open> Isomorphism between $\mathscr{C}$ and $[0,1]$\<close>
+definition Cantor_to_01 :: "(nat \<Rightarrow> real) \<Rightarrow> real" where
+"Cantor_to_01 \<equiv> (\<lambda>x. (\<Sum>n. (1/3)^(Suc n)* x n))"
+text \<open> @{term Cantor_to_01} is a measurable injective embedding.\<close>
+
+
+lemma Cantor_to_01_summable'[simp]:
+ assumes "x \<in> space Cantor_space"
+ shows "summable (\<lambda>n. (1/3)^(Suc n)* x n)"
+proof(rule summable_comparison_test'[where g="\<lambda>n. (1/3)^ n" and N=0])
+ show "norm ((1 / 3) ^ Suc n * x n) \<le> (1 / 3) ^ n" for n
+ using space_Cantor_space_01[OF assms,of n] by auto
+qed simp
+
+lemma Cantor_to_01_summable[simp]:
+ assumes "x \<in> space Cantor_space"
+ shows "summable (\<lambda>n. (1/3)^ n* x n)"
+ using Cantor_to_01_summable'[OF assms] by simp
+
+lemma Cantor_to_01_subst_summable[simp]:
+ assumes "x \<in> space Cantor_space" "y \<in> space Cantor_space"
+ shows "summable (\<lambda>n. (1/3)^ n* (x n - y n))"
+proof(rule summable_comparison_test'[where g="\<lambda>n. (1/3)^ n" and N=0])
+ show " norm ((1 / 3) ^ n * (x n - y n)) \<le> (1 / 3) ^ n" for n
+ using space_Cantor_space_01[OF Cantor_minus_abs_cantor[OF assms],of n]
+ by(auto simp: idom_abs_sgn_class.abs_mult)
+qed simp
+
+lemma Cantor_to_01_image: "Cantor_to_01 \<in> space Cantor_space \<rightarrow> {0..1}"
+proof
+ fix x
+ assume h:"x \<in> space Cantor_space"
+ have "Cantor_to_01 x \<le> (\<Sum>n. (1/3)^(Suc n))"
+ unfolding Cantor_to_01_def
+ by(rule suminf_le) (use h Cantor_to_01_summable[OF h] in auto)
+ also have "... = (\<Sum>n. (1 / 3) ^ n) - (1::real)"
+ using suminf_minus_initial_segment[OF complete_algebra_summable_geometric[of "1/3::real"],of 1]
+ by auto
+ finally have "Cantor_to_01 x \<le> 1"
+ by(simp add: suminf_geometric[of "1/3"])
+ moreover have "0 \<le> Cantor_to_01 x"
+ unfolding Cantor_to_01_def
+ by(rule suminf_nonneg) (use Cantor_to_01_summable[OF h] h in auto)
+ ultimately show "Cantor_to_01 x \<in> {0..1}"
+ by simp
+qed
+
+lemma Cantor_to_01_measurable: "Cantor_to_01 \<in> Cantor_space \<rightarrow>\<^sub>M restrict_space borel {0..1}"
+proof(rule measurable_restrict_space2)
+ show "Cantor_to_01 \<in> borel_measurable Cantor_space"
+ unfolding Cantor_to_01_def
+ proof(rule borel_measurable_suminf)
+ fix n
+ have "(\<lambda>x. x n) \<in> Cantor_space \<rightarrow>\<^sub>M restrict_space borel {0, 1}"
+ by(simp add: Cantor_space_def)
+ hence "(\<lambda>x. x n) \<in> borel_measurable Cantor_space"
+ by(simp add: measurable_restrict_space2_iff)
+ thus "(\<lambda>x. (1 / 3) ^ Suc n * x n) \<in> borel_measurable Cantor_space"
+ by simp
+ qed
+qed(rule Cantor_to_01_image)
+
+
+lemma
+ shows Cantor_to_01_inj: "inj_on Cantor_to_01 (space Cantor_space)"
+ and Cantor_to_01_preserves_sets: "A \<in> sets Cantor_space \<Longrightarrow> Cantor_to_01 ` A \<in> sets (restrict_space borel {0..1})"
+proof -
+ have sets_Cantor: "sets Cantor_space = sets (borel_of (product_topology (\<lambda>_. subtopology euclidean {0,1}) UNIV))"
+ (is "?lhs = _")
+ proof -
+ have "?lhs = sets (\<Pi>\<^sub>M i\<in> UNIV. borel_of (subtopology euclidean {0,1}))"
+ by (simp add: Cantor_space_def borel_of_euclidean borel_of_subtopology)
+ thus ?thesis
+ by(auto intro!: sets_PiM_equal_borel_of second_countable_subtopology polish_topology.S_second_countable[of "euclideanreal"])
+ qed
+ have s:"space Cantor_space = topspace (product_topology (\<lambda>_. subtopology euclidean {0,1}) UNIV)"
+ by(simp add: space_Cantor_space)
+
+ interpret m01: polish_metric_set "{0, 1::real}" "\<lambda>x y. if (x = 0 \<or> x = 1) \<and> (y = 0 \<or> y = 1) then \<bar>x - y\<bar> else 0"
+ proof -
+ have "(\<lambda>x y. if x \<in> {0,1} \<and> y \<in> {0,1} then \<bar>x - y\<bar> else 0) = discrete_dist {0,1::real}"
+ by standard+ (auto simp: discrete_dist_def)
+ moreover have "polish_metric_set {0, 1} ..."
+ by(simp add: discrete_dist_polish_iff)
+ ultimately show "polish_metric_set {0, 1::real} (\<lambda>x y. if (x = 0 \<or> x = 1) \<and> (y = 0 \<or> y = 1) then \<bar>x - y\<bar> else 0)" by simp
+ qed
+ interpret pm: product_polish_metric "1/3" "UNIV :: nat set" id id "\<lambda>i. {0, 1::real}" "\<lambda>i x y. if (x = 0 \<or> x = 1) \<and> (y = 0 \<or> y = 1) then \<bar>x - y\<bar> else 0" 1
+ by(auto intro!: product_polish_metric_natI simp: m01.polish_metric_set_axioms)
+ have "product_topology (\<lambda>_. top_of_set {0, 1}) UNIV = pm.mtopology"
+ proof -
+ have "top_of_set {0, 1} = m01.mtopology"
+ proof -
+ have "openin (top_of_set {0,1}) A \<longleftrightarrow> A \<subseteq> {0,1}" for A :: "real set"
+ proof
+ assume "A \<subseteq> {0, 1}"
+ then consider "A = {}" | "A = {0}" | "A = {1}" | "A = {0,1}"
+ by auto
+ thus "openin (top_of_set {0, 1}) A"
+ by cases (auto simp: openin_subtopology)
+ qed (rule openin_subset[of "top_of_set {0, 1}",simplified])
+ moreover have "openin m01.mtopology A \<longleftrightarrow> A \<subseteq> {0,1}" for A
+ proof
+ assume "A \<subseteq> {0, 1}"
+ then consider "A = {}" | "A = {0}" | "A = {1}" | "A = {0,1}"
+ by auto
+ thus "openin m01.mtopology A"
+ by cases (auto simp: m01.mtopology_openin_iff m01.open_ball_def intro!: exI[where x=1])
+ next
+ show "openin m01.mtopology A \<Longrightarrow> A \<subseteq> {0, 1}"
+ using m01.mtopology_topspace by(auto dest: openin_subset)
+ qed
+ ultimately show ?thesis
+ by(simp add: topology_eq)
+ qed
+ thus ?thesis
+ using pm.product_dist_mtopology by simp
+ qed
+
+ interpret real : polish_metric_set "UNIV :: real set" dist
+ by simp
+ have [simp]: "real.mtopology = euclideanreal"
+ by (simp add: euclidean_mtopology)
+ interpret m01': polish_metric_set "{0..1::real}" "submetric {0..1} dist"
+ by(auto intro!: real.submetric_polish)
+ have "restrict_space borel {0..1} = borel_of m01'.mtopology"
+ by (metis borel_of_euclidean borel_of_subtopology open_openin open_openin_set real.submetric_subtopology subset_UNIV topology_eq)
+
+ (* 1 / 9 * d x y \<le> \<bar>Cantor_to_01 x - Cantor_to_01 y\<bar> \<le> d x y *)
+ have pd_def: "pm.product_dist x y = (\<Sum>n. (1/3)^n * \<bar>x n - y n\<bar>)" if "x \<in> space Cantor_space" "y \<in> space Cantor_space" for x y
+ using space_Cantor_space_01[OF that(1)] space_Cantor_space_01[OF that(2)] that by(auto simp: product_dist_def)
+ have sd_def: "submetric {0..1} (\<lambda>x y. \<bar>x - y\<bar>) (Cantor_to_01 x) (Cantor_to_01 y) = \<bar>Cantor_to_01 x - Cantor_to_01 y\<bar>" if "x \<in> space Cantor_space" "y \<in> space Cantor_space" for x y
+ using Cantor_to_01_image that by(auto simp: submetric_def)
+ have 1:"\<bar>Cantor_to_01 x - Cantor_to_01 y\<bar> \<le> pm.product_dist x y" (is "?lhs \<le> ?rhs") if "x \<in> space Cantor_space" "y \<in> space Cantor_space" for x y
+ proof -
+ have "?lhs = \<bar>(\<Sum>n. (1/3)^(Suc n)* x n - (1/3)^(Suc n)* y n)\<bar>"
+ using that by(simp add: suminf_diff Cantor_to_01_def)
+ also have "... = \<bar>\<Sum>n. (1/3)^(Suc n) * (x n - y n) \<bar>"
+ by (simp add: right_diff_distrib)
+ also have "... \<le> (\<Sum>n. \<bar>(1/3)^(Suc n) * (x n - y n)\<bar>)"
+ proof(rule summable_rabs)
+ have "(\<lambda>n. \<bar>(1 / 3) ^ Suc n * (x n - y n)\<bar>) = (\<lambda>n. (1 / 3) ^ Suc n * \<bar>(x n - y n)\<bar>)"
+ by (simp add: abs_mult_pos mult.commute)
+ moreover have "summable ..."
+ using Cantor_minus_abs_cantor[OF that] by simp
+ ultimately show "summable (\<lambda>n. \<bar>(1 / 3) ^ Suc n * (x n - y n)\<bar>)" by simp
+ qed
+ also have "... = (\<Sum>n. (1/3)^(Suc n) * \<bar>x n - y n\<bar>)"
+ by (simp add: abs_mult_pos mult.commute)
+ also have "... \<le> pm.product_dist x y"
+ unfolding pd_def[OF that]
+ apply(rule suminf_le)
+ using Cantor_minus_abs_cantor[OF that] by auto
+ finally show ?thesis .
+ qed
+
+ have 2:"\<bar>Cantor_to_01 x - Cantor_to_01 y\<bar> \<ge> 1 / 9 *pm.product_dist x y" (is "?lhs \<le> ?rhs") if "x \<in> space Cantor_space" "y \<in> space Cantor_space" for x y
+ proof(cases "x = y")
+ case True
+ then show ?thesis
+ using pm.dist_0[of x y] that by(simp add: space_Cantor_space)
+ next
+ case False
+ then obtain n' where "x n' \<noteq> y n'" by auto
+ define n where "n \<equiv> Min {n. n \<le> n' \<and> x n \<noteq> y n}"
+ have "n \<le> n'"
+ using \<open>x n' \<noteq> y n'\<close> n_def by fastforce
+ have "x n \<noteq> y n"
+ using \<open>x n' \<noteq> y n'\<close> linorder_class.Min_in[of "{n. n \<le> n' \<and> x n \<noteq> y n}"]
+ by(auto simp: n_def)
+ have "\<forall>i<n. x i = y i"
+ proof safe
+ fix i
+ assume "i < n"
+ show "x i = y i"
+ proof(rule ccontr)
+ assume "x i \<noteq> y i"
+ then have "i \<in> {n. n \<le> n' \<and> x n \<noteq> y n}"
+ using \<open>n \<le> n'\<close> \<open>i < n\<close> by auto
+ thus False
+ using \<open>i < n\<close> linorder_class.Min_gr_iff[of "{n. n \<le> n' \<and> x n \<noteq> y n}" i] \<open>x n' \<noteq> y n'\<close>
+ by(auto simp: n_def)
+ qed
+ qed
+
+ have u1: "(1/3) ^ (Suc n) * (1/2) \<le> \<bar>Cantor_to_01 x - Cantor_to_01 y\<bar>"
+ proof -
+ have "(1/3) ^ (Suc n) * (1/2) \<le> \<bar>(\<Sum>m. (1/3)^(Suc (m + Suc n)) * (x (m + Suc n) - y (m + Suc n))) + (1 / 3) ^ Suc n * (x n - y n)\<bar>"
+ proof -
+ have "(1 / 3) ^ Suc n - (1/3)^(n + 2) * 3/2 \<le> (1 / 3) ^ Suc n - \<bar>(\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n)))\<bar>"
+ proof -
+ have "\<bar>(\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n)))\<bar> \<le> (1/3)^(n + 2) * 3/2"
+ (is "?lhs \<le> _")
+ proof -
+ have "?lhs \<le> (\<Sum>m. \<bar>(1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n))\<bar>)"
+ apply(rule summable_rabs,rule summable_ignore_initial_segment[of _ "Suc n"])
+ using Cantor_minus_abs_cantor[OF that(2,1)] by(simp add: abs_mult)
+ also have "... = (\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * \<bar>y (m + Suc n) - x (m + Suc n)\<bar>)"
+ by(simp add: abs_mult)
+ also have "... \<le> (\<Sum>m. (1 / 3) ^ Suc (m + Suc n))"
+ apply(rule suminf_le)
+ using space_Cantor_space_01[OF Cantor_minus_abs_cantor[OF that(2,1)]]
+ apply simp
+ apply(rule summable_ignore_initial_segment[of _ "Suc n"])
+ using Cantor_minus_abs_cantor[OF that(2,1)] by auto
+ also have "... = (\<Sum>m. (1 / 3) ^ (m + Suc (Suc n)) * 1)" by simp
+ also have "... = (1/3)^(n + 2) * 3/(2::real)"
+ by(simp only: pm.nsum_of_rK[of "Suc (Suc n)"],simp)
+ finally show ?thesis .
+ qed
+ thus ?thesis by simp
+ qed
+ also have "... = \<bar>(1 / 3) ^ Suc n * (x n - y n)\<bar> - \<bar>\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n))\<bar>"
+ using \<open>x n \<noteq> y n\<close> space_Cantor_space_01[OF Cantor_minus_abs_cantor[OF that],of n] by(simp add: abs_mult)
+ also have "... \<le> \<bar>(1 / 3) ^ Suc n * (x n - y n) - (\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n)))\<bar>"
+ by simp
+ also have "... = \<bar>(1 / 3) ^ Suc n * (x n - y n) + (\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (x (m + Suc n) - y (m + Suc n)))\<bar>"
+ proof -
+ have "(\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (x (m + Suc n) - y (m + Suc n))) = (\<Sum>m. - ((1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n))))"
+ proof -
+ { fix nn :: nat
+ have "\<And>r ra rb. - ((- (r::real) + ra) / (1 / rb)) = (- ra + r) / (1 / rb)"
+ by (simp add: left_diff_distrib)
+ then have "- ((y (Suc (n + nn)) + - x (Suc (n + nn))) * (1 / 3) ^ Suc (Suc (n + nn))) = (x (Suc (n + nn)) + - y (Suc (n + nn))) * (1 / 3) ^ Suc (Suc (n + nn))"
+ by fastforce
+ then have "- ((1 / 3) ^ Suc (nn + Suc n) * (y (nn + Suc n) - x (nn + Suc n))) = (1 / 3) ^ Suc (nn + Suc n) * (x (nn + Suc n) - y (nn + Suc n))"
+ by (simp add: add.commute mult.commute) }
+ then show ?thesis
+ by presburger
+ qed
+ also have "... = - (\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (y (m + Suc n) - x (m + Suc n)))"
+ apply(rule suminf_minus)
+ apply(rule summable_ignore_initial_segment[of _ "Suc n"])
+ using that by simp
+ finally show ?thesis by simp
+ qed
+ also have "... = \<bar>(\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (x (m + Suc n) - y (m + Suc n))) + (1 / 3) ^ Suc n * (x n - y n)\<bar>"
+ using 1 by simp
+ finally show ?thesis by simp
+ qed
+ also have "... = \<bar>(\<Sum>m. (1/3)^(Suc (m + Suc n)) * (x (m + Suc n) - y (m + Suc n))) + (\<Sum>m<Suc n. (1/3)^(Suc m) * (x m - y m))\<bar>"
+ using \<open>\<forall>i<n. x i = y i\<close> by auto
+ also have "... = \<bar>\<Sum>n. (1/3)^(Suc n) * (x n - y n)\<bar>"
+ proof -
+ have "(\<Sum>n. (1 / 3) ^ Suc n * (x n - y n)) = (\<Sum>m. (1 / 3) ^ Suc (m + Suc n) * (x (m + Suc n) - y (m + Suc n))) + (\<Sum>m<Suc n. (1 / 3) ^ Suc m * (x m - y m))"
+ apply(rule suminf_split_initial_segment)
+ using that by simp
+ thus ?thesis by simp
+ qed
+ also have "... = \<bar>(\<Sum>n. (1/3)^(Suc n)* x n - (1/3)^(Suc n)* y n)\<bar>"
+ by (simp add: right_diff_distrib)
+ also have "... = \<bar>Cantor_to_01 x - Cantor_to_01 y\<bar>"
+ using that by(simp add: suminf_diff Cantor_to_01_def)
+ finally show ?thesis .
+ qed
+ have u2: "(1/9) * pm.product_dist x y \<le> (1/3) ^ (Suc n) * (1/2)"
+ proof -
+ have "pm.product_dist x y = (\<Sum>m. (1/3)^m * \<bar>x m - y m\<bar>)"
+ by(simp add: that pd_def)
+ also have "... = (\<Sum>m. (1/3)^(m + n) * \<bar>x (m + n) - y (m + n)\<bar>) + (\<Sum>m<n. (1/3)^m * \<bar>x m - y m\<bar>)"
+ using Cantor_minus_abs_cantor[OF that] by(auto intro!: suminf_split_initial_segment)
+ also have "... = (\<Sum>m. (1/3)^(m + n) * \<bar>x (m + n) - y (m + n)\<bar>)"
+ using \<open>\<forall>i<n. x i = y i\<close> by simp
+ also have "... \<le> (\<Sum>m. (1/3)^(m + n))"
+ using space_Cantor_space_01[OF Cantor_minus_abs_cantor[OF that]] Cantor_minus_abs_cantor[OF that]
+ by(auto intro!: suminf_le summable_ignore_initial_segment[of _ n])
+ also have "... = (1 / 3) ^ n * (3 / 2)"
+ using pm.nsum_of_rK[of n] by auto
+ finally show ?thesis
+ by auto
+ qed
+ from u1 u2 show ?thesis by simp
+ qed
+
+ have inj: "inj_on Cantor_to_01 (space Cantor_space)"
+ proof
+ fix x y
+ assume h:"x \<in> space Cantor_space" "y \<in> space Cantor_space"
+ "Cantor_to_01 x = Cantor_to_01 y"
+ then have "pm.product_dist x y = 0"
+ using 2[OF h(1,2)] pm.dist_geq0[of x y]
+ by simp
+ thus "x = y"
+ using pm.dist_0[of x y] h(1,2)
+ by(simp add: space_Cantor_space)
+ qed
+
+ have closed: "closedin m01'.mtopology (Cantor_to_01 ` (space Cantor_space))"
+ unfolding m01'.mtopology_closedin_iff
+ proof safe
+ show "a \<in> space Cantor_space \<Longrightarrow> Cantor_to_01 a \<in> {0..1}" for a
+ using Cantor_to_01_image by auto
+ next
+ fix f s
+ assume h:"f \<in> UNIV \<rightarrow> Cantor_to_01 ` space Cantor_space" "m01'.converge_to_inS f s"
+ then have "m01'.Cauchy_inS f"
+ using m01'.Cauchy_if_convergent_inS by(auto simp: m01'.convergent_inS_def)
+ have "\<forall>n. \<exists>x\<in>space Cantor_space. f n = Cantor_to_01 x" using h(1) by auto
+ then obtain x where hx:"\<And>n. x n \<in> space Cantor_space" "\<And>n. f n = Cantor_to_01 (x n)" by metis
+ have "pm.Cauchy_inS x"
+ unfolding pm.Cauchy_inS_def2''
+ proof
+ show "x \<in> UNIV \<rightarrow> (\<Pi>\<^sub>E i\<in> UNIV. {0,1})"
+ using hx(1) by(auto simp: space_Cantor_space)
+ next
+ show "\<forall>\<epsilon>>0. \<exists>y\<in>UNIV \<rightarrow>\<^sub>E {0, 1}. \<exists>N. \<forall>n\<ge>N. pm.product_dist y (x n) < \<epsilon>"
+ proof safe
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ hence "0 < \<epsilon> / 9" by auto
+ then obtain N' where "\<forall>n\<ge>N'. f n \<in> m01'.open_ball (f N') (\<epsilon> / 9)"
+ using \<open>m01'.Cauchy_inS f\<close> m01'.Cauchy_inS_def2[of f] by blast
+ hence "\<And>n. n \<ge> N' \<Longrightarrow> \<bar>f N' - f n\<bar> < (\<epsilon> / 9)"
+ using m01'.Cauchy_inS_dest1[OF \<open>m01'.Cauchy_inS f\<close>]
+ by(auto simp: m01'.open_ball_def) (auto simp: submetric_def dist_real_def)
+ thus "\<exists>y\<in>(\<Pi>\<^sub>E i\<in> UNIV. {0,1}). \<exists>N. \<forall>n\<ge>N. pm.product_dist y (x n) < \<epsilon>"
+ using order.strict_trans1[OF 2[OF hx(1)[of N'] hx(1)],of _ "\<epsilon>/9"] hx(1)
+ by(auto intro!: exI[where x=N'] bexI[where x="x N'"] simp: hx(2) space_Cantor_space)
+ qed
+ qed
+ then obtain y where "pm.converge_to_inS x y"
+ using pm.convergence by(auto simp: pm.convergent_inS_def)
+ hence "y \<in> space Cantor_space"
+ by(auto simp: pm.converge_to_inS_def space_Cantor_space)
+ have "m01'.converge_to_inS f (Cantor_to_01 y)"
+ unfolding m01'.converge_to_inS_def2
+ proof safe
+ show "f a \<in> {0..1}" "Cantor_to_01 y \<in> {0..1}" for a
+ using h(1) funcset_image[OF Cantor_to_01_image]
+ by (simp_all add: hx(1) hx(2) image_subset_iff pm.converge_to_inS_def \<open>y \<in> space Cantor_space\<close>)
+ next
+ fix \<epsilon>
+ assume "(0 :: real) < \<epsilon>"
+ then obtain N where "\<And>n. n \<ge> N \<Longrightarrow> pm.product_dist (x n) y < \<epsilon>"
+ using \<open>pm.converge_to_inS x y\<close> by(auto simp: pm.converge_to_inS_def2) meson
+ thus "\<exists>N. \<forall>n\<ge>N. submetric {0..1} dist (f n) (Cantor_to_01 y) < \<epsilon>"
+ by(auto intro!: exI[where x=N] order.strict_trans1[OF 1[OF hx(1) \<open>y \<in> space Cantor_space\<close>]] simp: submetric_def \<open>0 < \<epsilon>\<close> hx(2) dist_real_def)
+ qed
+ hence "Cantor_to_01 y = s"
+ using h(2) m01'.converge_to_inS_unique by blast
+ with \<open>y \<in> space Cantor_space\<close> show "s \<in> Cantor_to_01 ` space Cantor_space"
+ by auto
+ qed
+
+ have open_map:"open_map pm.mtopology (subtopology m01'.mtopology (Cantor_to_01 ` (space Cantor_space))) Cantor_to_01"
+ unfolding space_Cantor_space
+ proof(rule metric_set_opem_map_from_dist[OF pm.metric_set_axioms m01'.metric_set_axioms Cantor_to_01_image[simplified space_Cantor_space]])
+ fix x \<epsilon>
+ assume "x \<in> (UNIV :: nat set) \<rightarrow>\<^sub>E {0, 1::real}" "(0 :: real) < \<epsilon>"
+ show "\<exists>\<delta>>0. \<forall>y\<in>UNIV \<rightarrow>\<^sub>E {0, 1}. submetric {0..1} dist (Cantor_to_01 x) (Cantor_to_01 y) < \<delta> \<longrightarrow> pm.product_dist x y < \<epsilon>"
+ proof(safe intro!: exI[where x="\<epsilon>/9"])
+ fix y
+ assume h:"y \<in> (UNIV :: nat set) \<rightarrow>\<^sub>E {0, 1::real}"
+ "submetric {0..1} dist (Cantor_to_01 x) (Cantor_to_01 y) < \<epsilon> / 9"
+ then have sc:"x \<in> space Cantor_space" "y \<in> space Cantor_space"
+ using \<open>x \<in> UNIV \<rightarrow>\<^sub>E {0, 1}\<close> by(simp_all add: space_Cantor_space)
+ have "\<bar>Cantor_to_01 x - Cantor_to_01 y\<bar> < \<epsilon> / 9"
+ using sd_def[OF sc] h(2) by (metis dist_real_def submetric_def)
+ with 2[OF sc] show "pm.product_dist x y < \<epsilon> "
+ by simp
+ qed (use \<open>\<epsilon> > 0\<close> in auto)
+ qed
+
+ have "Cantor_to_01 ` A \<in> sets (restrict_space borel {0..1})" if "A \<in> sets Cantor_space" for A
+ using open_map_preserves_sets'[of pm.mtopology m01'.mtopology Cantor_to_01 A] borel_of_closed[OF closed] \<open>product_topology (\<lambda>_. top_of_set {0, 1}) UNIV = pm.mtopology\<close> \<open>restrict_space borel {0..1} = borel_of m01'.mtopology\<close> inj pm.mtopology_topspace that space_Cantor_space open_map sets_Cantor
+ by auto
+
+ with inj show "inj_on Cantor_to_01 (space Cantor_space)"
+ and"A \<in> sets Cantor_space \<Longrightarrow> Cantor_to_01 ` A \<in> sets (restrict_space borel {0..1})"
+ by simp_all
+
+qed
+
+text \<open> Next, we construct measurable embedding from $[0,1]$ to ${0,1}^{\mathbb{N}}$.\<close>
+definition to_Cantor_from_01 :: "real \<Rightarrow> nat \<Rightarrow> real" where
+"to_Cantor_from_01 \<equiv> (\<lambda>r n. if r = 1 then 1 else real_of_int (\<lfloor>2^(Suc n) * r\<rfloor> mod 2))"
+
+text \<open> @{term to_Cantor_from_01} is a measurable injective embedding into Cantor space.\<close>
+
+lemma to_Cantor_from_01_image': "to_Cantor_from_01 r n \<in> {0,1}"
+ unfolding to_Cantor_from_01_def by auto
+
+lemma to_Cantor_from_01_image'': "0 \<le> to_Cantor_from_01 r n" "to_Cantor_from_01 r n \<le> 1"
+ using to_Cantor_from_01_image'[of r n] by auto
+
+lemma to_Cantor_from_01_image: "to_Cantor_from_01 \<in> {0..1} \<rightarrow> space Cantor_space"
+ using to_Cantor_from_01_image' by(auto simp: space_Cantor_space)
+
+lemma to_Cantor_from_01_measurable:
+ "to_Cantor_from_01 \<in> restrict_space borel {0..1} \<rightarrow>\<^sub>M Cantor_space"
+ unfolding to_Cantor_from_01_def Cantor_space_def
+ by(auto intro!: measurable_restrict_space3 measurable_abs_UNIV)
+
+lemma to_Cantor_from_01_summable[simp]:
+ "summable (\<lambda>n. (1/2)^n * to_Cantor_from_01 r n)"
+proof(rule summable_comparison_test'[where g="\<lambda>n. (1/2)^ n"])
+ show "norm ((1 / 2) ^ n * to_Cantor_from_01 r n) \<le> (1 / 2) ^ n" for n
+ using to_Cantor_from_01_image'[of r n] by auto
+qed simp
+
+lemma to_Cantor_from_sumn':
+ assumes "r \<in> {0..<1}"
+ shows "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> r"
+ and "r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^n"
+ and "to_Cantor_from_01 r n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i)"
+ and "to_Cantor_from_01 r n = 0 \<longleftrightarrow> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^(Suc n)"
+proof -
+ let ?f = "to_Cantor_from_01 r"
+ have f_simp: "?f l = real_of_int (\<lfloor> 2^(Suc l) * r\<rfloor> mod 2)" for l
+ using assms by(simp add: to_Cantor_from_01_def)
+ define S where "S = (\<lambda>n. \<Sum>i<n. (1/2)^(Suc i)*?f i)"
+ have SSuc:"S (Suc k) = S k + (1/2)^(Suc k) * to_Cantor_from_01 r k" for k
+ by(simp add: S_def)
+ have Sfloor: "\<lfloor>2^(Suc m) * (l - S m)\<rfloor> mod 2 = \<lfloor>2^(Suc m) * l\<rfloor> mod 2" for l m
+ proof -
+ have "\<exists>z. 2^(Suc m) * ((1/2)^(Suc k) * ?f k) = 2*real_of_int z" if "k < m" for k
+ proof -
+ have 0:"(2::real) ^ m * (1 / 2) ^ k = 2 * 2^(m-k-1)"
+ using that by (simp add: power_diff_conv_inverse)
+ consider "?f k = 0" | "?f k = 1"
+ using to_Cantor_from_01_image'[of r k] by auto
+ thus ?thesis
+ apply cases using that 0 by auto
+ qed
+ then obtain z where "\<And>k. k < m \<Longrightarrow> 2^(Suc m) * ((1/2)^(Suc k) * ?f k) = 2*real_of_int (z k)"
+ by metis
+ hence Sm: "2^(Suc m) * S m = real_of_int (2 * (\<Sum>k<m. (z k)))"
+ by(auto simp: S_def sum_distrib_left)
+ have "\<lfloor>2^(Suc m) * (l - S m)\<rfloor> mod 2 = \<lfloor>2^(Suc m) * l - 2^(Suc m) * S m\<rfloor> mod 2"
+ by (simp add: right_diff_distrib)
+ also have "... = \<lfloor>2^(Suc m) * l\<rfloor> mod 2"
+ unfolding Sm
+ by(simp only: floor_diff_of_int) presburger
+ finally show ?thesis .
+ qed
+
+ have "S n \<le> r \<and> r - S n < (1/2)^n \<and> (?f n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - S n) \<and> (?f n = 0 \<longleftrightarrow> r - S n < (1/2)^(Suc n))"
+ proof(induction n)
+ case 0
+ then show ?case
+ using assms by(auto simp: S_def to_Cantor_from_01_def) linarith+
+ next
+ case (Suc n)
+ hence ih: "S n \<le> r" "r - S n < (1 / 2) ^ n"
+ "?f n = 1 \<Longrightarrow> (1 / 2) ^ Suc n \<le> r - S n"
+ "?f n = 0 \<Longrightarrow> r - S n < (1 / 2) ^ Suc n"
+ by simp_all
+ have SSuc':"?f n = 0 \<and> S (Suc n) = S n \<or> ?f n = 1 \<and> S (Suc n) = S n + (1/2)^(Suc n)"
+ using to_Cantor_from_01_image'[of r n] by(simp add: SSuc)
+ have goal1:"S (Suc n) \<le> r"
+ using SSuc' ih(1) ih(3) by auto
+ have goal2: "r - S (Suc n) < (1 / 2) ^ Suc n"
+ using SSuc' ih(4) ih(2) by auto
+ have goal3_1: "(1 / 2) ^ Suc (Suc n) \<le> r - S (Suc n)" if "?f (Suc n) = 1"
+ proof(rule ccontr)
+ assume "\<not> (1 / 2) ^ Suc (Suc n) \<le> r - S (Suc n)"
+ then have "r - S (Suc n) < (1 / 2) ^ Suc (Suc n)" by simp
+ hence h:"2 ^ Suc (Suc n) * (r - S (Suc n)) < 1"
+ using mult_less_cancel_left_pos[of "2 ^ Suc (Suc n)" "r - S (Suc n)" "(1 / 2) ^ Suc (Suc n)"]
+ by (simp add: power_one_over)
+ moreover have "0 \<le> 2 ^ Suc (Suc n) * (r - S (Suc n))"
+ using goal1 by simp
+ ultimately have "\<lfloor>2 ^ Suc (Suc n) * (r - S (Suc n))\<rfloor> = 0"
+ by linarith
+ thus False
+ using that[simplified f_simp] Sfloor[of "Suc n" r]
+ by fastforce
+ qed
+ have goal3_2: "?f (Suc n) = 1" if "(1 / 2) ^ Suc (Suc n) \<le> r - S (Suc n)"
+ proof -
+ have "1 \<le> 2 ^ Suc (Suc n) * (r - S (Suc n))"
+ using that[simplified f_simp] mult_le_cancel_left_pos[of "2 ^ Suc (Suc n)" "(1 / 2) ^ Suc (Suc n)" "r - S (Suc n)"]
+ by (simp add: power_one_over)
+ moreover have "2 ^ Suc (Suc n) * (r - S (Suc n)) < 2"
+ using mult_less_cancel_left_pos[of "2 ^ Suc (Suc n)" "r - S (Suc n)" "(1 / 2) ^ Suc n"] goal2
+ by (simp add: power_one_over)
+ ultimately have "\<lfloor>2 ^ Suc (Suc n) * (r - S (Suc n))\<rfloor> = 1"
+ by linarith
+ thus ?thesis
+ using Sfloor[of "Suc n" r] by(auto simp: f_simp)
+ qed
+ have goal4_1: "r - S (Suc n) < (1 / 2) ^ Suc (Suc n)" if "?f (Suc n) = 0"
+ proof(rule ccontr)
+ assume "\<not> r - S (Suc n) < (1 / 2) ^ Suc (Suc n)"
+ then have "(1 / 2) ^ Suc (Suc n) \<le> r - S (Suc n)" by simp
+ hence "1 \<le> 2 ^ Suc (Suc n) * (r - S (Suc n))"
+ using mult_le_cancel_left_pos[of "2 ^ Suc (Suc n)" "(1 / 2) ^ Suc (Suc n)" "r - S (Suc n)"]
+ by (simp add: power_one_over)
+ moreover have "2 ^ Suc (Suc n) * (r - S (Suc n)) < 2"
+ using mult_less_cancel_left_pos[of "2 ^ Suc (Suc n)" "r - S (Suc n)" "(1 / 2) ^ Suc n"] goal2
+ by (simp add: power_one_over)
+ ultimately have "\<lfloor>2 ^ Suc (Suc n) * (r - S (Suc n))\<rfloor> = 1"
+ by linarith
+ thus False
+ using that Sfloor[of "Suc n" r] by(auto simp: f_simp)
+ qed
+ have goal4_2: "?f (Suc n) = 0" if "r - S (Suc n) < (1 / 2) ^ Suc (Suc n)"
+ proof -
+ have h:"2 ^ Suc (Suc n) * (r - S (Suc n)) < 1"
+ using mult_less_cancel_left_pos[of "2 ^ Suc (Suc n)" "r - S (Suc n)" "(1 / 2) ^ Suc (Suc n)"] that
+ by (simp add: power_one_over)
+ moreover have "0 \<le> 2 ^ Suc (Suc n) * (r - S (Suc n))"
+ using goal1 by simp
+ ultimately have "\<lfloor>2 ^ Suc (Suc n) * (r - S (Suc n))\<rfloor> = 0"
+ by linarith
+ thus ?thesis
+ using Sfloor[of "Suc n" r] by(auto simp: f_simp)
+ qed
+ show ?case
+ using goal1 goal2 goal3_1 goal3_2 goal4_1 goal4_2 by blast
+ qed
+ thus "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> r"
+ and "r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^n"
+ and "to_Cantor_from_01 r n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i)"
+ and "to_Cantor_from_01 r n = 0 \<longleftrightarrow> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^(Suc n)"
+ by(simp_all add: S_def)
+qed
+
+
+lemma to_Cantor_from_sumn:
+ assumes "r \<in> {0..1}"
+ shows "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> r"
+ and "r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> (1/2)^n"
+ and "to_Cantor_from_01 r n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i)"
+ and "to_Cantor_from_01 r n = 0 \<longleftrightarrow> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^(Suc n)"
+proof -
+ have nsum:"(\<Sum>i<n. (1/2)^(Suc i)) = 1 - (1 / (2::real)) ^ n"
+ using one_diff_power_eq[of "1/(2::real)" n] by(auto simp: sum_divide_distrib[symmetric])
+
+ consider "r = 1" | "r \<in>{0..<1}" using assms by fastforce
+ hence "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> r \<and> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> (1/2)^n \<and> (to_Cantor_from_01 r n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i)) \<and> (to_Cantor_from_01 r n = 0 \<longleftrightarrow> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^(Suc n))"
+ proof cases
+ case 1
+ then show ?thesis
+ using nsum by(auto simp: to_Cantor_from_01_def)
+ next
+ case 2
+ from to_Cantor_from_sumn'[OF this,of n]
+ show ?thesis
+ by auto
+ qed
+ thus "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> r"
+ and "r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) \<le> (1/2)^n"
+ and "to_Cantor_from_01 r n = 1 \<longleftrightarrow> (1/2)^(Suc n) \<le> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i)"
+ and "to_Cantor_from_01 r n = 0 \<longleftrightarrow> r - (\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) < (1/2)^(Suc n)"
+ by simp_all
+qed
+
+lemma to_Cantor_from_sum:
+ assumes "r \<in> {0..1}"
+ shows "(\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n) = r"
+proof -
+ have 1:"r \<le> (\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n)"
+ proof -
+ have 0:"r \<le> (1 / 2) ^ n + (\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n)" for n
+ proof -
+ have "r \<le> (1 / 2) ^ n + (\<Sum>i<n. (1 / 2) ^ Suc i * to_Cantor_from_01 r i)"
+ using to_Cantor_from_sumn(2)[OF assms,of n] by auto
+ also have "... \<le> (1 / 2) ^ n + (\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n)"
+ using to_Cantor_from_01_image''[of r] by(auto intro!: sum_le_suminf)
+ finally show ?thesis .
+ qed
+ have 00:"\<exists>no. \<forall>n\<ge>no. (1 / 2) ^ n < r" if "r>0" for r :: real
+ proof -
+ obtain n0 where "(1 / 2) ^ n0 < r"
+ using reals_power_lt_ex[of _ "2 :: real",OF \<open>r>0\<close>] by auto
+ thus ?thesis
+ using order.strict_trans1[OF power_decreasing[of n0 _ "1/2::real"]]
+ by(auto intro!: exI[where x=n0])
+ qed
+ show ?thesis
+ apply(rule Lim_bounded2[where f="\<lambda>n. (1 / 2) ^ n + (\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n)" and N=0])
+ using 0 00 by(auto simp: LIMSEQ_iff)
+ qed
+ have 2:"(\<Sum>n. (1/2)^(Suc n)*to_Cantor_from_01 r n) \<le> r"
+ using to_Cantor_from_sumn[OF assms] by(auto intro!: suminf_le_const)
+ show ?thesis
+ using 1 2 by simp
+qed
+
+lemma to_Cantor_from_sum':
+ assumes "r \<in> {0..1}"
+ shows "(\<Sum>i<n. (1/2)^(Suc i)*to_Cantor_from_01 r i) = r - (\<Sum>m. (1/2)^(Suc (m + n))*to_Cantor_from_01 r (m + n))"
+ using suminf_minus_initial_segment[of "\<lambda>n. (1 / 2) ^ Suc n * to_Cantor_from_01 r n" n] to_Cantor_from_sum[OF assms]
+ by auto
+
+lemma to_Cantor_from_01_exist0:
+ assumes "r \<in> {0..<1}"
+ shows "\<forall>n.\<exists>k\<ge>n. to_Cantor_from_01 r k = 0"
+proof(rule ccontr)
+ assume "\<not> (\<forall>n.\<exists>k\<ge>n. to_Cantor_from_01 r k = 0)"
+ then obtain n0 where hn0:
+ "\<And>k. k \<ge> n0 \<Longrightarrow> to_Cantor_from_01 r k = 1"
+ using to_Cantor_from_01_image'[of r] by auto
+ define n where "n = Min {i. i \<le> n0 \<and> (\<forall>k\<ge>i. to_Cantor_from_01 r k = 1)}"
+ have n0in: "n0 \<in> {i. i \<le> n0 \<and> (\<forall>k\<ge>i. to_Cantor_from_01 r k = 1)}"
+ using hn0 by auto
+ have hn:"n \<le> n0" "\<And>k. k \<ge> n \<Longrightarrow> to_Cantor_from_01 r k = 1"
+ using n0in Min_in[of "{i. i \<le> n0 \<and> (\<forall>k\<ge>i. to_Cantor_from_01 r k = 1)}"]
+ by(auto simp: n_def)
+ show False
+ proof(cases n)
+ case 0
+ then have "r = (\<Sum>n. (1 / 2) ^ Suc n)"
+ using to_Cantor_from_sum[of r] assms hn(2) by simp
+ also have "... = 1"
+ using nsum_of_r'[of "1/2" 1 1] by auto
+ finally show ?thesis
+ using assms by auto
+ next
+ case eqn:(Suc n')
+ have "to_Cantor_from_01 r n' = 0"
+ proof(rule ccontr)
+ assume "to_Cantor_from_01 r n' \<noteq> 0"
+ then have "to_Cantor_from_01 r n' = 1"
+ using to_Cantor_from_01_image'[of r n'] by auto
+ hence "n' \<in> {i. i \<le> n0 \<and> (\<forall>k\<ge>i. to_Cantor_from_01 r k = 1)}"
+ using hn eqn not_less_eq_eq order_antisym_conv by fastforce
+ hence "n \<le> n'"
+ using Min.coboundedI[of "{i. i \<le> n0 \<and> (\<forall>k\<ge>i. to_Cantor_from_01 r k = 1)}" n']
+ by(simp add: n_def)
+ thus False
+ using eqn by simp
+ qed
+ hence le1:"r - (\<Sum>i<n'. (1 / 2) ^ Suc i * to_Cantor_from_01 r i) < (1 / 2) ^ n"
+ using to_Cantor_from_sumn'(4)[OF assms,of n'] by (simp add: eqn)
+ have "r - (\<Sum>i<n'. (1 / 2) ^ Suc i * to_Cantor_from_01 r i) = (1 / 2) ^ n"
+ (is "?lhs = _")
+ proof -
+ have "?lhs = (\<Sum>m. (1/2)^(m + Suc n')*to_Cantor_from_01 r (m + n'))"
+ using to_Cantor_from_sum'[of r n'] assms by simp
+ also have "... = (\<Sum>m. (1/2)^(m + Suc n)*to_Cantor_from_01 r (m + n))"
+ proof -
+ have "(\<Sum>n. (1 / 2) ^ (Suc n + Suc n') * to_Cantor_from_01 r (Suc n + n')) = (\<Sum>m. (1 / 2) ^ (m + Suc n') * to_Cantor_from_01 r (m + n')) - (1 / 2) ^ (0 + Suc n') * to_Cantor_from_01 r (0 + n')"
+ by(rule suminf_split_head) (auto intro!: summable_ignore_initial_segment)
+ thus ?thesis
+ using \<open>to_Cantor_from_01 r n' = 0\<close> by(simp add: eqn)
+ qed
+ also have "... = (\<Sum>m. (1/2)^(m + Suc n))"
+ using hn by simp
+ also have "... = (1 / 2) ^ n"
+ using nsum_of_r'[of "1/2" "Suc n" 1,simplified] by simp
+ finally show ?thesis .
+ qed
+ with le1 show False
+ by simp
+ qed
+qed
+
+lemma to_Cantor_from_01_if_exist0:
+ assumes "\<And>n. a n \<in> {0,1}" "\<forall>n.\<exists>k\<ge>n. a k = 0"
+ shows "to_Cantor_from_01 (\<Sum>n. (1 / 2) ^ Suc n * a n) = a"
+proof
+ fix n
+ have [simp]: "summable (\<lambda>n. (1 / 2) ^ n * a n)"
+ proof(rule summable_comparison_test'[where g="\<lambda>n. (1/2)^ n"])
+ show "norm ((1 / 2) ^ n * a n) \<le> (1 / 2) ^ n" for n
+ using assms(1)[of n] by auto
+ qed simp
+ let ?r = "\<Sum>n. (1 / 2) ^ Suc n * a n"
+ have "?r \<in> {0..1}"
+ using assms(1) space_Cantor_space_01[of a,simplified space_Cantor_space] nsum_of_r_leq[of "1/2" a 1 1 0]
+ by auto
+ show "to_Cantor_from_01 ?r n = a n"
+ proof(rule less_induct)
+ fix x
+ assume ih:"y < x \<Longrightarrow> to_Cantor_from_01 ?r y = a y" for y
+ have eq1:"?r - (\<Sum>i<x. (1/2)^(Suc i)*to_Cantor_from_01 ?r i) = (\<Sum>n. (1/2)^(Suc (n + x))* a (n + x))"
+ (is "?lhs = ?rhs")
+ proof -
+ have "?lhs = (\<Sum>n. (1 / 2) ^ Suc (n + x) * a (n + x)) + (\<Sum>i<x. (1/2)^(Suc i)* a i) - (\<Sum>i<x. (1/2)^(Suc i)*to_Cantor_from_01 ?r i)"
+ using suminf_split_initial_segment[of "\<lambda>n. (1 / 2) ^ (Suc n) * a n" x] by simp
+ also have "... = (\<Sum>n. (1 / 2) ^ Suc (n + x) * a (n + x)) + (\<Sum>i<x. (1/2)^(Suc i)* a i) - (\<Sum>i<x. (1/2)^(Suc i)*a i)"
+ using ih by simp
+ finally show ?thesis by simp
+ qed
+ define Sn where "Sn = (\<Sum>n. (1/2)^(Suc (n + x))* a (n + x))"
+ define Sn' where "Sn' = (\<Sum>n. (1/2)^(Suc (n + (Suc x)))* a (n + (Suc x)))"
+ have SnSn':"Sn = (1/2)^(Suc x) * a x + Sn'"
+ using suminf_split_head[of "\<lambda>n. (1/2)^(Suc (n + x))* a (n + x)",OF summable_ignore_initial_segment]
+ by(auto simp: Sn_def Sn'_def)
+ have hsn:"0 \<le> Sn'" "Sn' < (1/2)^(Suc x)"
+ proof -
+ show "0 \<le> Sn'"
+ unfolding Sn'_def
+ apply(rule suminf_nonneg,rule summable_ignore_initial_segment)
+ using assms(1) space_Cantor_space_01[of a,simplified space_Cantor_space]
+ by fastforce+
+ next
+ have "\<exists>n'\<ge>Suc x. a n' < 1"
+ using assms by fastforce
+ thus "Sn' < (1/2)^(Suc x)"
+ using nsum_of_r_le[of "1/2" a 1 "Suc x" "Suc (Suc x)"] assms(1) space_Cantor_space_01[of a,simplified space_Cantor_space]
+ by(auto simp: Sn'_def)
+ qed
+ have goal1: "to_Cantor_from_01 ?r x = 1 \<longleftrightarrow> a x = 1"
+ proof -
+ have "to_Cantor_from_01 ?r x = 1 \<longleftrightarrow> (1 / 2) ^ Suc x \<le> Sn"
+ using to_Cantor_from_sumn(3)[OF \<open>?r \<in> {0..1}\<close>] eq1
+ by(fastforce simp: Sn_def)
+ also have "... \<longleftrightarrow> (1 / 2) ^ Suc x \<le> (1/2)^(Suc x) * a x + Sn'"
+ by(simp add: SnSn')
+ also have "... \<longleftrightarrow> a x = 1"
+ proof -
+ have "a x = 1" if "(1 / 2) ^ Suc x \<le> (1/2)^(Suc x) * a x + Sn'"
+ proof(rule ccontr)
+ assume "a x \<noteq> 1"
+ then have "a x = 0"
+ using assms(1) by auto
+ hence "(1 / 2) ^ Suc x \<le> Sn'"
+ using that by simp
+ thus False
+ using hsn by auto
+ qed
+ thus ?thesis
+ by(auto simp: hsn)
+ qed
+ finally show ?thesis .
+ qed
+ have goal2: "to_Cantor_from_01 ?r x = 0 \<longleftrightarrow> a x = 0"
+ proof -
+ have "to_Cantor_from_01 ?r x = 0 \<longleftrightarrow> Sn < (1 / 2) ^ Suc x"
+ using to_Cantor_from_sumn(4)[OF \<open>?r \<in> {0..1}\<close>] eq1
+ by(fastforce simp: Sn_def)
+ also have "... \<longleftrightarrow> (1/2)^(Suc x) * a x + Sn' < (1 / 2) ^ Suc x"
+ by(simp add: SnSn')
+ also have "... \<longleftrightarrow> a x = 0"
+ proof -
+ have "a x = 0" if "(1/2)^(Suc x) * a x + Sn' < (1 / 2) ^ Suc x"
+ proof(rule ccontr)
+ assume "a x \<noteq> 0"
+ then have "a x = 1"
+ using assms(1) by auto
+ thus False
+ using that hsn by auto
+ qed
+ thus ?thesis
+ using hsn by auto
+ qed
+ finally show ?thesis .
+ qed
+ show "to_Cantor_from_01 ?r x = a x"
+ using goal1 goal2 to_Cantor_from_01_image'[of ?r x] by auto
+ qed
+qed
+
+lemma to_Cantor_from_01_sum_of_to_Cantor_from_01:
+ assumes "r \<in> {0..1}"
+ shows "to_Cantor_from_01 (\<Sum>n. (1 / 2) ^ Suc n * to_Cantor_from_01 r n) = to_Cantor_from_01 r"
+proof -
+ consider "r = 1" | "r \<in> {0..<1}"
+ using assms by fastforce
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ using nsum_of_r'[of "1/2" 1 1]
+ by(auto simp: to_Cantor_from_01_def)
+ next
+ case 2
+ from to_Cantor_from_01_if_exist0[OF to_Cantor_from_01_image' to_Cantor_from_01_exist0[OF this]]
+ show ?thesis .
+ qed
+qed
+
+lemma to_Cantor_from_01_inj: "inj_on to_Cantor_from_01 (space (restrict_space borel {0..1}))"
+proof
+ fix x y :: real
+ assume "x \<in> space (restrict_space borel {0..1})" "y \<in> space (restrict_space borel {0..1})"
+ and h:"to_Cantor_from_01 x = to_Cantor_from_01 y"
+ then have xyin:"x \<in> {0..1}" "y \<in> {0..1}"
+ by simp_all
+ show "x = y"
+ using to_Cantor_from_sum[OF xyin(1)] to_Cantor_from_sum[OF xyin(2)] h
+ by simp
+qed
+
+lemma to_Cantor_from_01_preserves_sets:
+ assumes "A \<in> sets (restrict_space borel {0..1})"
+ shows "to_Cantor_from_01 ` A \<in> sets Cantor_space"
+proof -
+ define f :: "(nat \<Rightarrow> real) \<Rightarrow> real" where "f \<equiv> (\<lambda>x. \<Sum>n. (1/2)^(Suc n)* x n)"
+ have f_meas:"f \<in> Cantor_space \<rightarrow>\<^sub>M restrict_space borel {0..1}"
+ proof -
+ have "f \<in> borel_measurable Cantor_space"
+ unfolding Cantor_to_01_def f_def
+ proof(rule borel_measurable_suminf)
+ fix n
+ have "(\<lambda>x. x n) \<in> Cantor_space \<rightarrow>\<^sub>M restrict_space borel {0, 1}"
+ by(simp add: Cantor_space_def)
+ hence "(\<lambda>x. x n) \<in> borel_measurable Cantor_space"
+ by(simp add: measurable_restrict_space2_iff)
+ thus "(\<lambda>x. (1 / 2) ^ Suc n * x n) \<in> borel_measurable Cantor_space"
+ by simp
+ qed
+ moreover have "0 \<le> f x" "f x \<le> 1" if "x \<in> space Cantor_space" for x
+ proof -
+ have [simp]:"summable (\<lambda>n. (1/2)^n* x n)"
+ proof(rule summable_comparison_test'[where g="\<lambda>n. (1/2)^ n"])
+ show "norm ((1 / 2) ^ n * x n) \<le> (1 / 2) ^ n" for n
+ using that by simp
+ qed simp
+ show "0 \<le> f x"
+ using that by(auto intro!: suminf_nonneg simp: f_def)
+ show "f x \<le> 1"
+ proof -
+ have "f x \<le> (\<Sum>n. (1/2)^(Suc n))"
+ using that by(auto intro!: suminf_le simp: f_def)
+ also have "... = 1"
+ using nsum_of_r'[of "1/2" 1 1] by simp
+ finally show ?thesis .
+ qed
+ qed
+ ultimately show ?thesis
+ by(auto intro!: measurable_restrict_space2)
+ qed
+ have image_sets:"to_Cantor_from_01 ` (space (restrict_space borel {0..1})) \<in> sets Cantor_space"
+ (is "?A \<in> _")
+ proof -
+ have "?A \<subseteq> space Cantor_space"
+ using to_Cantor_from_01_image by auto
+ have comple_sets:"(\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A \<in> sets Cantor_space"
+ proof -
+ have eq1:"?A = {\<lambda>n. 1} \<union> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)}"
+ proof
+ show "?A \<subseteq> {\<lambda>n. 1} \<union> {x. (\<forall>n. x n \<in> {0, 1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)}"
+ proof
+ fix x
+ assume "x \<in> ?A"
+ then obtain r where hr:"r \<in> {0..1}" "x = to_Cantor_from_01 r"
+ by auto
+ then consider "r = 1" | "r \<in> {0..<1}" by fastforce
+ thus "x \<in> {\<lambda>n. 1} \<union> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)}"
+ proof cases
+ case 1
+ then show ?thesis
+ by(simp add: hr(2) to_Cantor_from_01_def)
+ next
+ case 2
+ from to_Cantor_from_01_exist0[OF this] to_Cantor_from_01_image'
+ show ?thesis by(auto simp: hr(2))
+ qed
+ qed
+ next
+ show "{\<lambda>n. 1} \<union> {x. (\<forall>n. x n \<in> {0, 1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)} \<subseteq> ?A"
+ proof
+ fix x :: "nat \<Rightarrow> real"
+ assume "x \<in> {\<lambda>n. 1} \<union> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)}"
+ then consider "x = (\<lambda>n. 1)" | "(\<forall>n. x n \<in> {0,1}) \<and> (\<forall>n. \<exists>k\<ge>n. x k = 0)"
+ by auto
+ thus "x \<in> ?A"
+ proof cases
+ case 1
+ then show ?thesis
+ by(auto intro!: image_eqI[where x=1] simp: to_Cantor_from_01_def)
+ next
+ case 2
+ hence "\<And>n. 0 \<le> x n" "\<And>n. x n \<le> 1"
+ by (metis dual_order.refl empty_iff insert_iff zero_less_one_class.zero_le_one)+
+ with 2 to_Cantor_from_01_if_exist0[of x] nsum_of_r_leq[of "1/2" x 1 1 0]
+ show ?thesis
+ by(auto intro!: image_eqI[where x="\<Sum>n. (1 / 2) ^ Suc n * x n"])
+ qed
+ qed
+ qed
+ have "(\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A = {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<exists>n. \<forall>k\<ge>n. x k = 1)} - {\<lambda>n. 1}"
+ proof
+ show "(\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A \<subseteq> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<exists>n. \<forall>k\<ge>n. x k = 1)} - {\<lambda>n. 1}"
+ proof
+ fix x :: "nat \<Rightarrow> real"
+ assume "x \<in> (\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A"
+ then have "\<forall>n. x n \<in> {0,1}" "\<not> (\<forall>n. \<exists>k\<ge>n. x k = 0)" "x \<noteq> (\<lambda>n. 1)"
+ using eq1 by blast+
+ thus "x \<in> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<exists>n. \<forall>k\<ge>n. x k = 1)} - {\<lambda>n. 1}"
+ by blast
+ qed
+ next
+ show "(\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A \<supseteq> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<exists>n. \<forall>k\<ge>n. x k = 1)} - {\<lambda>n. 1}"
+ proof
+ fix x :: "nat \<Rightarrow> real"
+ assume h:"x \<in> {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<exists>n. \<forall>k\<ge>n. x k = 1)} - {\<lambda>n. 1}"
+ then have "\<forall>n. x n \<in> {0,1}" "\<exists>n. \<forall>k\<ge>n. x k = 1" "x \<noteq> (\<lambda>n. 1)"
+ by blast+
+ hence "\<not> (\<forall>n. \<exists>k\<ge>n. x k = 0)"
+ by fastforce
+ with \<open>\<forall>n. x n \<in> {0,1}\<close> \<open>x \<noteq> (\<lambda>n. 1)\<close>
+ show "x \<in> (\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A"
+ using eq1 by blast
+ qed
+ qed
+ also have "... = (\<Union> ((\<lambda>n. {x. (\<forall>n. x n \<in> {0,1}) \<and> (\<forall>k\<ge>n. x k = 1)}) ` UNIV)) - {\<lambda>n. 1}"
+ by blast
+ also have "... \<in> sets Cantor_space" (is "?B \<in> _")
+ proof -
+ have "countable ?B"
+ proof -
+ have "countable {x :: nat \<Rightarrow> real. (\<forall>n. x n = 0 \<or> x n = 1) \<and> (\<forall>k\<ge>m. x k = 1)}" for m :: nat
+ proof -
+ let ?C = "{x::nat \<Rightarrow> real. (\<forall>n. x n = 0 \<or> x n = 1) \<and> (\<forall>k\<ge>m. x k = 1)}"
+ define g where "g = (\<lambda>(x::nat \<Rightarrow> real) n. if n < m then x n else undefined)"
+ have 1:"g ` ?C = (\<Pi>\<^sub>E i \<in>{..<m}. {0,1})"
+ proof(standard; standard)
+ fix x
+ assume "x \<in> g ` ?C"
+ then show "x \<in> (\<Pi>\<^sub>E i \<in>{..<m}. {0,1})"
+ by(auto simp: g_def PiE_def extensional_def)
+ next
+ fix x
+ assume h:"x \<in> (\<Pi>\<^sub>E i \<in>{..<m}. {0,1::real})"
+ then have "x = g (\<lambda>n. if n < m then x n else 1)"
+ by(auto simp add: g_def PiE_def extensional_def)
+ moreover have "(\<lambda>n. if n < m then x n else 1) \<in> ?C"
+ using h by auto
+ ultimately show "x \<in> g ` ?C"
+ by auto
+ qed
+ have 2:"inj_on g ?C"
+ proof
+ fix x y
+ assume hxyg:"x \<in> ?C" "y : ?C" "g x = g y"
+ show "x = y"
+ proof
+ fix n
+ consider "n < m" | "m \<le> n" by fastforce
+ thus "x n = y n"
+ proof cases
+ case 1
+ then show ?thesis
+ using fun_cong[OF hxyg(3),of n] by(simp add: g_def)
+ next
+ case 2
+ then show ?thesis
+ using hxyg(1,2) by auto
+ qed
+ qed
+ qed
+ show "countable {x::nat \<Rightarrow> real. (\<forall>n. x n = 0 \<or> x n = 1) \<and> (\<forall>k\<ge>m. x k = 1)}"
+ by(rule countable_image_inj_on[OF _ 2]) (auto intro!: countable_PiE simp: 1)
+ qed
+ thus ?thesis
+ by auto
+ qed
+ moreover have "?B \<subseteq> space Cantor_space"
+ by(auto simp: space_Cantor_space)
+ ultimately show ?thesis
+ using Cantor_space_standard_ne by(simp add: standard_borel.countable_sets standard_borel_ne_def)
+ qed
+ finally show ?thesis .
+ qed
+ moreover have "space Cantor_space - ((\<Pi>\<^sub>E i\<in> UNIV. {0,1}) - ?A) = ?A"
+ using \<open>?A \<subseteq> space Cantor_space\<close> space_Cantor_space by blast
+ ultimately show ?thesis
+ using sets.compl_sets[OF comple_sets] by auto
+ qed
+ have "to_Cantor_from_01 ` A = f -` A \<inter> to_Cantor_from_01 ` (space (restrict_space borel {0..1}))"
+ proof
+ show "to_Cantor_from_01 ` A \<subseteq> f -` A \<inter> to_Cantor_from_01 ` space (restrict_space borel {0..1})"
+ proof
+ fix x
+ assume "x \<in> to_Cantor_from_01 ` A"
+ then obtain a where ha:"a \<in> A" "x = to_Cantor_from_01 a" by auto
+ hence "a \<in> {0..1}"
+ using sets.sets_into_space[OF assms] by auto
+ have "f x = a"
+ using to_Cantor_from_sum[OF \<open>a \<in> {0..1}\<close>] by(simp add: f_def ha(2))
+ thus " x \<in> f -` A \<inter> to_Cantor_from_01 ` space (restrict_space borel {0..1})"
+ using sets.sets_into_space[OF assms] ha by auto
+ qed
+ next
+ show "to_Cantor_from_01 ` A \<supseteq> f -` A \<inter> to_Cantor_from_01 ` space (restrict_space borel {0..1})"
+ proof
+ fix x
+ assume h:"x \<in> f -` A \<inter> to_Cantor_from_01 ` space (restrict_space borel {0..1})"
+ then obtain r where "r \<in> {0..1}" "x = to_Cantor_from_01 r"
+ by auto
+ from h have "f x \<in> A"
+ by simp
+ hence "to_Cantor_from_01 (f x) = x"
+ using to_Cantor_from_01_sum_of_to_Cantor_from_01[OF \<open>r \<in> {0..1}\<close>]
+ by(simp add: f_def \<open>x = to_Cantor_from_01 r\<close>)
+ with \<open>f x \<in> A\<close>
+ show "x \<in> to_Cantor_from_01 ` A"
+ by (simp add: rev_image_eqI)
+ qed
+ qed
+ also have "... \<in> sets Cantor_space"
+ proof -
+ have " f -` A \<inter> space Cantor_space \<inter> to_Cantor_from_01 ` space (restrict_space borel {0..1}) = f -` A \<inter> to_Cantor_from_01 ` (space (restrict_space borel {0..1}))"
+ using to_Cantor_from_01_image sets.sets_into_space[OF assms,simplified] by auto
+ thus ?thesis
+ using sets.Int[OF measurable_sets[OF f_meas assms] image_sets]
+ by fastforce
+ qed
+ finally show ?thesis .
+qed
+
+lemma Cantor_space_isomorphic_to_01closed:
+ "Cantor_space measurable_isomorphic (restrict_space borel {0..1::real})"
+ using Schroeder_Bernstein_measurable[OF Cantor_to_01_measurable Cantor_to_01_preserves_sets Cantor_to_01_inj to_Cantor_from_01_measurable to_Cantor_from_01_preserves_sets to_Cantor_from_01_inj]
+ by(simp add: measurable_isomorphic_def)
+
+lemma Cantor_space_isomorphic_to_Hilbert_cube:
+ "Cantor_space measurable_isomorphic Hilbert_cube"
+proof -
+ have 1:"Cantor_space measurable_isomorphic (\<Pi>\<^sub>M (i::nat,j::nat)\<in> UNIV \<times> UNIV. restrict_space borel {0,1::real})"
+ unfolding Cantor_space_def
+ by(auto intro!: measurable_isomorphic_sym[OF countable_infinite_isomorphisc_to_nat_index] simp: split_beta' finite_prod)
+ have 2:"(\<Pi>\<^sub>M (i::nat,j::nat)\<in> UNIV \<times> UNIV. restrict_space borel {0,1::real}) measurable_isomorphic (\<Pi>\<^sub>M (i::nat)\<in> UNIV. Cantor_space)"
+ unfolding Cantor_space_def by(rule measurable_isomorphic_sym[OF PiM_PiM_isomorphic_to_PiM])
+ have 3:"(\<Pi>\<^sub>M (i::nat)\<in> UNIV. Cantor_space) measurable_isomorphic Hilbert_cube"
+ unfolding Hilbert_cube_def by(rule measurable_isomorphic_lift_product[OF Cantor_space_isomorphic_to_01closed])
+ show ?thesis
+ by(rule measurable_isomorphic_trans[OF measurable_isomorphic_trans[OF 1 2] 3])
+qed
+
+lemma(in standard_borel) embedding_into_Hilbert_cube:
+ "\<exists>A \<in> sets Hilbert_cube. M measurable_isomorphic (restrict_space Hilbert_cube A)"
+proof -
+ obtain S where S:"polish_topology S" "sets (borel_of S) = sets M"
+ using polish_topology by blast
+ obtain A where A:"g_delta_of Hilbert_cube_as_topology A" "S homeomorphic_space subtopology Hilbert_cube_as_topology A"
+ using polish_topology.embedding_into_Hilbert_cube_g_delta_of[OF S(1)] by blast
+ show ?thesis
+ using borel_of_g_delta_of[OF A(1)] homeomorphic_space_measurable_isomorphic[OF A(2)] measurable_isomorphic_sets_cong[OF S(2),of "borel_of (subtopology Hilbert_cube_as_topology A)" "restrict_space Hilbert_cube A"] Hilbert_cube_borel sets_restrict_space_cong[OF Hilbert_cube_borel]
+ by(auto intro!: bexI[where x=A] simp: borel_of_subtopology)
+qed
+
+lemma(in standard_borel) uncountable_contains_Cantor_space:
+ assumes "uncountable (space M)"
+ shows "\<exists>A \<in> sets M. Cantor_space measurable_isomorphic (restrict_space M A)"
+proof -
+ obtain S where S:"polish_topology S" "sets (borel_of S) = sets M"
+ using polish_topology by blast
+ then obtain A where A:"g_delta_of S A" "Cantor_space_as_topology homeomorphic_space subtopology S A"
+ using polish_topology.uncountable_contains_Cantor_space[of S] assms sets_eq_imp_space_eq[OF S(2)]
+ by(auto simp: space_borel_of)
+ show ?thesis
+ using borel_of_g_delta_of[OF A(1)] S(2) homeomorphic_space_measurable_isomorphic[OF A(2)] measurable_isomorphic_sets_cong[OF Cantor_space_borel restrict_space_sets_cong[OF refl S(2)],of A]
+ by(auto intro!: bexI[where x=A] simp: borel_of_subtopology)
+qed
+
+lemma(in standard_borel) uncountable_isomorphic_to_Hilbert_cube:
+ assumes "uncountable (space M)"
+ shows "Hilbert_cube measurable_isomorphic M"
+proof -
+ obtain A B where AB:
+ "M measurable_isomorphic (restrict_space Hilbert_cube A)" "Cantor_space measurable_isomorphic (restrict_space M B)"
+ "A \<in> sets Hilbert_cube""B \<in> sets M"
+ using embedding_into_Hilbert_cube uncountable_contains_Cantor_space[OF assms] by auto
+ show ?thesis
+ by(rule measurable_isomorphic_antisym[OF AB measurable_isomorphic_sym[OF Cantor_space_isomorphic_to_Hilbert_cube]])
+qed
+
+lemma(in standard_borel) uncountable_isomorphic_to_real:
+ assumes "uncountable (space M)"
+ shows "M measurable_isomorphic (borel :: real measure)"
+proof -
+ interpret r: standard_borel_ne "borel :: real measure"
+ by simp
+ show ?thesis
+ by(auto intro!: measurable_isomorphic_trans[OF measurable_isomorphic_sym[OF uncountable_isomorphic_to_Hilbert_cube[OF assms]] r.uncountable_isomorphic_to_Hilbert_cube] simp: uncountable_UNIV_real)
+qed
+
+definition to_real_on :: "'a measure \<Rightarrow> 'a \<Rightarrow> real" where
+"to_real_on M \<equiv> (if uncountable (space M) then (SOME f. measurable_isomorphic_map M (borel :: real measure) f) else (real \<circ> to_nat_on (space M)))"
+
+definition from_real_into :: "'a measure \<Rightarrow> real \<Rightarrow> 'a" where
+"from_real_into M \<equiv> (if uncountable (space M) then the_inv_into (space M) (to_real_on M) else (\<lambda>r. from_nat_into (space M) (nat \<lfloor>r\<rfloor>)))"
+
+context standard_borel
+begin
+
+abbreviation "to_real \<equiv> to_real_on M"
+abbreviation "from_real \<equiv> from_real_into M"
+
+lemma to_real_def_countable:
+ assumes "countable (space M)"
+ shows "to_real = (\<lambda>r. real (to_nat_on (space M) r))"
+ using assms by(auto simp: to_real_on_def)
+
+lemma from_real_def_countable:
+ assumes "countable (space M)"
+ shows "from_real = (\<lambda>r. from_nat_into (space M) (nat \<lfloor>r\<rfloor>))"
+ using assms by(simp add: from_real_into_def)
+
+lemma from_real_to_real[simp]:
+ assumes "x \<in> space M"
+ shows "from_real (to_real x) = x"
+proof -
+ have [simp]: "space M \<noteq> {}"
+ using assms by auto
+ consider "countable (space M)" | "uncountable (space M)" by auto
+ then show ?thesis
+ proof cases
+ case 1
+ then show ?thesis
+ by(simp add: to_real_def_countable from_real_def_countable assms)
+ next
+ case 2
+ then obtain f where f: "measurable_isomorphic_map M (borel :: real measure) f"
+ using uncountable_isomorphic_to_real by(auto simp: measurable_isomorphic_def)
+ have 1:"to_real = Eps (measurable_isomorphic_map M borel)" "from_real = the_inv_into (space M) (Eps (measurable_isomorphic_map M borel))"
+ by(simp_all add: to_real_on_def 2 from_real_into_def)
+ show ?thesis
+ unfolding 1
+ by(rule someI2[of "measurable_isomorphic_map M (borel :: real measure)" f,OF f])
+ (meson assms bij_betw_imp_inj_on measurable_isomorphic_map_def the_inv_into_f_f)
+ qed
+qed
+
+lemma to_real_measurable[measurable]:
+ "to_real \<in> M \<rightarrow>\<^sub>M borel"
+proof(cases "countable (space M)")
+ case 1:True
+ then have "sets M = Pow (space M)"
+ by(rule countable_discrete_space)
+ then show ?thesis
+ by(simp add: to_real_def_countable 1 borel_measurableI_le)
+next
+ case 1:False
+ then obtain f where f: "measurable_isomorphic_map M (borel :: real measure) f"
+ using uncountable_isomorphic_to_real by(auto simp: measurable_isomorphic_def)
+ have 2:"to_real = Eps (measurable_isomorphic_map M borel)"
+ by(simp add: to_real_on_def 1 from_real_into_def)
+ show ?thesis
+ unfolding 2
+ by(rule someI2[of "measurable_isomorphic_map M (borel :: real measure)" f,OF f],simp add: measurable_isomorphic_map_def)
+qed
+
+lemma from_real_measurable':
+ assumes "space M \<noteq> {}"
+ shows "from_real \<in> borel \<rightarrow>\<^sub>M M"
+proof(cases "countable (space M)")
+ case 1:True
+ then have 2:"sets M = Pow (space M)"
+ by(rule countable_discrete_space)
+ have [measurable]:"from_nat_into (space M) \<in> count_space UNIV \<rightarrow>\<^sub>M M"
+ using from_nat_into[OF assms] by auto
+ show ?thesis
+ by(simp add: from_real_def_countable 1 borel_measurableI_le)
+next
+ case 2:False
+ then obtain f where f: "measurable_isomorphic_map M (borel :: real measure) f"
+ using uncountable_isomorphic_to_real by(auto simp: measurable_isomorphic_def)
+ have 1: "from_real = the_inv_into (space M) (Eps (measurable_isomorphic_map M borel))"
+ by(simp add: to_real_on_def 2 from_real_into_def)
+ show ?thesis
+ unfolding 1
+ by(rule someI2[of "measurable_isomorphic_map M (borel :: real measure)" f,OF f],simp add: measurable_isomorphic_map_def)
+qed
+
+lemma countable_isomorphic_to_subset_real:
+ assumes "countable (space M)"
+ obtains A :: "real set"
+ where "countable A" "A \<in> sets borel" "M measurable_isomorphic (restrict_space borel A)"
+proof(cases "space M = {}")
+ case True
+ then show ?thesis
+ by (meson countable_empty measurable_isomorphic_empty sets.empty_sets space_restrict_space2 that)
+next
+ case nin:False
+ define A where "A \<equiv> to_real ` (space M)"
+ have "countable A" "A \<in> sets borel" "M measurable_isomorphic (restrict_space borel A)"
+ proof -
+ show "countable A" "A \<in> sets borel"
+ using assms(1) standard_borel.countable_sets[of borel A] standard_borel_ne_borel by(auto simp: A_def standard_borel_ne_def)
+ show "M measurable_isomorphic restrict_space borel A"
+ using from_real_to_real A_def \<open>A \<in> sets borel\<close>
+ by(auto intro!: measurable_isomorphic_byWitness[OF measurable_restrict_space2[OF _ to_real_measurable] _ measurable_restrict_space1[OF from_real_measurable'[OF nin]]])
+ qed
+ with that show ?thesis
+ by auto
+qed
+
+lemma to_real_from_real:
+ assumes "uncountable (space M)"
+ shows "to_real (from_real r) = r"
+proof -
+ obtain f where f: "measurable_isomorphic_map M (borel :: real measure) f"
+ using assms uncountable_isomorphic_to_real by(auto simp: measurable_isomorphic_def)
+ have 1:"to_real = Eps (measurable_isomorphic_map M borel)" "from_real = the_inv_into (space M) (Eps (measurable_isomorphic_map M borel))"
+ by(simp_all add: to_real_on_def assms from_real_into_def)
+ show ?thesis
+ unfolding 1
+ by(rule someI2[of "measurable_isomorphic_map M (borel :: real measure)" f,OF f])
+ (metis UNIV_I f_the_inv_into_f_bij_betw measurable_isomorphic_map_def space_borel)
+qed
+
+end
+
+lemma(in standard_borel_ne) from_real_measurable[measurable]: "from_real \<in> borel \<rightarrow>\<^sub>M M"
+ by(simp add: from_real_measurable' space_ne)
+
+end
\ No newline at end of file
diff --git a/thys/Standard_Borel_Spaces/document/root.bib b/thys/Standard_Borel_Spaces/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/document/root.bib
@@ -0,0 +1,24 @@
+@book{topology,
+ author = {Matsuzaka, Kazuo},
+ publisher = {Iwanami Shoten},
+ year = {1968},
+ title={集合・位相入門 },
+ note = {written in Japanese}
+ }
+
+@misc{standardborel,
+ title = {Lecture Note of MATH245B in {UCLA}},
+ key = {Lecture Note of MATH245B},
+ howpublished = {\url{https://web.archive.org/web/20210506130459/https://www.math.ucla.edu/~biskup/245b.1.20w/}},
+ year = {2020},
+ note = {Accessed: June 27. 2023}
+}
+
+@book{borelsets,
+ title = {A Course on Borel Sets},
+ author = {Shashi Mohan Srivastava},
+ doi = {10.1007/b98956},
+ publisher = {Springer},
+ year = {1998}
+}
+
diff --git a/thys/Standard_Borel_Spaces/document/root.tex b/thys/Standard_Borel_Spaces/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Standard_Borel_Spaces/document/root.tex
@@ -0,0 +1,78 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+\usepackage{amsmath}
+\usepackage{mathrsfs}
+\usepackage{mathpartir}
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+\usepackage[only,bigsqcap]{stmaryrd}
+%for \<Sqinter>
+
+%% For Japanese languages in reference.
+\usepackage{luatexja}
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Standard Borel Spaces}
+\author{Michikazu Hirata}
+\maketitle
+\begin{abstract}
+ This entry includes a formalization of standard Borel spaces
+ and (a variant of) the Borel isomorphism theorem.
+ A separable complete metrizable topological space is called a polish space
+ and a measurable space generated from a polish space is called a standard Borel space.
+ We formalize the notion of standard Borel spaces by establishing
+ set-based metric spaces,
+ and then prove (a variant of) the Borel isomorphism theorem.
+ The theorem states that a standard Borel spaces is either a countable discrete space
+ or isomorphic to $\mathbb{R}$.
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relation_Functions.thy b/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relation_Functions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relation_Functions.thy
@@ -0,0 +1,283 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Binary Relations\<close>
+subsection \<open>Basic Functions\<close>
+theory Binary_Relation_Functions
+ imports
+ HOL_Basics_Base
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic functions on binary relations.\<close>
+
+definition "rel_comp R S x y \<equiv> \<exists>z. R x z \<and> S z y"
+
+bundle rel_comp_syntax begin notation rel_comp (infixl "\<circ>\<circ>" 55) end
+bundle no_rel_comp_syntax begin no_notation rel_comp (infixl "\<circ>\<circ>" 55) end
+unbundle rel_comp_syntax
+
+lemma rel_compI [intro]:
+ assumes "R x y"
+ and "S y z"
+ shows "(R \<circ>\<circ> S) x z"
+ using assms unfolding rel_comp_def by blast
+
+lemma rel_compE [elim]:
+ assumes "(R \<circ>\<circ> S) x y"
+ obtains z where "R x z" "S z y"
+ using assms unfolding rel_comp_def by blast
+
+lemma rel_comp_assoc: "R \<circ>\<circ> (S \<circ>\<circ> T) = (R \<circ>\<circ> S) \<circ>\<circ> T"
+ by (intro ext) blast
+
+definition rel_inv :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'b \<Rightarrow> 'a \<Rightarrow> bool"
+ where "rel_inv R x y \<equiv> R y x"
+
+bundle rel_inv_syntax begin notation rel_inv ("(_\<inverse>)" [1000]) end
+bundle no_rel_inv_syntax begin no_notation rel_inv ("(_\<inverse>)" [1000]) end
+unbundle rel_inv_syntax
+
+lemma rel_invI [intro]:
+ assumes "R x y"
+ shows "R\<inverse> y x"
+ using assms unfolding rel_inv_def .
+
+lemma rel_invD [dest]:
+ assumes "R\<inverse> x y"
+ shows "R y x"
+ using assms unfolding rel_inv_def .
+
+lemma rel_inv_iff_rel [simp]: "R\<inverse> x y \<longleftrightarrow> R y x"
+ by blast
+
+lemma rel_inv_comp_eq [simp]: "(R \<circ>\<circ> S)\<inverse> = S\<inverse> \<circ>\<circ> R\<inverse>"
+ by (intro ext) blast
+
+lemma rel_inv_inv_eq_self [simp]: "R\<inverse>\<inverse> = R"
+ by blast
+
+lemma rel_inv_eq_iff_eq [iff]: "R\<inverse> = S\<inverse> \<longleftrightarrow> R = S"
+ by (blast dest: fun_cong)
+
+definition "in_dom R x \<equiv> \<exists>y. R x y"
+
+lemma in_domI [intro]:
+ assumes "R x y"
+ shows "in_dom R x"
+ using assms unfolding in_dom_def by blast
+
+lemma in_domE [elim]:
+ assumes "in_dom R x"
+ obtains y where "R x y"
+ using assms unfolding in_dom_def by blast
+
+lemma in_dom_if_in_dom_rel_comp:
+ assumes "in_dom (R \<circ>\<circ> S) x"
+ shows "in_dom R x"
+ using assms by blast
+
+definition "in_codom R y \<equiv> \<exists>x. R x y"
+
+lemma in_codomI [intro]:
+ assumes "R x y"
+ shows "in_codom R y"
+ using assms unfolding in_codom_def by blast
+
+lemma in_codomE [elim]:
+ assumes "in_codom R y"
+ obtains x where "R x y"
+ using assms unfolding in_codom_def by blast
+
+lemma in_codom_if_in_codom_rel_comp:
+ assumes "in_codom (R \<circ>\<circ> S) y"
+ shows "in_codom S y"
+ using assms by blast
+
+lemma in_codom_rel_inv_eq_in_dom [simp]: "in_codom (R\<inverse>) = in_dom R"
+ by (intro ext) blast
+
+lemma in_dom_rel_inv_eq_in_codom [simp]: "in_dom (R\<inverse>) = in_codom R"
+ by (intro ext) blast
+
+definition "in_field R x \<equiv> in_dom R x \<or> in_codom R x"
+
+lemma in_field_if_in_dom:
+ assumes "in_dom R x"
+ shows "in_field R x"
+ unfolding in_field_def using assms by blast
+
+lemma in_field_if_in_codom:
+ assumes "in_codom R x"
+ shows "in_field R x"
+ unfolding in_field_def using assms by blast
+
+lemma in_fieldE [elim]:
+ assumes "in_field R x"
+ obtains (in_dom) x' where "R x x'" | (in_codom) x' where "R x' x"
+ using assms unfolding in_field_def by blast
+
+lemma in_fieldE':
+ assumes "in_field R x"
+ obtains (in_dom) "in_dom R x" | (in_codom) "in_codom R x"
+ using assms by blast
+
+lemma in_fieldI [intro]:
+ assumes "R x y"
+ shows "in_field R x" "in_field R y"
+ using assms by (auto intro: in_field_if_in_dom in_field_if_in_codom)
+
+lemma in_field_iff_in_dom_or_in_codom:
+ "in_field L x \<longleftrightarrow> in_dom L x \<or> in_codom L x"
+ by blast
+
+lemma in_field_rel_inv_eq [simp]: "in_field R\<inverse> = in_field R"
+ by (intro ext) auto
+
+lemma in_field_compE [elim]:
+ assumes "in_field (R \<circ>\<circ> S) x"
+ obtains (in_dom) "in_dom R x" | (in_codom) "in_codom S x"
+ using assms by blast
+
+lemma in_field_eq_in_dom_if_in_codom_eq_in_dom:
+ assumes "in_codom R = in_dom R"
+ shows "in_field R = in_dom R"
+ using assms by (intro ext) (auto elim: in_fieldE')
+
+definition "rel_if B R x y \<equiv> B \<longrightarrow> R x y"
+
+bundle rel_if_syntax begin notation (output) rel_if (infixl "\<longrightarrow>" 50) end
+bundle no_rel_if_syntax begin no_notation (output) rel_if (infixl "\<longrightarrow>" 50) end
+unbundle rel_if_syntax
+
+lemma rel_if_eq_rel_if_pred [simp]:
+ assumes "B"
+ shows "(rel_if B R) = R"
+ unfolding rel_if_def using assms by blast
+
+lemma rel_if_eq_top_if_not_pred [simp]:
+ assumes "\<not>B"
+ shows "(rel_if B R) = (\<lambda>_ _. True)"
+ unfolding rel_if_def using assms by blast
+
+lemma rel_if_if_impI [intro]:
+ assumes "B \<Longrightarrow> R x y"
+ shows "(rel_if B R) x y"
+ unfolding rel_if_def using assms by blast
+
+lemma rel_ifE [elim]:
+ assumes "(rel_if B R) x y"
+ obtains "\<not>B" | "B" "R x y"
+ using assms unfolding rel_if_def by blast
+
+lemma rel_ifD:
+ assumes "(rel_if B R) x y"
+ and "B"
+ shows "R x y"
+ using assms by blast
+
+consts restrict_left :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'c \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> bool"
+
+definition "restrict_right R P \<equiv> (restrict_left R\<inverse> P)\<inverse>"
+
+overloading
+ restrict_left_pred \<equiv> "restrict_left :: ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> bool"
+begin
+ definition "restrict_left_pred R P x y \<equiv> P x \<and> R x y"
+end
+
+bundle restrict_syntax
+begin
+notation restrict_left ("(_)\<restriction>(\<^bsub>_\<^esub>)" [1000])
+notation restrict_right ("(_)\<upharpoonleft>(\<^bsub>_\<^esub>)" [1000])
+end
+bundle no_restrict_syntax
+begin
+no_notation restrict_left ("(_)\<restriction>(\<^bsub>_\<^esub>)" [1000])
+no_notation restrict_right ("(_)\<upharpoonleft>(\<^bsub>_\<^esub>)" [1000])
+end
+unbundle restrict_syntax
+
+lemma restrict_leftI [intro]:
+ assumes "R x y"
+ and "P x"
+ shows "R\<restriction>\<^bsub>P\<^esub> x y"
+ using assms unfolding restrict_left_pred_def by blast
+
+lemma restrict_leftE [elim]:
+ assumes "R\<restriction>\<^bsub>P\<^esub> x y"
+ obtains "P x" "R x y"
+ using assms unfolding restrict_left_pred_def by blast
+
+lemma restrict_right_eq: "R\<upharpoonleft>\<^bsub>P\<^esub> = ((R\<inverse>)\<restriction>\<^bsub>P\<^esub>)\<inverse>"
+ unfolding restrict_right_def ..
+
+lemma rel_inv_restrict_right_rel_inv_eq_restrict_left [simp]: "((R\<inverse>)\<upharpoonleft>\<^bsub>P\<^esub>)\<inverse> = R\<restriction>\<^bsub>P\<^esub>"
+ by (simp add: restrict_right_eq)
+
+lemma restrict_right_iff_restrict_left: "R\<upharpoonleft>\<^bsub>P\<^esub> x y = (R\<inverse>)\<restriction>\<^bsub>P\<^esub> y x"
+ unfolding restrict_right_eq by simp
+
+lemma restrict_rightI [intro]:
+ assumes "R x y"
+ and "P y"
+ shows "R\<upharpoonleft>\<^bsub>P\<^esub> x y"
+ using assms by (auto iff: restrict_right_iff_restrict_left)
+
+lemma restrict_rightE [elim]:
+ assumes "R\<upharpoonleft>\<^bsub>P\<^esub> x y"
+ obtains "P y" "R x y"
+ using assms by (auto iff: restrict_right_iff_restrict_left)
+
+lemma rel_inv_restrict_left_inv_restrict_left_eq:
+ fixes R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and P :: "'a \<Rightarrow> bool" and Q :: "'b \<Rightarrow> bool"
+ shows "(((R\<restriction>\<^bsub>P\<^esub>)\<inverse>)\<restriction>\<^bsub>Q\<^esub>)\<inverse> = (((R\<inverse>)\<restriction>\<^bsub>Q\<^esub>)\<inverse>)\<restriction>\<^bsub>P\<^esub>"
+ by (intro ext iffI restrict_leftI rel_invI) auto
+
+lemma restrict_left_right_eq_restrict_right_left:
+ fixes R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and P :: "'a \<Rightarrow> bool" and Q :: "'b \<Rightarrow> bool"
+ shows "R\<restriction>\<^bsub>P\<^esub>\<upharpoonleft>\<^bsub>Q\<^esub> = R\<upharpoonleft>\<^bsub>Q\<^esub>\<restriction>\<^bsub>P\<^esub>"
+ unfolding restrict_right_eq
+ by (fact rel_inv_restrict_left_inv_restrict_left_eq)
+
+lemma in_dom_restrict_leftI [intro]:
+ assumes "R x y"
+ and "P x"
+ shows "in_dom R\<restriction>\<^bsub>P\<^esub> x"
+ using assms by blast
+
+lemma in_dom_restrict_left_if_in_dom:
+ assumes "in_dom R x"
+ and "P x"
+ shows "in_dom R\<restriction>\<^bsub>P\<^esub> x"
+ using assms by blast
+
+lemma in_dom_restrict_leftE [elim]:
+ assumes "in_dom R\<restriction>\<^bsub>P\<^esub> x"
+ obtains y where "P x" "R x y"
+ using assms by blast
+
+lemma in_codom_restrict_leftI [intro]:
+ assumes "R x y"
+ and "P x"
+ shows "in_codom R\<restriction>\<^bsub>P\<^esub> y"
+ using assms by blast
+
+lemma in_codom_restrict_leftE [elim]:
+ assumes "in_codom R\<restriction>\<^bsub>P\<^esub> y"
+ obtains x where "P x" "R x y"
+ using assms by blast
+
+definition "rel_bimap f g (R :: 'a \<Rightarrow> 'b \<Rightarrow> bool) x y \<equiv> R (f x) (g y)"
+
+lemma rel_bimap_eq [simp]: "rel_bimap f g R x y = R (f x) (g y)"
+ unfolding rel_bimap_def by simp
+
+definition "rel_map f R \<equiv> rel_bimap f f R"
+
+lemma rel_bimap_self_eq_rel_map [simp]: "rel_bimap f f R = rel_map f R"
+ unfolding rel_map_def by simp
+
+lemma rel_map_eq [simp]: "rel_map f R x y = R (f x) (f y)"
+ by (simp only: rel_bimap_self_eq_rel_map[symmetric] rel_bimap_eq)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relations_Lattice.thy b/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relations_Lattice.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Binary_Relations_Lattice.thy
@@ -0,0 +1,90 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Lattice\<close>
+theory Binary_Relations_Lattice
+ imports
+ Binary_Relations_Order_Base
+ HOL.Boolean_Algebras
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic results about the lattice structure on binary relations.\<close>
+
+lemma rel_infI [intro]:
+ assumes "R x y"
+ and "S x y"
+ shows "(R \<sqinter> S) x y"
+ using assms by (rule inf2I)
+
+lemma rel_infE [elim]:
+ assumes "(R \<sqinter> S) x y"
+ obtains "R x y" "S x y"
+ using assms by (rule inf2E)
+
+lemma rel_infD:
+ assumes "(R \<sqinter> S) x y"
+ shows "R x y" and "S x y"
+ using assms by auto
+
+lemma in_dom_rel_infI [intro]:
+ assumes "R x y"
+ and "S x y"
+ shows "in_dom (R \<sqinter> S) x"
+ using assms by blast
+
+lemma in_dom_rel_infE [elim]:
+ assumes "in_dom (R \<sqinter> S) x"
+ obtains y where "R x y" "S x y"
+ using assms by blast
+
+lemma in_codom_rel_infI [intro]:
+ assumes "R x y"
+ and "S x y"
+ shows "in_codom (R \<sqinter> S) y"
+ using assms by blast
+
+lemma in_codom_rel_infE [elim]:
+ assumes "in_codom (R \<sqinter> S) y"
+ obtains x where "R x y" "S x y"
+ using assms by blast
+
+lemma in_field_eq_in_dom_sup_in_codom: "in_field L = (in_dom L \<squnion> in_codom L)"
+ by (intro ext) (simp add: in_field_iff_in_dom_or_in_codom)
+
+lemma in_dom_restrict_left_eq [simp]: "in_dom R\<restriction>\<^bsub>P\<^esub> = (in_dom R \<sqinter> P)"
+ by (intro ext) auto
+
+lemma in_codom_restrict_left_eq [simp]: "in_codom R\<upharpoonleft>\<^bsub>P\<^esub> = (in_codom R \<sqinter> P)"
+ by (intro ext) auto
+
+lemma restrict_left_restrict_left_eq [simp]:
+ fixes R :: "'a \<Rightarrow> _" and P Q :: "'a \<Rightarrow> bool"
+ shows "R\<restriction>\<^bsub>P\<^esub>\<restriction>\<^bsub>Q\<^esub> = R\<restriction>\<^bsub>P\<^esub> \<sqinter> R\<restriction>\<^bsub>Q\<^esub>"
+ by (intro ext iffI restrict_leftI) auto
+
+lemma restrict_left_restrict_right_eq [simp]:
+ fixes R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and P :: "'a \<Rightarrow> bool" and Q :: "'b \<Rightarrow> bool"
+ shows "R\<restriction>\<^bsub>P\<^esub>\<upharpoonleft>\<^bsub>Q\<^esub> = R\<restriction>\<^bsub>P\<^esub> \<sqinter> R\<upharpoonleft>\<^bsub>Q\<^esub>"
+ by (intro ext iffI restrict_leftI restrict_rightI) auto
+
+lemma restrict_right_restrict_left_eq [simp]:
+ fixes R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and P :: "'b \<Rightarrow> bool" and Q :: "'a \<Rightarrow> bool"
+ shows "R\<upharpoonleft>\<^bsub>P\<^esub>\<restriction>\<^bsub>Q\<^esub> = R\<upharpoonleft>\<^bsub>P\<^esub> \<sqinter> R\<restriction>\<^bsub>Q\<^esub>"
+ by (intro ext iffI restrict_leftI restrict_rightI) auto
+
+lemma restrict_right_restrict_right_eq [simp]:
+ fixes R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and P Q :: "'b \<Rightarrow> bool"
+ shows "R\<upharpoonleft>\<^bsub>P\<^esub>\<upharpoonleft>\<^bsub>Q\<^esub> = R\<upharpoonleft>\<^bsub>P\<^esub> \<sqinter> R\<upharpoonleft>\<^bsub>Q\<^esub>"
+ by (intro ext iffI) auto
+
+lemma restrict_left_sup_eq [simp]: "(R :: 'a \<Rightarrow> _)\<restriction>\<^bsub>((P :: 'a \<Rightarrow> bool) \<squnion> Q)\<^esub> = R\<restriction>\<^bsub>P\<^esub> \<squnion> R\<restriction>\<^bsub>Q\<^esub> "
+ by (intro antisym le_relI) (auto elim!: restrict_leftE)
+
+lemma restrict_left_inf_eq [simp]: "(R :: 'a \<Rightarrow> _)\<restriction>\<^bsub>((P :: 'a \<Rightarrow> bool) \<sqinter> Q)\<^esub> = R\<restriction>\<^bsub>P\<^esub> \<sqinter> R\<restriction>\<^bsub>Q\<^esub> "
+ by (intro antisym le_relI) (auto elim!: restrict_leftE)
+
+lemma inf_rel_bimap_and_eq_restrict_left_restrict_right:
+ "R \<sqinter> (rel_bimap P Q (\<and>)) = R\<restriction>\<^bsub>P\<^esub>\<upharpoonleft>\<^bsub>Q\<^esub>"
+ by (intro ext) auto
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/LBinary_Relations.thy b/thys/Transport/HOL_Basics/Binary_Relations/LBinary_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/LBinary_Relations.thy
@@ -0,0 +1,15 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory LBinary_Relations
+ imports
+ Binary_Relation_Functions
+ Binary_Relations_Lattice
+ Binary_Relations_Order
+ Binary_Relation_Properties
+ Restricted_Equality
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic concepts on binary relations.\<close>
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order.thy b/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order.thy
@@ -0,0 +1,81 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Binary_Relations_Order
+ imports
+ Binary_Relations_Order_Base
+ Binary_Relations_Reflexive
+ Binary_Relations_Symmetric
+ Binary_Relations_Transitive
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic results about the order on binary relations.\<close>
+
+lemma in_dom_if_rel_if_rel_comp_le:
+ assumes "(R \<circ>\<circ> S) \<le> (S \<circ>\<circ> R)"
+ and "R x y" "S y z"
+ shows "in_dom S x"
+ using assms by (blast intro: in_dom_if_in_dom_rel_comp)
+
+lemma in_codom_if_rel_if_rel_comp_le:
+ assumes "(R \<circ>\<circ> S) \<le> (S \<circ>\<circ> R)"
+ and "R x y" "S y z"
+ shows "in_codom R z"
+ using assms by (blast intro: in_codom_if_in_codom_rel_comp)
+
+lemma rel_comp_le_rel_inv_if_rel_comp_le_if_symmetric:
+ assumes symms: "symmetric R1" "symmetric R2"
+ and le: "(R1 \<circ>\<circ> R2) \<le> R3"
+ shows "(R2 \<circ>\<circ> R1) \<le> R3\<inverse>"
+proof -
+ from le have "(R1 \<circ>\<circ> R2)\<inverse> \<le> R3\<inverse>" by blast
+ with symms show ?thesis by simp
+qed
+
+lemma rel_inv_le_rel_comp_if_le_rel_comp_if_symmetric:
+ assumes symms: "symmetric R1" "symmetric R2"
+ and le: "R3 \<le> (R1 \<circ>\<circ> R2)"
+ shows "R3\<inverse> \<le> (R2 \<circ>\<circ> R1)"
+proof -
+ from le have "R3\<inverse> \<le> (R1 \<circ>\<circ> R2)\<inverse>" by blast
+ with symms show ?thesis by simp
+qed
+
+corollary rel_comp_le_rel_comp_if_rel_comp_le_rel_comp_if_symmetric:
+ assumes "symmetric R1" "symmetric R2" "symmetric R3" "symmetric R4"
+ and "(R1 \<circ>\<circ> R2) \<le> (R3 \<circ>\<circ> R4)"
+ shows "(R2 \<circ>\<circ> R1) \<le> (R4 \<circ>\<circ> R3)"
+proof -
+ from assms have "(R2 \<circ>\<circ> R1) \<le> (R3 \<circ>\<circ> R4)\<inverse>"
+ by (intro rel_comp_le_rel_inv_if_rel_comp_le_if_symmetric)
+ with assms show ?thesis by simp
+qed
+
+corollary rel_comp_le_rel_comp_iff_if_symmetric:
+ assumes "symmetric R1" "symmetric R2" "symmetric R3" "symmetric R4"
+ shows "(R1 \<circ>\<circ> R2) \<le> (R3 \<circ>\<circ> R4) \<longleftrightarrow> (R2 \<circ>\<circ> R1) \<le> (R4 \<circ>\<circ> R3)"
+ using assms
+ by (blast intro: rel_comp_le_rel_comp_if_rel_comp_le_rel_comp_if_symmetric)
+
+corollary eq_if_le_rel_if_symmetric:
+ assumes "symmetric R" "symmetric S"
+ and "(R \<circ>\<circ> S) \<le> (S \<circ>\<circ> R)"
+ shows "(R \<circ>\<circ> S) = (S \<circ>\<circ> R)"
+ using assms rel_comp_le_rel_comp_iff_if_symmetric[of R S]
+ by (intro antisym) auto
+
+lemma rel_comp_le_rel_comp_if_le_rel_if_reflexive_on_in_codom_if_transitive:
+ assumes trans: "transitive S"
+ and refl_on: "reflexive_on (in_codom S) R"
+ and le_rel: "R \<le> S"
+ shows "R \<circ>\<circ> S \<le> S \<circ>\<circ> R"
+proof (rule le_relI)
+ fix x1 x2 assume"(R \<circ>\<circ> S) x1 x2"
+ then obtain x3 where "R x1 x3" "S x3 x2" by blast
+ then have "S x1 x3" using le_rel by blast
+ with \<open>S x3 x2\<close> have "S x1 x2" using trans by blast
+ with refl_on have "R x2 x2" by blast
+ then show "(S \<circ>\<circ> R) x1 x2" using \<open>S x1 x2\<close> by blast
+qed
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order_Base.thy b/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Order/Binary_Relations_Order_Base.thy
@@ -0,0 +1,33 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order\<close>
+theory Binary_Relations_Order_Base
+ imports
+ Binary_Relation_Functions
+ HOL.Orderings
+begin
+
+lemma le_relI [intro]:
+ assumes "\<And>x y. R x y \<Longrightarrow> S x y"
+ shows "R \<le> S"
+ using assms by (rule predicate2I)
+
+lemma le_relD [dest]:
+ assumes "R \<le> S"
+ and "R x y"
+ shows "S x y"
+ using assms by (rule predicate2D)
+
+lemma le_relE:
+ assumes "R \<le> S"
+ and "R x y"
+ obtains "S x y"
+ using assms by blast
+
+lemma rel_inv_le_rel_inv_iff [iff]: "R\<inverse> \<le> S\<inverse> \<longleftrightarrow> R \<le> S"
+ by blast
+
+lemma restrict_left_top_eq [simp]: "(R :: 'a \<Rightarrow> _)\<restriction>\<^bsub>(\<top> :: 'a \<Rightarrow> bool)\<^esub> = R"
+ by (intro ext) auto
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relation_Properties.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relation_Properties.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relation_Properties.thy
@@ -0,0 +1,17 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basic Properties\<close>
+theory Binary_Relation_Properties
+ imports
+ Binary_Relations_Antisymmetric
+ Binary_Relations_Injective
+ Binary_Relations_Irreflexive
+ Binary_Relations_Left_Total
+ Binary_Relations_Reflexive
+ Binary_Relations_Right_Unique
+ Binary_Relations_Surjective
+ Binary_Relations_Symmetric
+ Binary_Relations_Transitive
+begin
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Antisymmetric.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Antisymmetric.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Antisymmetric.thy
@@ -0,0 +1,65 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Antisymmetric\<close>
+theory Binary_Relations_Antisymmetric
+ imports
+ Binary_Relation_Functions
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts antisymmetric_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ antisymmetric_on_pred \<equiv> "antisymmetric_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "antisymmetric_on_pred P R \<equiv> \<forall>x y. P x \<and> P y \<and> R x y \<and> R y x \<longrightarrow> x = y"
+end
+
+lemma antisymmetric_onI [intro]:
+ assumes "\<And>x y. P x \<Longrightarrow> P y \<Longrightarrow> R x y \<Longrightarrow> R y x \<Longrightarrow> x = y"
+ shows "antisymmetric_on P R"
+ unfolding antisymmetric_on_pred_def using assms by blast
+
+lemma antisymmetric_onD:
+ assumes "antisymmetric_on P R"
+ and "P x" "P y"
+ and "R x y" "R y x"
+ shows "x = y"
+ using assms unfolding antisymmetric_on_pred_def by blast
+
+definition "antisymmetric (R :: 'a \<Rightarrow> _) \<equiv> antisymmetric_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma antisymmetric_eq_antisymmetric_on:
+ "antisymmetric (R :: 'a \<Rightarrow> _) = antisymmetric_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding antisymmetric_def ..
+
+lemma antisymmetricI [intro]:
+ assumes "\<And>x y. R x y \<Longrightarrow> R y x \<Longrightarrow> x = y"
+ shows "antisymmetric R"
+ unfolding antisymmetric_eq_antisymmetric_on using assms
+ by (intro antisymmetric_onI)
+
+lemma antisymmetricD:
+ assumes "antisymmetric R"
+ and "R x y" "R y x"
+ shows "x = y"
+ using assms unfolding antisymmetric_eq_antisymmetric_on
+ by (auto dest: antisymmetric_onD)
+
+lemma antisymmetric_on_if_antisymmetric:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "antisymmetric R"
+ shows "antisymmetric_on P R"
+ using assms by (intro antisymmetric_onI) (blast dest: antisymmetricD)
+
+lemma antisymmetric_if_antisymmetric_on_in_field:
+ assumes "antisymmetric_on (in_field R) R"
+ shows "antisymmetric R"
+ using assms by (intro antisymmetricI) (blast dest: antisymmetric_onD)
+
+corollary antisymmetric_on_in_field_iff_antisymmetric [simp]:
+ "antisymmetric_on (in_field R) R \<longleftrightarrow> antisymmetric R"
+ using antisymmetric_if_antisymmetric_on_in_field antisymmetric_on_if_antisymmetric
+ by blast
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Injective.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Injective.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Injective.thy
@@ -0,0 +1,106 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Injective\<close>
+theory Binary_Relations_Injective
+ imports
+ Binary_Relation_Functions
+ HOL_Syntax_Bundles_Lattices
+ ML_Unification.ML_Unification_HOL_Setup
+begin
+
+consts rel_injective_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ rel_injective_on_pred \<equiv> "rel_injective_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "rel_injective_on_pred P R \<equiv> \<forall>x x' y. P x \<and> P x' \<and> R x y \<and> R x' y \<longrightarrow> x = x'"
+end
+
+lemma rel_injective_onI [intro]:
+ assumes "\<And>x x' y. P x \<Longrightarrow> P x' \<Longrightarrow> R x y \<Longrightarrow> R x' y \<Longrightarrow> x = x'"
+ shows "rel_injective_on P R"
+ unfolding rel_injective_on_pred_def using assms by blast
+
+lemma rel_injective_onD:
+ assumes "rel_injective_on P R"
+ and "P x" "P x'"
+ and "R x y" "R x' y"
+ shows "x = x'"
+ using assms unfolding rel_injective_on_pred_def by blast
+
+consts rel_injective_at :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ rel_injective_at_pred \<equiv> "rel_injective_at :: ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "rel_injective_at_pred P R \<equiv> \<forall>x x' y. P y \<and> R x y \<and> R x' y \<longrightarrow> x = x'"
+end
+
+lemma rel_injective_atI [intro]:
+ assumes "\<And>x x' y. P y \<Longrightarrow> R x y \<Longrightarrow> R x' y \<Longrightarrow> x = x'"
+ shows "rel_injective_at P R"
+ unfolding rel_injective_at_pred_def using assms by blast
+
+lemma rel_injective_atD:
+ assumes "rel_injective_at P R"
+ and "P y"
+ and "R x y" "R x' y"
+ shows "x = x'"
+ using assms unfolding rel_injective_at_pred_def by blast
+
+
+definition "rel_injective (R :: 'a \<Rightarrow> _) \<equiv> rel_injective_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma rel_injective_eq_rel_injective_on:
+ "rel_injective (R :: 'a \<Rightarrow> _) = rel_injective_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding rel_injective_def ..
+
+lemma rel_injectiveI [intro]:
+ assumes "\<And>x x' y. R x y \<Longrightarrow> R x' y \<Longrightarrow> x = x'"
+ shows "rel_injective R"
+ unfolding rel_injective_eq_rel_injective_on using assms by blast
+
+lemma rel_injectiveD:
+ assumes "rel_injective R"
+ and "R x y" "R x' y"
+ shows "x = x'"
+ using assms unfolding rel_injective_eq_rel_injective_on
+ by (auto dest: rel_injective_onD)
+
+lemma rel_injective_eq_rel_injective_at:
+ "rel_injective (R :: 'a \<Rightarrow> 'b \<Rightarrow> bool) = rel_injective_at (\<top> :: 'b \<Rightarrow> bool) R"
+ by (intro iffI rel_injectiveI) (auto dest: rel_injective_atD rel_injectiveD)
+
+lemma rel_injective_on_if_rel_injective:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "rel_injective R"
+ shows "rel_injective_on P R"
+ using assms by (blast dest: rel_injectiveD)
+
+lemma rel_injective_at_if_rel_injective:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'b \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes "rel_injective R"
+ shows "rel_injective_at P R"
+ using assms by (blast dest: rel_injectiveD)
+
+lemma rel_injective_if_rel_injective_on_in_dom:
+ assumes "rel_injective_on (in_dom R) R"
+ shows "rel_injective R"
+ using assms by (blast dest: rel_injective_onD)
+
+lemma rel_injective_if_rel_injective_at_in_codom:
+ assumes "rel_injective_at (in_codom R) R"
+ shows "rel_injective R"
+ using assms by (blast dest: rel_injective_atD)
+
+corollary rel_injective_on_in_dom_iff_rel_injective [simp]:
+ "rel_injective_on (in_dom R) R \<longleftrightarrow> rel_injective R"
+ using rel_injective_if_rel_injective_on_in_dom rel_injective_on_if_rel_injective
+ by blast
+
+corollary rel_injective_at_in_codom_iff_rel_injective [iff]:
+ "rel_injective_at (in_codom R) R \<longleftrightarrow> rel_injective R"
+ using rel_injective_if_rel_injective_at_in_codom rel_injective_at_if_rel_injective
+ by blast
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Irreflexive.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Irreflexive.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Irreflexive.thy
@@ -0,0 +1,51 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Irreflexive\<close>
+theory Binary_Relations_Irreflexive
+ imports
+ Binary_Relation_Functions
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts irreflexive_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ irreflexive_on_pred \<equiv> "irreflexive_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "irreflexive_on_pred P R \<equiv> \<forall>x. P x \<longrightarrow> \<not>(R x x)"
+end
+
+lemma irreflexive_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> \<not>(R x x)"
+ shows "irreflexive_on P R"
+ using assms unfolding irreflexive_on_pred_def by blast
+
+lemma irreflexive_onD [dest]:
+ assumes "irreflexive_on P R"
+ and "P x"
+ shows "\<not>(R x x)"
+ using assms unfolding irreflexive_on_pred_def by blast
+
+definition "irreflexive (R :: 'a \<Rightarrow> _) \<equiv> irreflexive_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma irreflexive_eq_irreflexive_on:
+ "irreflexive (R :: 'a \<Rightarrow> _) = irreflexive_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding irreflexive_def ..
+
+lemma irreflexiveI [intro]:
+ assumes "\<And>x. \<not>(R x x)"
+ shows "irreflexive R"
+ unfolding irreflexive_eq_irreflexive_on using assms by (intro irreflexive_onI)
+
+lemma irreflexiveD:
+ assumes "irreflexive R"
+ shows "\<not>(R x x)"
+ using assms unfolding irreflexive_eq_irreflexive_on by auto
+
+lemma irreflexive_on_if_irreflexive:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "irreflexive R"
+ shows "irreflexive_on P R"
+ using assms by (intro irreflexive_onI) (blast dest: irreflexiveD)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Left_Total.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Left_Total.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Left_Total.thy
@@ -0,0 +1,62 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Left Total\<close>
+theory Binary_Relations_Left_Total
+ imports
+ Binary_Relation_Functions
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts left_total_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ left_total_on_pred \<equiv> "left_total_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "left_total_on_pred P R \<equiv> \<forall>x. P x \<longrightarrow> in_dom R x"
+end
+
+lemma left_total_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> in_dom R x"
+ shows "left_total_on P R"
+ unfolding left_total_on_pred_def using assms by blast
+
+lemma left_total_onE [elim]:
+ assumes "left_total_on P R"
+ and "P x"
+ obtains y where "R x y"
+ using assms unfolding left_total_on_pred_def by blast
+
+lemma in_dom_if_left_total_on:
+ assumes "left_total_on P R"
+ and "P x"
+ shows "in_dom R x"
+ using assms by blast
+
+definition "left_total (R :: 'a \<Rightarrow> _) \<equiv> left_total_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma left_total_eq_left_total_on:
+ "left_total (R :: 'a \<Rightarrow> _) = left_total_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding left_total_def ..
+
+lemma left_totalI [intro]:
+ assumes "\<And>x. in_dom R x"
+ shows "left_total R"
+ unfolding left_total_eq_left_total_on using assms by (intro left_total_onI)
+
+lemma left_totalE:
+ assumes "left_total R"
+ obtains y where "R x y"
+ using assms unfolding left_total_eq_left_total_on by (blast intro: top1I)
+
+lemma in_dom_if_left_total:
+ assumes "left_total R"
+ shows "in_dom R x"
+ using assms by (blast elim: left_totalE)
+
+lemma left_total_on_if_left_total:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "left_total R"
+ shows "left_total_on P R"
+ using assms by (intro left_total_onI) (blast dest: in_dom_if_left_total)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Reflexive.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Reflexive.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Reflexive.thy
@@ -0,0 +1,105 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Reflexive\<close>
+theory Binary_Relations_Reflexive
+ imports
+ Functions_Monotone
+begin
+
+consts reflexive_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ reflexive_on_pred \<equiv> "reflexive_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "reflexive_on_pred P R \<equiv> \<forall>x. P x \<longrightarrow> R x x"
+end
+
+lemma reflexive_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> R x x"
+ shows "reflexive_on P R"
+ using assms unfolding reflexive_on_pred_def by blast
+
+lemma reflexive_onD [dest]:
+ assumes "reflexive_on P R"
+ and "P x"
+ shows "R x x"
+ using assms unfolding reflexive_on_pred_def by blast
+
+lemma le_in_dom_if_reflexive_on:
+ assumes "reflexive_on P R"
+ shows "P \<le> in_dom R"
+ using assms by blast
+
+lemma le_in_codom_if_reflexive_on:
+ assumes "reflexive_on P R"
+ shows "P \<le> in_codom R"
+ using assms by blast
+
+lemma in_codom_eq_in_dom_if_reflexive_on_in_field:
+ assumes "reflexive_on (in_field R) R"
+ shows "in_codom R = in_dom R"
+ using assms by blast
+
+lemma reflexive_on_rel_inv_iff_reflexive_on [iff]:
+ "reflexive_on P R\<inverse> \<longleftrightarrow> reflexive_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ by blast
+
+lemma antimono_reflexive_on [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). reflexive_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) auto
+
+lemma reflexive_on_if_le_pred_if_reflexive_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "reflexive_on P R"
+ and "P' \<le> P"
+ shows "reflexive_on P' R"
+ using assms by blast
+
+lemma reflexive_on_sup_eq [simp]:
+ "(reflexive_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> _) \<Rightarrow> _) ((P :: 'a \<Rightarrow> bool) \<squnion> Q)
+ = reflexive_on P \<sqinter> reflexive_on Q"
+ by (intro ext iffI reflexive_onI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on)
+
+lemma reflexive_on_iff_eq_restrict_left_le:
+ "reflexive_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _) \<longleftrightarrow> ((=)\<restriction>\<^bsub>P\<^esub> \<le> R)"
+ by blast
+
+definition "reflexive (R :: 'a \<Rightarrow> _) \<equiv> reflexive_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma reflexive_eq_reflexive_on:
+ "reflexive (R :: 'a \<Rightarrow> _) = reflexive_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding reflexive_def ..
+
+lemma reflexiveI [intro]:
+ assumes "\<And>x. R x x"
+ shows "reflexive R"
+ unfolding reflexive_eq_reflexive_on using assms by (intro reflexive_onI)
+
+lemma reflexiveD:
+ assumes "reflexive R"
+ shows "R x x"
+ using assms unfolding reflexive_eq_reflexive_on by (blast intro: top1I)
+
+lemma reflexive_on_if_reflexive:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "reflexive R"
+ shows "reflexive_on P R"
+ using assms by (intro reflexive_onI) (blast dest: reflexiveD)
+
+lemma reflexive_rel_inv_iff_reflexive [iff]:
+ "reflexive R\<inverse> \<longleftrightarrow> reflexive R"
+ by (blast dest: reflexiveD)
+
+lemma reflexive_iff_eq_le: "reflexive R \<longleftrightarrow> ((=) \<le> R)"
+ unfolding reflexive_eq_reflexive_on reflexive_on_iff_eq_restrict_left_le
+ by simp
+
+paragraph \<open>Instantiations\<close>
+
+lemma reflexive_eq: "reflexive (=)"
+ by (rule reflexiveI) (rule refl)
+
+lemma reflexive_top: "reflexive \<top>"
+ by (rule reflexiveI) auto
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Right_Unique.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Right_Unique.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Right_Unique.thy
@@ -0,0 +1,136 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Right Unique\<close>
+theory Binary_Relations_Right_Unique
+ imports
+ Binary_Relations_Injective
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts right_unique_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ right_unique_on_pred \<equiv> "right_unique_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "right_unique_on_pred P R \<equiv> \<forall>x y y'. P x \<and> R x y \<and> R x y' \<longrightarrow> y = y'"
+end
+
+lemma right_unique_onI [intro]:
+ assumes "\<And>x y y'. P x \<Longrightarrow> R x y \<Longrightarrow> R x y' \<Longrightarrow> y = y'"
+ shows "right_unique_on P R"
+ using assms unfolding right_unique_on_pred_def by blast
+
+lemma right_unique_onD:
+ assumes "right_unique_on P R"
+ and "P x"
+ and "R x y" "R x y'"
+ shows "y = y'"
+ using assms unfolding right_unique_on_pred_def by blast
+
+consts right_unique_at :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ right_unique_at_pred \<equiv> "right_unique_at :: ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "right_unique_at_pred P R \<equiv> \<forall>x y y'. P y \<and> P y' \<and> R x y \<and> R x y' \<longrightarrow> y = y'"
+end
+
+lemma right_unique_atI [intro]:
+ assumes "\<And>x y y'. P y \<Longrightarrow> P y' \<Longrightarrow> R x y \<Longrightarrow> R x y' \<Longrightarrow> y = y'"
+ shows "right_unique_at P R"
+ using assms unfolding right_unique_at_pred_def by blast
+
+lemma right_unique_atD:
+ assumes "right_unique_at P R"
+ and "P y"
+ and "P y'"
+ and "R x y" "R x y'"
+ shows "y = y'"
+ using assms unfolding right_unique_at_pred_def by blast
+
+lemma right_unique_at_rel_inv_iff_rel_injective_on [iff]:
+ "right_unique_at (P :: 'a \<Rightarrow> bool) (R\<inverse> :: 'b \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow> rel_injective_on P R"
+ by (blast dest: right_unique_atD rel_injective_onD)
+
+lemma rel_injective_on_rel_inv_iff_right_unique_at [iff]:
+ "rel_injective_on (P :: 'a \<Rightarrow> bool) (R\<inverse> :: 'a \<Rightarrow> 'b \<Rightarrow> bool) \<longleftrightarrow> right_unique_at P R"
+ by (blast dest: right_unique_atD rel_injective_onD)
+
+lemma right_unique_on_rel_inv_iff_rel_injective_at [iff]:
+ "right_unique_on (P :: 'a \<Rightarrow> bool) (R\<inverse> :: 'a \<Rightarrow> 'b \<Rightarrow> bool) \<longleftrightarrow> rel_injective_at P R"
+ by (blast dest: right_unique_onD rel_injective_atD)
+
+lemma rel_injective_at_rel_inv_iff_right_unique_on [iff]:
+ "rel_injective_at (P :: 'b \<Rightarrow> bool) (R\<inverse> :: 'a \<Rightarrow> 'b \<Rightarrow> bool) \<longleftrightarrow> right_unique_on P R"
+ by (blast dest: right_unique_onD rel_injective_atD)
+
+
+definition "right_unique (R :: 'a \<Rightarrow> _) \<equiv> right_unique_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma right_unique_eq_right_unique_on:
+ "right_unique (R :: 'a \<Rightarrow> _) = right_unique_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding right_unique_def ..
+
+lemma right_uniqueI [intro]:
+ assumes "\<And>x y y'. R x y \<Longrightarrow> R x y' \<Longrightarrow> y = y'"
+ shows "right_unique R"
+ unfolding right_unique_eq_right_unique_on using assms by blast
+
+lemma right_uniqueD:
+ assumes "right_unique R"
+ and "R x y" "R x y'"
+ shows "y = y'"
+ using assms unfolding right_unique_eq_right_unique_on
+ by (auto dest: right_unique_onD)
+
+lemma right_unique_eq_right_unique_at:
+ "right_unique (R :: 'a \<Rightarrow> 'b \<Rightarrow> bool) = right_unique_at (\<top> :: 'b \<Rightarrow> bool) R"
+ by (intro iffI right_uniqueI) (auto dest: right_unique_atD right_uniqueD)
+
+lemma right_unique_on_if_right_unique:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "right_unique R"
+ shows "right_unique_on P R"
+ using assms by (blast dest: right_uniqueD)
+
+lemma right_unique_at_if_right_unique:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'b \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes "right_unique R"
+ shows "right_unique_at P R"
+ using assms by (blast dest: right_uniqueD)
+
+lemma right_unique_if_right_unique_on_in_dom:
+ assumes "right_unique_on (in_dom R) R"
+ shows "right_unique R"
+ using assms by (blast dest: right_unique_onD)
+
+lemma right_unique_if_right_unique_at_in_codom:
+ assumes "right_unique_at (in_codom R) R"
+ shows "right_unique R"
+ using assms by (blast dest: right_unique_atD)
+
+corollary right_unique_on_in_dom_iff_right_unique [iff]:
+ "right_unique_on (in_dom R) R \<longleftrightarrow> right_unique R"
+ using right_unique_if_right_unique_on_in_dom right_unique_on_if_right_unique
+ by blast
+
+corollary right_unique_at_in_codom_iff_right_unique [iff]:
+ "right_unique_at (in_codom R) R \<longleftrightarrow> right_unique R"
+ using right_unique_if_right_unique_at_in_codom right_unique_at_if_right_unique
+ by blast
+
+lemma right_unique_rel_inv_iff_rel_injective [iff]:
+ "right_unique R\<inverse> \<longleftrightarrow> rel_injective R"
+ by (blast dest: right_uniqueD rel_injectiveD)
+
+lemma rel_injective_rel_inv_iff_right_unique [iff]:
+ "rel_injective R\<inverse> \<longleftrightarrow> right_unique R"
+ by (blast dest: right_uniqueD rel_injectiveD)
+
+
+paragraph \<open>Instantiatiats\<close>
+
+lemma right_unique_eq: "right_unique (=)"
+ by (rule right_uniqueI) blast
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Surjective.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Surjective.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Surjective.thy
@@ -0,0 +1,79 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Surjective\<close>
+theory Binary_Relations_Surjective
+ imports
+ Binary_Relations_Left_Total
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts rel_surjective_at :: "'a \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ rel_surjective_at_pred \<equiv> "rel_surjective_at :: ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "rel_surjective_at_pred P R \<equiv> \<forall>y. P y \<longrightarrow> in_codom R y"
+end
+
+lemma rel_surjective_atI [intro]:
+ assumes "\<And>y. P y \<Longrightarrow> in_codom R y"
+ shows "rel_surjective_at P R"
+ unfolding rel_surjective_at_pred_def using assms by blast
+
+lemma rel_surjective_atE [elim]:
+ assumes "rel_surjective_at P R"
+ and "P y"
+ obtains x where "R x y"
+ using assms unfolding rel_surjective_at_pred_def by blast
+
+lemma in_codom_if_rel_surjective_at_on:
+ assumes "rel_surjective_at P R"
+ and "P y"
+ shows "in_codom R y"
+ using assms by blast
+
+lemma rel_surjective_at_rel_inv_iff_left_total_on [iff]:
+ "rel_surjective_at (P :: 'a \<Rightarrow> bool) (R\<inverse> :: 'b \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow> left_total_on P R"
+ by fast
+
+lemma left_total_on_rel_inv_iff_rel_surjective_at [iff]:
+ "left_total_on (P :: 'a \<Rightarrow> bool) (R\<inverse> :: 'a \<Rightarrow> 'b \<Rightarrow> bool) \<longleftrightarrow> rel_surjective_at P R"
+ by fast
+
+definition "rel_surjective (R :: _ \<Rightarrow> 'a \<Rightarrow> _) \<equiv> rel_surjective_at (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma rel_surjective_eq_rel_surjective_at:
+ "rel_surjective (R :: _ \<Rightarrow> 'a \<Rightarrow> _) = rel_surjective_at (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding rel_surjective_def ..
+
+lemma rel_surjectiveI:
+ assumes "\<And>y. in_codom R y"
+ shows "rel_surjective R"
+ unfolding rel_surjective_eq_rel_surjective_at using assms by (intro rel_surjective_atI)
+
+lemma rel_surjectiveE:
+ assumes "rel_surjective R"
+ obtains x where "R x y"
+ using assms unfolding rel_surjective_eq_rel_surjective_at
+ by (blast intro: top1I)
+
+lemma in_codom_if_rel_surjective_at:
+ assumes "rel_surjective R"
+ shows "in_codom R y"
+ using assms by (blast elim: rel_surjectiveE)
+
+lemma rel_surjective_rel_inv_iff_left_total [iff]: "rel_surjective R\<inverse> \<longleftrightarrow> left_total R"
+ unfolding rel_surjective_eq_rel_surjective_at left_total_eq_left_total_on
+ by simp
+
+lemma left_total_rel_inv_iff_rel_surjective [iff]: "left_total R\<inverse> \<longleftrightarrow> rel_surjective R"
+ unfolding rel_surjective_eq_rel_surjective_at left_total_eq_left_total_on
+ by simp
+
+lemma rel_surjective_at_if_surjective:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "_ \<Rightarrow> 'a \<Rightarrow> _"
+ assumes "rel_surjective R"
+ shows "rel_surjective_at P R"
+ using assms by (intro rel_surjective_atI) (blast dest: in_codom_if_rel_surjective_at)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Symmetric.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Symmetric.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Symmetric.thy
@@ -0,0 +1,106 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Symmetric\<close>
+theory Binary_Relations_Symmetric
+ imports
+ Functions_Monotone
+begin
+
+consts symmetric_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ symmetric_on_pred \<equiv> "symmetric_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "symmetric_on_pred P R \<equiv> \<forall>x y. P x \<and> P y \<and> R x y \<longrightarrow> R y x"
+end
+
+lemma symmetric_onI [intro]:
+ assumes "\<And>x y. P x \<Longrightarrow> P y \<Longrightarrow> R x y \<Longrightarrow> R y x"
+ shows "symmetric_on P R"
+ unfolding symmetric_on_pred_def using assms by blast
+
+lemma symmetric_onD:
+ assumes "symmetric_on P R"
+ and "P x" "P y"
+ and "R x y"
+ shows "R y x"
+ using assms unfolding symmetric_on_pred_def by blast
+
+lemma symmetric_on_rel_inv_iff_symmetric_on [iff]:
+ "symmetric_on P R\<inverse> \<longleftrightarrow> symmetric_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ by (blast dest: symmetric_onD)
+
+lemma antimono_symmetric_on [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). symmetric_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) (auto dest: symmetric_onD)
+
+lemma symmetric_on_if_le_pred_if_symmetric_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "symmetric_on P R"
+ and "P' \<le> P"
+ shows "symmetric_on P' R"
+ using assms by (blast dest: symmetric_onD)
+
+definition "symmetric (R :: 'a \<Rightarrow> _) \<equiv> symmetric_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma symmetric_eq_symmetric_on:
+ "symmetric (R :: 'a \<Rightarrow> _) = symmetric_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding symmetric_def ..
+
+lemma symmetricI [intro]:
+ assumes "\<And>x y. R x y \<Longrightarrow> R y x"
+ shows "symmetric R"
+ unfolding symmetric_eq_symmetric_on using assms by (intro symmetric_onI)
+
+lemma symmetricD:
+ assumes "symmetric R"
+ and "R x y"
+ shows "R y x"
+ using assms unfolding symmetric_eq_symmetric_on by (auto dest: symmetric_onD)
+
+lemma symmetric_on_if_symmetric:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "symmetric R"
+ shows "symmetric_on P R"
+ using assms by (intro symmetric_onI) (blast dest: symmetricD)
+
+lemma symmetric_rel_inv_iff_symmetric [iff]: "symmetric R\<inverse> \<longleftrightarrow> symmetric R"
+ by (blast dest: symmetricD)
+
+lemma rel_inv_eq_self_if_symmetric [simp]:
+ assumes "symmetric R"
+ shows "R\<inverse> = R"
+ using assms by (blast dest: symmetricD)
+
+lemma rel_iff_rel_if_symmetric:
+ assumes "symmetric R"
+ shows "R x y \<longleftrightarrow> R y x"
+ using assms by (blast dest: symmetricD)
+
+lemma symmetric_if_rel_inv_eq_self:
+ assumes "R\<inverse> = R"
+ shows "symmetric R"
+ by (intro symmetricI, subst assms[symmetric]) simp
+
+lemma symmetric_iff_rel_inv_eq_self: "symmetric R \<longleftrightarrow> R\<inverse> = R"
+ using rel_inv_eq_self_if_symmetric symmetric_if_rel_inv_eq_self by blast
+
+lemma symmetric_if_symmetric_on_in_field:
+ assumes "symmetric_on (in_field R) R"
+ shows "symmetric R"
+ using assms by (intro symmetricI) (blast dest: symmetric_onD)
+
+corollary symmetric_on_in_field_iff_symmetric [simp]:
+ "symmetric_on (in_field R) R \<longleftrightarrow> symmetric R"
+ using symmetric_if_symmetric_on_in_field symmetric_on_if_symmetric
+ by blast
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma symmetric_eq [iff]: "symmetric (=)"
+ by (rule symmetricI) (rule sym)
+
+lemma symmetric_top: "symmetric \<top>"
+ by (rule symmetricI) auto
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Transitive.thy b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Transitive.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Properties/Binary_Relations_Transitive.thy
@@ -0,0 +1,115 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Transitive\<close>
+theory Binary_Relations_Transitive
+ imports
+ Binary_Relation_Functions
+ Functions_Monotone
+begin
+
+consts transitive_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+
+overloading
+ transitive_on_pred \<equiv> "transitive_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "transitive_on_pred P R \<equiv> \<forall>x y z. P x \<and> P y \<and> P z \<and> R x y \<and> R y z \<longrightarrow> R x z"
+end
+
+lemma transitive_onI [intro]:
+ assumes "\<And>x y z. P x \<Longrightarrow> P y \<Longrightarrow> P z \<Longrightarrow> R x y \<Longrightarrow> R y z \<Longrightarrow> R x z"
+ shows "transitive_on P R"
+ unfolding transitive_on_pred_def using assms by blast
+
+lemma transitive_onD:
+ assumes "transitive_on P R"
+ and "P x" "P y" "P z"
+ and "R x y" "R y z"
+ shows "R x z"
+ using assms unfolding transitive_on_pred_def by blast
+
+lemma transitive_on_if_rel_comp_self_imp:
+ assumes "\<And>x y. P x \<Longrightarrow> P y \<Longrightarrow> (R \<circ>\<circ> R) x y \<Longrightarrow> R x y"
+ shows "transitive_on P R"
+proof (rule transitive_onI)
+ fix x y z assume "R x y" "R y z"
+ then have "(R \<circ>\<circ> R) x z" by (intro rel_compI)
+ moreover assume "P x" "P y" "P z"
+ ultimately show "R x z" by (simp only: assms)
+qed
+
+lemma transitive_on_rel_inv_iff_transitive_on [iff]:
+ "transitive_on P R\<inverse> \<longleftrightarrow> transitive_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ by (auto intro!: transitive_onI dest: transitive_onD)
+
+lemma antimono_transitive_on [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). transitive_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) (auto dest: transitive_onD)
+
+lemma transitive_on_if_le_pred_if_transitive_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "transitive_on P R"
+ and "P' \<le> P"
+ shows "transitive_on P' R"
+ using assms by (auto dest: transitive_onD)
+
+definition "transitive (R :: 'a \<Rightarrow> _) \<equiv> transitive_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma transitive_eq_transitive_on:
+ "transitive (R :: 'a \<Rightarrow> _) = transitive_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding transitive_def ..
+
+lemma transitiveI [intro]:
+ assumes "\<And>x y z. R x y \<Longrightarrow> R y z \<Longrightarrow> R x z"
+ shows "transitive R"
+ unfolding transitive_eq_transitive_on using assms by (intro transitive_onI)
+
+lemma transitiveD [dest]:
+ assumes "transitive R"
+ and "R x y" "R y z"
+ shows "R x z"
+ using assms unfolding transitive_eq_transitive_on
+ by (auto dest: transitive_onD)
+
+lemma transitive_on_if_transitive:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "transitive R"
+ shows "transitive_on P R"
+ using assms by (intro transitive_onI) blast
+
+lemma transitive_if_rel_comp_le_self:
+ assumes "R \<circ>\<circ> R \<le> R"
+ shows "transitive R"
+ using assms unfolding transitive_eq_transitive_on
+ by (intro transitive_on_if_rel_comp_self_imp) blast
+
+lemma rel_comp_le_self_if_transitive:
+ assumes "transitive R"
+ shows "R \<circ>\<circ> R \<le> R"
+ using assms by blast
+
+corollary transitive_iff_rel_comp_le_self: "transitive R \<longleftrightarrow> R \<circ>\<circ> R \<le> R"
+ using transitive_if_rel_comp_le_self rel_comp_le_self_if_transitive by blast
+
+lemma transitive_if_transitive_on_in_field:
+ assumes "transitive_on (in_field R) R"
+ shows "transitive R"
+ using assms by (intro transitiveI) (blast dest: transitive_onD)
+
+corollary transitive_on_in_field_iff_transitive [simp]:
+ "transitive_on (in_field R) R \<longleftrightarrow> transitive R"
+ using transitive_if_transitive_on_in_field transitive_on_if_transitive
+ by blast
+
+lemma transitive_rel_inv_iff_transitive [iff]:
+ "transitive R\<inverse> \<longleftrightarrow> transitive R"
+ by (auto intro!: transitiveI)
+
+paragraph \<open>Instantiations\<close>
+
+lemma transitive_eq: "transitive (=)"
+ by (rule transitiveI) (rule trans)
+
+lemma transitive_top: "transitive \<top>"
+ by (rule transitiveI) auto
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Binary_Relations/Restricted_Equality.thy b/thys/Transport/HOL_Basics/Binary_Relations/Restricted_Equality.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Binary_Relations/Restricted_Equality.thy
@@ -0,0 +1,98 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Restricted Equality\<close>
+theory Restricted_Equality
+ imports
+ Binary_Relations_Order_Base
+ Binary_Relation_Functions
+ Equivalence_Relations
+ Partial_Orders
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Introduces the concept of restricted equalities.
+An equality @{term "(=)"} can be restricted to only apply to a subset of its
+elements. The restriction can be formulated, for example, by a predicate or a
+set.\<close>
+
+consts eq_restrict :: "'a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> bool"
+
+bundle eq_restrict_syntax
+begin
+syntax
+ "_eq_restrict" :: "'a \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> bool" ("(_) =(\<^bsub>_\<^esub>) (_)" [51,51,51] 50)
+notation eq_restrict ("'(=(\<^bsub>_\<^esub>)')")
+end
+bundle no_eq_restrict_syntax
+begin
+no_syntax
+ "_eq_restrict" :: "'a \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> bool" ("(_) =(\<^bsub>_\<^esub>) (_)" [51,51,51] 50)
+no_notation eq_restrict ("'(=(\<^bsub>_\<^esub>)')")
+end
+unbundle eq_restrict_syntax
+
+translations
+ "x =\<^bsub>P\<^esub> y" \<rightleftharpoons> "CONST eq_restrict P x y"
+
+overloading
+ eq_restrict_pred \<equiv> "eq_restrict :: ('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> bool"
+begin
+ definition "eq_restrict_pred (P :: 'a \<Rightarrow> bool) \<equiv> ((=) :: 'a \<Rightarrow> _)\<restriction>\<^bsub>P\<^esub>"
+end
+
+lemma eq_restrict_eq_eq_restrict_left: "((=\<^bsub>P :: 'a \<Rightarrow> bool\<^esub>) :: 'a \<Rightarrow> _) = (=)\<restriction>\<^bsub>P\<^esub>"
+ unfolding eq_restrict_pred_def by simp
+
+lemma eq_restrictI [intro]:
+ assumes "x = y"
+ and "P x"
+ shows "x =\<^bsub>P\<^esub> y"
+ unfolding eq_restrict_eq_eq_restrict_left using assms by auto
+
+lemma eq_restrictE [elim]:
+ assumes "x =\<^bsub>P\<^esub> y"
+ obtains "P x" "y = x"
+ using assms unfolding eq_restrict_eq_eq_restrict_left by auto
+
+lemma eq_restrict_iff: "x =\<^bsub>P\<^esub> y \<longleftrightarrow> y = x \<and> P x" by auto
+
+lemma eq_restrict_le_eq: "((=\<^bsub>P :: 'a \<Rightarrow> bool\<^esub>) :: 'a \<Rightarrow> _) \<le> (=)"
+ by (intro le_relI) auto
+
+lemma eq_restrict_top_eq_eq [simp]: "(=\<^bsub>\<top> :: 'a \<Rightarrow> bool\<^esub>) = ((=) :: 'a \<Rightarrow> _)"
+ unfolding eq_restrict_eq_eq_restrict_left by simp
+
+lemma in_dom_eq_restrict_eq [simp]: "in_dom (=\<^bsub>P\<^esub>) = P" by auto
+lemma in_codom_eq_restrict_eq [simp]: "in_codom (=\<^bsub>P\<^esub>) = P" by auto
+lemma in_field_eq_restrict_eq [simp]: "in_field (=\<^bsub>P\<^esub>) = P" by auto
+
+
+paragraph \<open>Order Properties\<close>
+
+context
+ fixes P :: "'a \<Rightarrow> bool"
+begin
+
+context
+begin
+lemma reflexive_on_eq_restrict: "reflexive_on P ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)" by auto
+lemma transitive_eq_restrict: "transitive ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)" by auto
+lemma symmetric_eq_restrict: "symmetric ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)" by auto
+lemma antisymmetric_eq_restrict: "antisymmetric ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)" by auto
+end
+
+context
+begin
+lemma preorder_on_eq_restrict: "preorder_on P ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)"
+ using reflexive_on_eq_restrict transitive_eq_restrict by auto
+lemma partial_equivalence_rel_eq_restrict: "partial_equivalence_rel ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)"
+ using symmetric_eq_restrict transitive_eq_restrict by auto
+end
+
+lemma partial_order_on_eq_restrict: "partial_order_on P ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)"
+ using preorder_on_eq_restrict antisymmetric_eq_restrict by auto
+lemma equivalence_rel_on_eq_restrict: "equivalence_rel_on P ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)"
+ using partial_equivalence_rel_eq_restrict reflexive_on_eq_restrict by blast
+end
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Functions/Function_Relators.thy b/thys/Transport/HOL_Basics/Functions/Function_Relators.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Function_Relators.thy
@@ -0,0 +1,163 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Relators\<close>
+theory Function_Relators
+ imports
+ Binary_Relation_Functions
+ Functions_Base
+ Predicates_Lattice
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Introduces the concept of function relators. The slogan of function
+relators is "related functions map related inputs to related outputs".\<close>
+
+definition "Dep_Fun_Rel_rel R S f g \<equiv> \<forall>x y. R x y \<longrightarrow> S x y (f x) (g y)"
+
+abbreviation "Fun_Rel_rel R S \<equiv> Dep_Fun_Rel_rel R (\<lambda>_ _. S)"
+
+definition "Dep_Fun_Rel_pred P R f g \<equiv> \<forall>x. P x \<longrightarrow> R x (f x) (g x)"
+
+abbreviation "Fun_Rel_pred P R \<equiv> Dep_Fun_Rel_pred P (\<lambda>_. R)"
+
+bundle Dep_Fun_Rel_syntax begin
+syntax
+ "_Fun_Rel_rel" :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow>
+ ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("(_) \<Rrightarrow> (_)" [41, 40] 40)
+ "_Dep_Fun_Rel_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow> (_)" [41, 41, 41, 40] 40)
+ "_Dep_Fun_Rel_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow> (_)" [41, 41, 41, 41, 40] 40)
+ "_Fun_Rel_pred" :: "('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_] \<Rrightarrow> (_)" [41, 40] 40)
+ "_Dep_Fun_Rel_pred" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_/ \<Colon>/ _] \<Rrightarrow> (_)" [41, 41, 40] 40)
+ "_Dep_Fun_Rel_pred_if" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_/ \<Colon>/ _/ |/ _] \<Rrightarrow> (_)" [41, 41, 41, 40] 40)
+end
+bundle no_Dep_Fun_Rel_syntax begin
+no_syntax
+ "_Fun_Rel_rel" :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow>
+ ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("(_) \<Rrightarrow> (_)" [41, 40] 40)
+ "_Dep_Fun_Rel_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow> (_)" [41, 41, 41, 40] 40)
+ "_Dep_Fun_Rel_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow> (_)" [41, 41, 41, 41, 40] 40)
+ "_Fun_Rel_pred" :: "('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_] \<Rrightarrow> (_)" [41, 40] 40)
+ "_Dep_Fun_Rel_pred" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_/ \<Colon>/ _] \<Rrightarrow> (_)" [41, 41, 40] 40)
+ "_Dep_Fun_Rel_pred_if" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow> bool" ("[_/ \<Colon>/ _/ |/ _] \<Rrightarrow> (_)" [41, 41, 41, 40] 40)
+end
+unbundle Dep_Fun_Rel_syntax
+translations
+ "R \<Rrightarrow> S" \<rightleftharpoons> "CONST Fun_Rel_rel R S"
+ "[x y \<Colon> R] \<Rrightarrow> S" \<rightleftharpoons> "CONST Dep_Fun_Rel_rel R (\<lambda>x y. S)"
+ "[x y \<Colon> R | B] \<Rrightarrow> S" \<rightleftharpoons> "CONST Dep_Fun_Rel_rel R (\<lambda>x y. CONST rel_if B S)"
+ "[P] \<Rrightarrow> R" \<rightleftharpoons> "CONST Fun_Rel_pred P R"
+ "[x \<Colon> P] \<Rrightarrow> R" \<rightleftharpoons> "CONST Dep_Fun_Rel_pred P (\<lambda>x. R)"
+ "[x \<Colon> P | B] \<Rrightarrow> R" \<rightleftharpoons> "CONST Dep_Fun_Rel_pred P (\<lambda>x. CONST rel_if B R)"
+
+lemma Dep_Fun_Rel_relI [intro]:
+ assumes "\<And>x y. R x y \<Longrightarrow> S x y (f x) (g y)"
+ shows "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ unfolding Dep_Fun_Rel_rel_def using assms by blast
+
+lemma Dep_Fun_Rel_relD:
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and "R x y"
+ shows "S x y (f x) (g y)"
+ using assms unfolding Dep_Fun_Rel_rel_def by blast
+
+lemma Dep_Fun_Rel_relE [elim]:
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and "R x y"
+ obtains "S x y (f x) (g y)"
+ using assms unfolding Dep_Fun_Rel_rel_def by blast
+
+lemma Dep_Fun_Rel_predI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> R x (f x) (g x)"
+ shows "([x \<Colon> P] \<Rrightarrow> R x) f g"
+ unfolding Dep_Fun_Rel_pred_def using assms by blast
+
+lemma Dep_Fun_Rel_predD:
+ assumes "([x \<Colon> P] \<Rrightarrow> R x) f g"
+ and "P x"
+ shows "R x (f x) (g x)"
+ using assms unfolding Dep_Fun_Rel_pred_def by blast
+
+lemma Dep_Fun_Rel_predE [elim]:
+ assumes "([x \<Colon> P] \<Rrightarrow> R x) f g"
+ and "P x"
+ obtains "R x (f x) (g x)"
+ using assms unfolding Dep_Fun_Rel_pred_def by blast
+
+lemma rel_inv_Dep_Fun_Rel_rel_eq [simp]:
+ "([x y \<Colon> R] \<Rrightarrow> S x y)\<inverse> = ([y x \<Colon> R\<inverse>] \<Rrightarrow> (S x y)\<inverse>)"
+ by (intro ext) auto
+
+lemma rel_inv_Dep_Fun_Rel_pred_eq [simp]:
+ "([x \<Colon> P] \<Rrightarrow> R x)\<inverse> = ([x \<Colon> P] \<Rrightarrow> (R x)\<inverse>)"
+ by (intro ext) auto
+
+lemma Dep_Fun_Rel_pred_eq_Dep_Fun_Rel_rel:
+ "([x \<Colon> P] \<Rrightarrow> R x) = ([x _ \<Colon> (((\<sqinter>) P) \<circ> (=))] \<Rrightarrow> R x)"
+ by (intro ext) (auto intro!: Dep_Fun_Rel_predI Dep_Fun_Rel_relI)
+
+lemma Fun_Rel_eq_eq_eq [simp]: "((=) \<Rrightarrow> (=)) = (=)"
+ by (intro ext) auto
+
+
+paragraph \<open>Composition\<close>
+
+lemma Dep_Fun_Rel_rel_compI:
+ assumes Dep_Fun_Rel1: "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and Dep_Fun_Rel2: "\<And>x y. R x y \<Longrightarrow> ([x' y' \<Colon> T x y] \<Rrightarrow> U x y x' y') f' g'"
+ and le: "\<And>x y. R x y \<Longrightarrow> S x y (f x) (g y) \<Longrightarrow> T x y (f x) (g y)"
+ shows "([x y \<Colon> R] \<Rrightarrow> U x y (f x) (g y)) (f' \<circ> f) (g' \<circ> g)"
+ using assms by (intro Dep_Fun_Rel_relI) (auto 6 0)
+
+corollary Dep_Fun_Rel_rel_compI':
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and "\<And>x y. R x y \<Longrightarrow> ([x' y' \<Colon> S x y] \<Rrightarrow> T x y x' y') f' g'"
+ shows "([x y \<Colon> R] \<Rrightarrow> T x y (f x) (g y)) (f' \<circ> f) (g' \<circ> g)"
+ using assms by (intro Dep_Fun_Rel_rel_compI)
+
+lemma Dep_Fun_Rel_pred_comp_Dep_Fun_Rel_rel_compI:
+ assumes Dep_Fun_Rel1: "([x \<Colon> P] \<Rrightarrow> R x) f g"
+ and Dep_Fun_Rel2: "\<And>x. P x \<Longrightarrow> ([x' y' \<Colon> S x] \<Rrightarrow> T x x' y') f' g'"
+ and le: "\<And>x. P x \<Longrightarrow> R x (f x) (g x) \<Longrightarrow> S x (f x) (g x)"
+ shows "([x \<Colon> P] \<Rrightarrow> T x (f x) (g x)) (f' \<circ> f) (g' \<circ> g)"
+ using assms by (intro Dep_Fun_Rel_predI) (auto 6 0)
+
+corollary Dep_Fun_Rel_pred_comp_Dep_Fun_Rel_rel_compI':
+ assumes "([x \<Colon> P] \<Rrightarrow> R x) f g"
+ and "\<And>x. P x \<Longrightarrow> ([x' y' \<Colon> R x] \<Rrightarrow> S x x' y') f' g'"
+ shows "([x \<Colon> P] \<Rrightarrow> S x (f x) (g x)) (f' \<circ> f) (g' \<circ> g)"
+ using assms by (intro Dep_Fun_Rel_pred_comp_Dep_Fun_Rel_rel_compI)
+
+
+paragraph \<open>Restrictions\<close>
+
+lemma restrict_left_Dep_Fun_Rel_rel_restrict_left_eq:
+ fixes R :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and S :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and P :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ assumes "\<And>f x y. Q f \<Longrightarrow> R x y \<Longrightarrow> P x y (f x)"
+ shows "([x y \<Colon> R] \<Rrightarrow> (S x y)\<restriction>\<^bsub>P x y\<^esub>)\<restriction>\<^bsub>Q\<^esub> = ([x y \<Colon> R] \<Rrightarrow> S x y)\<restriction>\<^bsub>Q\<^esub>"
+ using assms by (intro ext iffI restrict_leftI Dep_Fun_Rel_relI)
+ (auto dest!: Dep_Fun_Rel_relD)
+
+lemma restrict_right_Dep_Fun_Rel_rel_restrict_right_eq:
+ fixes R :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and S :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and P :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ assumes "\<And>f x y. Q f \<Longrightarrow> R x y \<Longrightarrow> P x y (f y)"
+ shows "(([x y \<Colon> R] \<Rrightarrow> (S x y)\<upharpoonleft>\<^bsub>P x y\<^esub>)\<upharpoonleft>\<^bsub>Q\<^esub>) = (([x y \<Colon> R] \<Rrightarrow> S x y)\<upharpoonleft>\<^bsub>Q\<^esub>)"
+ unfolding restrict_right_eq
+ using assms restrict_left_Dep_Fun_Rel_rel_restrict_left_eq[where ?R="R\<inverse>"
+ and ?S="\<lambda>y x. (S x y)\<inverse>"]
+ by simp
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/Functions_Base.thy b/thys/Transport/HOL_Basics/Functions/Functions_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Functions_Base.thy
@@ -0,0 +1,68 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Functions\<close>
+subsection \<open>Basic Functions\<close>
+theory Functions_Base
+ imports HOL_Basics_Base
+begin
+
+definition "id x \<equiv> x"
+
+lemma id_eq_self [simp]: "id x = x"
+ unfolding id_def ..
+
+definition "comp f g x \<equiv> f (g x)"
+
+bundle comp_syntax begin notation comp (infixl "\<circ>" 55) end
+bundle no_comp_syntax begin no_notation comp (infixl "\<circ>" 55) end
+unbundle comp_syntax
+
+lemma comp_eq [simp]: "(f \<circ> g) x = f (g x)"
+ unfolding comp_def ..
+
+lemma id_comp_eq [simp]: "id \<circ> f = f"
+ by (rule ext) simp
+
+lemma comp_id_eq [simp]: "f \<circ> id = f"
+ by (rule ext) simp
+
+definition "dep_fun_map f g h x \<equiv> g x (f x) (h (f x))"
+
+abbreviation "fun_map f g h \<equiv> dep_fun_map f (\<lambda>_ _. g) h"
+
+bundle dep_fun_map_syntax begin
+syntax
+ "_fun_map" :: "('a \<Rightarrow> 'b) \<Rightarrow> ('c \<Rightarrow> 'd) \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow>
+ ('a \<Rightarrow> 'd)" ("(_) \<rightarrow> (_)" [41, 40] 40)
+ "_dep_fun_map" :: "idt \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('c \<Rightarrow> 'd) \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow>
+ ('a \<Rightarrow> 'd)" ("[_/ : / _] \<rightarrow> (_)" [41, 41, 40] 40)
+end
+bundle no_dep_fun_map_syntax begin
+no_syntax
+ "_fun_map" :: "('a \<Rightarrow> 'b) \<Rightarrow> ('c \<Rightarrow> 'd) \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow>
+ ('a \<Rightarrow> 'd)" ("(_) \<rightarrow> (_)" [41, 40] 40)
+ "_dep_fun_map" :: "idt \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('c \<Rightarrow> 'd) \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow>
+ ('a \<Rightarrow> 'd)" ("[_/ : / _] \<rightarrow> (_)" [41, 41, 40] 40)
+end
+unbundle dep_fun_map_syntax
+translations
+ "f \<rightarrow> g" \<rightleftharpoons> "CONST fun_map f g"
+ "[x : f] \<rightarrow> g" \<rightleftharpoons> "CONST dep_fun_map f (\<lambda>x. g)"
+
+lemma dep_fun_map_eq [simp]: "([x : f] \<rightarrow> g x) h x = g x (f x) (h (f x))"
+ unfolding dep_fun_map_def ..
+
+lemma fun_map_eq_comp [simp]: "(f \<rightarrow> g) h = g \<circ> h \<circ> f"
+ by fastforce
+
+lemma fun_map_eq [simp]: "(f \<rightarrow> g) h x = g (h (f x))"
+ unfolding fun_map_eq_comp by simp
+
+lemma fun_map_id_eq_comp [simp]: "fun_map id = (\<circ>)"
+ by (intro ext) simp
+
+lemma fun_map_id_eq_comp' [simp]: "(f \<rightarrow> id) h = h \<circ> f"
+ by (intro ext) simp
+
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/LFunctions.thy b/thys/Transport/HOL_Basics/Functions/LFunctions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/LFunctions.thy
@@ -0,0 +1,13 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory LFunctions
+ imports
+ Functions_Base
+ Function_Properties
+ Function_Relators
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic concepts on functions.\<close>
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Function_Properties.thy b/thys/Transport/HOL_Basics/Functions/Properties/Function_Properties.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Function_Properties.thy
@@ -0,0 +1,16 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basic Properties\<close>
+theory Function_Properties
+ imports
+ Functions_Bijection
+ Functions_Injective
+ Functions_Inverse
+ Functions_Monotone
+ Functions_Surjective
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic properties on functions.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Functions_Bijection.thy b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Bijection.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Bijection.thy
@@ -0,0 +1,150 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Bijection\<close>
+theory Functions_Bijection
+ imports
+ Functions_Inverse
+ Functions_Monotone
+begin
+
+consts bijection_on :: "'a \<Rightarrow> 'b \<Rightarrow> ('c \<Rightarrow> 'd) \<Rightarrow> ('d \<Rightarrow> 'c) \<Rightarrow> bool"
+
+overloading
+ bijection_on_pred \<equiv> "bijection_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "bijection_on_pred P P' f g \<equiv>
+ ([P] \<Rrightarrow>\<^sub>m P') f \<and>
+ ([P'] \<Rrightarrow>\<^sub>m P) g \<and>
+ inverse_on P f g \<and>
+ inverse_on P' g f"
+end
+
+lemma bijection_onI [intro]:
+ assumes "([P] \<Rrightarrow>\<^sub>m P') f"
+ and "([P'] \<Rrightarrow>\<^sub>m P) g"
+ and "inverse_on P f g"
+ and "inverse_on P' g f"
+ shows "bijection_on P P' f g"
+ using assms unfolding bijection_on_pred_def by blast
+
+lemma bijection_onE:
+ assumes "bijection_on P P' f g"
+ obtains "([P] \<Rrightarrow>\<^sub>m P') f" "([P'] \<Rrightarrow>\<^sub>m P) g"
+ "inverse_on P f g" "inverse_on P' g f"
+ using assms unfolding bijection_on_pred_def by blast
+
+context
+ fixes P :: "'a \<Rightarrow> bool"
+ and P' :: "'b \<Rightarrow> bool"
+ and f :: "'a \<Rightarrow> 'b"
+begin
+
+lemma mono_wrt_pred_if_bijection_on_left:
+ assumes "bijection_on P P' f g"
+ shows "([P] \<Rrightarrow>\<^sub>m P') f"
+ using assms by (elim bijection_onE)
+
+lemma mono_wrt_pred_if_bijection_on_right:
+ assumes "bijection_on P P' f g"
+ shows "([P'] \<Rrightarrow>\<^sub>m P) g"
+ using assms by (elim bijection_onE)
+
+lemma bijection_on_pred_right:
+ assumes "bijection_on P P' f g"
+ and "P x"
+ shows "P' (f x)"
+ using assms by (blast elim: bijection_onE)
+
+lemma bijection_on_pred_left:
+ assumes "bijection_on P P' f g"
+ and "P' y"
+ shows "P (g y)"
+ using assms by (blast elim: bijection_onE)
+
+lemma inverse_on_if_bijection_on_left_right:
+ assumes "bijection_on P P' f g"
+ shows "inverse_on P f g"
+ using assms by (elim bijection_onE)
+
+lemma inverse_on_if_bijection_on_right_left:
+ assumes "bijection_on P P' f g"
+ shows "inverse_on P' g f"
+ using assms by (elim bijection_onE)
+
+lemma bijection_on_left_right_eq_self:
+ assumes "bijection_on P P' f g"
+ and "P x"
+ shows "g (f x) = x"
+ using assms inverse_on_if_bijection_on_left_right
+ by (intro inverse_onD)
+
+lemma bijection_on_right_left_eq_self':
+ assumes "bijection_on P P' f g"
+ and "P' y"
+ shows "f (g y) = y"
+ using assms inverse_on_if_bijection_on_right_left by (intro inverse_onD)
+
+lemma bijection_on_right_left_if_bijection_on_left_right:
+ assumes "bijection_on P P' f g"
+ shows "bijection_on P' P g f"
+ using assms by (auto elim: bijection_onE)
+
+lemma injective_on_if_bijection_on_left:
+ assumes "bijection_on P P' f g"
+ shows "injective_on P f"
+ using assms
+ by (intro injective_on_if_inverse_on inverse_on_if_bijection_on_left_right)
+
+lemma injective_on_if_bijection_on_right:
+ assumes "bijection_on P P' f g"
+ shows "injective_on P' g"
+ by (intro injective_on_if_inverse_on)
+ (fact inverse_on_if_bijection_on_right_left[OF assms])
+
+end
+
+
+definition "bijection (f :: 'a \<Rightarrow> 'b) \<equiv> bijection_on (\<top> :: 'a \<Rightarrow> bool) (\<top> :: 'b \<Rightarrow> bool) f"
+
+lemma bijection_eq_bijection_on:
+ "bijection (f :: 'a \<Rightarrow> 'b) = bijection_on (\<top> :: 'a \<Rightarrow> bool) (\<top> :: 'b \<Rightarrow> bool) f"
+ unfolding bijection_def ..
+
+lemma bijectionI [intro]:
+ assumes "inverse f g"
+ and "inverse g f"
+ shows "bijection f g"
+ unfolding bijection_eq_bijection_on using assms
+ by (intro bijection_onI inverse_on_if_inverse dep_mono_wrt_predI) simp_all
+
+lemma bijectionE [elim]:
+ assumes "bijection f g"
+ obtains "inverse f g" "inverse g f"
+ using assms unfolding bijection_eq_bijection_on inverse_eq_inverse_on
+ by (blast elim: bijection_onE)
+
+lemma inverse_if_bijection_left_right:
+ assumes "bijection f g"
+ shows "inverse f g"
+ using assms by (elim bijectionE)
+
+lemma inverse_if_bijection_right_left:
+ assumes "bijection f g"
+ shows "inverse g f"
+ using assms by (elim bijectionE)
+
+lemma bijection_right_left_if_bijection_left_right:
+ assumes "bijection f g"
+ shows "bijection g f"
+ using assms by auto
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma bijection_on_self_id:
+ fixes P :: "'a \<Rightarrow> bool"
+ shows "bijection_on P P (id :: 'a \<Rightarrow> _) id"
+ by (intro bijection_onI inverse_onI dep_mono_wrt_predI) simp_all
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Functions_Injective.thy b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Injective.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Injective.thy
@@ -0,0 +1,58 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Injective\<close>
+theory Functions_Injective
+ imports
+ Functions_Base
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts injective_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow> bool"
+
+overloading
+ injective_on_pred \<equiv> "injective_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> bool"
+begin
+ definition "injective_on_pred P f \<equiv> \<forall>x x'. P x \<longrightarrow> P x' \<longrightarrow> f x = f x' \<longrightarrow> x = x'"
+end
+
+lemma injective_onI [intro]:
+ assumes "\<And>x x'. P x \<Longrightarrow> P x' \<Longrightarrow> f x = f x' \<Longrightarrow> x = x'"
+ shows "injective_on P f"
+ unfolding injective_on_pred_def using assms by blast
+
+lemma injective_onD:
+ assumes "injective_on P f"
+ and "P x" "P x'"
+ and "f x = f x'"
+ shows "x = x'"
+ using assms unfolding injective_on_pred_def by blast
+
+definition "injective (f :: 'a \<Rightarrow> _) \<equiv> injective_on (\<top> :: 'a \<Rightarrow> bool) f"
+
+lemma injective_eq_injective_on:
+ "injective (f :: 'a \<Rightarrow> _) = injective_on (\<top> :: 'a \<Rightarrow> bool) f"
+ unfolding injective_def ..
+
+lemma injectiveI [intro]:
+ assumes "\<And>x x'. f x = f x' \<Longrightarrow> x = x'"
+ shows "injective f"
+ unfolding injective_eq_injective_on using assms by (intro injective_onI)
+
+lemma injectiveD:
+ assumes "injective f"
+ and "f x = f x'"
+ shows "x = x'"
+ using assms unfolding injective_eq_injective_on by (auto dest: injective_onD)
+
+lemma injective_on_if_injective:
+ fixes P :: "'a \<Rightarrow> bool" and f :: "'a \<Rightarrow> _"
+ assumes "injective f"
+ shows "injective_on P f"
+ using assms by (intro injective_onI) (blast dest: injectiveD)
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma injective_id: "injective id" by auto
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Functions_Inverse.thy b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Inverse.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Inverse.thy
@@ -0,0 +1,62 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Inverse\<close>
+theory Functions_Inverse
+ imports
+ Functions_Injective
+begin
+
+consts inverse_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow> ('c \<Rightarrow> 'b) \<Rightarrow> bool"
+
+overloading
+ inverse_on_pred \<equiv> "inverse_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "inverse_on_pred P f g \<equiv> \<forall>x. P x \<longrightarrow> g (f x) = x"
+end
+
+lemma inverse_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> g (f x) = x"
+ shows "inverse_on P f g"
+ unfolding inverse_on_pred_def using assms by blast
+
+lemma inverse_onD:
+ assumes "inverse_on P f g"
+ and "P x"
+ shows "g (f x) = x"
+ using assms unfolding inverse_on_pred_def by blast
+
+lemma injective_on_if_inverse_on:
+ assumes inv: "inverse_on (P :: 'a \<Rightarrow> bool) (f :: 'a \<Rightarrow> _) g"
+ shows "injective_on P f"
+proof (rule injective_onI)
+ fix x x'
+ assume Px: "P x" and Px': "P x'" and f_x_eq_f_x': "f x = f x'"
+ from inv have "x = g (f x)" using Px by (intro inverse_onD[symmetric])
+ also have "... = g (f x')" by (simp only: f_x_eq_f_x')
+ also have "... = x'" using inv Px' by (intro inverse_onD)
+ finally show "x = x'" .
+qed
+
+definition "inverse (f :: 'a \<Rightarrow> _) \<equiv> inverse_on (\<top> :: 'a \<Rightarrow> bool) f"
+
+lemma inverse_eq_inverse_on:
+ "inverse (f :: 'a \<Rightarrow> _) = inverse_on (\<top> :: 'a \<Rightarrow> bool) f"
+ unfolding inverse_def ..
+
+lemma inverseI [intro]:
+ assumes "\<And>x. g (f x) = x"
+ shows "inverse f g"
+ unfolding inverse_eq_inverse_on using assms by (intro inverse_onI)
+
+lemma inverseD:
+ assumes "inverse f g"
+ shows "g (f x) = x"
+ using assms unfolding inverse_eq_inverse_on by (auto dest: inverse_onD)
+
+lemma inverse_on_if_inverse:
+ fixes P :: "'a \<Rightarrow> bool" and f :: "'a \<Rightarrow> 'b"
+ assumes "inverse f g"
+ shows "inverse_on P f g"
+ using assms by (intro inverse_onI) (blast dest: inverseD)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Functions_Monotone.thy b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Monotone.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Monotone.thy
@@ -0,0 +1,345 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Monotonicity\<close>
+theory Functions_Monotone
+ imports
+ Binary_Relations_Order_Base
+ Function_Relators
+ Predicates
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Introduces the concept of monotone functions. A function is monotone
+if it is related to itself - see \<^term>\<open>Dep_Fun_Rel_rel\<close>.\<close>
+
+declare le_funI[intro]
+declare le_funE[elim]
+
+definition "dep_mono_wrt_rel R S f \<equiv> ([x y \<Colon> R] \<Rrightarrow> S x y) f f"
+
+abbreviation "mono_wrt_rel R S \<equiv> dep_mono_wrt_rel R (\<lambda>_ _. S)"
+
+definition "dep_mono_wrt_pred P Q f \<equiv> ([x \<Colon> P] \<Rrightarrow> (\<lambda>_. Q x)) f f"
+
+abbreviation "mono_wrt_pred P Q \<equiv> dep_mono_wrt_pred P (\<lambda>_. Q)"
+
+bundle dep_mono_wrt_syntax begin
+syntax
+ "_mono_wrt_rel" :: "('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ bool" ("(_) \<Rrightarrow>\<^sub>m (_)" [41, 40] 40)
+ "_dep_mono_wrt_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 40] 40)
+ "_dep_mono_wrt_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 41, 40] 40)
+ "_mono_wrt_pred" :: "('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ bool" ("[_] \<Rrightarrow>\<^sub>m (_)" [41, 40] 40)
+ "_dep_mono_wrt_pred" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ \<Colon>/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 40] 40)
+ (*TODO: this only works if we introduce a pred_if constant first*)
+ (* "_dep_mono_wrt_pred_if" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> *)
+ (* ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 40] 40) *)
+end
+bundle no_dep_mono_wrt_syntax begin
+no_syntax
+ "_mono_wrt_rel" :: "('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ bool" ("(_) \<Rrightarrow>\<^sub>m (_)" [41, 40] 40)
+ "_dep_mono_wrt_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 40] 40)
+ "_dep_mono_wrt_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 41, 40] 40)
+ "_mono_wrt_pred" :: "('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow>
+ bool" ("[_] \<Rrightarrow>\<^sub>m (_)" [41, 40] 40)
+ "_dep_mono_wrt_pred" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ \<Colon>/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 40] 40)
+ (* "_dep_mono_wrt_pred_if" :: "idt \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> *)
+ (* ('a \<Rightarrow> 'b) \<Rightarrow> bool" ("[_/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<^sub>m (_)" [41, 41, 41, 40] 40) *)
+end
+unbundle dep_mono_wrt_syntax
+translations
+ "R \<Rrightarrow>\<^sub>m S" \<rightleftharpoons> "CONST mono_wrt_rel R S"
+ "[x y \<Colon> R] \<Rrightarrow>\<^sub>m S" \<rightleftharpoons> "CONST dep_mono_wrt_rel R (\<lambda>x y. S)"
+ "[x y \<Colon> R | B] \<Rrightarrow>\<^sub>m S" \<rightleftharpoons> "CONST dep_mono_wrt_rel R (\<lambda>x y. CONST rel_if B S)"
+ "[P] \<Rrightarrow>\<^sub>m Q" \<rightleftharpoons> "CONST mono_wrt_pred P Q"
+ "[x \<Colon> P] \<Rrightarrow>\<^sub>m Q" \<rightleftharpoons> "CONST dep_mono_wrt_pred P (\<lambda>x. Q)"
+ (* "[x \<Colon> P | B] \<Rrightarrow>\<^sub>m Q" \<rightleftharpoons> "CONST dep_mono_wrt_pred P (\<lambda>x. CONST rel_if B Q)" *)
+
+lemma dep_mono_wrt_relI [intro]:
+ assumes "\<And>x y. R x y \<Longrightarrow> S x y (f x) (f y)"
+ shows "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ using assms unfolding dep_mono_wrt_rel_def by blast
+
+lemma dep_mono_wrt_relE [elim]:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "R x y"
+ obtains "S x y (f x) (f y)"
+ using assms unfolding dep_mono_wrt_rel_def by blast
+
+lemma dep_mono_wrt_relD:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "R x y"
+ shows "S x y (f x) (f y)"
+ using assms by blast
+
+lemma dep_mono_wrt_predI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> Q x (f x)"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ using assms unfolding dep_mono_wrt_pred_def by blast
+
+lemma dep_mono_wrt_predE [elim]:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "P x"
+ obtains "Q x (f x)"
+ using assms unfolding dep_mono_wrt_pred_def by blast
+
+lemma dep_mono_wrt_predD:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "P x"
+ shows "Q x (f x)"
+ using assms by blast
+
+lemma dep_mono_wrt_rel_if_Dep_Fun_Rel_rel_self:
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f f"
+ shows "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ using assms by blast
+
+lemma dep_mono_wrt_pred_if_Dep_Fun_Rel_pred_self:
+ assumes "([x \<Colon> P] \<Rrightarrow> (\<lambda>_. Q x)) f f"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ using assms by blast
+
+lemma Dep_Fun_Rel_rel_self_if_dep_mono_wrt_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ shows "([x y \<Colon> R] \<Rrightarrow> S x y) f f"
+ using assms by blast
+
+lemma Dep_Fun_Rel_pred_self_if_dep_mono_wrt_pred:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ shows "([x \<Colon> P] \<Rrightarrow> (\<lambda>_. Q x)) f f"
+ using assms by blast
+
+corollary Dep_Fun_Rel_rel_self_iff_dep_mono_wrt_rel:
+ "([x y \<Colon> R] \<Rrightarrow> S x y) f f \<longleftrightarrow> ([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ using dep_mono_wrt_rel_if_Dep_Fun_Rel_rel_self
+ Dep_Fun_Rel_rel_self_if_dep_mono_wrt_rel by blast
+
+corollary Dep_Fun_Rel_pred_self_iff_dep_mono_wrt_pred:
+ "([x \<Colon> P] \<Rrightarrow> (\<lambda>_. Q x)) f f \<longleftrightarrow> ([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ using dep_mono_wrt_pred_if_Dep_Fun_Rel_pred_self
+ Dep_Fun_Rel_pred_self_if_dep_mono_wrt_pred by blast
+
+lemma dep_mono_wrt_rel_inv_eq [simp]:
+ "([y x \<Colon> R\<inverse>] \<Rrightarrow>\<^sub>m (S x y)\<inverse>) = ([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y)"
+ by (intro ext) auto
+
+lemma in_dom_if_rel_if_dep_mono_wrt_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "R x y"
+ shows "in_dom (S x y) (f x)"
+ using assms by (intro in_domI) blast
+
+corollary in_dom_if_in_dom_if_mono_wrt_rel:
+ assumes "(R \<Rrightarrow>\<^sub>m S) f"
+ shows "([in_dom R] \<Rrightarrow>\<^sub>m in_dom S) f"
+ using assms in_dom_if_rel_if_dep_mono_wrt_rel by fast
+
+lemma in_codom_if_rel_if_dep_mono_wrt_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "R x y"
+ shows "in_codom (S x y) (f y)"
+ using assms by (intro in_codomI) blast
+
+corollary in_codom_if_in_codom_if_mono_wrt_rel:
+ assumes "(R \<Rrightarrow>\<^sub>m S) f"
+ shows "([in_codom R] \<Rrightarrow>\<^sub>m in_codom S) f"
+ using assms in_dom_if_rel_if_dep_mono_wrt_rel by fast
+
+corollary in_field_if_in_field_if_mono_wrt_rel:
+ assumes "(R \<Rrightarrow>\<^sub>m S) f"
+ shows "([in_field R] \<Rrightarrow>\<^sub>m in_field S) f"
+ using assms by (intro dep_mono_wrt_predI) blast
+
+lemma le_rel_map_if_mono_wrt_rel:
+ assumes "(R \<Rrightarrow>\<^sub>m S) f"
+ shows "R \<le> rel_map f S"
+ using assms by (intro le_relI) auto
+
+lemma le_pred_map_if_mono_wrt_pred:
+ assumes "([P] \<Rrightarrow>\<^sub>m Q) f"
+ shows "P \<le> pred_map f Q"
+ using assms by (intro le_predI) auto
+
+lemma mono_wrt_rel_if_le_rel_map:
+ assumes "R \<le> rel_map f S"
+ shows "(R \<Rrightarrow>\<^sub>m S) f"
+ using assms by (intro dep_mono_wrt_relI) auto
+
+lemma mono_wrt_pred_if_le_pred_map:
+ assumes "P \<le> pred_map f Q"
+ shows "([P] \<Rrightarrow>\<^sub>m Q) f"
+ using assms by (intro dep_mono_wrt_predI) auto
+
+corollary mono_wrt_rel_iff_le_rel_map: "(R \<Rrightarrow>\<^sub>m S) f \<longleftrightarrow> R \<le> rel_map f S"
+ using mono_wrt_rel_if_le_rel_map le_rel_map_if_mono_wrt_rel by auto
+
+corollary mono_wrt_pred_iff_le_pred_map: "([P] \<Rrightarrow>\<^sub>m Q) f \<longleftrightarrow> P \<le> pred_map f Q"
+ using mono_wrt_pred_if_le_pred_map le_pred_map_if_mono_wrt_pred by auto
+
+definition "mono \<equiv> ((\<le>) \<Rrightarrow>\<^sub>m (\<le>))"
+
+definition "antimono \<equiv> ((\<le>) \<Rrightarrow>\<^sub>m (\<ge>))"
+
+lemma monoI [intro]:
+ assumes "\<And>x y. x \<le> y \<Longrightarrow> f x \<le> f y"
+ shows "mono f"
+ unfolding mono_def using assms by blast
+
+lemma monoE [elim]:
+ assumes "mono f"
+ and "x \<le> y"
+ obtains "f x \<le> f y"
+ using assms unfolding mono_def by blast
+
+lemma monoD:
+ assumes "mono f"
+ and "x \<le> y"
+ shows "f x \<le> f y"
+ using assms by blast
+
+lemma antimonoI [intro]:
+ assumes "\<And>x y. x \<le> y \<Longrightarrow> f y \<le> f x"
+ shows "antimono f"
+ unfolding antimono_def using assms by blast
+
+lemma antimonoE [elim]:
+ assumes "antimono f"
+ and "x \<le> y"
+ obtains "f y \<le> f x"
+ using assms unfolding antimono_def by blast
+
+lemma antimonoD:
+ assumes "antimono f"
+ and "x \<le> y"
+ shows "f y \<le> f x"
+ using assms by blast
+
+lemma antimono_Dep_Fun_Rel_rel_left: "antimono (\<lambda>R. [x y \<Colon> R] \<Rrightarrow> S x y)"
+ by (intro antimonoI) auto
+
+lemma antimono_Dep_Fun_Rel_pred_left: "antimono (\<lambda>P. [x \<Colon> P] \<Rrightarrow> Q x)"
+ by (intro antimonoI) auto
+
+lemma antimono_dep_mono_wrt_rel_left: "antimono (\<lambda>R. [x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y)"
+ by (intro antimonoI) auto
+
+lemma antimono_dep_mono_wrt_pred_left: "antimono (\<lambda>P. [x \<Colon> P] \<Rrightarrow>\<^sub>m Q x)"
+ by (intro antimonoI) auto
+
+lemma Dep_Fun_Rel_rel_if_le_left_if_Dep_Fun_Rel_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and "T \<le> R"
+ shows "([x y \<Colon> T] \<Rrightarrow> S x y) f g"
+ using assms by blast
+
+lemma Dep_Fun_Rel_pred_if_le_left_if_Dep_Fun_Rel_pred:
+ assumes "([x \<Colon> P] \<Rrightarrow> Q x) f g"
+ and "T \<le> P"
+ shows "([x \<Colon> T] \<Rrightarrow> Q x) f g"
+ using assms by blast
+
+lemma dep_mono_wrt_rel_if_le_left_if_dep_mono_wrt_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "T \<le> R"
+ shows "([x y \<Colon> T] \<Rrightarrow>\<^sub>m S x y) f"
+ using assms by blast
+
+lemma dep_mono_wrt_pred_if_le_left_if_dep_mono_wrt_pred:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "T \<le> P"
+ shows "([x \<Colon> T] \<Rrightarrow>\<^sub>m Q x) f"
+ using assms by blast
+
+lemma mono_Dep_Fun_Rel_rel_right: "mono (\<lambda>S. [x y \<Colon> R] \<Rrightarrow> S x y)"
+ by (intro monoI) blast
+
+lemma mono_Dep_Fun_Rel_pred_right: "mono (\<lambda>Q. [x \<Colon> P] \<Rrightarrow> Q x)"
+ by (intro monoI) blast
+
+lemma mono_dep_mono_wrt_rel_right: "mono (\<lambda>S. [x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y)"
+ by (intro monoI) blast
+
+lemma mono_dep_mono_wrt_pred_right: "mono (\<lambda>Q. [x \<Colon> P] \<Rrightarrow>\<^sub>m Q x)"
+ by (intro monoI) blast
+
+lemma Dep_Fun_Rel_rel_if_le_right_if_Dep_Fun_Rel_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow> S x y) f g"
+ and "\<And>x y. R x y \<Longrightarrow> S x y (f x) (g y) \<Longrightarrow> T x y (f x) (g y)"
+ shows "([x y \<Colon> R] \<Rrightarrow> T x y) f g"
+ using assms by (intro Dep_Fun_Rel_relI) blast
+
+lemma Dep_Fun_Rel_pred_if_le_right_if_Dep_Fun_Rel_pred:
+ assumes "([x \<Colon> P] \<Rrightarrow> Q x) f g"
+ and "\<And>x. P x \<Longrightarrow> Q x (f x) (g x) \<Longrightarrow> T x (f x) (g x)"
+ shows "([x \<Colon> P] \<Rrightarrow> T x) f g"
+ using assms by blast
+
+lemma dep_mono_wrt_rel_if_le_right_if_dep_mono_wrt_rel:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "\<And>x y. R x y \<Longrightarrow> S x y (f x) (f y) \<Longrightarrow> T x y (f x) (f y)"
+ shows "([x y \<Colon> R] \<Rrightarrow>\<^sub>m T x y) f"
+ using assms by (intro dep_mono_wrt_relI) blast
+
+lemma dep_mono_wrt_pred_if_le_right_if_dep_mono_wrt_pred:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "\<And>x. P x \<Longrightarrow> Q x (f x) \<Longrightarrow> T x (f x)"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m T x) f"
+ using assms by blast
+
+
+paragraph \<open>Composition\<close>
+
+lemma dep_mono_wrt_rel_compI:
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "\<And>x y. R x y \<Longrightarrow> ([x' y' \<Colon> T x y] \<Rrightarrow>\<^sub>m U x y x' y') f'"
+ and "\<And>x y. R x y \<Longrightarrow> S x y (f x) (f y) \<Longrightarrow> T x y (f x) (f y)"
+ shows "([x y \<Colon> R] \<Rrightarrow>\<^sub>m U x y (f x) (f y)) (f' \<circ> f)"
+ using assms by (intro dep_mono_wrt_relI) (auto 6 0)
+
+corollary dep_mono_wrt_rel_compI':
+ assumes "([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "\<And>x y. R x y \<Longrightarrow> ([x' y' \<Colon> S x y] \<Rrightarrow>\<^sub>m T x y x' y') f'"
+ shows "([x y \<Colon> R] \<Rrightarrow>\<^sub>m T x y (f x) (f y)) (f' \<circ> f)"
+ using assms by (intro dep_mono_wrt_rel_compI)
+
+lemma dep_mono_wrt_pred_comp_dep_mono_wrt_rel_compI:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "\<And>x. P x \<Longrightarrow> ([x' y' \<Colon> R x] \<Rrightarrow>\<^sub>m S x x' y') f'"
+ and "\<And>x. P x \<Longrightarrow> Q x (f x) \<Longrightarrow> R x (f x) (f x)"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m (\<lambda>y. S x (f x) (f x) y y)) (f' \<circ> f)"
+ using assms by (intro dep_mono_wrt_predI) (auto 6 0)
+
+lemma dep_mono_wrt_pred_comp_dep_mono_wrt_pred_compI:
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "\<And>x. P x \<Longrightarrow> ([x' \<Colon> R x] \<Rrightarrow>\<^sub>m S x x') f'"
+ and "\<And>x. P x \<Longrightarrow> Q x (f x) \<Longrightarrow> R x (f x)"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m S x (f x)) (f' \<circ> f)"
+ using assms by (intro dep_mono_wrt_predI) (auto 6 0)
+
+corollary dep_mono_wrt_pred_comp_dep_mono_wrt_pred_compI':
+ assumes "([x \<Colon> P] \<Rrightarrow>\<^sub>m Q x) f"
+ and "\<And>x. P x \<Longrightarrow> ([x' \<Colon> Q x] \<Rrightarrow>\<^sub>m S x x') f'"
+ shows "([x \<Colon> P] \<Rrightarrow>\<^sub>m S x (f x)) (f' \<circ> f)"
+ using assms by (intro dep_mono_wrt_pred_comp_dep_mono_wrt_pred_compI)
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma mono_wrt_rel_self_id: "(R \<Rrightarrow>\<^sub>m R) id" by auto
+lemma mono_wrt_pred_self_id: "([P] \<Rrightarrow>\<^sub>m P) id" by auto
+
+lemma mono_in_dom: "mono in_dom" by (intro monoI) fast
+lemma mono_in_codom: "mono in_codom" by (intro monoI) fast
+lemma mono_in_field: "mono in_field" by (intro monoI) fast
+lemma mono_rel_comp1: "mono (\<circ>\<circ>)" by (intro monoI) fast
+lemma mono_rel_comp2: "mono ((\<circ>\<circ>) x)" by (intro monoI) fast
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Functions/Properties/Functions_Surjective.thy b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Surjective.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Functions/Properties/Functions_Surjective.thy
@@ -0,0 +1,50 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Surjective\<close>
+theory Functions_Surjective
+ imports
+ HOL_Syntax_Bundles_Lattices
+begin
+
+consts surjective_at :: "'a \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow> bool"
+
+overloading
+ surjective_at_pred \<equiv> "surjective_at :: ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "surjective_at_pred P f \<equiv> \<forall>y. P y \<longrightarrow> (\<exists>x. y = f x)"
+end
+
+lemma surjective_atI [intro]:
+ assumes "\<And>y. P y \<Longrightarrow> \<exists>x. y = f x"
+ shows "surjective_at P f"
+ unfolding surjective_at_pred_def using assms by blast
+
+lemma surjective_atE [elim]:
+ assumes "surjective_at P f"
+ and "P y"
+ obtains x where "y = f x"
+ using assms unfolding surjective_at_pred_def by blast
+
+definition "surjective (f :: _ \<Rightarrow> 'a) \<equiv> surjective_at (\<top> :: 'a \<Rightarrow> bool) f"
+
+lemma surjective_eq_surjective_at:
+ "surjective (f :: _ \<Rightarrow> 'a) = surjective_at (\<top> :: 'a \<Rightarrow> bool) f"
+ unfolding surjective_def ..
+
+lemma surjectiveI [intro]:
+ assumes "\<And>y. \<exists>x. y = f x"
+ shows "surjective f"
+ unfolding surjective_eq_surjective_at using assms by (intro surjective_atI)
+
+lemma surjectiveE:
+ assumes "surjective f"
+ obtains x where "y = f x"
+ using assms unfolding surjective_eq_surjective_at by (blast intro: top1I)
+
+lemma surjective_at_if_surjective:
+ fixes P :: "'a \<Rightarrow> bool" and f :: "_ \<Rightarrow> 'a"
+ assumes "surjective f"
+ shows "surjective_at P f"
+ using assms by (intro surjective_atI) (blast elim: surjectiveE)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois.thy b/thys/Transport/HOL_Basics/Galois/Galois.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois.thy
@@ -0,0 +1,14 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Galois
+ imports
+ Galois_Equivalences
+ Galois_Relator
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>We define the concept of (partial) Galois connections, Galois equivalences,
+and the Galois relator. For details refer to \<^cite>\<open>"transport"\<close>.\<close>
+
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Base.thy b/thys/Transport/HOL_Basics/Galois/Galois_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Base.thy
@@ -0,0 +1,30 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Galois\<close>
+subsection \<open>Basic Abbreviations\<close>
+theory Galois_Base
+ imports
+ Order_Functors_Base
+begin
+
+locale galois = order_functors
+begin
+
+text \<open>The locale @{locale galois} serves to define concepts that ultimately lead
+to the definition of Galois connections and Galois equivalences.
+Galois connections and equivalences are special cases of adjoints and
+adjoint equivalences, respectively, known from category theory.
+As such, in what follows, we sometimes borrow vocabulary from category theory
+to highlight this connection.
+
+A \<^emph>\<open>Galois connection\<close> between two relations @{term "(\<le>\<^bsub>L\<^esub>)"} and
+@{term "(\<le>\<^bsub>R\<^esub>)"} consists of two monotone functions (i.e. order functors)
+@{term "l"} and @{term "r"} such that @{term "x \<le>\<^bsub>L\<^esub> r y \<longleftrightarrow> l x \<le>\<^bsub>R\<^esub> y"}.
+We call this the \<^emph>\<open>Galois property\<close>.
+@{term "l"} is called the \<^emph>\<open>left adjoint\<close> and @{term "r"} the \<^emph>\<open>right adjoint\<close>.
+We call @{term "(\<le>\<^bsub>L\<^esub>)"} the \<^emph>\<open>left relation\<close> and @{term "(\<le>\<^bsub>R\<^esub>)"} the \<^emph>\<open>right relation\<close>.
+By composing the adjoints, we obtain the unit @{term "\<eta>"} and counit @{term "\<epsilon>"}
+of the Galois connection.\<close>
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Connections.thy b/thys/Transport/HOL_Basics/Galois/Galois_Connections.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Connections.thy
@@ -0,0 +1,91 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Connections\<close>
+theory Galois_Connections
+ imports
+ Galois_Property
+begin
+
+context galois
+begin
+
+definition "galois_connection \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l \<and> ((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r \<and> ((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+
+notation galois.galois_connection (infix "\<stileturn>" 50)
+
+lemma galois_connectionI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l" and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding galois_connection_def using assms by blast
+
+lemma galois_connectionE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l" "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r" "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms unfolding galois_connection_def by blast
+
+context
+begin
+
+interpretation g : galois S T f g for S T f g.
+
+lemma rel_inv_galois_connection_eq_galois_connection_rel_inv [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<stileturn> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<stileturn> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+corollary galois_connection_rel_inv_iff_galois_connection [iff]:
+ "((\<ge>\<^bsub>L\<^esub>) \<stileturn> (\<ge>\<^bsub>R\<^esub>)) l r \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<stileturn> (\<le>\<^bsub>L\<^esub>)) r l"
+ by (simp flip: rel_inv_galois_connection_eq_galois_connection_rel_inv)
+
+lemma rel_unit_if_left_rel_if_galois_connection:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "x \<le>\<^bsub>L\<^esub> \<eta> x'"
+ using assms
+ by (blast intro: rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel)
+
+end
+
+lemma counit_rel_if_right_rel_if_galois_connection:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "y \<le>\<^bsub>R\<^esub> y'"
+ shows "\<epsilon> y \<le>\<^bsub>R\<^esub> y'"
+ using assms
+ by (blast intro: counit_rel_if_right_rel_if_half_galois_prop_left_if_mono_wrt_rel)
+
+lemma rel_unit_if_reflexive_on_if_galois_connection:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "P x"
+ shows "x \<le>\<^bsub>L\<^esub> \<eta> x"
+ using assms
+ by (blast intro: rel_unit_if_reflexive_on_if_half_galois_prop_right_if_mono_wrt_rel)
+
+lemma counit_rel_if_reflexive_on_if_galois_connection:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ and "P y"
+ shows "\<epsilon> y \<le>\<^bsub>R\<^esub> y"
+ using assms
+ by (blast intro: counit_rel_if_reflexive_on_if_half_galois_prop_left_if_mono_wrt_rel)
+
+lemma inflationary_on_unit_if_reflexive_on_if_galois_connection:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms
+ by (blast intro: inflationary_on_unit_if_reflexive_on_if_half_galois_prop_rightI)
+
+lemma deflationary_on_counit_if_reflexive_on_if_galois_connection:
+ fixes P :: "'b \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ shows "deflationary_on P (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ using assms
+ by (blast intro: deflationary_on_counit_if_reflexive_on_if_half_galois_prop_leftI)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Equivalences.thy b/thys/Transport/HOL_Basics/Galois/Galois_Equivalences.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Equivalences.thy
@@ -0,0 +1,199 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Equivalences\<close>
+theory Galois_Equivalences
+ imports
+ Galois_Connections
+ Order_Equivalences
+ Partial_Equivalence_Relations
+begin
+
+context galois
+begin
+
+text\<open>In the literature, an adjoint equivalence is an adjunction for which
+the unit and counit are natural isomorphisms.
+Translated to the category of orders,
+this means that a \<^emph>\<open>Galois equivalence\<close> between two relations
+@{term "(\<le>\<^bsub>L\<^esub>)"} and @{term "(\<le>\<^bsub>R\<^esub>)"} is a Galois connection for which the unit
+@{term "\<eta>"} is @{term "deflationary"} and the counit @{term "\<epsilon>"} is
+@{term "inflationary"}.
+
+For reasons of symmetry, we give a different definition which next to
+@{term "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"} requires @{term "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"}.
+In other words, a Galois equivalence is a Galois connection for which the left
+and right adjoints are also right and left adjoints, respectively.
+As shown below, in the case of preorders, the definitions coincide.\<close>
+
+definition "galois_equivalence \<equiv> ((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r \<and> ((\<le>\<^bsub>R\<^esub>) \<unlhd> (\<le>\<^bsub>L\<^esub>)) r l"
+
+notation galois.galois_equivalence (infix "\<equiv>\<^sub>G" 50)
+
+lemma galois_equivalenceI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "((\<le>\<^bsub>R\<^esub>) \<unlhd> (\<le>\<^bsub>L\<^esub>)) r l"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding galois_equivalence_def using assms by blast
+
+lemma galois_equivalenceE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r" "((\<le>\<^bsub>R\<^esub>) \<stileturn> (\<le>\<^bsub>L\<^esub>)) r l"
+ using assms unfolding galois_equivalence_def
+ by (blast intro: galois.galois_connectionI)
+
+context
+begin
+
+interpretation g : galois S T f g for S T f g.
+
+lemma galois_equivalence_eq_galois_connection_rel_inf_galois_prop:
+ "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) \<sqinter> ((\<ge>\<^bsub>L\<^esub>) \<unlhd> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) auto
+
+lemma rel_inv_galois_equivalence_eq_galois_equivalence [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) auto
+
+corollary galois_equivalence_right_left_iff_galois_equivalence_left_right:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>L\<^esub>)) r l \<longleftrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ by auto
+
+lemma galois_equivalence_rel_inv_eq_galois_equivalence [simp]:
+ "((\<ge>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<ge>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) auto
+
+lemma inflationary_on_unit_if_reflexive_on_if_galois_equivalence:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro inflationary_on_unit_if_reflexive_on_if_galois_connection)
+ (elim galois_equivalenceE)
+
+end
+
+lemma deflationary_on_unit_if_reflexive_on_if_galois_equivalence:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "deflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof -
+ interpret flip : galois R L r l .
+ show ?thesis using assms
+ by (auto intro: flip.deflationary_on_counit_if_reflexive_on_if_galois_connection
+ simp only: flip.flip_unit_eq_counit)
+qed
+
+text \<open>Every @{term "galois_equivalence"} on reflexive orders is a Galois
+equivalence in the sense of the common literature.\<close>
+lemma rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "rel_equivalence_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro rel_equivalence_onI
+ inflationary_on_unit_if_reflexive_on_if_galois_equivalence
+ deflationary_on_unit_if_reflexive_on_if_galois_equivalence)
+
+lemma galois_equivalence_partial_equivalence_rel_not_reflexive_not_transitive:
+ assumes "\<exists>(y :: 'b) y'. y \<noteq> y'"
+ shows "\<exists>(L :: 'a \<Rightarrow> 'a \<Rightarrow> bool) (R :: 'b \<Rightarrow> 'b \<Rightarrow> bool) l r.
+ (L \<equiv>\<^sub>G R) l r \<and> partial_equivalence_rel L \<and>
+ \<not>(reflexive_on (in_field R) R) \<and> \<not>(transitive_on (in_field R) R)"
+proof -
+ from assms obtain cy cy' where "(cy :: 'b) \<noteq> cy'" by blast
+ let ?cx = "undefined :: 'a"
+ let ?L = "\<lambda>x x'. ?cx = x \<and> x = x'"
+ and ?R = "\<lambda>y y'. (y = cy \<or> y = cy') \<and> (y' = cy \<or> y' = cy') \<and> (y \<noteq> cy' \<or> y' \<noteq> cy')"
+ and ?l = "\<lambda>(a :: 'a). cy"
+ and ?r = "\<lambda>(b :: 'b). ?cx"
+ interpret g : galois ?L ?R ?l ?r .
+ interpret flip_g : galois ?R ?L ?r ?l .
+ have "(?L \<equiv>\<^sub>G ?R) ?l ?r" using \<open>cy \<noteq> cy'\<close> by blast
+ moreover have "partial_equivalence_rel ?L" by blast
+ moreover have
+ "\<not>(transitive_on (in_field ?R) ?R)" and "\<not>(reflexive_on (in_field ?R) ?R)"
+ using \<open>cy \<noteq> cy'\<close> by auto
+ ultimately show "?thesis" by blast
+qed
+
+
+subsection \<open>Equivalence of Order Equivalences and Galois Equivalences\<close>
+
+text \<open>In general categories, every adjoint equivalence is an equivalence
+but not vice versa.
+In the category of preorders, however, they are morally the same: the
+adjoint zigzag equations are satisfied up to unique isomorphism rather than
+equality.
+In the category of partial orders, the concepts coincide.\<close>
+
+lemma half_galois_prop_left_left_right_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel)
+ (auto elim!: order_equivalenceE
+ intro: deflationary_on_if_le_pred_if_deflationary_on in_field_if_in_codom
+ intro!: le_predI)
+
+lemma half_galois_prop_right_left_right_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel)
+ (auto elim!: order_equivalenceE
+ intro: inflationary_on_if_le_pred_if_inflationary_on in_field_if_in_dom
+ intro!: le_predI
+ simp only: flip_counit_eq_unit)
+
+lemma galois_prop_left_right_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ half_galois_prop_left_left_right_if_transitive_if_order_equivalence
+ half_galois_prop_right_left_right_if_transitive_if_order_equivalence
+ by blast
+
+corollary galois_connection_left_right_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms galois_prop_left_right_if_transitive_if_order_equivalence
+ by (intro galois_connectionI) auto
+
+interpretation flip : galois R L r l
+ rewrites "flip.unit \<equiv> \<epsilon>"
+ by (simp only: flip_unit_eq_counit)
+
+corollary galois_equivalence_left_right_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms galois_connection_left_right_if_transitive_if_order_equivalence
+ flip.galois_prop_left_right_if_transitive_if_order_equivalence
+ by (intro galois_equivalenceI)
+ (auto simp only: order_equivalence_right_left_iff_order_equivalence_left_right)
+
+lemma order_equivalence_if_reflexive_on_in_field_if_galois_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)" "reflexive_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ flip.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ by (intro order_equivalenceI)
+ (auto simp only: galois_equivalence_right_left_iff_galois_equivalence_left_right)
+
+corollary galois_equivalence_eq_order_equivalence_if_preorder_on_in_field:
+ assumes "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)" "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>))"
+ using assms
+ galois.order_equivalence_if_reflexive_on_in_field_if_galois_equivalence
+ galois.galois_equivalence_left_right_if_transitive_if_order_equivalence
+ by (elim preorder_on_in_fieldE, intro ext) blast
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Property.thy b/thys/Transport/HOL_Basics/Galois/Galois_Property.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Property.thy
@@ -0,0 +1,70 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Property\<close>
+theory Galois_Property
+ imports
+ Half_Galois_Property
+begin
+
+context galois_prop
+begin
+
+definition "galois_prop \<equiv> ((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) \<sqinter> ((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>))"
+
+notation galois_prop.galois_prop (infix "\<unlhd>" 50)
+
+lemma galois_propI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding galois_prop_def using assms by auto
+
+lemma galois_propI':
+ assumes "\<And>x y. in_dom (\<le>\<^bsub>L\<^esub>) x \<Longrightarrow> in_codom (\<le>\<^bsub>R\<^esub>) y \<Longrightarrow> x \<le>\<^bsub>L\<^esub> r y \<longleftrightarrow> l x \<le>\<^bsub>R\<^esub> y"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by blast
+
+lemma galois_propE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r" "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms unfolding galois_prop_def by auto
+
+interpretation g : galois_prop S T f g for S T f g.
+
+lemma galois_prop_eq_half_galois_prop_left_rel_inf_half_galois_prop_right:
+ "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) \<sqinter> ((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) auto
+
+lemma galois_prop_left_rel_right_iff_left_right_rel:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) x" "in_codom (\<le>\<^bsub>R\<^esub>) y"
+ shows "x \<le>\<^bsub>L\<^esub> r y \<longleftrightarrow> l x \<le>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+lemma rel_inv_galois_prop_eq_galois_prop_rel_inv [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<unlhd> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<unlhd> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+corollary galois_prop_rel_inv_iff_galois_prop [iff]:
+ "((\<ge>\<^bsub>L\<^esub>) \<unlhd> (\<ge>\<^bsub>R\<^esub>)) f g \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<unlhd> (\<le>\<^bsub>L\<^esub>)) g f"
+ by auto
+
+end
+
+context galois
+begin
+
+lemma galois_prop_left_right_if_transitive_if_deflationary_on_if_inflationary_on_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l" and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "deflationary_on (in_codom (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ and "transitive (\<le>\<^bsub>L\<^esub>)" "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro galois_propI
+ half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Relator.thy b/thys/Transport/HOL_Basics/Galois/Galois_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Relator.thy
@@ -0,0 +1,180 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Relator For Galois Connections\<close>
+theory Galois_Relator
+ imports
+ Galois_Relator_Base
+ Galois_Property
+begin
+
+context galois_prop
+begin
+
+interpretation flip_inv : galois_rel "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" l .
+
+lemma left_Galois_if_Galois_right_if_half_galois_prop_right:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<lessapprox>\<^bsub>R\<^esub> y"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> y"
+ using assms by (intro left_GaloisI) auto
+
+lemma Galois_right_if_left_Galois_if_half_galois_prop_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<^bsub>L\<^esub>\<lessapprox> y"
+ shows "x \<lessapprox>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+corollary Galois_right_iff_left_Galois_if_galois_prop [iff]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "x \<lessapprox>\<^bsub>R\<^esub> y \<longleftrightarrow> x \<^bsub>L\<^esub>\<lessapprox> y"
+ using assms
+ left_Galois_if_Galois_right_if_half_galois_prop_right
+ Galois_right_if_left_Galois_if_half_galois_prop_left
+ by blast
+
+lemma rel_inv_Galois_eq_flip_Galois_rel_inv_if_galois_prop [simp]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "(\<greaterapprox>\<^bsub>L\<^esub>) = (\<^bsub>R\<^esub>\<greaterapprox>)"
+ using assms by blast
+
+corollary flip_Galois_rel_inv_iff_Galois_if_galois_prop [iff]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "y \<^bsub>R\<^esub>\<greaterapprox> x \<longleftrightarrow> x \<^bsub>L\<^esub>\<lessapprox> y"
+ using assms by blast
+
+corollary inv_flip_Galois_rel_inv_eq_Galois_if_galois_prop [simp]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "(\<lessapprox>\<^bsub>R\<^esub>) = (\<^bsub>L\<^esub>\<lessapprox>)" \<comment>\<open>Note that @{term "(\<lessapprox>\<^bsub>R\<^esub>) = (galois_rel.Galois (\<ge>\<^bsub>R\<^esub>) (\<ge>\<^bsub>L\<^esub>) l)\<inverse>"}\<close>
+ using assms by (subst rel_inv_eq_iff_eq[symmetric]) simp
+
+end
+
+context galois
+begin
+
+interpretation flip_inv : galois "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l .
+
+context
+begin
+
+interpretation flip : galois R L r l .
+
+lemma left_Galois_left_if_left_relI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x'"
+ using assms
+ by (intro left_Galois_if_Galois_right_if_half_galois_prop_right) auto
+
+corollary left_Galois_left_if_reflexive_on_if_half_galois_prop_rightI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "P x"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x"
+ using assms by (intro left_Galois_left_if_left_relI) auto
+
+lemma left_Galois_left_if_in_codom_if_inflationary_onI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ and "P x"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x"
+ using assms by (intro left_GaloisI) (auto elim!: in_codomE)
+
+lemma left_Galois_left_if_in_codom_if_inflationary_on_in_codomI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x"
+ using assms by (auto intro!: left_Galois_left_if_in_codom_if_inflationary_onI)
+
+lemma left_Galois_left_if_left_rel_if_inflationary_on_in_fieldI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "x \<le>\<^bsub>L\<^esub> x"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x"
+ using assms by (auto intro!: left_Galois_left_if_in_codom_if_inflationary_onI)
+
+lemma right_left_Galois_if_right_relI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "y \<le>\<^bsub>R\<^esub> y'"
+ shows "r y \<^bsub>L\<^esub>\<lessapprox> y'"
+ using assms by (intro left_GaloisI) auto
+
+corollary right_left_Galois_if_reflexive_onI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ and "P y"
+ shows "r y \<^bsub>L\<^esub>\<lessapprox> y"
+ using assms by (intro right_left_Galois_if_right_relI) auto
+
+lemma left_Galois_if_right_rel_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "x \<^bsub>L\<^esub>\<lessapprox> y"
+ and "y \<le>\<^bsub>R\<^esub> z"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> z"
+ using assms by (intro left_GaloisI) auto
+
+lemma left_Galois_if_left_Galois_if_left_relI:
+ assumes "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "x \<le>\<^bsub>L\<^esub> y"
+ and "y \<^bsub>L\<^esub>\<lessapprox> z"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> z"
+ using assms by (intro left_GaloisI) auto
+
+lemma left_rel_if_right_Galois_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L\<^esub>)) r l"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "x \<^bsub>L\<^esub>\<lessapprox> y"
+ and "y \<^bsub>R\<^esub>\<lessapprox> z"
+ shows "x \<le>\<^bsub>L\<^esub> z"
+ using assms by auto
+
+lemma Dep_Fun_Rel_left_Galois_right_Galois_if_mono_wrt_rel [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ shows "((\<^bsub>L\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>R\<^esub>\<lessapprox>)) l r"
+ using assms by auto
+
+lemma left_ge_Galois_eq_left_Galois_if_in_codom_eq_in_dom_if_symmetric:
+ assumes "symmetric (\<le>\<^bsub>L\<^esub>)"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) = in_dom (\<le>\<^bsub>R\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<greaterapprox>) = (\<^bsub>L\<^esub>\<lessapprox>)" \<comment>\<open>Note that @{term "(\<^bsub>L\<^esub>\<greaterapprox>) = galois_rel.Galois (\<ge>\<^bsub>L\<^esub>) (\<ge>\<^bsub>R\<^esub>) r"}\<close>
+ using assms by (intro ext iffI)
+ (auto elim!: galois_rel.left_GaloisE intro!: galois_rel.left_GaloisI)
+
+end
+
+interpretation flip : galois R L r l .
+
+lemma ge_Galois_right_eq_left_Galois_if_symmetric_if_in_codom_eq_in_dom_if_galois_prop:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "in_codom (\<le>\<^bsub>L\<^esub>) = in_dom (\<le>\<^bsub>L\<^esub>)"
+ and "symmetric (\<le>\<^bsub>R\<^esub>)"
+ shows "(\<greaterapprox>\<^bsub>R\<^esub>) = (\<^bsub>L\<^esub>\<lessapprox>)" \<comment>\<open>Note that @{term "(\<greaterapprox>\<^bsub>R\<^esub>) = (galois_rel.Galois (\<le>\<^bsub>R\<^esub>) (\<le>\<^bsub>L\<^esub>) l)\<inverse>"}\<close>
+ using assms
+ by (simp only: inv_flip_Galois_rel_inv_eq_Galois_if_galois_prop
+ flip: flip.left_ge_Galois_eq_left_Galois_if_in_codom_eq_in_dom_if_symmetric)
+
+interpretation gp : galois_prop "(\<^bsub>L\<^esub>\<lessapprox>)" "(\<^bsub>R\<^esub>\<lessapprox>)" l l .
+
+lemma half_galois_prop_left_left_Galois_right_Galois_if_half_galois_prop_leftI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<^bsub>L\<^esub>\<lessapprox>) \<^sub>h\<unlhd> (\<^bsub>R\<^esub>\<lessapprox>)) l l"
+ using assms by fast
+
+lemma half_galois_prop_right_left_Galois_right_Galois_if_half_galois_prop_rightI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<^bsub>L\<^esub>\<lessapprox>) \<unlhd>\<^sub>h (\<^bsub>R\<^esub>\<lessapprox>)) l l"
+ using assms by fast
+
+corollary galois_prop_left_Galois_right_Galois_if_galois_prop [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<^bsub>L\<^esub>\<lessapprox>) \<unlhd> (\<^bsub>R\<^esub>\<lessapprox>)) l l"
+ using assms by blast
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Galois_Relator_Base.thy b/thys/Transport/HOL_Basics/Galois/Galois_Relator_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Galois_Relator_Base.thy
@@ -0,0 +1,62 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basics For Relator For Galois Connections\<close>
+theory Galois_Relator_Base
+ imports
+ Galois_Base
+begin
+
+locale galois_rel = orders L R
+ for L :: "'a \<Rightarrow> 'b \<Rightarrow> bool"
+ and R :: "'c \<Rightarrow> 'd \<Rightarrow> bool"
+ and r :: "'d \<Rightarrow> 'b"
+begin
+
+text \<open>Morally speaking, the Galois relator characterises when two terms
+\<^term>\<open>x :: 'a\<close> and \<^term>\<open>y :: 'b\<close> are "similar".\<close>
+
+definition "Galois x y \<equiv> in_codom (\<le>\<^bsub>R\<^esub>) y \<and> x \<le>\<^bsub>L\<^esub> r y"
+
+abbreviation "left_Galois \<equiv> Galois"
+notation left_Galois (infix "\<^bsub>L\<^esub>\<lessapprox>" 50)
+
+abbreviation (input) "ge_Galois_left \<equiv> (\<^bsub>L\<^esub>\<lessapprox>)\<inverse>"
+notation ge_Galois_left (infix "\<greaterapprox>\<^bsub>L\<^esub>" 50)
+
+text \<open>Here we only introduced the (left) Galois relator @{term "(\<^bsub>L\<^esub>\<lessapprox>)"}.
+All other variants can be introduced by considering suitable flipped and inversed
+interpretations (see @{file "Half_Galois_Property.thy"}).\<close>
+
+lemma left_GaloisI [intro]:
+ assumes "in_codom (\<le>\<^bsub>R\<^esub>) y"
+ and "x \<le>\<^bsub>L\<^esub> r y"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> y"
+ unfolding Galois_def using assms by blast
+
+lemma left_GaloisE [elim]:
+ assumes "x \<^bsub>L\<^esub>\<lessapprox> y"
+ obtains "in_codom (\<le>\<^bsub>R\<^esub>) y" "x \<le>\<^bsub>L\<^esub> r y"
+ using assms unfolding Galois_def by blast
+
+corollary in_dom_left_if_left_Galois:
+ assumes "x \<^bsub>L\<^esub>\<lessapprox> y"
+ shows "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ using assms by blast
+
+corollary left_Galois_iff_in_codom_and_left_rel_right:
+ "x \<^bsub>L\<^esub>\<lessapprox> y \<longleftrightarrow> in_codom (\<le>\<^bsub>R\<^esub>) y \<and> x \<le>\<^bsub>L\<^esub> r y"
+ by blast
+
+lemma left_Galois_restrict_left_eq_left_Galois_left_restrict_left:
+ "(\<^bsub>L\<^esub>\<lessapprox>)\<restriction>\<^bsub>P :: 'a \<Rightarrow> bool\<^esub> = galois_rel.Galois (\<le>\<^bsub>L\<^esub>)\<restriction>\<^bsub>P\<^esub> (\<le>\<^bsub>R\<^esub>) r"
+ by (intro ext iffI galois_rel.left_GaloisI restrict_leftI)
+ (auto elim: galois_rel.left_GaloisE)
+
+lemma left_Galois_restrict_right_eq_left_Galois_right_restrict_right:
+ "(\<^bsub>L\<^esub>\<lessapprox>)\<upharpoonleft>\<^bsub>P :: 'd \<Rightarrow> bool\<^esub> = galois_rel.Galois (\<le>\<^bsub>L\<^esub>) (\<le>\<^bsub>R\<^esub>)\<upharpoonleft>\<^bsub>P\<^esub> r"
+ by (intro ext iffI galois_rel.left_GaloisI restrict_rightI)
+ (auto elim!: galois_rel.left_GaloisE restrict_rightE)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Galois/Half_Galois_Property.thy b/thys/Transport/HOL_Basics/Galois/Half_Galois_Property.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Galois/Half_Galois_Property.thy
@@ -0,0 +1,283 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Half Galois Property\<close>
+theory Half_Galois_Property
+ imports
+ Galois_Relator_Base
+ Order_Equivalences
+begin
+
+text \<open>As the definition of the Galois property also works on heterogeneous relations,
+we define the concepts in a locale that generalises @{locale galois}.\<close>
+
+locale galois_prop = orders L R
+ for L :: "'a \<Rightarrow> 'b \<Rightarrow> bool"
+ and R :: "'c \<Rightarrow> 'd \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'c"
+ and r :: "'d \<Rightarrow> 'b"
+begin
+
+sublocale galois_rel L R r .
+
+interpretation gr_flip_inv : galois_rel "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" l .
+
+abbreviation "right_ge_Galois \<equiv> gr_flip_inv.Galois"
+notation right_ge_Galois (infix "\<^bsub>R\<^esub>\<greaterapprox>" 50)
+
+abbreviation (input) "Galois_right \<equiv> gr_flip_inv.ge_Galois_left"
+notation Galois_right (infix "\<lessapprox>\<^bsub>R\<^esub>" 50)
+
+lemma Galois_rightI [intro]:
+ assumes "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ and "l x \<le>\<^bsub>R\<^esub> y"
+ shows "x \<lessapprox>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+lemma Galois_rightE [elim]:
+ assumes "x \<lessapprox>\<^bsub>R\<^esub> y"
+ obtains "in_dom (\<le>\<^bsub>L\<^esub>) x" "l x \<le>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+corollary Galois_right_iff_in_dom_and_left_right_rel:
+ "x \<lessapprox>\<^bsub>R\<^esub> y \<longleftrightarrow> in_dom (\<le>\<^bsub>L\<^esub>) x \<and> l x \<le>\<^bsub>R\<^esub> y"
+ by blast
+
+text \<open>Unlike common literature, we split the definition of the Galois property
+into two halves. This has its merits in modularity of proofs and preciser
+statement of required assumptions.\<close>
+
+definition "half_galois_prop_left \<equiv> \<forall>x y. x \<^bsub>L\<^esub>\<lessapprox> y \<longrightarrow> l x \<le>\<^bsub>R\<^esub> y"
+
+notation galois_prop.half_galois_prop_left (infix "\<^sub>h\<unlhd>" 50)
+
+lemma half_galois_prop_leftI [intro]:
+ assumes "\<And>x y. x \<^bsub>L\<^esub>\<lessapprox> y \<Longrightarrow> l x \<le>\<^bsub>R\<^esub> y"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding half_galois_prop_left_def using assms by blast
+
+lemma half_galois_prop_leftD [dest]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and " x \<^bsub>L\<^esub>\<lessapprox> y"
+ shows "l x \<le>\<^bsub>R\<^esub> y"
+ using assms unfolding half_galois_prop_left_def by blast
+
+text\<open>Observe that the second half can be obtained by creating an appropriately
+flipped and inverted interpretation of @{locale galois_prop}. Indeed, many
+concepts in our formalisation are "closed" under inversion,
+i.e. taking their inversion yields a statement for a related concept.
+Many theorems can thus be derived for free by inverting (and flipping) the
+concepts at hand. In such cases, we only state those theorems that require some
+non-trivial setup. All other theorems can simply be obtained by creating a
+suitable locale interpretation.\<close>
+
+interpretation flip_inv : galois_prop "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l .
+
+definition "half_galois_prop_right \<equiv> flip_inv.half_galois_prop_left"
+
+notation galois_prop.half_galois_prop_right (infix "\<unlhd>\<^sub>h" 50)
+
+lemma half_galois_prop_rightI [intro]:
+ assumes "\<And>x y. x \<lessapprox>\<^bsub>R\<^esub> y \<Longrightarrow> x \<le>\<^bsub>L\<^esub> r y"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding half_galois_prop_right_def using assms by blast
+
+lemma half_galois_prop_rightD [dest]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<lessapprox>\<^bsub>R\<^esub> y"
+ shows "x \<le>\<^bsub>L\<^esub> r y"
+ using assms unfolding half_galois_prop_right_def by blast
+
+interpretation g : galois_prop S T f g for S T f g .
+
+lemma rel_inv_half_galois_prop_right_eq_half_galois_prop_left_rel_inv [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+corollary half_galois_prop_left_rel_inv_iff_half_galois_prop_right [iff]:
+ "((\<ge>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<ge>\<^bsub>R\<^esub>)) f g \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L\<^esub>)) g f"
+ by (simp flip: rel_inv_half_galois_prop_right_eq_half_galois_prop_left_rel_inv)
+
+lemma rel_inv_half_galois_prop_left_eq_half_galois_prop_right_rel_inv [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+corollary half_galois_prop_right_rel_inv_iff_half_galois_prop_left [iff]:
+ "((\<ge>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<ge>\<^bsub>R\<^esub>)) f g \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L\<^esub>)) g f"
+ by (simp flip: rel_inv_half_galois_prop_left_eq_half_galois_prop_right_rel_inv)
+
+end
+
+context galois
+begin
+
+sublocale galois_prop L R l r .
+
+interpretation flip : galois R L r l .
+
+abbreviation "right_Galois \<equiv> flip.Galois"
+notation right_Galois (infix "\<^bsub>R\<^esub>\<lessapprox>" 50)
+
+abbreviation (input) "ge_Galois_right \<equiv> flip.ge_Galois_left"
+notation ge_Galois_right (infix "\<greaterapprox>\<^bsub>R\<^esub>" 50)
+
+abbreviation "left_ge_Galois \<equiv> flip.right_ge_Galois"
+notation left_ge_Galois (infix "\<^bsub>L\<^esub>\<greaterapprox>" 50)
+
+abbreviation (input) "Galois_left \<equiv> flip.Galois_right"
+notation Galois_left (infix "\<lessapprox>\<^bsub>L\<^esub>" 50)
+
+context
+begin
+
+interpretation flip_inv : galois "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l .
+
+lemma rel_unit_if_left_rel_if_mono_wrt_relI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "x \<lessapprox>\<^bsub>R\<^esub> l x' \<Longrightarrow> x \<le>\<^bsub>L\<^esub> \<eta> x'"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "x \<le>\<^bsub>L\<^esub> \<eta> x'"
+ using assms by auto
+
+corollary rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "x \<le>\<^bsub>L\<^esub> \<eta> x'"
+ using assms by (auto intro: rel_unit_if_left_rel_if_mono_wrt_relI)
+
+corollary rel_unit_if_reflexive_on_if_half_galois_prop_right_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "P x"
+ shows "x \<le>\<^bsub>L\<^esub> \<eta> x"
+ using assms by (blast intro: rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel)
+
+corollary inflationary_on_unit_if_reflexive_on_if_half_galois_prop_rightI:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro inflationary_onI)
+ (fastforce intro: rel_unit_if_reflexive_on_if_half_galois_prop_right_if_mono_wrt_rel)
+
+interpretation flip : galois_prop R L r l .
+
+lemma right_rel_if_Galois_left_right_if_deflationary_onI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>R\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L\<^esub>)) r l"
+ and "deflationary_on P (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ and "transitive (\<le>\<^bsub>R\<^esub>)"
+ and "y \<lessapprox>\<^bsub>L\<^esub> r y'"
+ and "P y'"
+ shows "y \<le>\<^bsub>R\<^esub> y'"
+ using assms by force
+
+lemma half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "deflationary_on (in_codom (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ and "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro half_galois_prop_leftI) fastforce
+
+end
+
+interpretation flip_inv : galois "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l
+ rewrites "flip_inv.unit \<equiv> \<epsilon>" and "flip_inv.counit \<equiv> \<eta>"
+ and "\<And>R S. (R\<inverse> \<Rrightarrow>\<^sub>m S\<inverse>) \<equiv> (R \<Rrightarrow>\<^sub>m S)"
+ and "\<And>R S f g. (R\<inverse> \<unlhd>\<^sub>h S\<inverse>) f g \<equiv> (S \<^sub>h\<unlhd> R) g f"
+ and "((\<ge>\<^bsub>R\<^esub>) \<^sub>h\<unlhd> (\<ge>\<^bsub>L\<^esub>)) r l \<equiv> ((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "\<And>R. R\<inverse>\<inverse> \<equiv> R"
+ and "\<And>P R. inflationary_on P R\<inverse> \<equiv> deflationary_on P R"
+ and "\<And>P R. deflationary_on P R\<inverse> \<equiv> inflationary_on P R"
+ and "\<And>(P :: 'b \<Rightarrow> bool). reflexive_on P (\<ge>\<^bsub>R\<^esub>) \<equiv> reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ and "\<And>R. transitive R\<inverse> \<equiv> transitive R"
+ and "\<And>R. in_codom R\<inverse> \<equiv> in_dom R"
+ by (simp_all add: flip_unit_eq_counit flip_counit_eq_unit
+ galois_prop.half_galois_prop_left_rel_inv_iff_half_galois_prop_right
+ galois_prop.half_galois_prop_right_rel_inv_iff_half_galois_prop_left)
+
+corollary counit_rel_if_right_rel_if_mono_wrt_relI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "r y \<^bsub>L\<^esub>\<lessapprox> y' \<Longrightarrow> \<epsilon> y \<le>\<^bsub>R\<^esub> y'"
+ and "y \<le>\<^bsub>R\<^esub> y'"
+ shows "\<epsilon> y \<le>\<^bsub>R\<^esub> y'"
+ using assms
+ by (fact flip_inv.rel_unit_if_left_rel_if_mono_wrt_relI
+ [simplified rel_inv_iff_rel])
+
+corollary counit_rel_if_right_rel_if_half_galois_prop_left_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "y \<le>\<^bsub>R\<^esub> y'"
+ shows "\<epsilon> y \<le>\<^bsub>R\<^esub> y'"
+ using assms
+ by (fact flip_inv.rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel
+ [simplified rel_inv_iff_rel])
+
+corollary counit_rel_if_reflexive_on_if_half_galois_prop_left_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ and "P y"
+ shows "\<epsilon> y \<le>\<^bsub>R\<^esub> y"
+ using assms
+ by (fact flip_inv.rel_unit_if_reflexive_on_if_half_galois_prop_right_if_mono_wrt_rel
+ [simplified rel_inv_iff_rel])
+
+corollary deflationary_on_counit_if_reflexive_on_if_half_galois_prop_leftI:
+ fixes P :: "'b \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ shows "deflationary_on P (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ using assms
+ by (fact flip_inv.inflationary_on_unit_if_reflexive_on_if_half_galois_prop_rightI)
+
+corollary left_rel_if_left_right_Galois_if_inflationary_onI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L\<^esub>)) r l"
+ and "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "l x \<^bsub>R\<^esub>\<lessapprox> x'"
+ and "P x"
+ shows "x \<le>\<^bsub>L\<^esub> x'"
+ using assms by (intro flip_inv.right_rel_if_Galois_left_right_if_deflationary_onI
+ [simplified rel_inv_iff_rel])
+
+corollary half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (fact flip_inv.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel)
+
+end
+
+context order_functors
+begin
+
+interpretation g : galois L R l r .
+interpretation flip_g : galois R L r l
+ rewrites "flip_g.unit \<equiv> \<epsilon>" and "flip_g.counit \<equiv> \<eta>"
+ by (simp_all only: flip_unit_eq_counit flip_counit_eq_unit)
+
+lemma left_rel_if_left_right_rel_left_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "l x \<le>\<^bsub>R\<^esub> l x'"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ and "in_codom (\<le>\<^bsub>L\<^esub>) x'"
+ shows "x \<le>\<^bsub>L\<^esub> x'"
+ using assms by (auto intro!:
+ flip_g.right_rel_if_Galois_left_right_if_deflationary_onI
+ g.half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel
+ elim!: rel_equivalence_onE
+ intro: inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Galois.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Galois.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Galois.thy
@@ -0,0 +1,80 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Alignment With Definitions from HOL-Algebra\<close>
+theory HOL_Algebra_Alignment_Galois
+ imports
+ "HOL-Algebra.Galois_Connection"
+ HOL_Algebra_Alignment_Orders
+ Galois
+begin
+
+named_theorems HOL_Algebra_galois_alignment
+
+context galois_connection
+begin
+
+context
+ fixes L R l r
+ defines "L \<equiv> (\<sqsubseteq>\<^bsub>\<X>\<^esub>)\<restriction>\<^bsub>carrier \<X>\<^esub>\<upharpoonleft>\<^bsub>carrier \<X>\<^esub>" and "R \<equiv> (\<sqsubseteq>\<^bsub>\<Y>\<^esub>)\<restriction>\<^bsub>carrier \<Y>\<^esub>\<upharpoonleft>\<^bsub>carrier \<Y>\<^esub>"
+ and "l \<equiv> \<pi>\<^sup>*" and "r \<equiv> \<pi>\<^sub>*"
+ notes defs[simp] = L_def R_def l_def r_def and restrict_right_eq[simp]
+ and restrict_leftI[intro!] restrict_leftE[elim!]
+begin
+
+interpretation galois L R l r .
+
+lemma mono_wrt_rel_lower [HOL_Algebra_galois_alignment]: "(L \<Rrightarrow>\<^sub>m R) l"
+ using lower_closed upper_closed by (fastforce intro: use_iso2[OF lower_iso])
+
+lemma mono_wrt_rel_upper [HOL_Algebra_galois_alignment]: "(R \<Rrightarrow>\<^sub>m L) r"
+ using lower_closed upper_closed by (fastforce intro: use_iso2[OF upper_iso])
+
+lemma half_galois_prop_left [HOL_Algebra_galois_alignment]: "(L \<^sub>h\<unlhd> R) l r"
+ using galois_property lower_closed by fastforce
+
+lemma half_galois_prop_right [HOL_Algebra_galois_alignment]: "(L \<unlhd>\<^sub>h R) l r"
+ using galois_property upper_closed by fastforce
+
+lemma galois_prop [HOL_Algebra_galois_alignment]: "(L \<unlhd> R) l r"
+ using half_galois_prop_left half_galois_prop_right by blast
+
+lemma galois_connection [HOL_Algebra_galois_alignment]: "(L \<stileturn> R) l r"
+ using mono_wrt_rel_lower mono_wrt_rel_upper galois_prop by blast
+
+end
+end
+
+context galois_bijection
+begin
+
+context
+ fixes L R l r
+ defines "L \<equiv> (\<sqsubseteq>\<^bsub>\<X>\<^esub>)\<restriction>\<^bsub>carrier \<X>\<^esub>\<upharpoonleft>\<^bsub>carrier \<X>\<^esub>" and "R \<equiv> (\<sqsubseteq>\<^bsub>\<Y>\<^esub>)\<restriction>\<^bsub>carrier \<Y>\<^esub>\<upharpoonleft>\<^bsub>carrier \<Y>\<^esub>"
+ and "l \<equiv> \<pi>\<^sup>*" and "r \<equiv> \<pi>\<^sub>*"
+ notes defs[simp] = L_def R_def l_def r_def and restrict_right_eq[simp]
+ and restrict_leftI[intro!] restrict_leftE[elim!] in_codom_restrict_leftE[elim!]
+begin
+
+interpretation galois R L r l .
+
+lemma half_galois_prop_left_right_left [HOL_Algebra_galois_alignment]:
+ "(R \<^sub>h\<unlhd> L) r l"
+ using gal_bij_conn.right lower_inv_eq upper_closed upper_inv_eq
+ by (intro half_galois_prop_leftI; elim left_GaloisE) (auto; metis)
+
+lemma half_galois_prop_right_right_left [HOL_Algebra_galois_alignment]:
+ "(R \<unlhd>\<^sub>h L) r l"
+ using gal_bij_conn.left lower_closed lower_inv_eq upper_inv_eq
+ by (intro half_galois_prop_rightI; elim Galois_rightE) (auto; metis)
+
+lemma prop_right_right_left [HOL_Algebra_galois_alignment]: "(R \<unlhd> L) r l"
+ using half_galois_prop_left_right_left half_galois_prop_right_right_left by blast
+
+lemma galois_equivalence [HOL_Algebra_galois_alignment]: "(L \<equiv>\<^sub>G R) l r"
+ using gal_bij_conn.galois_connection prop_right_right_left
+ by (intro galois.galois_equivalenceI) auto
+
+end
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Orders.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Orders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignment_Orders.thy
@@ -0,0 +1,71 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Alignment With Definitions from HOL-Algebra\<close>
+theory HOL_Algebra_Alignment_Orders
+ imports
+ "HOL-Algebra.Order"
+ HOL_Alignment_Orders
+begin
+
+named_theorems HOL_Algebra_order_alignment
+
+context equivalence
+begin
+
+lemma reflexive_on_carrier [HOL_Algebra_order_alignment]:
+ "reflexive_on (carrier S) (.=)"
+ by blast
+
+lemma transitive_on_carrier [HOL_Algebra_order_alignment]:
+ "transitive_on (carrier S) (.=)"
+ using trans by blast
+
+lemma preorder_on_carrier [HOL_Algebra_order_alignment]:
+ "preorder_on (carrier S) (.=)"
+ using reflexive_on_carrier transitive_on_carrier by blast
+
+lemma symmetric_on_carrier [HOL_Algebra_order_alignment]:
+ "symmetric_on (carrier S) (.=)"
+ using sym by blast
+
+lemma partial_equivalence_rel_on_carrier [HOL_Algebra_order_alignment]:
+ "partial_equivalence_rel_on (carrier S) (.=)"
+ using transitive_on_carrier symmetric_on_carrier by blast
+
+lemma equivalence_rel_on_carrier [HOL_Algebra_order_alignment]:
+ "equivalence_rel_on (carrier S) (.=)"
+ using reflexive_on_carrier partial_equivalence_rel_on_carrier by blast
+
+end
+
+lemma equivalence_iff_equivalence_rel_on_carrier [HOL_Algebra_order_alignment]:
+ "equivalence S \<longleftrightarrow> equivalence_rel_on (carrier S) (.=\<^bsub>S\<^esub>)"
+ using equivalence.equivalence_rel_on_carrier
+ by (blast dest: intro!: equivalence.intro dest: symmetric_onD transitive_onD)
+
+context partial_order
+begin
+
+lemma reflexive_on_carrier [HOL_Algebra_order_alignment]:
+ "reflexive_on (carrier L) (\<sqsubseteq>)"
+ by blast
+
+lemma transitive_on_carrier [HOL_Algebra_order_alignment]:
+ "transitive_on (carrier L) (\<sqsubseteq>)"
+ using le_trans by blast
+
+lemma preorder_on_carrier [HOL_Algebra_order_alignment]:
+ "preorder_on (carrier L) (\<sqsubseteq>)"
+ using reflexive_on_carrier transitive_on_carrier by blast
+
+lemma antisymmetric_on_carrier [HOL_Algebra_order_alignment]:
+ "antisymmetric_on (carrier L) (\<sqsubseteq>)"
+ by blast
+
+lemma partial_order_on_carrier [HOL_Algebra_order_alignment]:
+ "partial_order_on (carrier L) (\<sqsubseteq>)"
+ using preorder_on_carrier antisymmetric_on_carrier by blast
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignments.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignments.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Algebra_Alignments.thy
@@ -0,0 +1,12 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>HOL-Algebra Alignments\<close>
+theory HOL_Algebra_Alignments
+ imports
+ HOL_Algebra_Alignment_Galois
+ HOL_Algebra_Alignment_Orders
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Alignment of concepts with HOL-Algebra counterparts\<close>
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Binary_Relations.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Binary_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Binary_Relations.thy
@@ -0,0 +1,306 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Alignment With Definitions from HOL.Main\<close>
+theory HOL_Alignment_Binary_Relations
+ imports
+ Main
+ HOL_Mem_Of
+ HOL_Syntax_Bundles_Relations
+ LBinary_Relations
+begin
+
+unbundle no_HOL_relation_syntax
+
+named_theorems HOL_bin_rel_alignment
+
+paragraph \<open>Properties\<close>
+subparagraph \<open>Antisymmetric\<close>
+
+overloading
+ antisymmetric_on_set \<equiv> "antisymmetric_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "antisymmetric_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ antisymmetric_on (mem_of S)"
+end
+
+lemma antisymmetric_on_set_eq_antisymmetric_on_pred [simp]:
+ "(antisymmetric_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> bool) =
+ antisymmetric_on (mem_of S)"
+ unfolding antisymmetric_on_set_def by simp
+
+lemma antisymmetric_on_set_iff_antisymmetric_on_pred [iff]:
+ "antisymmetric_on (S :: 'a set) (R :: 'a \<Rightarrow> _) \<longleftrightarrow> antisymmetric_on (mem_of S) R"
+ by simp
+
+lemma antisymp_eq_antisymmetric [HOL_bin_rel_alignment]:
+ "antisymp = antisymmetric"
+ by (intro ext) (auto intro: antisympI dest: antisymmetricD antisympD)
+
+
+subparagraph \<open>Injective\<close>
+
+overloading
+ rel_injective_on_set \<equiv> "rel_injective_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+ rel_injective_at_set \<equiv> "rel_injective_at :: 'a set \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "rel_injective_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ rel_injective_on (mem_of S)"
+ definition "rel_injective_at_set (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ rel_injective_at (mem_of S)"
+end
+
+lemma rel_injective_on_set_eq_rel_injective_on_pred [simp]:
+ "(rel_injective_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> bool) =
+ rel_injective_on (mem_of S)"
+ unfolding rel_injective_on_set_def by simp
+
+lemma rel_injective_on_set_iff_rel_injective_on_pred [iff]:
+ "rel_injective_on (S :: 'a set) (R :: 'a \<Rightarrow> _) \<longleftrightarrow> rel_injective_on (mem_of S) R"
+ by simp
+
+lemma rel_injective_at_set_eq_rel_injective_at_pred [simp]:
+ "(rel_injective_at (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool) =
+ rel_injective_at (mem_of S)"
+ unfolding rel_injective_at_set_def by simp
+
+lemma rel_injective_at_set_iff_rel_injective_at_pred [iff]:
+ "rel_injective_at (S :: 'a set) (R :: 'b \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow> rel_injective_at (mem_of S) R"
+ by simp
+
+lemma left_unique_eq_rel_injective [HOL_bin_rel_alignment]:
+ "left_unique = rel_injective"
+ by (intro ext) (blast intro: left_uniqueI dest: rel_injectiveD left_uniqueD)
+
+subparagraph \<open>Irreflexive\<close>
+
+overloading
+ irreflexive_on_set \<equiv> "irreflexive_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "irreflexive_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ irreflexive_on (mem_of S)"
+end
+
+lemma irreflexive_on_set_eq_irreflexive_on_pred [simp]:
+ "(irreflexive_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> bool) =
+ irreflexive_on (mem_of S)"
+ unfolding irreflexive_on_set_def by simp
+
+lemma irreflexive_on_set_iff_irreflexive_on_pred [iff]:
+ "irreflexive_on (S :: 'a set) (R :: 'a \<Rightarrow> _) \<longleftrightarrow>
+ irreflexive_on (mem_of S) R"
+ by simp
+
+lemma irreflp_on_eq_irreflexive_on [HOL_bin_rel_alignment]:
+ "irreflp_on = irreflexive_on"
+ by (intro ext) (blast intro: irreflp_onI dest: irreflp_onD)
+
+lemma irreflp_eq_irreflexive [HOL_bin_rel_alignment]: "irreflp = irreflexive"
+ by (intro ext) (blast intro: irreflpI dest: irreflexiveD irreflpD)
+
+subparagraph \<open>Left-Total\<close>
+
+overloading
+ left_total_on_set \<equiv> "left_total_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "left_total_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ left_total_on (mem_of S)"
+end
+
+lemma left_total_on_set_eq_left_total_on_pred [simp]:
+ "(left_total_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> bool) =
+ left_total_on (mem_of S)"
+ unfolding left_total_on_set_def by simp
+
+lemma left_total_on_set_iff_left_total_on_pred [iff]:
+ "left_total_on (S :: 'a set) (R :: 'a \<Rightarrow> _) \<longleftrightarrow> left_total_on (mem_of S) R"
+ by simp
+
+lemma Transfer_left_total_eq_left_total [HOL_bin_rel_alignment]:
+ "Transfer.left_total = Binary_Relations_Left_Total.left_total"
+ by (intro ext) (fast intro: Transfer.left_totalI
+ elim: Transfer.left_totalE Binary_Relations_Left_Total.left_totalE)
+
+
+subparagraph \<open>Reflexive\<close>
+
+overloading
+ reflexive_on_set \<equiv> "reflexive_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "reflexive_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ reflexive_on (mem_of S)"
+end
+
+lemma reflexive_on_set_eq_reflexive_on_pred [simp]:
+ "(reflexive_on (S :: 'a set) :: ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool) =
+ reflexive_on (mem_of S)"
+ unfolding reflexive_on_set_def by simp
+
+lemma reflexive_on_set_iff_reflexive_on_pred [iff]:
+ "reflexive_on (S :: 'a set) (R :: 'a \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow>
+ reflexive_on (mem_of S) R"
+ by simp
+
+lemma reflp_on_eq_reflexive_on [HOL_bin_rel_alignment]:
+ "reflp_on = reflexive_on"
+ by (intro ext) (blast intro: reflp_onI dest: reflp_onD)
+
+lemma reflp_eq_reflexive [HOL_bin_rel_alignment]: "reflp = reflexive"
+ by (intro ext) (blast intro: reflpI dest: reflexiveD reflpD)
+
+
+subparagraph \<open>Right-Unique\<close>
+
+overloading
+ right_unique_on_set \<equiv> "right_unique_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool"
+ right_unique_at_set \<equiv> "right_unique_at :: 'a set \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "right_unique_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ right_unique_on (mem_of S)"
+ definition "right_unique_at_set (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ right_unique_at (mem_of S)"
+end
+
+lemma right_unique_on_set_eq_right_unique_on_pred [simp]:
+ "(right_unique_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> bool) =
+ right_unique_on (mem_of S)"
+ unfolding right_unique_on_set_def by simp
+
+lemma right_unique_on_set_iff_right_unique_on_pred [iff]:
+ "right_unique_on (S :: 'a set) (R :: 'a \<Rightarrow> _) \<longleftrightarrow> right_unique_on (mem_of S) R"
+ by simp
+
+lemma right_unique_at_set_eq_right_unique_at_pred [simp]:
+ "(right_unique_at (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool) =
+ right_unique_at (mem_of S)"
+ unfolding right_unique_at_set_def by simp
+
+lemma right_unique_at_set_iff_right_unique_at_pred [iff]:
+ "right_unique_at (S :: 'a set) (R :: 'b \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow> right_unique_at (mem_of S) R"
+ by simp
+
+lemma Transfer_right_unique_eq_right_unique [HOL_bin_rel_alignment]:
+ "Transfer.right_unique = Binary_Relations_Right_Unique.right_unique"
+ by (intro ext) (blast intro: Transfer.right_uniqueI
+ dest: Transfer.right_uniqueD Binary_Relations_Right_Unique.right_uniqueD)
+
+
+subparagraph \<open>Surjective\<close>
+
+overloading
+ rel_surjective_at_set \<equiv> "rel_surjective_at :: 'a set \<Rightarrow> ('b \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "rel_surjective_at_set (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ rel_surjective_at (mem_of S)"
+end
+
+lemma rel_surjective_at_set_eq_rel_surjective_at_pred [simp]:
+ "(rel_surjective_at (S :: 'a set) :: ('b \<Rightarrow> 'a \<Rightarrow> _) \<Rightarrow> bool) =
+ rel_surjective_at (mem_of S)"
+ unfolding rel_surjective_at_set_def by simp
+
+lemma rel_surjective_at_set_iff_rel_surjective_at_pred [iff]:
+ "rel_surjective_at (S :: 'a set) (R :: 'b \<Rightarrow> 'a \<Rightarrow> _) \<longleftrightarrow> rel_surjective_at (mem_of S) R"
+ by simp
+
+lemma Transfer_right_total_eq_rel_surjective [HOL_bin_rel_alignment]:
+ "Transfer.right_total = rel_surjective"
+ by (intro ext) (fast intro: Transfer.right_totalI rel_surjectiveI
+ elim: Transfer.right_totalE rel_surjectiveE)
+
+
+subparagraph \<open>Symmetric\<close>
+
+overloading
+ symmetric_on_set \<equiv> "symmetric_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "symmetric_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ symmetric_on (mem_of S)"
+end
+
+lemma symmetric_on_set_eq_symmetric_on_pred [simp]:
+ "(symmetric_on (S :: 'a set) :: ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool) =
+ symmetric_on (mem_of S)"
+ unfolding symmetric_on_set_def by simp
+
+lemma symmetric_on_set_iff_symmetric_on_pred [iff]:
+ "symmetric_on (S :: 'a set) (R :: 'a \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow>
+ symmetric_on (mem_of S) R"
+ by simp
+
+lemma symp_eq_symmetric [HOL_bin_rel_alignment]: "symp = symmetric"
+ by (intro ext) (blast intro: sympI dest: symmetricD sympD)
+
+
+subparagraph \<open>Transitive\<close>
+
+overloading
+ transitive_on_set \<equiv> "transitive_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
+begin
+ definition "transitive_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ transitive_on (mem_of S)"
+end
+
+lemma transitive_on_set_eq_transitive_on_pred [simp]:
+ "(transitive_on (S :: 'a set) :: ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool) =
+ transitive_on (mem_of S)"
+ unfolding transitive_on_set_def by simp
+
+lemma transitive_on_set_iff_transitive_on_pred [iff]:
+ "transitive_on (S :: 'a set) (R :: 'a \<Rightarrow> 'a \<Rightarrow> bool) \<longleftrightarrow>
+ transitive_on (mem_of S) R"
+ by simp
+
+lemma transp_eq_transitive [HOL_bin_rel_alignment]: "transp = transitive"
+ by (intro ext) (blast intro: transpI dest: transpD)
+
+
+paragraph \<open>Functions\<close>
+
+lemma relcompp_eq_rel_comp [HOL_bin_rel_alignment]: "relcompp = rel_comp"
+ by (intro ext) auto
+
+lemma conversep_eq_rel_inv [HOL_bin_rel_alignment]: "conversep = rel_inv"
+ by (intro ext) auto
+
+lemma Domainp_eq_in_dom [HOL_bin_rel_alignment]: "Domainp = in_dom"
+ by (intro ext) auto
+
+lemma Rangep_eq_in_codom [HOL_bin_rel_alignment]: "Rangep = in_codom"
+ by (intro ext) auto
+
+overloading
+ restrict_left_set \<equiv> "restrict_left :: ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a set) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> bool"
+begin
+ definition "restrict_left_set (R :: 'a \<Rightarrow> _) (S :: 'a set) \<equiv> R\<restriction>\<^bsub>mem_of S\<^esub>"
+end
+
+lemma restrict_left_set_eq_restrict_left_pred [simp]:
+ "(R\<restriction>\<^bsub>S :: 'a set\<^esub> :: 'a \<Rightarrow> _) = R\<restriction>\<^bsub>mem_of S\<^esub>"
+ unfolding restrict_left_set_def by simp
+
+lemma restrict_left_set_iff_restrict_left_pred [iff]:
+ "(R\<restriction>\<^bsub>S :: 'a set\<^esub> :: 'a \<Rightarrow> _) x y \<longleftrightarrow> R\<restriction>\<^bsub>mem_of S\<^esub> x y"
+ by simp
+
+
+
+paragraph \<open>Restricted Equality\<close>
+
+lemma eq_onp_eq_eq_restrict [HOL_bin_rel_alignment]: "eq_onp = eq_restrict"
+ unfolding eq_onp_def by (intro ext) auto
+
+overloading
+ eq_restrict_set \<equiv> "eq_restrict :: 'a set \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> bool"
+begin
+ definition "eq_restrict_set (S :: 'a set) \<equiv> ((=\<^bsub>mem_of S\<^esub>) :: 'a \<Rightarrow> _)"
+end
+
+lemma eq_restrict_set_eq_eq_restrict_pred [simp]:
+ "((=\<^bsub>S :: 'a set\<^esub>) :: 'a \<Rightarrow> _) = (=\<^bsub>mem_of S\<^esub>)"
+ unfolding eq_restrict_set_def by simp
+
+lemma eq_restrict_set_iff_eq_restrict_pred [iff]:
+ "(x :: 'a) =\<^bsub>(S :: 'a set)\<^esub> y \<longleftrightarrow> x =\<^bsub>mem_of S\<^esub> y"
+ by simp
+
+
+end
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Functions.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Functions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Functions.thy
@@ -0,0 +1,161 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Alignment With Definitions from HOL.Main\<close>
+theory HOL_Alignment_Functions
+ imports
+ HOL_Alignment_Binary_Relations
+ HOL_Syntax_Bundles_Functions
+ LFunctions
+begin
+
+unbundle no_HOL_function_syntax
+
+named_theorems HOL_fun_alignment
+
+paragraph \<open>Functions\<close>
+
+subparagraph \<open>Bijection\<close>
+
+overloading
+ bijection_on_set \<equiv> "bijection_on :: 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "bijection_on_set (S :: 'a set) (S' :: 'b set) :: ('a \<Rightarrow> 'b) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool \<equiv>
+ bijection_on (mem_of S) (mem_of S')"
+end
+
+lemma bijection_on_set_eq_bijection_on_pred [simp]:
+ "(bijection_on (S :: 'a set) (S' :: 'b set) :: ('a \<Rightarrow> 'b) \<Rightarrow> _) =
+ bijection_on (mem_of S) (mem_of S')"
+ unfolding bijection_on_set_def by simp
+
+lemma bijection_on_set_iff_bijection_on_pred [iff]:
+ "bijection_on (S :: 'a set) (S' :: 'b set) (f :: 'a \<Rightarrow> 'b) g \<longleftrightarrow>
+ bijection_on (mem_of S) (mem_of S') f g"
+ by simp
+
+lemma bij_betw_bijection_onE:
+ assumes "bij_betw f S S'"
+ obtains g where "bijection_on S S' f g"
+proof
+ let ?g = "the_inv_into S f"
+ from assms bij_betw_the_inv_into have "bij_betw ?g S' S" by blast
+ with assms show "bijection_on S S' f ?g"
+ by (auto intro!: bijection_onI
+ dest: bij_betw_apply bij_betw_imp_inj_on the_inv_into_f_f
+ simp: f_the_inv_into_f_bij_betw)
+qed
+
+lemma bij_betw_if_bijection_on:
+ assumes "bijection_on S S' f g"
+ shows "bij_betw f S S'"
+ using assms by (intro bij_betw_byWitness[where ?f'=g])
+ (auto elim: bijection_onE dest: inverse_onD)
+
+corollary bij_betw_iff_ex_bijection_on [HOL_fun_alignment]:
+ "bij_betw f S S' \<longleftrightarrow> (\<exists>g. bijection_on S S' f g)"
+ by (intro iffI)
+ (auto elim!: bij_betw_bijection_onE intro: bij_betw_if_bijection_on)
+
+
+subparagraph \<open>Injective\<close>
+
+overloading
+ injective_on_set \<equiv> "injective_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> bool"
+begin
+ definition "injective_on_set (S :: 'a set) :: ('a \<Rightarrow> 'b) \<Rightarrow> bool \<equiv>
+ injective_on (mem_of S)"
+end
+
+lemma injective_on_set_eq_injective_on_pred [simp]:
+ "(injective_on (S :: 'a set) :: ('a \<Rightarrow> 'b) \<Rightarrow> _) = injective_on (mem_of S)"
+ unfolding injective_on_set_def by simp
+
+lemma injective_on_set_iff_injective_on_pred [iff]:
+ "injective_on (S :: 'a set) (f :: 'a \<Rightarrow> 'b) \<longleftrightarrow> injective_on (mem_of S) f"
+ by simp
+
+lemma inj_on_iff_injective_on [HOL_fun_alignment]: "inj_on f P \<longleftrightarrow> injective_on P f"
+ by (auto intro: inj_onI dest: inj_onD injective_onD)
+
+lemma inj_eq_injective [HOL_fun_alignment]: "inj = injective"
+ by (auto intro: injI dest: injD injectiveD)
+
+
+subparagraph \<open>Inverse\<close>
+
+overloading
+ inverse_on_set \<equiv> "inverse_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "inverse_on_set (S :: 'a set) :: ('a \<Rightarrow> 'b) \<Rightarrow> _ \<equiv>
+ inverse_on (mem_of S)"
+end
+
+lemma inverse_on_set_eq_inverse_on_pred [simp]:
+ "(inverse_on (S :: 'a set) :: ('a \<Rightarrow> 'b) \<Rightarrow> _) = inverse_on (mem_of S)"
+ unfolding inverse_on_set_def by simp
+
+lemma inverse_on_set_iff_inverse_on_pred [iff]:
+ "inverse_on (S :: 'a set) (f :: 'a \<Rightarrow> 'b) g \<longleftrightarrow> inverse_on (mem_of S) f g"
+ by simp
+
+
+subparagraph \<open>Monotone\<close>
+
+lemma monotone_on_eq_mono_wrt_rel_restrict_left_right [HOL_fun_alignment]:
+ "monotone_on S R = mono_wrt_rel (R\<restriction>\<^bsub>S\<^esub>\<upharpoonleft>\<^bsub>S\<^esub>)"
+ unfolding restrict_right_eq
+ by (intro ext) (blast intro: monotone_onI dest: monotone_onD)
+
+lemma monotone_eq_mono_wrt_rel [HOL_fun_alignment]: "monotone = mono_wrt_rel"
+ by (intro ext) (auto intro: monotoneI dest: monotoneD)
+
+lemma pred_fun_eq_mono_wrt_pred [HOL_fun_alignment]: "pred_fun = mono_wrt_pred"
+ by (intro ext) auto
+
+lemma Fun_mono_eq_mono [HOL_fun_alignment]: "Fun.mono = mono"
+ by (intro ext) (auto intro: Fun.mono_onI dest: Fun.monoD)
+
+lemma Fun_antimono_eq_antimono [HOL_fun_alignment]: "Fun.antimono = antimono"
+ by (intro ext) (auto intro: monotoneI dest: monotoneD)
+
+
+subparagraph \<open>Surjective\<close>
+
+overloading
+ surjective_at_set \<equiv> "surjective_at :: 'a set \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "surjective_at_set (S :: 'a set) :: ('b \<Rightarrow> 'a) \<Rightarrow> bool \<equiv>
+ surjective_at (mem_of S)"
+end
+
+lemma surjective_at_set_eq_surjective_at_pred [simp]:
+ "(surjective_at (S :: 'a set) :: ('b \<Rightarrow> 'a) \<Rightarrow> _) = surjective_at (mem_of S)"
+ unfolding surjective_at_set_def by simp
+
+lemma surjective_at_set_iff_surjective_at_pred [iff]:
+ "surjective_at (S :: 'a set) (f :: 'b \<Rightarrow> 'a) \<longleftrightarrow> surjective_at (mem_of S) f"
+ by simp
+
+lemma surj_eq_surjective [HOL_fun_alignment]: "surj = surjective"
+ by (intro ext) (fast intro: surjI dest: surjD elim: surjectiveE)
+
+
+paragraph \<open>Functions\<close>
+
+lemma Fun_id_eq_id [HOL_fun_alignment]: "Fun.id = Functions_Base.id"
+ by (intro ext) simp
+
+lemma Fun_comp_eq_comp [HOL_fun_alignment]: "Fun.comp = Functions_Base.comp"
+ by (intro ext) simp
+
+lemma map_fun_eq_fun_map [HOL_fun_alignment]: "map_fun = fun_map"
+ by (intro ext) simp
+
+
+paragraph \<open>Relators\<close>
+
+lemma rel_fun_eq_Fun_Rel_rel [HOL_fun_alignment]: "rel_fun = Fun_Rel_rel"
+ by (intro ext) (auto dest: rel_funD)
+
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Orders.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Orders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignment_Orders.thy
@@ -0,0 +1,78 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Alignment With Definitions from HOL\<close>
+theory HOL_Alignment_Orders
+ imports
+ "HOL-Library.Preorder"
+ HOL_Alignment_Binary_Relations
+ HOL_Syntax_Bundles_Orders
+ Orders
+begin
+
+named_theorems HOL_order_alignment
+
+paragraph \<open>Functions\<close>
+subparagraph \<open>Bi-Related\<close>
+
+lemma (in preorder_equiv) equiv_eq_bi_related [HOL_order_alignment]:
+ "equiv = bi_related (\<le>)"
+ by (intro ext) (auto intro: equiv_antisym dest: equivD1 equivD2)
+
+
+subparagraph \<open>Inflationary\<close>
+
+overloading
+ inflationary_on_set \<equiv> "inflationary_on :: 'a set \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ definition "inflationary_on_set (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _ \<equiv>
+ inflationary_on (mem_of S)"
+end
+
+lemma inflationary_on_set_eq_inflationary_on_pred [simp]:
+ "(inflationary_on (S :: 'a set) :: ('a \<Rightarrow> _) \<Rightarrow> _) = inflationary_on (mem_of S)"
+ unfolding inflationary_on_set_def by simp
+
+lemma inflationary_on_set_iff_inflationary_on_pred [iff]:
+ "inflationary_on (S :: 'a set) (R :: 'a \<Rightarrow> _) f \<longleftrightarrow> inflationary_on (mem_of S) R f"
+ by simp
+
+text \<open>Terms like @{term deflationary_on}, @{term rel_equivalence_on},
+and @{term idempotent_on} are automatically overloaded. One can get similar
+correspondence lemmas by unfolding the corresponding definitional theorems,
+e.g. @{thm deflationary_on_eq_inflationary_on_rel_inv}.\<close>
+
+
+paragraph \<open>Properties\<close>
+subparagraph \<open>Equivalence Relations\<close>
+
+lemma equiv_eq_equivalence_rel [HOL_order_alignment]: "equivp = equivalence_rel"
+ by (intro ext) (fastforce intro!: equivpI
+ simp: HOL_bin_rel_alignment reflexive_eq_reflexive_on elim!: equivpE)
+
+
+subparagraph \<open>Partial Equivalence Relations\<close>
+
+lemma part_equiv_eq_partial_equivalence_rel_if_rel [HOL_order_alignment]:
+ assumes "R x y"
+ shows "part_equivp R = partial_equivalence_rel R"
+ using assms by (fastforce intro!: part_equivpI
+ simp: HOL_bin_rel_alignment elim!: part_equivpE)
+
+
+subparagraph \<open>Partial Orders\<close>
+
+lemma (in order) partial_order [HOL_order_alignment]: "partial_order (\<le>)"
+ using order_refl order_trans order_antisym by blast
+
+
+subparagraph \<open>Preorders\<close>
+
+lemma (in partial_preordering) preorder [HOL_order_alignment]: "preorder (\<^bold>\<le>)"
+ using refl trans by blast
+
+lemma partial_preordering_eq [HOL_order_alignment]:
+ "partial_preordering = Preorders.preorder"
+ by (intro ext) (auto intro: partial_preordering.intro
+ dest: partial_preordering.trans partial_preordering.refl reflexiveD)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignments.thy b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignments.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Alignments/HOL_Alignments.thy
@@ -0,0 +1,13 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>HOL Alignments\<close>
+theory HOL_Alignments
+ imports
+ HOL_Alignment_Binary_Relations
+ HOL_Alignment_Functions
+ HOL_Alignment_Orders
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Alignment of concepts with HOL counterparts\<close>
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Basics.thy b/thys/Transport/HOL_Basics/HOL_Basics.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Basics.thy
@@ -0,0 +1,30 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>HOL-Basics\<close>
+theory HOL_Basics
+ imports
+ LBinary_Relations
+ LFunctions
+ Galois
+ Orders
+ Predicates
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Library on top of HOL axioms, as required for Transport \<^cite>\<open>"transport"\<close>.
+Requires \<^emph>\<open>only\<close> the HOL axioms, nothing else.
+Includes:
+\<^enum> Basic concepts on binary relations, relativised properties,
+ and restricted equalities e.g. @{term "left_total_on"} and @{term "eq_restrict"}.
+\<^enum> Basic concepts on functions, relativised properties, and generalised relators,
+ e.g. @{term "injective_on"} and @{term "dep_mono_wrt_pred"}.
+\<^enum> Basic concepts on orders and relativised order-theoretic properties,
+ e.g. @{term "partial_equivalence_rel_on"}.
+\<^enum> Galois connections, Galois equivalences, order equivalences, and
+ other related concepts on order functors,
+ e.g. @{term "galois.galois_equivalence"}.
+\<^enum> Basic concepts on predicates.
+\<^enum> Syntax bundles for HOL @{dir "HOL_Syntax_Bundles"}.
+\<^enum> Alignments for concepts that have counterparts in the HOL library -
+ see @{dir "HOL_Alignments"}.\<close>
+
+end
diff --git a/thys/Transport/HOL_Basics/HOL_Basics_Base.thy b/thys/Transport/HOL_Basics/HOL_Basics_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Basics_Base.thy
@@ -0,0 +1,8 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+chapter \<open>HOL-Basics\<close>
+theory HOL_Basics_Base
+ imports
+ HOL.HOL
+begin
+
+end
diff --git a/thys/Transport/HOL_Basics/HOL_Mem_Of.thy b/thys/Transport/HOL_Basics/HOL_Mem_Of.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Mem_Of.thy
@@ -0,0 +1,11 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory HOL_Mem_Of
+ imports
+ HOL.Set
+begin
+
+definition "mem_of A x \<equiv> x \<in> A"
+lemma mem_of_eq [simp]: "mem_of \<equiv> \<lambda>A x. x \<in> A" unfolding mem_of_def by simp
+lemma mem_of_iff [iff]: "mem_of A x \<longleftrightarrow> x \<in> A" by simp
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles.thy
@@ -0,0 +1,16 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory HOL_Syntax_Bundles
+ imports
+ HOL_Syntax_Bundles_Base
+ HOL_Syntax_Bundles_Functions
+ HOL_Syntax_Bundles_Groups
+ HOL_Syntax_Bundles_Lattices
+ HOL_Syntax_Bundles_Orders
+ HOL_Syntax_Bundles_Relations
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Bundles to enable and disable syntax from HOL.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Base.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Base.thy
@@ -0,0 +1,30 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>HOL Syntax Bundles\<close>
+subsection \<open>Basic Syntax\<close>
+theory HOL_Syntax_Bundles_Base
+ imports HOL_Basics_Base
+begin
+
+bundle HOL_ascii_syntax
+begin
+notation (ASCII)
+ Not ("~ _" [40] 40) and
+ conj (infixr "&" 35) and
+ disj (infixr "|" 30) and
+ implies (infixr "-->" 25) and
+ not_equal (infixl "~=" 50)
+syntax "_Let" :: "[letbinds, 'a] \<Rightarrow> 'a" ("(let (_)/ in (_))" 10)
+end
+bundle no_HOL_ascii_syntax
+begin
+no_notation (ASCII)
+ Not ("~ _" [40] 40) and
+ conj (infixr "&" 35) and
+ disj (infixr "|" 30) and
+ implies (infixr "-->" 25) and
+ not_equal (infixl "~=" 50)
+no_syntax "_Let" :: "[letbinds, 'a] \<Rightarrow> 'a" ("(let (_)/ in (_))" 10)
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Functions.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Functions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Functions.thy
@@ -0,0 +1,17 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Function Syntax\<close>
+theory HOL_Syntax_Bundles_Functions
+ imports HOL.Fun
+begin
+
+bundle HOL_function_syntax
+begin
+notation comp (infixl "\<circ>" 55)
+end
+bundle no_HOL_function_syntax
+begin
+no_notation comp (infixl "\<circ>" 55)
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Groups.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Groups.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Groups.thy
@@ -0,0 +1,29 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Group Syntax\<close>
+theory HOL_Syntax_Bundles_Groups
+ imports HOL.Groups
+begin
+
+bundle HOL_groups_syntax
+begin
+notation Groups.zero ("0")
+notation Groups.one ("1")
+notation Groups.plus (infixl "+" 65)
+notation Groups.minus (infixl "-" 65)
+notation Groups.uminus ("- _" [81] 80)
+notation Groups.times (infixl "*" 70)
+notation abs ("\<bar>_\<bar>")
+end
+bundle no_HOL_groups_syntax
+begin
+no_notation Groups.zero ("0")
+no_notation Groups.one ("1")
+no_notation Groups.plus (infixl "+" 65)
+no_notation Groups.minus (infixl "-" 65)
+no_notation Groups.uminus ("- _" [81] 80)
+no_notation Groups.times (infixl "*" 70)
+no_notation abs ("\<bar>_\<bar>")
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Lattices.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Lattices.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Lattices.thy
@@ -0,0 +1,28 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Lattice Syntax\<close>
+theory HOL_Syntax_Bundles_Lattices
+ imports
+ HOL.Lattices
+begin
+
+bundle lattice_syntax \<comment> \<open>copied from theory Main\<close>
+begin
+notation
+ bot ("\<bottom>")
+ and top ("\<top>")
+ and inf (infixl "\<sqinter>" 70)
+ and sup (infixl "\<squnion>" 65)
+end
+bundle no_lattice_syntax
+begin
+no_notation
+ bot ("\<bottom>")
+ and top ("\<top>")
+ and inf (infixl "\<sqinter>" 70)
+ and sup (infixl "\<squnion>" 65)
+end
+
+unbundle lattice_syntax
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Orders.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Orders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Orders.thy
@@ -0,0 +1,37 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Order Syntax\<close>
+theory HOL_Syntax_Bundles_Orders
+ imports HOL.Orderings
+begin
+
+bundle HOL_order_syntax
+begin
+notation
+ less_eq ("'(\<le>')") and
+ less_eq ("(_/ \<le> _)" [51, 51] 50) and
+ less ("'(<')") and
+ less ("(_/ < _)" [51, 51] 50)
+notation (input) greater_eq (infix "\<ge>" 50)
+notation (input) greater (infix ">" 50)
+notation (ASCII)
+ less_eq ("'(<=')") and
+ less_eq ("(_/ <= _)" [51, 51] 50)
+notation (input) greater_eq (infix ">=" 50)
+end
+bundle no_HOL_order_syntax
+begin
+no_notation
+ less_eq ("'(\<le>')") and
+ less_eq ("(_/ \<le> _)" [51, 51] 50) and
+ less ("'(<')") and
+ less ("(_/ < _)" [51, 51] 50)
+no_notation (input) greater_eq (infix "\<ge>" 50)
+no_notation (input) greater (infix ">" 50)
+no_notation (ASCII)
+ less_eq ("'(<=')") and
+ less_eq ("(_/ <= _)" [51, 51] 50)
+no_notation (input) greater_eq (infix ">=" 50)
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Relations.thy b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/HOL_Syntax_Bundles/HOL_Syntax_Bundles_Relations.thy
@@ -0,0 +1,29 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Relation Syntax\<close>
+theory HOL_Syntax_Bundles_Relations
+ imports HOL.Relation
+begin
+
+bundle HOL_relation_syntax
+begin
+notation relcomp (infixr "O" 75)
+notation relcompp (infixr "OO" 75)
+notation converse ("(_\<inverse>)" [1000] 999)
+notation conversep ("(_\<inverse>\<inverse>)" [1000] 1000)
+notation (ASCII)
+ converse ("(_^-1)" [1000] 999) and
+ conversep ("(_^--1)" [1000] 1000)
+end
+bundle no_HOL_relation_syntax
+begin
+no_notation relcomp (infixr "O" 75)
+no_notation relcompp (infixr "OO" 75)
+no_notation converse ("(_\<inverse>)" [1000] 999)
+no_notation conversep ("(_\<inverse>\<inverse>)" [1000] 1000)
+no_notation (ASCII)
+ converse ("(_^-1)" [1000] 999) and
+ conversep ("(_^--1)" [1000] 1000)
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Equivalence_Relations.thy b/thys/Transport/HOL_Basics/Orders/Equivalence_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Equivalence_Relations.thy
@@ -0,0 +1,72 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Equivalences\<close>
+theory Equivalence_Relations
+ imports
+ Partial_Equivalence_Relations
+begin
+
+definition "equivalence_rel_on P R \<equiv>
+ partial_equivalence_rel_on P R \<and> reflexive_on P R"
+
+lemma equivalence_rel_onI [intro]:
+ assumes "partial_equivalence_rel_on P R"
+ and "reflexive_on P R"
+ shows "equivalence_rel_on P R"
+ unfolding equivalence_rel_on_def using assms by blast
+
+lemma equivalence_rel_onE [elim]:
+ assumes "equivalence_rel_on P R"
+ obtains "partial_equivalence_rel_on P R" "reflexive_on P R"
+ using assms unfolding equivalence_rel_on_def by blast
+
+lemma equivalence_rel_on_in_field_if_partial_equivalence_rel:
+ assumes "partial_equivalence_rel R"
+ shows "equivalence_rel_on (in_field R) R"
+ using assms
+ by (intro equivalence_rel_onI reflexive_on_in_field_if_partial_equivalence_rel) auto
+
+corollary partial_equivalence_rel_iff_equivalence_rel_on_in_field:
+ "partial_equivalence_rel R \<longleftrightarrow> equivalence_rel_on (in_field R) R"
+ using equivalence_rel_on_in_field_if_partial_equivalence_rel by auto
+
+
+definition "equivalence_rel (R :: 'a \<Rightarrow> _) \<equiv> equivalence_rel_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma equivalence_rel_eq_equivalence_rel_on:
+ "equivalence_rel (R :: 'a \<Rightarrow> _) = equivalence_rel_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding equivalence_rel_def ..
+
+lemma equivalence_relI [intro]:
+ assumes "partial_equivalence_rel R"
+ and "reflexive R"
+ shows "equivalence_rel R"
+ unfolding equivalence_rel_eq_equivalence_rel_on using assms
+ by (intro equivalence_rel_onI partial_equivalence_rel_on_if_partial_equivalence_rel
+ reflexive_on_if_reflexive)
+
+lemma equivalence_relE [elim]:
+ assumes "equivalence_rel R"
+ obtains "partial_equivalence_rel R" "reflexive R"
+ using assms unfolding equivalence_rel_eq_equivalence_rel_on
+ by (elim equivalence_rel_onE)
+ (simp only: partial_equivalence_rel_eq_partial_equivalence_rel_on
+ reflexive_eq_reflexive_on)
+
+lemma equivalence_rel_on_if_equivalence:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "equivalence_rel R"
+ shows "equivalence_rel_on P R"
+ using assms by (elim equivalence_relE)
+ (intro equivalence_rel_onI partial_equivalence_rel_on_if_partial_equivalence_rel
+ reflexive_on_if_reflexive)
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma equivalence_eq: "equivalence_rel (=)"
+ using partial_equivalence_rel_eq reflexive_eq by (rule equivalence_relI)
+
+lemma equivalence_top: "equivalence_rel \<top>"
+ using partial_equivalence_rel_top reflexive_top by (rule equivalence_relI)
+
+end
diff --git a/thys/Transport/HOL_Basics/Orders/Functions/Closure_Operators.thy b/thys/Transport/HOL_Basics/Orders/Functions/Closure_Operators.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functions/Closure_Operators.thy
@@ -0,0 +1,86 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Closure Operators\<close>
+theory Closure_Operators
+ imports
+ Order_Functions_Base
+begin
+
+definition "idempotent_on P R f \<equiv> rel_equivalence_on P (rel_map f R) f"
+
+lemma idempotent_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> f x \<equiv>\<^bsub>R\<^esub> f (f x)"
+ shows "idempotent_on P R f"
+ unfolding idempotent_on_def using assms by fastforce
+
+lemma idempotent_onE [elim]:
+ assumes "idempotent_on P R f"
+ and "P x"
+ obtains "R (f (f x)) (f x)" "R (f x) (f (f x))"
+ using assms unfolding idempotent_on_def by fastforce
+
+lemma rel_equivalence_on_rel_map_iff_idempotent_on [iff]:
+ "rel_equivalence_on P (rel_map f R) f \<longleftrightarrow> idempotent_on P R f"
+ unfolding idempotent_on_def by simp
+
+lemma bi_related_if_idempotent_onD:
+ assumes "idempotent_on P R f"
+ and "P x"
+ shows "f x \<equiv>\<^bsub>R\<^esub> f (f x)"
+ using assms by blast
+
+definition "idempotent (R :: 'a \<Rightarrow> _) f \<equiv> idempotent_on (\<top> :: 'a \<Rightarrow> bool) R f"
+
+lemma idempotent_eq_idempotent_on:
+ "idempotent (R :: 'a \<Rightarrow> _) f = idempotent_on (\<top> :: 'a \<Rightarrow> bool) R f"
+ unfolding idempotent_def ..
+
+lemma idempotentI [intro]:
+ assumes "\<And>x. R (f (f x)) (f x)"
+ and "\<And>x. R (f x) (f (f x))"
+ shows "idempotent R f"
+ unfolding idempotent_eq_idempotent_on using assms by blast
+
+lemma idempotentE [elim]:
+ assumes "idempotent R f"
+ obtains "R (f (f x)) (f x)" "R (f x) (f (f x))"
+ using assms unfolding idempotent_eq_idempotent_on by (blast intro: top1I)
+
+lemma idempotent_on_if_idempotent:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "idempotent R f"
+ shows "idempotent_on P R f"
+ using assms by (intro idempotent_onI) auto
+
+definition "closure_operator R f \<equiv>
+ (R \<Rrightarrow>\<^sub>m R) f \<and> inflationary_on (in_field R) R f \<and> idempotent_on (in_field R) R f"
+
+lemma closure_operatorI [intro]:
+ assumes "(R \<Rrightarrow>\<^sub>m R) f"
+ and "inflationary_on (in_field R) R f"
+ and "idempotent_on (in_field R) R f"
+ shows "closure_operator R f"
+ unfolding closure_operator_def using assms by blast
+
+lemma closure_operatorE [elim]:
+ assumes "closure_operator R f"
+ obtains "(R \<Rrightarrow>\<^sub>m R) f" "inflationary_on (in_field R) R f"
+ "idempotent_on (in_field R) R f"
+ using assms unfolding closure_operator_def by blast
+
+lemma mono_wrt_rel_if_closure_operator:
+ assumes "closure_operator R f"
+ shows "(R \<Rrightarrow>\<^sub>m R) f"
+ using assms by (elim closure_operatorE)
+
+lemma inflationary_on_in_field_if_closure_operator:
+ assumes "closure_operator R f"
+ shows "inflationary_on (in_field R) R f"
+ using assms by (elim closure_operatorE)
+
+lemma idempotent_on_in_field_if_closure_operator:
+ assumes "closure_operator R f"
+ shows "idempotent_on (in_field R) R f"
+ using assms by (elim closure_operatorE)
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions.thy b/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions.thy
@@ -0,0 +1,12 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Order_Functions
+ imports
+ Order_Functions_Base
+ Closure_Operators
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic functions on orders.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions_Base.thy b/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functions/Order_Functions_Base.thy
@@ -0,0 +1,445 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Functions On Orders\<close>
+subsubsection \<open>Basics\<close>
+theory Order_Functions_Base
+ imports
+ Functions_Monotone
+ Restricted_Equality
+begin
+
+subparagraph \<open>Bi-Relation\<close>
+
+definition "bi_related R x y \<equiv> R x y \<and> R y x"
+
+(*Note: we are not using (\<equiv>\<index>) as infix here because it would produce an ambiguous
+grammar whenever using a of the form "definition c \<equiv> t"*)
+bundle bi_related_syntax begin
+syntax
+ "_bi_related" :: "'a \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> bool" ("(_) \<equiv>\<^bsub>(_)\<^esub> (_)" [51,51,51] 50)
+notation bi_related ("'(\<equiv>(\<^bsub>_\<^esub>)')")
+end
+bundle no_bi_related_syntax begin
+no_syntax
+ "_bi_related" :: "'a \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> bool" ("(_) \<equiv>\<^bsub>(_)\<^esub> (_)" [51,51,51] 50)
+no_notation bi_related ("'(\<equiv>(\<^bsub>_\<^esub>)')")
+end
+unbundle bi_related_syntax
+translations
+ "x \<equiv>\<^bsub>R\<^esub> y" \<rightleftharpoons> "CONST bi_related R x y"
+
+lemma bi_relatedI [intro]:
+ assumes "R x y"
+ and "R y x"
+ shows "x \<equiv>\<^bsub>R\<^esub> y"
+ unfolding bi_related_def using assms by blast
+
+lemma bi_relatedE [elim]:
+ assumes "x \<equiv>\<^bsub>R\<^esub> y"
+ obtains "R x y" "R y x"
+ using assms unfolding bi_related_def by blast
+
+lemma symmetric_bi_related [iff]: "symmetric (\<equiv>\<^bsub>R\<^esub>)"
+ by (intro symmetricI) blast
+
+lemma reflexive_bi_related_if_reflexive [intro]:
+ assumes "reflexive R"
+ shows "reflexive (\<equiv>\<^bsub>R\<^esub>)"
+ using assms by (intro reflexiveI) (blast dest: reflexiveD)
+
+lemma transitive_bi_related_if_transitive [intro]:
+ assumes "transitive R"
+ shows "transitive (\<equiv>\<^bsub>R\<^esub>)"
+ using assms by (intro transitiveI bi_relatedI) auto
+
+lemma mono_bi_related [iff]: "mono bi_related"
+ by (intro monoI) blast
+
+lemma bi_related_if_le_rel_if_bi_related:
+ assumes "x \<equiv>\<^bsub>R\<^esub> y"
+ and "R \<le> S"
+ shows "x \<equiv>\<^bsub>S\<^esub> y"
+ using assms by blast
+
+lemma eq_if_bi_related_if_antisymmetric_on:
+ assumes "antisymmetric_on P R"
+ and "x \<equiv>\<^bsub>R\<^esub> y"
+ and "P x" "P y"
+ shows "x = y"
+ using assms by (blast dest: antisymmetric_onD)
+
+lemma eq_if_bi_related_if_in_field_le_if_antisymmetric_on:
+ assumes "antisymmetric_on P R"
+ and "in_field R \<le> P"
+ and "x \<equiv>\<^bsub>R\<^esub> y"
+ shows "x = y"
+ using assms by (intro eq_if_bi_related_if_antisymmetric_on) blast+
+
+lemma bi_related_le_eq_if_antisymmetric_on_in_field:
+ assumes "antisymmetric_on (in_field R) R"
+ shows "(\<equiv>\<^bsub>R\<^esub>) \<le> (=)"
+ using assms
+ by (intro le_relI eq_if_bi_related_if_in_field_le_if_antisymmetric_on) blast+
+
+lemma bi_related_if_all_rel_iff_if_reflexive_on:
+ assumes "reflexive_on P R"
+ and "\<And>z. P z \<Longrightarrow> R x z \<longleftrightarrow> R y z"
+ and "P x" "P y"
+ shows "x \<equiv>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+lemma bi_related_if_all_rel_iff_if_reflexive_on':
+ assumes "reflexive_on P R"
+ and "\<And>z. P z \<Longrightarrow> R z x \<longleftrightarrow> R z y"
+ and "P x" "P y"
+ shows "x \<equiv>\<^bsub>R\<^esub> y"
+ using assms by blast
+
+corollary eq_if_all_rel_iff_if_antisymmetric_on_if_reflexive_on:
+ assumes "reflexive_on P R" and "antisymmetric_on P R"
+ and "\<And>z. P z \<Longrightarrow> R x z \<longleftrightarrow> R y z"
+ and "P x" "P y"
+ shows "x = y"
+ using assms by (blast intro: eq_if_bi_related_if_antisymmetric_on
+ bi_related_if_all_rel_iff_if_reflexive_on)
+
+corollary eq_if_all_rel_iff_if_antisymmetric_on_if_reflexive_on':
+ assumes "reflexive_on P R" and "antisymmetric_on P R"
+ and "\<And>z. P z \<Longrightarrow> R z x \<longleftrightarrow> R z y"
+ and "P x" "P y"
+ shows "x = y"
+ using assms by (blast intro: eq_if_bi_related_if_antisymmetric_on
+ bi_related_if_all_rel_iff_if_reflexive_on')
+
+
+subparagraph \<open>Inflationary\<close>
+
+consts inflationary_on :: "'a \<Rightarrow> ('b \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> bool"
+
+overloading
+ inflationary_on_pred \<equiv> "inflationary_on ::
+ ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> bool"
+begin
+ text \<open>Often also called "extensive".\<close>
+ definition "inflationary_on_pred P (R :: 'a \<Rightarrow> 'a \<Rightarrow> _) f \<equiv> \<forall>x. P x \<longrightarrow> R x (f x)"
+end
+
+lemma inflationary_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> R x (f x)"
+ shows "inflationary_on P R f"
+ unfolding inflationary_on_pred_def using assms by blast
+
+lemma inflationary_onD [dest]:
+ assumes "inflationary_on P R f"
+ and "P x"
+ shows "R x (f x)"
+ using assms unfolding inflationary_on_pred_def by blast
+
+lemma inflationary_on_eq_dep_mono_wrt_pred: "inflationary_on = dep_mono_wrt_pred"
+ by blast
+
+lemma antimono_inflationary_on_pred [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). inflationary_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) auto
+
+lemma inflationary_on_if_le_pred_if_inflationary_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "inflationary_on P R f"
+ and "P' \<le> P"
+ shows "inflationary_on P' R f"
+ using assms by blast
+
+lemma mono_inflationary_on_rel [iff]:
+ "mono (\<lambda>(R :: 'a \<Rightarrow> _). inflationary_on (P :: 'a \<Rightarrow> bool) R)"
+ by (intro monoI) auto
+
+lemma inflationary_on_if_le_rel_if_inflationary_on:
+ assumes "inflationary_on P R f"
+ and "\<And>x. P x \<Longrightarrow> R x (f x) \<Longrightarrow> R' x (f x)"
+ shows "inflationary_on P R' f"
+ using assms by blast
+
+lemma le_in_dom_if_inflationary_on:
+ assumes "inflationary_on P R f"
+ shows "P \<le> in_dom R"
+ using assms by blast
+
+lemma inflationary_on_sup_eq [simp]:
+ "(inflationary_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> _) \<Rightarrow> _) ((P :: 'a \<Rightarrow> bool) \<squnion> Q)
+ = inflationary_on P \<sqinter> inflationary_on Q"
+ by (intro ext iffI inflationary_onI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on)
+
+
+definition "inflationary (R :: 'a \<Rightarrow> _) f \<equiv> inflationary_on (\<top> :: 'a \<Rightarrow> bool) R f"
+
+lemma inflationary_eq_inflationary_on:
+ "inflationary (R :: 'a \<Rightarrow> _) f = inflationary_on (\<top> :: 'a \<Rightarrow> bool) R f"
+ unfolding inflationary_def ..
+
+lemma inflationaryI [intro]:
+ assumes "\<And>x. R x (f x)"
+ shows "inflationary R f"
+ unfolding inflationary_eq_inflationary_on using assms
+ by (intro inflationary_onI)
+
+lemma inflationaryD:
+ assumes "inflationary R f"
+ shows "R x (f x)"
+ using assms unfolding inflationary_eq_inflationary_on by auto
+
+lemma inflationary_on_if_inflationary:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "inflationary R f"
+ shows "inflationary_on P R f"
+ using assms by (intro inflationary_onI) (blast dest: inflationaryD)
+
+lemma inflationary_eq_dep_mono_wrt_pred: "inflationary = dep_mono_wrt_pred \<top>"
+ by (intro ext) (fastforce dest: inflationaryD)
+
+
+subparagraph \<open>Deflationary\<close>
+
+definition "deflationary_on P R \<equiv> inflationary_on P R\<inverse>"
+
+lemma deflationary_on_eq_inflationary_on_rel_inv:
+ "deflationary_on P R = inflationary_on P R\<inverse>"
+ unfolding deflationary_on_def ..
+
+declare deflationary_on_eq_inflationary_on_rel_inv[symmetric, simp]
+
+corollary deflationary_on_rel_inv_eq_inflationary_on [simp]:
+ "deflationary_on P R\<inverse> = inflationary_on P R"
+ unfolding deflationary_on_eq_inflationary_on_rel_inv by simp
+
+lemma deflationary_onI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> R (f x) x"
+ shows "deflationary_on P R f"
+ unfolding deflationary_on_eq_inflationary_on_rel_inv using assms
+ by (intro inflationary_onI rel_invI)
+
+lemma deflationary_onD [dest]:
+ assumes "deflationary_on P R f"
+ and "P x"
+ shows "R (f x) x"
+ using assms unfolding deflationary_on_eq_inflationary_on_rel_inv by blast
+
+lemma deflationary_on_eq_dep_mono_wrt_pred_rel_inv:
+ "deflationary_on P R = ([x \<Colon> P] \<Rrightarrow>\<^sub>m R\<inverse> x)"
+ by blast
+
+lemma antimono_deflationary_on_pred [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). deflationary_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) auto
+
+lemma deflationary_on_if_le_pred_if_deflationary_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "deflationary_on P R f"
+ and "P' \<le> P"
+ shows "deflationary_on P' R f"
+ using assms by blast
+
+lemma mono_deflationary_on_rel [iff]:
+ "mono (\<lambda>(R :: 'a \<Rightarrow> _). deflationary_on (P :: 'a \<Rightarrow> bool) R)"
+ by (intro monoI) auto
+
+lemma deflationary_on_if_le_rel_if_deflationary_on:
+ assumes "deflationary_on P R f"
+ and "\<And>x. P x \<Longrightarrow> R (f x) x \<Longrightarrow> R' (f x) x"
+ shows "deflationary_on P R' f"
+ using assms by auto
+
+lemma le_in_dom_if_deflationary_on:
+ assumes "deflationary_on P R f"
+ shows "P \<le> in_codom R"
+ using assms by blast
+
+lemma deflationary_on_sup_eq [simp]:
+ "(deflationary_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> _) \<Rightarrow> _) ((P :: 'a \<Rightarrow> bool) \<squnion> Q)
+ = deflationary_on P \<sqinter> deflationary_on Q"
+ unfolding deflationary_on_eq_inflationary_on_rel_inv by auto
+
+definition "deflationary R (f :: 'a \<Rightarrow> _) \<equiv> deflationary_on (\<top> :: 'a \<Rightarrow> bool) R f"
+
+lemma deflationary_eq_deflationary_on:
+ "deflationary R (f :: 'a \<Rightarrow> _) = deflationary_on (\<top> :: 'a \<Rightarrow> bool) R f"
+ unfolding deflationary_def ..
+
+lemma deflationaryI [intro]:
+ assumes "\<And>x. R (f x) x"
+ shows "deflationary R f"
+ unfolding deflationary_eq_deflationary_on using assms by (intro deflationary_onI)
+
+lemma deflationaryD:
+ assumes "deflationary R f"
+ shows "R (f x) x"
+ using assms unfolding deflationary_eq_deflationary_on by auto
+
+lemma deflationary_on_if_deflationary:
+ fixes P :: "'a \<Rightarrow> bool" and f :: "'a \<Rightarrow> _"
+ assumes "deflationary R f"
+ shows "deflationary_on P R f"
+ using assms by (intro deflationary_onI) (blast dest: deflationaryD)
+
+lemma deflationary_eq_dep_mono_wrt_pred_rel_inv:
+ "deflationary R = dep_mono_wrt_pred \<top> R\<inverse>"
+ by (intro ext) (fastforce dest: deflationaryD)
+
+
+subparagraph \<open>Relational Equivalence\<close>
+
+definition "rel_equivalence_on \<equiv> inflationary_on \<sqinter> deflationary_on"
+
+lemma rel_equivalence_on_eq:
+ "rel_equivalence_on = inflationary_on \<sqinter> deflationary_on"
+ unfolding rel_equivalence_on_def ..
+
+lemma rel_equivalence_onI [intro]:
+ assumes "inflationary_on P R f"
+ and "deflationary_on P R f"
+ shows "rel_equivalence_on P R f"
+ unfolding rel_equivalence_on_eq using assms by auto
+
+lemma rel_equivalence_onE [elim]:
+ assumes "rel_equivalence_on P R f"
+ obtains "inflationary_on P R f" "deflationary_on P R f"
+ using assms unfolding rel_equivalence_on_eq by auto
+
+lemma rel_equivalence_on_eq_dep_mono_wrt_pred_inf:
+ "rel_equivalence_on P R = dep_mono_wrt_pred P (R \<sqinter> R\<inverse>)"
+ by (intro ext) fastforce
+
+lemma bi_related_if_rel_equivalence_on:
+ assumes "rel_equivalence_on P R f"
+ and "P x"
+ shows "x \<equiv>\<^bsub>R\<^esub> f x"
+ using assms by (intro bi_relatedI) auto
+
+lemma rel_equivalence_on_if_all_bi_related:
+ assumes "\<And>x. P x \<Longrightarrow> x \<equiv>\<^bsub>R\<^esub> f x"
+ shows "rel_equivalence_on P R f"
+ using assms by auto
+
+corollary rel_equivalence_on_iff_all_bi_related:
+ "rel_equivalence_on P R f \<longleftrightarrow> (\<forall>x. P x \<longrightarrow> x \<equiv>\<^bsub>R\<^esub> f x)"
+ using rel_equivalence_on_if_all_bi_related bi_related_if_rel_equivalence_on
+ by blast
+
+lemma rel_equivalence_onD [dest]:
+ assumes "rel_equivalence_on P R f"
+ and "P x"
+ shows "R x (f x)" "R (f x) x"
+ using assms by (auto dest: bi_related_if_rel_equivalence_on)
+
+lemma rel_equivalence_on_rel_inv_eq_rel_equivalence_on [simp]:
+ "rel_equivalence_on P R\<inverse> = rel_equivalence_on P R"
+ by (intro ext) fastforce
+
+lemma antimono_rel_equivalence_on_pred [iff]:
+ "antimono (\<lambda>(P :: 'a \<Rightarrow> bool). rel_equivalence_on P (R :: 'a \<Rightarrow> _))"
+ by (intro antimonoI) blast
+
+lemma rel_equivalence_on_if_le_pred_if_rel_equivalence_on:
+ fixes P P' :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "rel_equivalence_on P R f"
+ and "P' \<le> P"
+ shows "rel_equivalence_on P' R f"
+ using assms by blast
+
+lemma rel_equivalence_on_sup_eq [simp]:
+ "(rel_equivalence_on :: ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> _) \<Rightarrow> _) ((P :: 'a \<Rightarrow> bool) \<squnion> Q)
+ = rel_equivalence_on P \<sqinter> rel_equivalence_on Q"
+ unfolding rel_equivalence_on_eq by (simp add: inf_aci)
+
+lemma in_codom_eq_in_dom_if_rel_equivalence_on_in_field:
+ assumes "rel_equivalence_on (in_field R) R f"
+ shows "in_codom R = in_dom R"
+ using assms by (intro ext) blast
+
+lemma reflexive_on_if_transitive_on_if_mon_wrt_pred_if_rel_equivalence_on:
+ assumes "rel_equivalence_on P R f"
+ and "([P] \<Rrightarrow>\<^sub>m P) f"
+ and "transitive_on P R"
+ shows "reflexive_on P R"
+ using assms by (blast dest: transitive_onD)
+
+lemma inflationary_on_eq_rel_equivalence_on_if_symmetric:
+ assumes "symmetric R"
+ shows "inflationary_on P R = rel_equivalence_on P R"
+ using assms
+ by (simp add: rel_equivalence_on_eq deflationary_on_eq_inflationary_on_rel_inv)
+
+lemma deflationary_on_eq_rel_equivalence_on_if_symmetric:
+ assumes "symmetric R"
+ shows "deflationary_on P R = rel_equivalence_on P R"
+ using assms
+ by (simp add: deflationary_on_eq_inflationary_on_rel_inv rel_equivalence_on_eq)
+
+
+definition "rel_equivalence (R :: 'a \<Rightarrow> _) f \<equiv> rel_equivalence_on (\<top> :: 'a \<Rightarrow> bool) R f"
+
+lemma rel_equivalence_eq_rel_equivalence_on:
+ "rel_equivalence (R :: 'a \<Rightarrow> _) f = rel_equivalence_on (\<top> :: 'a \<Rightarrow> bool) R f"
+ unfolding rel_equivalence_def ..
+
+lemma rel_equivalenceI [intro]:
+ assumes "inflationary R f"
+ and "deflationary R f"
+ shows "rel_equivalence R f"
+ unfolding rel_equivalence_eq_rel_equivalence_on using assms
+ by (intro rel_equivalence_onI)
+ (auto dest: inflationary_on_if_inflationary deflationary_on_if_deflationary)
+
+lemma rel_equivalenceE [elim]:
+ assumes "rel_equivalence R f"
+ obtains "inflationary R f" "deflationary R f"
+ using assms unfolding rel_equivalence_eq_rel_equivalence_on
+ by (elim rel_equivalence_onE)
+ (simp only: inflationary_eq_inflationary_on deflationary_eq_deflationary_on)
+
+lemma inflationary_if_rel_equivalence:
+ assumes "rel_equivalence R f"
+ shows "inflationary R f"
+ using assms by (elim rel_equivalenceE)
+
+lemma deflationary_if_rel_equivalence:
+ assumes "rel_equivalence R f"
+ shows "deflationary R f"
+ using assms by (elim rel_equivalenceE)
+
+lemma rel_equivalence_on_if_rel_equivalence:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "rel_equivalence R f"
+ shows "rel_equivalence_on P R f"
+ using assms by (intro rel_equivalence_onI)
+ (auto dest: inflationary_on_if_inflationary deflationary_on_if_deflationary)
+
+lemma bi_related_if_rel_equivalence:
+ assumes "rel_equivalence R f"
+ shows "x \<equiv>\<^bsub>R\<^esub> f x"
+ using assms by (intro bi_relatedI) (auto dest: inflationaryD deflationaryD)
+
+lemma rel_equivalence_if_all_bi_related:
+ assumes "\<And>x. x \<equiv>\<^bsub>R\<^esub> f x"
+ shows "rel_equivalence R f"
+ using assms by auto
+
+lemma rel_equivalenceD:
+ assumes "rel_equivalence R f"
+ shows "R x (f x)" "R (f x) x"
+ using assms by (auto dest: bi_related_if_rel_equivalence)
+
+lemma reflexive_on_in_field_if_transitive_if_rel_equivalence_on:
+ assumes "rel_equivalence_on (in_field R) R f"
+ and "transitive R"
+ shows "reflexive_on (in_field R) R"
+ using assms by (intro reflexive_onI) blast
+
+corollary preorder_on_in_field_if_transitive_if_rel_equivalence_on:
+ assumes "rel_equivalence_on (in_field R) R f"
+ and "transitive R"
+ shows "preorder_on (in_field R) R"
+ using assms reflexive_on_in_field_if_transitive_if_rel_equivalence_on
+ using assms by blast
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Orders/Functors/Order_Equivalences.thy b/thys/Transport/HOL_Basics/Orders/Functors/Order_Equivalences.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functors/Order_Equivalences.thy
@@ -0,0 +1,96 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsubsection \<open>Equivalences\<close>
+theory Order_Equivalences
+ imports
+ Order_Functors_Base
+ Partial_Equivalence_Relations
+ Preorders
+begin
+
+context order_functors
+begin
+
+definition "order_equivalence \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l \<and>
+ ((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r \<and>
+ rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta> \<and>
+ rel_equivalence_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+
+notation order_functors.order_equivalence (infix "\<equiv>\<^sub>o" 50)
+
+lemma order_equivalenceI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding order_equivalence_def using assms by blast
+
+lemma order_equivalenceE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l" "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ "rel_equivalence_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ using assms unfolding order_equivalence_def by blast
+
+interpretation of : order_functors S T f g for S T f g .
+
+lemma rel_inv_order_equivalence_eq_order_equivalence [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext)
+ (auto intro!: of.order_equivalenceI simp: of.flip_unit_eq_counit)
+
+corollary order_equivalence_right_left_iff_order_equivalence_left_right:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>L\<^esub>)) r l \<longleftrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ by (simp flip: rel_inv_order_equivalence_eq_order_equivalence)
+
+text \<open>Due to the symmetry given by
+@{thm "order_equivalence_right_left_iff_order_equivalence_left_right"},
+for any theorem on @{term "(\<le>\<^bsub>L\<^esub>)"}, we obtain a corresponding theorem on
+@{term "(\<le>\<^bsub>R\<^esub>)"} by flipping the roles of the two functors.
+As such, in what follows, we do not explicitly state these free theorems but
+users can obtain them as needed by creating a flipped interpretation
+of @{locale order_functors}.\<close>
+
+lemma order_equivalence_rel_inv_eq_order_equivalence [simp]:
+ "((\<ge>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<ge>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) (auto intro!: of.order_equivalenceI)
+
+lemma in_codom_left_eq_in_dom_left_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "in_codom (\<le>\<^bsub>L\<^esub>) = in_dom (\<le>\<^bsub>L\<^esub>)"
+ using assms by (elim order_equivalenceE)
+ (rule in_codom_eq_in_dom_if_rel_equivalence_on_in_field)
+
+corollary preorder_on_in_field_left_if_transitive_if_order_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ shows "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ using assms by (elim order_equivalenceE)
+ (rule preorder_on_in_field_if_transitive_if_rel_equivalence_on)
+
+lemma order_equivalence_partial_equivalence_rel_not_reflexive_not_transitive:
+ assumes "\<exists>(y :: 'b) y'. y \<noteq> y'"
+ shows "\<exists>(L :: 'a \<Rightarrow> 'a \<Rightarrow> bool) (R :: 'b \<Rightarrow> 'b \<Rightarrow> bool) l r.
+ (L \<equiv>\<^sub>o R) l r \<and> partial_equivalence_rel L \<and>
+ \<not>(reflexive_on (in_field R) R) \<and> \<not>(transitive_on (in_field R) R)"
+proof -
+ from assms obtain cy cy' where "(cy :: 'b) \<noteq> cy'" by blast
+ let ?cx = "undefined :: 'a"
+ let ?L = "\<lambda>x x'. ?cx = x \<and> x = x'"
+ and ?R = "\<lambda>y y'. (y = cy \<or> y = cy') \<and> (y' = cy \<or> y' = cy') \<and> (y \<noteq> cy' \<or> y' \<noteq> cy')"
+ and ?l = "\<lambda>(a :: 'a). cy"
+ and ?r = "\<lambda>(b :: 'b). ?cx"
+ have "(?L \<equiv>\<^sub>o ?R)?l ?r" using \<open>cy \<noteq> cy'\<close>
+ by (intro of.order_equivalenceI) (auto 0 4)
+ moreover have "partial_equivalence_rel ?L" by blast
+ moreover have
+ "\<not>(transitive_on (in_field ?R) ?R)" and "\<not>(reflexive_on (in_field ?R) ?R)"
+ using \<open>cy \<noteq> cy'\<close> by auto
+ ultimately show "?thesis" by blast
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors.thy b/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors.thy
@@ -0,0 +1,12 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Order_Functors
+ imports
+ Order_Functors_Base
+ Order_Equivalences
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Functors between orders aka. order-homomorphisms aka. monotone functions.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors_Base.thy b/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Functors/Order_Functors_Base.thy
@@ -0,0 +1,196 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order Functors\<close>
+subsubsection \<open>Basic Setup and Results\<close>
+theory Order_Functors_Base
+ imports
+ Functions_Inverse
+ Order_Functions_Base
+begin
+
+text \<open>In the following, we do not add any assumptions to our locales but rather
+add them as needed to the theorem statements. This allows consumers to
+state preciser results; particularly, the development of Transport depends
+on this setup.\<close>
+
+locale orders =
+ fixes L :: "'a \<Rightarrow> 'b \<Rightarrow> bool"
+ and R :: "'c \<Rightarrow> 'd \<Rightarrow> bool"
+begin
+
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+text\<open>We call @{term "(\<le>\<^bsub>L\<^esub>)"} the \<^emph>\<open>left relation\<close> and @{term "(\<le>\<^bsub>R\<^esub>)"} the
+\<^emph>\<open>right relation\<close>.\<close>
+
+abbreviation (input) "ge_left \<equiv> (\<le>\<^bsub>L\<^esub>)\<inverse>"
+notation ge_left (infix "\<ge>\<^bsub>L\<^esub>" 50)
+
+abbreviation (input) "ge_right \<equiv> (\<le>\<^bsub>R\<^esub>)\<inverse>"
+notation ge_right (infix "\<ge>\<^bsub>R\<^esub>" 50)
+
+end
+
+text \<open>Homogeneous orders\<close>
+locale hom_orders = orders L R
+ for L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+
+locale order_functor = hom_orders L R
+ for L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+begin
+
+lemma left_right_rel_left_self_if_reflexive_on_left_if_mono_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "P x"
+ shows "l x \<le>\<^bsub>R\<^esub> l x"
+ using assms by blast
+
+lemma left_right_rel_left_self_if_reflexive_on_in_dom_right_if_mono_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ shows "l x \<le>\<^bsub>R\<^esub> l x"
+ using assms by blast
+
+lemma left_right_rel_left_self_if_reflexive_on_in_codom_right_if_mono_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on (in_codom (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ and "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ shows "l x \<le>\<^bsub>R\<^esub> l x"
+ using assms by blast
+
+lemma left_right_rel_left_self_if_reflexive_on_in_field_right_if_mono_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ and "in_field (\<le>\<^bsub>L\<^esub>) x"
+ shows "l x \<le>\<^bsub>R\<^esub> l x"
+ using assms by blast
+
+lemma mono_wrt_rel_left_if_reflexive_on_if_le_eq_if_mono_wrt_in_field:
+ assumes "([in_field (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m P) l"
+ and "(\<le>\<^bsub>L\<^esub>) \<le> (=)"
+ and "reflexive_on P (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ using assms by (intro dep_mono_wrt_relI) auto
+
+end
+
+
+locale order_functors = order_functor L R l + flip_of : order_functor R L r
+ for L R l r
+begin
+
+text \<open>We call the composition \<^term>\<open>r \<circ> l\<close> the \<^emph>\<open>unit\<close>
+and the term \<^term>\<open>l \<circ> r\<close> the \<^emph>\<open>counit\<close> of the order functors pair.
+This is terminology is borrowed from category theory - the functors
+are an \<^emph>\<open>adjoint\<close>.\<close>
+
+definition "unit \<equiv> r \<circ> l"
+
+notation unit ("\<eta>")
+
+lemma unit_eq_comp: "\<eta> = r \<circ> l" unfolding unit_def by simp
+
+lemma unit_eq [simp]: "\<eta> x = r (l x)" by (simp add: unit_eq_comp)
+
+context
+begin
+
+text \<open>Note that by flipping the roles of the left and rights functors,
+we obtain a flipped interpretation of @{locale order_functors}.
+In many cases, this allows us to obtain symmetric definitions and theorems for free.
+As such, in many cases, we do we do not explicitly state those free results but
+users can obtain them as needed by creating said flipped interpretation.\<close>
+
+interpretation flip : order_functors R L r l .
+
+definition "counit \<equiv> flip.unit"
+
+notation counit ("\<epsilon>")
+
+lemma counit_eq_comp: "\<epsilon> = l \<circ> r" unfolding counit_def flip.unit_def by simp
+
+lemma counit_eq [simp]: "\<epsilon> x = l (r x)" by (simp add: counit_eq_comp)
+
+end
+
+context
+begin
+
+interpretation flip : order_functors R L r l .
+
+lemma flip_counit_eq_unit: "flip.counit = \<eta>"
+ by (intro ext) simp
+
+lemma flip_unit_eq_counit: "flip.unit = \<epsilon>"
+ by (intro ext) simp
+
+lemma inflationary_on_unit_if_left_rel_right_if_left_right_relI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "\<And>x y. P x \<Longrightarrow> l x \<le>\<^bsub>R\<^esub> y \<Longrightarrow> x \<le>\<^bsub>L\<^esub> r y"
+ shows "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro inflationary_onI) auto
+
+lemma deflationary_on_unit_if_right_left_rel_if_right_rel_leftI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ and "\<And>x y. P x \<Longrightarrow> y \<le>\<^bsub>R\<^esub> l x \<Longrightarrow> r y \<le>\<^bsub>L\<^esub> x"
+ shows "deflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro deflationary_onI) auto
+
+context
+ fixes P :: "'a \<Rightarrow> bool"
+begin
+
+lemma rel_equivalence_on_unit_iff_inflationary_on_if_inverse_on:
+ assumes "inverse_on P l r"
+ shows "rel_equivalence_on P (\<le>\<^bsub>L\<^esub>) \<eta> \<longleftrightarrow> inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro iffI rel_equivalence_onI inflationary_onI deflationary_onI)
+ (auto dest!: inverse_onD)
+
+lemma reflexive_on_left_if_inflationary_on_unit_if_inverse_on:
+ assumes "inverse_on P l r"
+ and "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro reflexive_onI) (auto dest!: inverse_onD)
+
+lemma rel_equivalence_on_unit_if_reflexive_on_if_inverse_on:
+ assumes "inverse_on P l r"
+ and "reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ shows "rel_equivalence_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro rel_equivalence_onI inflationary_onI deflationary_onI)
+ (auto dest!: inverse_onD)
+
+end
+
+corollary rel_equivalence_on_unit_iff_reflexive_on_if_inverse_on:
+ fixes P :: "'a \<Rightarrow> bool"
+ assumes "inverse_on P l r"
+ shows "rel_equivalence_on P (\<le>\<^bsub>L\<^esub>) \<eta> \<longleftrightarrow> reflexive_on P (\<le>\<^bsub>L\<^esub>)"
+ using assms reflexive_on_left_if_inflationary_on_unit_if_inverse_on
+ rel_equivalence_on_unit_if_reflexive_on_if_inverse_on
+ by (intro iffI) auto
+
+end
+
+
+text \<open>Here is an example of a free theorem.\<close>
+
+notepad
+begin
+ interpret flip : order_functors R L r l
+ rewrites "flip.unit \<equiv> \<epsilon>" by (simp only: flip_unit_eq_counit)
+ have "\<lbrakk>((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r; reflexive_on P (\<le>\<^bsub>R\<^esub>); \<And>x y. \<lbrakk>P x; r x \<le>\<^bsub>L\<^esub> y\<rbrakk> \<Longrightarrow> x \<le>\<^bsub>R\<^esub> l y\<rbrakk>
+ \<Longrightarrow> inflationary_on P (\<le>\<^bsub>R\<^esub>) \<epsilon>" for P
+ by (fact flip.inflationary_on_unit_if_left_rel_right_if_left_right_relI)
+end
+
+end
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Orders/Orders.thy b/thys/Transport/HOL_Basics/Orders/Orders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Orders.thy
@@ -0,0 +1,17 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Orders\<close>
+theory Orders
+ imports
+ Equivalence_Relations
+ Order_Functions
+ Order_Functors
+ Partial_Equivalence_Relations
+ Partial_Orders
+ Preorders
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic order-theoretic concepts.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Partial_Equivalence_Relations.thy b/thys/Transport/HOL_Basics/Orders/Partial_Equivalence_Relations.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Partial_Equivalence_Relations.thy
@@ -0,0 +1,115 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Partial Equivalence Relations\<close>
+theory Partial_Equivalence_Relations
+ imports
+ Binary_Relations_Symmetric
+ Preorders
+begin
+
+definition "partial_equivalence_rel_on P R \<equiv> transitive_on P R \<and> symmetric_on P R"
+
+lemma partial_equivalence_rel_onI [intro]:
+ assumes "transitive_on P R"
+ and "symmetric_on P R"
+ shows "partial_equivalence_rel_on P R"
+ unfolding partial_equivalence_rel_on_def using assms by blast
+
+lemma partial_equivalence_rel_onE [elim]:
+ assumes "partial_equivalence_rel_on P R"
+ obtains "transitive_on P R" "symmetric_on P R"
+ using assms unfolding partial_equivalence_rel_on_def by blast
+
+lemma partial_equivalence_rel_on_rel_self_if_rel_dom:
+ assumes "partial_equivalence_rel_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> 'a \<Rightarrow> bool)"
+ and "P x" "P y"
+ and "R x y"
+ shows "R x x"
+ using assms by (blast dest: symmetric_onD transitive_onD)
+
+lemma partial_equivalence_rel_on_rel_self_if_rel_codom:
+ assumes "partial_equivalence_rel_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> 'a \<Rightarrow> bool)"
+ and "P x" "P y"
+ and "R x y"
+ shows "R y y"
+ using assms by (blast dest: symmetric_onD transitive_onD)
+
+lemma partial_equivalence_rel_on_rel_inv_iff_partial_equivalence_rel_on [iff]:
+ "partial_equivalence_rel_on P R\<inverse> \<longleftrightarrow> partial_equivalence_rel_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ by blast
+
+definition "partial_equivalence_rel (R :: 'a \<Rightarrow> _) \<equiv> partial_equivalence_rel_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma partial_equivalence_rel_eq_partial_equivalence_rel_on:
+ "partial_equivalence_rel (R :: 'a \<Rightarrow> _) = partial_equivalence_rel_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding partial_equivalence_rel_def ..
+
+lemma partial_equivalence_relI [intro]:
+ assumes "transitive R"
+ and "symmetric R"
+ shows "partial_equivalence_rel R"
+ unfolding partial_equivalence_rel_eq_partial_equivalence_rel_on using assms
+ by (intro partial_equivalence_rel_onI transitive_on_if_transitive symmetric_on_if_symmetric)
+
+lemma reflexive_on_in_field_if_partial_equivalence_rel:
+ assumes "partial_equivalence_rel R"
+ shows "reflexive_on (in_field R) R"
+ using assms unfolding partial_equivalence_rel_eq_partial_equivalence_rel_on
+ by (intro reflexive_onI) (blast
+ intro: top1I partial_equivalence_rel_on_rel_self_if_rel_dom
+ partial_equivalence_rel_on_rel_self_if_rel_codom)
+
+lemma partial_equivalence_relE [elim]:
+ assumes "partial_equivalence_rel R"
+ obtains "preorder_on (in_field R) R" "symmetric R"
+ using assms unfolding partial_equivalence_rel_eq_partial_equivalence_rel_on
+ by (elim partial_equivalence_rel_onE)
+ (auto intro: reflexive_on_in_field_if_partial_equivalence_rel
+ simp flip: transitive_eq_transitive_on symmetric_eq_symmetric_on)
+
+lemma partial_equivalence_rel_on_if_partial_equivalence_rel:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "partial_equivalence_rel R"
+ shows "partial_equivalence_rel_on P R"
+ using assms by (elim partial_equivalence_relE preorder_on_in_fieldE)
+ (intro partial_equivalence_rel_onI transitive_on_if_transitive
+ symmetric_on_if_symmetric)
+
+lemma partial_equivalence_rel_rel_inv_iff_partial_equivalence_rel [iff]:
+ "partial_equivalence_rel R\<inverse> \<longleftrightarrow> partial_equivalence_rel R"
+ unfolding partial_equivalence_rel_eq_partial_equivalence_rel_on by blast
+
+corollary in_codom_eq_in_dom_if_partial_equivalence_rel:
+ assumes "partial_equivalence_rel R"
+ shows "in_codom R = in_dom R"
+ using assms reflexive_on_in_field_if_partial_equivalence_rel
+ in_codom_eq_in_dom_if_reflexive_on_in_field
+ by auto
+
+lemma partial_equivalence_rel_rel_comp_self_eq_self:
+ assumes "partial_equivalence_rel R"
+ shows "(R \<circ>\<circ> R) = R"
+ using assms by (intro ext) (blast dest: symmetricD)
+
+lemma partial_equivalence_rel_if_partial_equivalence_rel_on_in_field:
+ assumes "partial_equivalence_rel_on (in_field R) R"
+ shows "partial_equivalence_rel R"
+ using assms by (intro partial_equivalence_relI)
+ (auto intro: transitive_if_transitive_on_in_field symmetric_if_symmetric_on_in_field)
+
+corollary partial_equivalence_rel_on_in_field_iff_partial_equivalence_rel [iff]:
+ "partial_equivalence_rel_on (in_field R) R \<longleftrightarrow> partial_equivalence_rel R"
+ using partial_equivalence_rel_if_partial_equivalence_rel_on_in_field
+ partial_equivalence_rel_on_if_partial_equivalence_rel
+ by blast
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma partial_equivalence_rel_eq: "partial_equivalence_rel (=)"
+ using transitive_eq symmetric_eq by (rule partial_equivalence_relI)
+
+lemma partial_equivalence_rel_top: "partial_equivalence_rel \<top>"
+ using transitive_top symmetric_top by (rule partial_equivalence_relI)
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Orders/Partial_Orders.thy b/thys/Transport/HOL_Basics/Orders/Partial_Orders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Partial_Orders.thy
@@ -0,0 +1,61 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Partial Orders\<close>
+theory Partial_Orders
+ imports
+ Binary_Relations_Antisymmetric
+ Preorders
+begin
+
+definition "partial_order_on P R \<equiv> preorder_on P R \<and> antisymmetric_on P R"
+
+lemma partial_order_onI [intro]:
+ assumes "preorder_on P R"
+ and "antisymmetric_on P R"
+ shows "partial_order_on P R"
+ unfolding partial_order_on_def using assms by blast
+
+lemma partial_order_onE [elim]:
+ assumes "partial_order_on P R"
+ obtains "preorder_on P R" "antisymmetric_on P R"
+ using assms unfolding partial_order_on_def by blast
+
+lemma transitive_if_partial_order_on_in_field:
+ assumes "partial_order_on (in_field R) R"
+ shows "transitive R"
+ using assms by (elim partial_order_onE) (rule transitive_if_preorder_on_in_field)
+
+lemma antisymmetric_if_partial_order_on_in_field:
+ assumes "partial_order_on (in_field R) R"
+ shows "antisymmetric R"
+ using assms by (elim partial_order_onE)
+ (rule antisymmetric_if_antisymmetric_on_in_field)
+
+definition "partial_order (R :: 'a \<Rightarrow> _) \<equiv> partial_order_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma partial_order_eq_partial_order_on:
+ "partial_order (R :: 'a \<Rightarrow> _) = partial_order_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding partial_order_def ..
+
+lemma partial_orderI [intro]:
+ assumes "preorder R"
+ and "antisymmetric R"
+ shows "partial_order R"
+ unfolding partial_order_eq_partial_order_on using assms
+ by (intro partial_order_onI preorder_on_if_preorder antisymmetric_on_if_antisymmetric)
+
+lemma partial_orderE [elim]:
+ assumes "partial_order R"
+ obtains "preorder R" "antisymmetric R"
+ using assms unfolding partial_order_eq_partial_order_on
+ by (elim partial_order_onE)
+ (simp only: preorder_eq_preorder_on antisymmetric_eq_antisymmetric_on)
+
+lemma partial_order_on_if_partial_order:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "partial_order R"
+ shows "partial_order_on P R"
+ using assms by (elim partial_orderE)
+ (intro partial_order_onI preorder_on_if_preorder antisymmetric_on_if_antisymmetric)
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Orders/Preorders.thy b/thys/Transport/HOL_Basics/Orders/Preorders.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Orders/Preorders.thy
@@ -0,0 +1,94 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Preorders\<close>
+theory Preorders
+ imports
+ Binary_Relations_Reflexive
+ Binary_Relations_Transitive
+begin
+
+definition "preorder_on P R \<equiv> reflexive_on P R \<and> transitive_on P R"
+
+lemma preorder_onI [intro]:
+ assumes "reflexive_on P R"
+ and "transitive_on P R"
+ shows "preorder_on P R"
+ unfolding preorder_on_def using assms by blast
+
+lemma preorder_onE [elim]:
+ assumes "preorder_on P R"
+ obtains "reflexive_on P R" "transitive_on P R"
+ using assms unfolding preorder_on_def by blast
+
+lemma reflexive_on_if_preorder_on:
+ assumes "preorder_on P R"
+ shows "reflexive_on P R"
+ using assms by (elim preorder_onE)
+
+lemma transitive_on_if_preorder_on:
+ assumes "preorder_on P R"
+ shows "transitive_on P R"
+ using assms by (elim preorder_onE)
+
+lemma transitive_if_preorder_on_in_field:
+ assumes "preorder_on (in_field R) R"
+ shows "transitive R"
+ using assms by (elim preorder_onE) (rule transitive_if_transitive_on_in_field)
+
+corollary preorder_on_in_fieldE [elim]:
+ assumes "preorder_on (in_field R) R"
+ obtains "reflexive_on (in_field R) R" "transitive R"
+ using assms
+ by (blast dest: reflexive_on_if_preorder_on transitive_if_preorder_on_in_field)
+
+lemma preorder_on_rel_inv_if_preorder_on [iff]:
+ "preorder_on P R\<inverse> \<longleftrightarrow> preorder_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ by auto
+
+lemma rel_if_all_rel_if_rel_if_reflexive_on:
+ assumes "reflexive_on P R"
+ and "\<And>z. P z \<Longrightarrow> R x z \<Longrightarrow> R y z"
+ and "P x"
+ shows "R y x"
+ using assms by blast
+
+lemma rel_if_all_rel_if_rel_if_reflexive_on':
+ assumes "reflexive_on P R"
+ and "\<And>z. P z \<Longrightarrow> R z x \<Longrightarrow> R z y"
+ and "P x"
+ shows "R x y"
+ using assms by blast
+
+definition "preorder (R :: 'a \<Rightarrow> _) \<equiv> preorder_on (\<top> :: 'a \<Rightarrow> bool) R"
+
+lemma preorder_eq_preorder_on:
+ "preorder (R :: 'a \<Rightarrow> _) = preorder_on (\<top> :: 'a \<Rightarrow> bool) R"
+ unfolding preorder_def ..
+
+lemma preorderI [intro]:
+ assumes "reflexive R"
+ and "transitive R"
+ shows "preorder R"
+ unfolding preorder_eq_preorder_on using assms
+ by (intro preorder_onI reflexive_on_if_reflexive transitive_on_if_transitive)
+
+lemma preorderE [elim]:
+ assumes "preorder R"
+ obtains "reflexive R" "transitive R"
+ using assms unfolding preorder_eq_preorder_on by (elim preorder_onE)
+ (simp only: reflexive_eq_reflexive_on transitive_eq_transitive_on)
+
+lemma preorder_on_if_preorder:
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> _"
+ assumes "preorder R"
+ shows "preorder_on P R"
+ using assms by (elim preorderE)
+ (intro preorder_onI reflexive_on_if_reflexive transitive_on_if_transitive)
+
+
+paragraph \<open>Instantiations\<close>
+
+lemma preorder_eq: "preorder (=)"
+ using reflexive_eq transitive_eq by (rule preorderI)
+
+
+end
diff --git a/thys/Transport/HOL_Basics/Predicates/Predicates.thy b/thys/Transport/HOL_Basics/Predicates/Predicates.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Predicates/Predicates.thy
@@ -0,0 +1,23 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Predicates\<close>
+theory Predicates
+ imports
+ Functions_Base
+ Predicates_Order
+ Predicates_Lattice
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic concepts on predicates.\<close>
+
+
+definition "pred_map f (P :: 'a \<Rightarrow> bool) x \<equiv> P (f x)"
+
+lemma pred_map_eq [simp]: "pred_map f P x = P (f x)"
+ unfolding pred_map_def by simp
+
+lemma comp_eq_pred_map [simp]: "P \<circ> f = pred_map f P"
+ by (intro ext) simp
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Predicates/Predicates_Lattice.thy b/thys/Transport/HOL_Basics/Predicates/Predicates_Lattice.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Predicates/Predicates_Lattice.thy
@@ -0,0 +1,26 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Lattice\<close>
+theory Predicates_Lattice
+ imports
+ HOL_Syntax_Bundles_Lattices
+ HOL.Boolean_Algebras
+begin
+
+lemma inf_predI [intro]:
+ assumes "P x"
+ and "Q x"
+ shows "(P \<sqinter> Q) x"
+ using assms by (intro inf1I)
+
+lemma inf_predE [elim]:
+ assumes "(P \<sqinter> Q) x"
+ obtains "P x" "Q x"
+ using assms by (rule inf1E)
+
+lemma inf_predD:
+ assumes "(P \<sqinter> Q) x"
+ shows "P x" and "Q x"
+ using assms by auto
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/HOL_Basics/Predicates/Predicates_Order.thy b/thys/Transport/HOL_Basics/Predicates/Predicates_Order.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/HOL_Basics/Predicates/Predicates_Order.thy
@@ -0,0 +1,26 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Orders\<close>
+theory Predicates_Order
+ imports
+ HOL.Orderings
+begin
+
+lemma le_predI [intro]:
+ assumes "\<And>x. P x \<Longrightarrow> Q x"
+ shows "P \<le> Q"
+ using assms by (rule predicate1I)
+
+lemma le_predD [dest]:
+ assumes "P \<le> Q"
+ and "P x"
+ shows "Q x"
+ using assms by (rule predicate1D)
+
+lemma le_predE:
+ assumes "P \<le> Q"
+ and "P x"
+ obtains "Q x"
+ using assms by blast
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/README.md b/thys/Transport/README.md
new file mode 100644
--- /dev/null
+++ b/thys/Transport/README.md
@@ -0,0 +1,22 @@
+# Transport via Partial Galois Connections and Equivalences
+
+The supplementary material for the paper
+"Transport via Partial Galois Connections and Equivalences",
+Asian Symposium on Programming Languages and Systems (APLAS) 2023.
+
+## Connections Paper <--> Formalisation
+
+- All links are given in
+ `Transport/Transport_Via_Partial_Galois_Connections_Equivalences_Paper.thy`.
+ You can CTRL+click on each referenced theorem, definition, file, etc.
+
+## Future Work
+
+To make the framework usable in practice, the following steps needs to be done:
+1. Integrate the results for natural functors into Isabelle’s (co)datatypes package.
+2. Extend the prototype to automate the construction of compositions.
+3. Polish the white-box transport support of the prototype to deal with arbitrary side conditions.
+4. Derive and set up proper conditional transport rules for propositions
+ (cf. Section 4.4 of Ondřej Kunčar's PhD thesis
+ "Types, Abstraction and Parametric Polymorphism in Higher-Order Logic",
+ https://www21.in.tum.de/~kuncar/documents/kuncar-phdthesis.pdf)
\ No newline at end of file
diff --git a/thys/Transport/ROOT b/thys/Transport/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Transport/ROOT
@@ -0,0 +1,50 @@
+chapter AFP
+
+session Transport = "HOL-Algebra" +
+ description
+ "Transport via partial Galois connections and equivalences and basic libraries on top of HOL axioms."
+ options
+ [timeout = 600]
+ sessions
+ "HOL-Library"
+ "ML_Unification"
+ directories
+ "HOL_Basics"
+ "HOL_Basics/Binary_Relations"
+ "HOL_Basics/Binary_Relations/Order"
+ "HOL_Basics/Binary_Relations/Properties"
+ "HOL_Basics/Functions"
+ "HOL_Basics/Functions/Properties"
+ "HOL_Basics/HOL_Alignments"
+ "HOL_Basics/HOL_Syntax_Bundles"
+ "HOL_Basics/Orders"
+ "HOL_Basics/Orders/Functions"
+ "HOL_Basics/Orders/Functors"
+ "HOL_Basics/Predicates"
+ "HOL_Basics/Galois"
+ "Transport"
+ "Transport/Compositions"
+ "Transport/Compositions/Agree"
+ "Transport/Compositions/Generic"
+ "Transport/Examples"
+ "Transport/Examples/Prototype"
+ "Transport/Examples/Typedef"
+ "Transport/Functions"
+ "Transport/Natural_Functors"
+ theories
+ HOL_Basics
+ HOL_Alignments
+ HOL_Algebra_Alignments
+ HOL_Syntax_Bundles
+ Transport
+ Transport_Natural_Functors
+ (*Examples*)
+ Transport_Dep_Fun_Rel_Examples
+ Transport_Lists_Sets_Examples
+ Transport_Partial_Quotient_Types
+ Transport_Typedef
+ (*Paper*)
+ Transport_Via_Partial_Galois_Connections_Equivalences_Paper
+ document_files
+ "root.tex"
+ "root.bib"
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree.thy
@@ -0,0 +1,17 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport_Compositions_Agree
+ imports
+ Transport_Compositions_Agree_Galois_Equivalence
+ Transport_Compositions_Agree_Galois_Relator
+ Transport_Compositions_Agree_Order_Equivalence
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>The general - though probably not very useful - results for the
+composition of transportable components under the condition of agreeing
+middle relations can be found in @{locale "transport_comp_agree"}. The special
+case of a coinciding middle relation can be found in
+@{locale "transport_comp_same"}. The latter corresponds to the well-know result
+in the literature, generalised to partial Galois connections and equivalences.\<close>
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Base.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Base.thy
@@ -0,0 +1,120 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Compositions With Agreeing Relations\<close>
+subsection \<open>Basic Setup\<close>
+theory Transport_Compositions_Agree_Base
+ imports
+ Transport_Base
+begin
+
+locale transport_comp_agree =
+ g1 : galois L1 R1 l1 r1 + g2 : galois L2 R2 l2 r2
+ for L1 :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R1 :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l1 :: "'a \<Rightarrow> 'b"
+ and r1 :: "'b \<Rightarrow> 'a"
+ and L2 :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and R2 :: "'c \<Rightarrow> 'c \<Rightarrow> bool"
+ and l2 :: "'b \<Rightarrow> 'c"
+ and r2 :: "'c \<Rightarrow> 'b"
+begin
+
+text \<open>This locale collects results about the composition of transportable
+components under the assumption that the relations @{term "R1"} and
+@{term "L2"} agree (in one sense or another) whenever required. Such an
+agreement may not necessarily hold in practice, and the resulting theorems are
+not particularly pretty. However, in the special case where @{term "R1 = L2"},
+most side-conditions disappear and the results are very simple.\<close>
+
+notation L1 (infix "\<le>\<^bsub>L1\<^esub>" 50)
+notation R1 (infix "\<le>\<^bsub>R1\<^esub>" 50)
+notation L2 (infix "\<le>\<^bsub>L2\<^esub>" 50)
+notation R2 (infix "\<le>\<^bsub>R2\<^esub>" 50)
+
+notation g1.ge_left (infix "\<ge>\<^bsub>L1\<^esub>" 50)
+notation g1.ge_right (infix "\<ge>\<^bsub>R1\<^esub>" 50)
+notation g2.ge_left (infix "\<ge>\<^bsub>L2\<^esub>" 50)
+notation g2.ge_right (infix "\<ge>\<^bsub>R2\<^esub>" 50)
+
+notation g1.left_Galois (infix "\<^bsub>L1\<^esub>\<lessapprox>" 50)
+notation g1.right_Galois (infix "\<^bsub>R1\<^esub>\<lessapprox>" 50)
+notation g2.left_Galois (infix "\<^bsub>L2\<^esub>\<lessapprox>" 50)
+notation g2.right_Galois (infix "\<^bsub>R2\<^esub>\<lessapprox>" 50)
+
+notation g1.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L1\<^esub>" 50)
+notation g1.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R1\<^esub>" 50)
+notation g2.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L2\<^esub>" 50)
+notation g2.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R2\<^esub>" 50)
+
+notation g1.right_ge_Galois (infix "\<^bsub>R1\<^esub>\<greaterapprox>" 50)
+notation g1.Galois_right (infix "\<lessapprox>\<^bsub>R1\<^esub>" 50)
+notation g2.right_ge_Galois (infix "\<^bsub>R2\<^esub>\<greaterapprox>" 50)
+notation g2.Galois_right (infix "\<lessapprox>\<^bsub>R2\<^esub>" 50)
+
+notation g1.left_ge_Galois (infix "\<^bsub>L1\<^esub>\<greaterapprox>" 50)
+notation g1.Galois_left (infix "\<lessapprox>\<^bsub>L1\<^esub>" 50)
+notation g2.left_ge_Galois (infix "\<^bsub>L2\<^esub>\<greaterapprox>" 50)
+notation g2.Galois_left (infix "\<lessapprox>\<^bsub>L2\<^esub>" 50)
+
+notation g1.unit ("\<eta>\<^sub>1")
+notation g1.counit ("\<epsilon>\<^sub>1")
+notation g2.unit ("\<eta>\<^sub>2")
+notation g2.counit ("\<epsilon>\<^sub>2")
+
+abbreviation (input) "L \<equiv> L1"
+
+definition "l \<equiv> l2 \<circ> l1"
+
+lemma left_eq_comp: "l = l2 \<circ> l1"
+ unfolding l_def ..
+
+lemma left_eq [simp]: "l x = l2 (l1 x)"
+ unfolding left_eq_comp by simp
+
+context
+begin
+
+interpretation flip : transport_comp_agree R2 L2 r2 l2 R1 L1 r1 l1 .
+
+abbreviation (input) "R \<equiv> flip.L"
+abbreviation "r \<equiv> flip.l"
+
+lemma right_eq_comp: "r = r1 \<circ> r2"
+ unfolding flip.l_def ..
+
+lemma right_eq [simp]: "r z = r1 (r2 z)"
+ unfolding right_eq_comp by simp
+
+lemmas transport_defs = left_eq_comp right_eq_comp
+
+end
+
+sublocale transport L R l r .
+
+(*FIXME: somehow the notation for the fixed parameters L and R, defined in
+Order_Functions_Base.thy, is lost. We hence re-declare it here.*)
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+end
+
+locale transport_comp_same =
+ transport_comp_agree L1 R1 l1 r1 R1 R2 l2 r2
+ for L1 :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R1 :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l1 :: "'a \<Rightarrow> 'b"
+ and r1 :: "'b \<Rightarrow> 'a"
+ and R2 :: "'c \<Rightarrow> 'c \<Rightarrow> bool"
+ and l2 :: "'b \<Rightarrow> 'c"
+ and r2 :: "'c \<Rightarrow> 'b"
+begin
+
+text \<open>This locale is a special case of @{locale "transport_comp_agree"} where
+the left and right components both use @{term "(\<le>\<^bsub>R1\<^esub>)"} as their right and left
+relation, respectively. This is the special case that is most prominent in the
+literature. The resulting theorems are quite simple, but often not applicable
+in practice.\<close>
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Connection.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Connection.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Connection.thy
@@ -0,0 +1,54 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Connection\<close>
+theory Transport_Compositions_Agree_Galois_Connection
+ imports
+ Transport_Compositions_Agree_Monotone
+ Transport_Compositions_Agree_Galois_Property
+begin
+
+context transport_comp_agree
+begin
+
+interpretation flip : transport_comp_agree R2 L2 r2 l2 R1 L1 r1 l1 .
+
+lemma galois_connectionI:
+ assumes galois: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and mono_L1_L2_l1: "\<And>x y. x \<le>\<^bsub>L1\<^esub> y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> l1 y \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> l1 y"
+ and mono_R2_R1_r2: "\<And>x y. x \<le>\<^bsub>R2\<^esub> y \<Longrightarrow> r2 x \<le>\<^bsub>L2\<^esub> r2 y \<Longrightarrow> r2 x \<le>\<^bsub>R1\<^esub> r2 y"
+ and "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap l1 r2 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap l1 r2 (\<le>\<^bsub>L2\<^esub>))"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from galois mono_L1_L2_l1 have "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ by (intro dep_mono_wrt_predI) (blast elim!: in_domE g1.galois_connectionE)
+ moreover from galois mono_R2_R1_r2
+ have "([in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ by (intro dep_mono_wrt_predI) (blast elim!: in_codomE g2.galois_connectionE)
+ ultimately show ?thesis using assms
+ by (intro galois_connectionI galois_propI mono_wrt_rel_leftI
+ flip.mono_wrt_rel_leftI)
+ auto
+qed
+
+lemma galois_connectionI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) l1" "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) r2"
+ and "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap l1 r2 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap l1 r2 (\<le>\<^bsub>L2\<^esub>))"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connectionI) auto
+
+end
+
+context transport_comp_same
+begin
+
+corollary galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>R1\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (rule galois_connectionI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Equivalence.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Equivalence.thy
@@ -0,0 +1,56 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Equivalence\<close>
+theory Transport_Compositions_Agree_Galois_Equivalence
+ imports
+ Transport_Compositions_Agree_Galois_Connection
+begin
+
+context transport_comp_agree
+begin
+
+interpretation flip : transport_comp_agree R2 L2 r2 l2 R1 L1 r1 l1 .
+
+lemma galois_equivalenceI:
+ assumes galois: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and mono_L1_L2_l1: "\<And>x y. x \<le>\<^bsub>L1\<^esub> y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> l1 y \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> l1 y"
+ and mono_R2_R1_r2: "\<And>x y. x \<le>\<^bsub>R2\<^esub> y \<Longrightarrow> r2 x \<le>\<^bsub>L2\<^esub> r2 y \<Longrightarrow> r2 x \<le>\<^bsub>R1\<^esub> r2 y"
+ and "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap l1 r2 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap l1 r2 (\<le>\<^bsub>L2\<^esub>))"
+ and mono_iff2: "([in_dom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap r2 l1 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap r2 l1 (\<le>\<^bsub>L2\<^esub>))"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from galois mono_L1_L2_l1 have "([in_codom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ by (intro dep_mono_wrt_predI) blast
+ moreover from galois mono_R2_R1_r2 have "([in_dom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>R1\<^esub>)) r2"
+ by (intro dep_mono_wrt_predI) blast
+ moreover from mono_iff2 have "([in_dom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap r2 l1 (\<le>\<^bsub>L2\<^esub>)) (rel_bimap r2 l1 (\<le>\<^bsub>R1\<^esub>))" by blast
+ ultimately show ?thesis using assms
+ by (intro galois_equivalenceI galois_connectionI flip.galois_propI) auto
+qed
+
+lemma galois_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) l1" "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) r2"
+ and "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap l1 r2 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap l1 r2 (\<le>\<^bsub>L2\<^esub>))"
+ and "([in_dom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap r2 l1 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap r2 l1 (\<le>\<^bsub>L2\<^esub>))"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalenceI) auto
+
+end
+
+context transport_comp_same
+begin
+
+lemma galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>R1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (rule galois_equivalenceI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Property.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Property.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Property.thy
@@ -0,0 +1,51 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Property\<close>
+theory Transport_Compositions_Agree_Galois_Property
+ imports
+ Transport_Compositions_Agree_Base
+begin
+
+context transport_comp_agree
+begin
+
+lemma galois_propI:
+ assumes galois1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and galois2: "((\<le>\<^bsub>L2\<^esub>) \<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and mono_l1: "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and mono_r2: "([in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ and agree: "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> [in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow> (\<longleftrightarrow>))
+ (rel_bimap l1 r2 (\<le>\<^bsub>R1\<^esub>)) (rel_bimap l1 r2 (\<le>\<^bsub>L2\<^esub>))"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule galois_prop.galois_propI')
+ fix x y assume "in_dom (\<le>\<^bsub>L\<^esub>) x" "in_codom (\<le>\<^bsub>R\<^esub>) y"
+ with mono_r2 mono_l1 have "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 y)" by auto
+ have "x \<le>\<^bsub>L\<^esub> r y \<longleftrightarrow> x \<le>\<^bsub>L1\<^esub> r1 (r2 y)" by simp
+ also from galois1 \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x\<close> \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (r2 y)\<close>
+ have "... \<longleftrightarrow> l1 x \<le>\<^bsub>R1\<^esub> r2 y"
+ by (rule g1.galois_prop_left_rel_right_iff_left_right_rel)
+ also from agree \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x\<close> \<open>in_codom (\<le>\<^bsub>R2\<^esub>) y\<close>
+ have "... \<longleftrightarrow> l1 x \<le>\<^bsub>L2\<^esub> r2 y" by fastforce
+ also from galois2 \<open>in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)\<close> \<open>in_codom (\<le>\<^bsub>R2\<^esub>) y\<close>
+ have "... \<longleftrightarrow> l x \<le>\<^bsub>R2\<^esub> y"
+ unfolding l_def
+ by (simp add: g2.galois_prop_left_rel_right_iff_left_right_rel)
+ finally show "x \<le>\<^bsub>L\<^esub> r y \<longleftrightarrow> l x \<le>\<^bsub>R\<^esub> y" .
+qed
+
+end
+
+context transport_comp_same
+begin
+
+corollary galois_propI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "([in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "([in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (rule galois_propI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Relator.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Galois_Relator.thy
@@ -0,0 +1,91 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Relator\<close>
+theory Transport_Compositions_Agree_Galois_Relator
+ imports
+ Transport_Compositions_Agree_Base
+begin
+
+context transport_comp_agree
+begin
+
+lemma left_Galois_le_comp_left_GaloisI:
+ assumes in_codom_mono_r2: "([in_codom (\<le>\<^bsub>R2\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ and r2_L2_self_if_in_codom: "\<And>z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> r2 z \<le>\<^bsub>L2\<^esub> r2 z"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) \<le> ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+proof (rule le_relI)
+ fix x z assume "x \<^bsub>L\<^esub>\<lessapprox> z"
+ then have "x \<le>\<^bsub>L1\<^esub> r z" "in_codom (\<le>\<^bsub>R\<^esub>) z" by auto
+ with \<open>x \<le>\<^bsub>L1\<^esub> r z\<close> in_codom_mono_r2 have "x \<^bsub>L1\<^esub>\<lessapprox> r2 z" by auto
+ moreover from \<open>in_codom (\<le>\<^bsub>R2\<^esub>) z\<close> r2_L2_self_if_in_codom have "r2 z \<^bsub>L2\<^esub>\<lessapprox> z"
+ by (intro g2.left_GaloisI) auto
+ ultimately show "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) x z" by blast
+qed
+
+lemma comp_left_Galois_le_left_GaloisI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and R1_r2_if_in_codom: "\<And>y z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> y \<le>\<^bsub>L2\<^esub> r2 z \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> r2 z"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) \<le> (\<^bsub>L\<^esub>\<lessapprox>)"
+proof (rule le_relI)
+ fix x z assume "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) x z"
+ then obtain y where "x \<^bsub>L1\<^esub>\<lessapprox> y" "y \<^bsub>L2\<^esub>\<lessapprox> z" by blast
+ then have "x \<le>\<^bsub>L1\<^esub> r1 y" "y \<le>\<^bsub>L2\<^esub> r2 z" "in_codom (\<le>\<^bsub>R\<^esub>) z" by auto
+ with R1_r2_if_in_codom have "y \<le>\<^bsub>R1\<^esub> r2 z" by blast
+ with mono_r1 have "r1 y \<le>\<^bsub>L1\<^esub> r z" by auto
+ with \<open>x \<le>\<^bsub>L1\<^esub> r1 y\<close> \<open>in_codom (\<le>\<^bsub>R\<^esub>) z\<close> show "x \<^bsub>L\<^esub>\<lessapprox> z" using trans_L1 by blast
+qed
+
+corollary left_Galois_eq_comp_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> r2 z \<le>\<^bsub>L2\<^esub> r2 z"
+ and "\<And>y z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> y \<le>\<^bsub>L2\<^esub> r2 z \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> r2 z"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms
+ by (intro antisym left_Galois_le_comp_left_GaloisI comp_left_Galois_le_left_GaloisI
+ dep_mono_wrt_predI)
+ fastforce
+
+corollary left_Galois_eq_comp_left_GaloisI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "reflexive_on (in_codom (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and "\<And>y z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> y \<le>\<^bsub>L2\<^esub> r2 z \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> r2 z"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI) auto
+
+corollary left_Galois_eq_comp_left_GaloisI'':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "\<And>y z. in_codom (\<le>\<^bsub>R2\<^esub>) z \<Longrightarrow> y \<le>\<^bsub>L2\<^esub> r2 z \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> r2 z"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI) (auto 0 4)
+
+end
+
+context transport_comp_same
+begin
+
+lemma left_Galois_eq_comp_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) r2"
+ and "reflexive_on (in_codom (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI') auto
+
+lemma left_Galois_eq_comp_left_GaloisI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) r2"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI'') auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Monotone.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Monotone.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Monotone.thy
@@ -0,0 +1,30 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Monotonicity\<close>
+theory Transport_Compositions_Agree_Monotone
+ imports
+ Transport_Compositions_Agree_Base
+begin
+
+context transport_comp_agree
+begin
+
+lemma mono_wrt_rel_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> l1 y \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> l1 y"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ unfolding left_eq_comp using assms by (rule dep_mono_wrt_rel_compI)
+
+end
+
+context transport_comp_same
+begin
+
+lemma mono_wrt_rel_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ using assms by (rule mono_wrt_rel_leftI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Order_Equivalence.thy b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Order_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Agree/Transport_Compositions_Agree_Order_Equivalence.thy
@@ -0,0 +1,131 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order Equivalence\<close>
+theory Transport_Compositions_Agree_Order_Equivalence
+ imports
+ Transport_Compositions_Agree_Monotone
+begin
+
+context transport_comp_agree
+begin
+
+subsubsection \<open>Unit\<close>
+paragraph \<open>Inflationary\<close>
+
+lemma inflationary_on_unitI:
+ assumes mono_l1: "([P] \<Rrightarrow>\<^sub>m P') l1"
+ and mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and inflationary_unit1: "inflationary_on P (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and inflationary_unit2: "inflationary_on P' (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and L2_le_R1: "\<And>x. P x \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> r2 (l x) \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> r2 (l x)"
+ shows "inflationary_on P (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof (rule inflationary_onI)
+ fix x assume "P x"
+ with mono_l1 have "P' (l1 x)" by blast
+ with inflationary_unit2 have "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)" by auto
+ with L2_le_R1 \<open>P x\<close> have "l1 x \<le>\<^bsub>R1\<^esub> r2 (l x)" by blast
+ with mono_r1 have "\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> \<eta> x" by auto
+ moreover from inflationary_unit1 \<open>P x\<close> have "x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x" by auto
+ ultimately show "x \<le>\<^bsub>L\<^esub> \<eta> x" using trans_L1 by blast
+qed
+
+corollary inflationary_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "inflationary_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "inflationary_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> r2 (l x) \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> r2 (l x)"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro inflationary_on_unitI dep_mono_wrt_predI) auto
+
+
+paragraph \<open>Deflationary\<close>
+
+context
+begin
+
+interpretation inv :
+ transport_comp_agree "(\<ge>\<^bsub>L1\<^esub>)" "(\<ge>\<^bsub>R1\<^esub>)" l1 r1 "(\<ge>\<^bsub>L2\<^esub>)" "(\<ge>\<^bsub>R2\<^esub>)" l2 r2
+ rewrites "\<And>R S. (R\<inverse> \<Rrightarrow>\<^sub>m S\<inverse>) \<equiv> (R \<Rrightarrow>\<^sub>m S)"
+ and "\<And>R. inflationary_on P R\<inverse> \<equiv> deflationary_on P R"
+ and "\<And>R. transitive R\<inverse> \<equiv> transitive R"
+ and "\<And>R. in_field R\<inverse> \<equiv> in_field R"
+ by simp_all
+
+lemma deflationary_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "deflationary_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "deflationary_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x \<Longrightarrow> r2 (l x) \<le>\<^bsub>R1\<^esub> l1 x"
+ shows "deflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro inv.inflationary_on_in_field_unitI[simplified rel_inv_iff_rel])
+ auto
+
+end
+
+
+text \<open>Relational Equivalence\<close>
+
+corollary rel_equivalence_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> r2 (l x) \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> r2 (l x)"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x \<Longrightarrow> r2 (l x) \<le>\<^bsub>R1\<^esub> l1 x"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro rel_equivalence_onI
+ inflationary_on_in_field_unitI deflationary_on_in_field_unitI)
+ auto
+
+
+subsubsection \<open>Counit\<close>
+
+text \<open>Corresponding lemmas for the counit can be obtained by flipping the
+interpretation of the locale.\<close>
+
+
+subsubsection \<open>Order Equivalence\<close>
+
+interpretation flip : transport_comp_agree R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.g1.unit \<equiv> \<epsilon>\<^sub>2" and "flip.g2.unit \<equiv> \<epsilon>\<^sub>1" and "flip.unit \<equiv> \<epsilon>"
+ by (simp_all only: g1.flip_unit_eq_counit g2.flip_unit_eq_counit flip_unit_eq_counit)
+
+lemma order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> l1 y \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> l1 y"
+ and "\<And>x y. x \<le>\<^bsub>R2\<^esub> y \<Longrightarrow> r2 x \<le>\<^bsub>L2\<^esub> r2 y \<Longrightarrow> r2 x \<le>\<^bsub>R1\<^esub> r2 y"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> l1 x \<le>\<^bsub>L2\<^esub> r2 (l x) \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> r2 (l x)"
+ and "\<And>x. in_field (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x \<Longrightarrow> r2 (l x) \<le>\<^bsub>R1\<^esub> l1 x"
+ and "\<And>x. in_field (\<le>\<^bsub>R2\<^esub>) x \<Longrightarrow> r2 x \<le>\<^bsub>R1\<^esub> l1 (r x) \<Longrightarrow> r2 x \<le>\<^bsub>L2\<^esub> l1 (r x)"
+ and "\<And>x. in_field (\<le>\<^bsub>R2\<^esub>) x \<Longrightarrow> l1 (r x) \<le>\<^bsub>R1\<^esub> r2 x \<Longrightarrow> l1 (r x) \<le>\<^bsub>L2\<^esub> r2 x"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalenceI rel_equivalence_on_in_field_unitI
+ flip.rel_equivalence_on_in_field_unitI
+ mono_wrt_rel_leftI flip.mono_wrt_rel_leftI dep_mono_wrt_relI)
+ (auto elim!: g1.order_equivalenceE g2.order_equivalenceE)
+
+end
+
+context transport_comp_same
+begin
+
+lemma order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (rule order_equivalenceI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic.thy
@@ -0,0 +1,102 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport_Compositions_Generic
+ imports
+ Transport_Compositions_Generic_Galois_Equivalence
+ Transport_Compositions_Generic_Galois_Relator
+ Transport_Compositions_Generic_Order_Base
+ Transport_Compositions_Generic_Order_Equivalence
+begin
+
+paragraph \<open>Summary of Main Results\<close>
+
+subparagraph \<open>Closure of Order and Galois Concepts\<close>
+
+context transport_comp
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+
+lemma preorder_galois_connection_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_galois_connectionI)
+ (auto elim!: t1.galois_equivalenceE t2.galois_equivalenceE
+ intro!: galois_connection_left_right_if_galois_equivalenceI
+ preorder_on_in_field_leftI flip.preorder_on_in_field_leftI
+ mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le
+ flip.mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le
+ in_codom_eq_in_dom_if_reflexive_on_in_field)
+
+theorem preorder_galois_connection_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_galois_connection_if_galois_equivalenceI)
+ auto
+
+lemma preorder_equivalence_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from assms have "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ by (intro preorder_galois_connection_if_galois_equivalenceI) auto
+ with assms show ?thesis by (intro preorder_equivalence_if_galois_equivalenceI)
+ (auto intro!: galois_equivalence_if_galois_equivalenceI
+ preorder_galois_connection_if_galois_equivalenceI)
+qed
+
+theorem preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_equivalence_if_galois_equivalenceI) auto
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ galois_equivalence_if_galois_equivalenceI
+ partial_equivalence_rel_leftI flip.partial_equivalence_rel_leftI
+ in_codom_eq_in_dom_if_partial_equivalence_rel)
+ auto
+
+
+subparagraph \<open>Simplification of Galois relator\<close>
+
+theorem left_Galois_eq_comp_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R2\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "middle_compatible_codom"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI)
+ auto
+
+text \<open>For theorems with weaker assumptions, see
+@{thm "left_Galois_eq_comp_left_GaloisI'"
+"left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI"}.\<close>
+
+
+subparagraph \<open>Simplification of Compatibility Assumption\<close>
+
+text \<open>See @{theory "Transport.Transport_Compositions_Generic_Base"}.\<close>
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Base.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Base.thy
@@ -0,0 +1,588 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Generic Compositions\<close>
+subsection \<open>Basic Setup\<close>
+theory Transport_Compositions_Generic_Base
+ imports
+ Transport_Base
+begin
+
+locale transport_comp =
+ t1 : transport L1 R1 l1 r1 + t2 : transport L2 R2 l2 r2
+ for L1 :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R1 :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l1 :: "'a \<Rightarrow> 'b"
+ and r1 :: "'b \<Rightarrow> 'a"
+ and L2 :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and R2 :: "'c \<Rightarrow> 'c \<Rightarrow> bool"
+ and l2 :: "'b \<Rightarrow> 'c"
+ and r2 :: "'c \<Rightarrow> 'b"
+begin
+
+text \<open>This locale collects results about the composition of transportable
+components under some generic compatibility conditions on @{term "R1"} and
+@{term "L2"} (cf. below). The composition is rather subtle, but in return can
+cover quite general cases.
+
+Explanations and intuition about the construction can be found in \<^cite>\<open>"transport"\<close>.\<close>
+
+notation L1 (infix "\<le>\<^bsub>L1\<^esub>" 50)
+notation R1 (infix "\<le>\<^bsub>R1\<^esub>" 50)
+notation L2 (infix "\<le>\<^bsub>L2\<^esub>" 50)
+notation R2 (infix "\<le>\<^bsub>R2\<^esub>" 50)
+
+notation t1.ge_left (infix "\<ge>\<^bsub>L1\<^esub>" 50)
+notation t1.ge_right (infix "\<ge>\<^bsub>R1\<^esub>" 50)
+notation t2.ge_left (infix "\<ge>\<^bsub>L2\<^esub>" 50)
+notation t2.ge_right (infix "\<ge>\<^bsub>R2\<^esub>" 50)
+
+notation t1.left_Galois (infix "\<^bsub>L1\<^esub>\<lessapprox>" 50)
+notation t1.right_Galois (infix "\<^bsub>R1\<^esub>\<lessapprox>" 50)
+notation t2.left_Galois (infix "\<^bsub>L2\<^esub>\<lessapprox>" 50)
+notation t2.right_Galois (infix "\<^bsub>R2\<^esub>\<lessapprox>" 50)
+
+notation t1.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L1\<^esub>" 50)
+notation t1.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R1\<^esub>" 50)
+notation t2.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L2\<^esub>" 50)
+notation t2.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R2\<^esub>" 50)
+
+notation t1.right_ge_Galois (infix "\<^bsub>R1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_right (infix "\<lessapprox>\<^bsub>R1\<^esub>" 50)
+notation t2.right_ge_Galois (infix "\<^bsub>R2\<^esub>\<greaterapprox>" 50)
+notation t2.Galois_right (infix "\<lessapprox>\<^bsub>R2\<^esub>" 50)
+
+notation t1.left_ge_Galois (infix "\<^bsub>L1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_left (infix "\<lessapprox>\<^bsub>L1\<^esub>" 50)
+notation t2.left_ge_Galois (infix "\<^bsub>L2\<^esub>\<greaterapprox>" 50)
+notation t2.Galois_left (infix "\<lessapprox>\<^bsub>L2\<^esub>" 50)
+
+notation t1.unit ("\<eta>\<^sub>1")
+notation t1.counit ("\<epsilon>\<^sub>1")
+notation t2.unit ("\<eta>\<^sub>2")
+notation t2.counit ("\<epsilon>\<^sub>2")
+
+definition "L \<equiv> (\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<^bsub>R1\<^esub>\<lessapprox>)"
+
+lemma left_rel_eq_comp: "L = (\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<^bsub>R1\<^esub>\<lessapprox>)"
+ unfolding L_def ..
+
+definition "l \<equiv> l2 \<circ> l1"
+
+lemma left_eq_comp: "l = l2 \<circ> l1"
+ unfolding l_def ..
+
+lemma left_eq [simp]: "l x = l2 (l1 x)"
+ unfolding left_eq_comp by simp
+
+context
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+
+abbreviation "R \<equiv> flip.L"
+abbreviation "r \<equiv> flip.l"
+
+lemma right_rel_eq_comp: "R = (\<^bsub>R2\<^esub>\<lessapprox>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)"
+ unfolding flip.L_def ..
+
+lemma right_eq_comp: "r = r1 \<circ> r2"
+ unfolding flip.l_def ..
+
+lemma right_eq [simp]: "r z = r1 (r2 z)"
+ unfolding right_eq_comp by simp
+
+lemmas transport_defs = left_rel_eq_comp left_eq_comp right_rel_eq_comp right_eq_comp
+
+end
+
+sublocale transport L R l r .
+
+(*FIXME: somehow the notation for the fixed parameters L and R, defined in
+Order_Functions_Base.thy, is lost. We hence re-declare it here.*)
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+lemma left_relI [intro]:
+ assumes "x \<^bsub>L1\<^esub>\<lessapprox> y"
+ and "y \<le>\<^bsub>L2\<^esub> y'"
+ and "y' \<^bsub>R1\<^esub>\<lessapprox> x'"
+ shows "x \<le>\<^bsub>L\<^esub> x'"
+ unfolding left_rel_eq_comp using assms by blast
+
+lemma left_relE [elim]:
+ assumes "x \<le>\<^bsub>L\<^esub> x'"
+ obtains y y' where "x \<^bsub>L1\<^esub>\<lessapprox> y" "y \<le>\<^bsub>L2\<^esub> y'" "y' \<^bsub>R1\<^esub>\<lessapprox> x'"
+ using assms unfolding left_rel_eq_comp by blast
+
+context
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+interpretation inv : transport_comp "(\<ge>\<^bsub>L1\<^esub>)" "(\<ge>\<^bsub>R1\<^esub>)" l1 r1 "(\<ge>\<^bsub>L2\<^esub>)" "(\<ge>\<^bsub>R2\<^esub>)" l2 r2 .
+
+lemma ge_left_rel_eq_left_rel_inv_if_galois_prop [simp]:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>R1\<^esub>) \<unlhd> (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ shows "(\<ge>\<^bsub>L\<^esub>) = transport_comp.L (\<ge>\<^bsub>L1\<^esub>) (\<ge>\<^bsub>R1\<^esub>) l1 r1 (\<ge>\<^bsub>L2\<^esub>)"
+ using assms unfolding left_rel_eq_comp inv.left_rel_eq_comp
+ by (simp add: rel_comp_assoc)
+
+corollary left_rel_inv_iff_left_rel_if_galois_prop [iff]:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1" "((\<le>\<^bsub>R1\<^esub>) \<unlhd> (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ shows "(transport_comp.L (\<ge>\<^bsub>L1\<^esub>) (\<ge>\<^bsub>R1\<^esub>) l1 r1 (\<ge>\<^bsub>L2\<^esub>)) x x' \<longleftrightarrow> x' \<le>\<^bsub>L\<^esub> x"
+ using assms by (simp flip: ge_left_rel_eq_left_rel_inv_if_galois_prop)
+
+
+subsubsection \<open>Simplification of Relations\<close>
+
+lemma left_rel_le_left_rel1I:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and mono_l1: "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))) l1"
+ shows "(\<le>\<^bsub>L\<^esub>) \<le> (\<le>\<^bsub>L1\<^esub>)"
+proof (rule le_relI)
+ fix x x' assume "x \<le>\<^bsub>L\<^esub> x'"
+ with mono_l1 obtain y where "l1 x \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>R1\<^esub> l1 x'" by blast
+ with \<open>((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> \<open>x \<le>\<^bsub>L\<^esub> x'\<close> have "x \<le>\<^bsub>L1\<^esub> r1 y" by blast
+ moreover from \<open>((\<le>\<^bsub>R1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L1\<^esub>)) r1 l1\<close> \<open>y \<le>\<^bsub>R1\<^esub> l1 x'\<close> \<open>x \<le>\<^bsub>L\<^esub> x'\<close>
+ have "... \<le>\<^bsub>L1\<^esub> x'" by blast
+ ultimately show "x \<le>\<^bsub>L1\<^esub> x'" using trans_L1 by blast
+qed
+
+lemma left_rel1_le_left_relI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and mono_l1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))) l1"
+ shows "(\<le>\<^bsub>L1\<^esub>) \<le> (\<le>\<^bsub>L\<^esub>)"
+proof (rule le_relI)
+ fix x x' assume "x \<le>\<^bsub>L1\<^esub> x'"
+ with mono_l1 obtain y y' where
+ "l1 x \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> y'" "y' \<le>\<^bsub>R1\<^esub> l1 x'" by blast
+ with \<open>((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> \<open>x \<le>\<^bsub>L1\<^esub> x'\<close> have "x \<^bsub>L1\<^esub>\<lessapprox> y" by blast
+ moreover note \<open>y \<le>\<^bsub>L2\<^esub> y'\<close>
+ moreover from \<open>y' \<le>\<^bsub>R1\<^esub> l1 x'\<close> \<open>x \<le>\<^bsub>L1\<^esub> x'\<close> have "y' \<^bsub>R1\<^esub>\<lessapprox> x'" by blast
+ ultimately show "x \<le>\<^bsub>L\<^esub> x'" by blast
+qed
+
+corollary left_rel_eq_left_rel1I:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))) l1"
+ shows "(\<le>\<^bsub>L\<^esub>) = (\<le>\<^bsub>L1\<^esub>)"
+ using assms by (intro antisym left_rel_le_left_rel1I left_rel1_le_left_relI)
+
+text \<open>Note that we may not necessarily have @{term "(\<le>\<^bsub>L\<^esub>) = (\<le>\<^bsub>L1\<^esub>)"}, even in
+case of equivalence relations. Depending on the use case, one thus may wish to
+use an alternative composition operation.\<close>
+
+lemma ex_order_equiv_left_rel_neq_left_rel1:
+ "\<exists>(L1 :: bool \<Rightarrow> _) (R1 :: bool \<Rightarrow> _) l1 r1
+ (L2 :: bool \<Rightarrow> _) (R2 :: bool \<Rightarrow> _) l2 r2.
+ (L1 \<equiv>\<^sub>o R1) l1 r1
+ \<and> equivalence_rel L1 \<and> equivalence_rel R1
+ \<and> (L2 \<equiv>\<^sub>o R2) l2 r2
+ \<and> equivalence_rel L2 \<and> equivalence_rel R2
+ \<and> transport_comp.L L1 R1 l1 r1 L2 \<noteq> L1"
+proof (intro exI conjI)
+ let ?L1 = "(=) :: bool \<Rightarrow> _" let ?R1 = ?L1 let ?l1 = id let ?r1 = ?l1
+ let ?L2 = "\<top> :: bool \<Rightarrow> bool \<Rightarrow> bool" let ?R2 = ?L2 let ?l2 = id let ?r2 = ?l2
+ interpret tc : transport_comp ?L1 ?R1 ?l1 ?r1 ?L2 ?R2 ?l2 ?r2 .
+ show "(?L1 \<equiv>\<^sub>o ?R1) ?l1 ?r1" by fastforce
+ show "equivalence_rel ?L1" "equivalence_rel ?R1" by (fact equivalence_eq)+
+ show "(?L2 \<equiv>\<^sub>o ?R2) ?l2 ?r2" by fastforce
+ show "equivalence_rel ?L2" "equivalence_rel ?R2" by (fact equivalence_top)+
+ show "tc.L \<noteq> ?L1"
+ proof -
+ have "\<not>(?L1 False True)" by blast
+ moreover have "tc.L False True" by (intro tc.left_relI) auto
+ ultimately show ?thesis by auto
+ qed
+qed
+
+end
+
+
+subsubsection \<open>Generic Left to Right Introduction Rules\<close>
+
+text \<open>The following lemmas generalise the proof outline used, for example,
+when proving monotonicity and the Galois property (cf. the paper \<^cite>\<open>"transport"\<close>).\<close>
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+
+lemma right_rel_if_left_relI:
+ assumes "x \<le>\<^bsub>L\<^esub> x'"
+ and l1_R1_if_L1_r1: "\<And>y. in_codom (\<le>\<^bsub>R1\<^esub>) y \<Longrightarrow> x \<le>\<^bsub>L1\<^esub> r1 y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> y"
+ and t_R1_if_l1_R1: "\<And>y. l1 x \<le>\<^bsub>R1\<^esub> y \<Longrightarrow> t y \<le>\<^bsub>R1\<^esub> y"
+ and R2_l2_if_t_L2_if_l1_R1:
+ "\<And>y y'. l1 x \<le>\<^bsub>R1\<^esub> y \<Longrightarrow> t y \<le>\<^bsub>L2\<^esub> y' \<Longrightarrow> z \<le>\<^bsub>R2\<^esub> l2 y'"
+ and R1_b_if_R1_l1_if_R1_l1:
+ "\<And>y y'. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> y' \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> y' \<le>\<^bsub>R1\<^esub> b y"
+ and b_L2_r2_if_in_codom_L2_b_if_R1_l1:
+ "\<And>y. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> in_codom (\<le>\<^bsub>L2\<^esub>) (b y) \<Longrightarrow> b y \<le>\<^bsub>L2\<^esub> r2 z'"
+ and in_codom_R2_if_in_codom_L2_b_if_R1_l1:
+ "\<And>y. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> in_codom (\<le>\<^bsub>L2\<^esub>) (b y) \<Longrightarrow> in_codom (\<le>\<^bsub>R2\<^esub>) z'"
+ and rel_comp_le: "(\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<le> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)"
+ and in_codom_rel_comp_le: "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ shows "z \<le>\<^bsub>R\<^esub> z'"
+proof -
+ from \<open>x \<le>\<^bsub>L\<^esub> x'\<close> obtain yl yl' where "l1 x \<le>\<^bsub>R1\<^esub> yl" "yl \<le>\<^bsub>L2\<^esub> yl'" "yl' \<le>\<^bsub>R1\<^esub> l1 x'"
+ using l1_R1_if_L1_r1 by blast
+ moreover then have "t yl \<le>\<^bsub>R1\<^esub> yl" by (intro t_R1_if_l1_R1)
+ ultimately have "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) (t yl) (l1 x')" using rel_comp_le by blast
+ then obtain y where "t yl \<le>\<^bsub>L2\<^esub> y" "y \<le>\<^bsub>R1\<^esub> l1 x'" by blast
+ show "z \<le>\<^bsub>R\<^esub> z'"
+ proof (rule flip.left_relI)
+ from \<open>t yl \<le>\<^bsub>L2\<^esub> y\<close> \<open>l1 x \<le>\<^bsub>R1\<^esub> yl\<close> show "z \<^bsub>R2\<^esub>\<lessapprox> y"
+ by (auto intro: R2_l2_if_t_L2_if_l1_R1)
+ from \<open>yl' \<le>\<^bsub>R1\<^esub> l1 x'\<close> \<open>y \<le>\<^bsub>R1\<^esub> l1 x'\<close> show "y \<le>\<^bsub>R1\<^esub> b yl'"
+ by (rule R1_b_if_R1_l1_if_R1_l1)
+ show "b yl' \<^bsub>L2\<^esub>\<lessapprox> z'"
+ proof (rule t2.left_GaloisI)
+ from \<open>yl' \<le>\<^bsub>R1\<^esub> l1 x'\<close> have "yl' \<le>\<^bsub>R1\<^esub> b yl'"
+ by (intro R1_b_if_R1_l1_if_R1_l1)
+ with \<open>l1 x \<le>\<^bsub>R1\<^esub> yl\<close> \<open>yl \<le>\<^bsub>L2\<^esub> yl'\<close> in_codom_rel_comp_le
+ have "in_codom (\<le>\<^bsub>L2\<^esub>) (b yl')" by blast
+ with \<open>yl' \<le>\<^bsub>R1\<^esub> l1 x'\<close> show "b yl' \<le>\<^bsub>L2\<^esub> r2 z'" "in_codom (\<le>\<^bsub>R2\<^esub>) z'"
+ by (auto intro: b_L2_r2_if_in_codom_L2_b_if_R1_l1
+ in_codom_R2_if_in_codom_L2_b_if_R1_l1)
+ qed
+ qed
+qed
+
+lemma right_rel_if_left_relI':
+ assumes "x \<le>\<^bsub>L\<^esub> x'"
+ and l1_R1_if_L1_r1: "\<And>y. in_codom (\<le>\<^bsub>R1\<^esub>) y \<Longrightarrow> x \<le>\<^bsub>L1\<^esub> r1 y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> y"
+ and R1_b_if_R1_l1: "\<And>y. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> b y"
+ and L2_r2_if_L2_b_if_R1_l1:
+ "\<And>y y'. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> y' \<le>\<^bsub>L2\<^esub> b y \<Longrightarrow> y' \<le>\<^bsub>L2\<^esub> r2 z'"
+ and in_codom_R2_if_L2_b_if_R1_l1:
+ "\<And>y y'. y \<le>\<^bsub>R1\<^esub> l1 x' \<Longrightarrow> y' \<le>\<^bsub>L2\<^esub> b y \<Longrightarrow> in_codom (\<le>\<^bsub>R2\<^esub>) z'"
+ and t_R1_if_R1_l1_if_l1_R1:
+ "\<And>y y' y''. l1 x \<le>\<^bsub>R1\<^esub> y \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> y' \<Longrightarrow> t y \<le>\<^bsub>R1\<^esub> y'"
+ and R2_l2_t_if_in_dom_L2_t_if_l1_R1:
+ "\<And>y y'. l1 x \<le>\<^bsub>R1\<^esub> y \<Longrightarrow> in_dom (\<le>\<^bsub>L2\<^esub>) (t y) \<Longrightarrow> z \<le>\<^bsub>R2\<^esub> l2 (t y)"
+ and in_codom_L2_t_if_in_dom_L2_t_if_l1_R1:
+ "\<And>y y'. l1 x \<le>\<^bsub>R1\<^esub> y \<Longrightarrow> in_dom (\<le>\<^bsub>L2\<^esub>) (t y) \<Longrightarrow> in_codom (\<le>\<^bsub>L2\<^esub>) (t y)"
+ and rel_comp_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and in_dom_rel_comp_le: "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ shows "z \<le>\<^bsub>R\<^esub> z'"
+proof -
+ from \<open>x \<le>\<^bsub>L\<^esub> x'\<close> obtain yl yl' where "l1 x \<le>\<^bsub>R1\<^esub> yl" "yl \<le>\<^bsub>L2\<^esub> yl'" "yl' \<le>\<^bsub>R1\<^esub> l1 x'"
+ using l1_R1_if_L1_r1 by blast
+ moreover then have "yl' \<le>\<^bsub>R1\<^esub> b yl'" by (intro R1_b_if_R1_l1)
+ ultimately have "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) (l1 x) (b yl')" using rel_comp_le by blast
+ then obtain y where "l1 x \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> b yl'" by blast
+ show "z \<le>\<^bsub>R\<^esub> z'"
+ proof (rule flip.left_relI)
+ from \<open>yl' \<le>\<^bsub>R1\<^esub> l1 x'\<close> \<open>y \<le>\<^bsub>L2\<^esub> b yl'\<close>
+ have "in_codom (\<le>\<^bsub>R2\<^esub>) z'" "y \<le>\<^bsub>L2\<^esub> r2 z'"
+ by (auto intro: in_codom_R2_if_L2_b_if_R1_l1 L2_r2_if_L2_b_if_R1_l1)
+ then show "y \<^bsub>L2\<^esub>\<lessapprox> z'" by blast
+ from \<open>l1 x \<le>\<^bsub>R1\<^esub> yl\<close> \<open>l1 x \<le>\<^bsub>R1\<^esub> y\<close> show "t yl \<le>\<^bsub>R1\<^esub> y" by (rule t_R1_if_R1_l1_if_l1_R1)
+ show "z \<^bsub>R2\<^esub>\<lessapprox> t yl"
+ proof (rule flip.t1.left_GaloisI)
+ from \<open>l1 x \<le>\<^bsub>R1\<^esub> yl\<close> have "t yl \<le>\<^bsub>R1\<^esub> yl" by (intro t_R1_if_R1_l1_if_l1_R1)
+ with \<open>yl \<le>\<^bsub>L2\<^esub> yl'\<close> \<open>yl' \<le>\<^bsub>R1\<^esub> l1 x'\<close> in_dom_rel_comp_le have "in_dom (\<le>\<^bsub>L2\<^esub>) (t yl)"
+ by blast
+ with \<open>l1 x \<le>\<^bsub>R1\<^esub> yl\<close>
+ show "z \<le>\<^bsub>R2\<^esub> l2 (t yl)" "in_codom (\<le>\<^bsub>L2\<^esub>) (t yl)" by (auto intro:
+ R2_l2_t_if_in_dom_L2_t_if_l1_R1 in_codom_L2_t_if_in_dom_L2_t_if_l1_R1)
+ qed
+ qed
+qed
+
+
+subsubsection \<open>Simplification of Monotonicity Assumptions\<close>
+
+text \<open>Some sufficient conditions for monotonicity assumptions that repeatedly
+arise in various places.\<close>
+
+lemma mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ shows "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ using assms by (intro dep_mono_wrt_predI) blast
+
+lemma mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ shows "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ using assms by (intro dep_mono_wrt_predI) blast
+
+
+subsubsection \<open>Simplification of Compatibility Conditions\<close>
+
+text \<open>Most results will depend on certain compatibility conditions between
+@{term "(\<le>\<^bsub>R1\<^esub>)"} and @{term "(\<le>\<^bsub>L2\<^esub>)"}. We next derive some sufficient assumptions
+for these conditions.\<close>
+
+end
+
+lemma rel_comp_comp_le_rel_comp_if_rel_comp_comp_if_in_dom_leI:
+ assumes trans_R: "transitive R"
+ and refl_S: "reflexive_on P S"
+ and in_dom_le: "in_dom (R \<circ>\<circ> S \<circ>\<circ> R) \<le> P"
+ and rel_comp_le: "(S \<circ>\<circ> R \<circ>\<circ> S) \<le> (S \<circ>\<circ> R)"
+ shows "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (S \<circ>\<circ> R)"
+proof (intro le_relI)
+ fix x y assume "(R \<circ>\<circ> S \<circ>\<circ> R) x y"
+ moreover with in_dom_le refl_S have "S x x" by blast
+ ultimately have "((S \<circ>\<circ> R \<circ>\<circ> S) \<circ>\<circ> R) x y" by blast
+ with rel_comp_le have "(S \<circ>\<circ> R \<circ>\<circ> R) x y" by blast
+ with trans_R show "(S \<circ>\<circ> R) x y" by blast
+qed
+
+lemma rel_comp_comp_le_rel_comp_if_rel_comp_comp_if_in_codom_leI:
+ assumes trans_R: "transitive R"
+ and refl_S: "reflexive_on P S"
+ and in_codom_le: "in_codom (R \<circ>\<circ> S \<circ>\<circ> R) \<le> P"
+ and rel_comp_le: "(S \<circ>\<circ> R \<circ>\<circ> S) \<le> (R \<circ>\<circ> S)"
+ shows "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (R \<circ>\<circ> S)"
+proof (intro le_relI)
+ fix x y assume "(R \<circ>\<circ> S \<circ>\<circ> R) x y"
+ moreover with in_codom_le refl_S have "S y y" by blast
+ ultimately have "(R \<circ>\<circ> (S \<circ>\<circ> R \<circ>\<circ> S)) x y" by blast
+ with rel_comp_le have "(R \<circ>\<circ> R \<circ>\<circ> S) x y" by blast
+ with trans_R show "(R \<circ>\<circ> S) x y" by blast
+qed
+
+lemma rel_comp_comp_le_rel_comp_if_rel_comp_le_if_transitive:
+ assumes trans_R: "transitive R"
+ and R_S_le: "(R \<circ>\<circ> S) \<le> (S \<circ>\<circ> R)"
+ shows "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (S \<circ>\<circ> R)"
+proof -
+ from trans_R have R_R_le: "(R \<circ>\<circ> R) \<le> R" by (intro rel_comp_le_self_if_transitive)
+ have "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (S \<circ>\<circ> R \<circ>\<circ> R)"
+ using monoD[OF mono_rel_comp1 R_S_le] by blast
+ also have "... \<le> (S \<circ>\<circ> R)"
+ using monoD[OF mono_rel_comp2 R_R_le] by (auto simp flip: rel_comp_assoc)
+ finally show ?thesis .
+qed
+
+lemma rel_comp_comp_le_rel_comp_if_rel_comp_le_if_transitive':
+ assumes trans_R: "transitive R"
+ and S_R_le: "(S \<circ>\<circ> R) \<le> (R \<circ>\<circ> S)"
+ shows "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (R \<circ>\<circ> S)"
+proof -
+ from trans_R have R_R_le: "(R \<circ>\<circ> R) \<le> R" by (intro rel_comp_le_self_if_transitive)
+ have "(R \<circ>\<circ> S \<circ>\<circ> R) \<le> (R \<circ>\<circ> R \<circ>\<circ> S)"
+ using monoD[OF mono_rel_comp2 S_R_le] by (auto simp flip: rel_comp_assoc)
+ also have "... \<le> (R \<circ>\<circ> S)" using monoD[OF mono_rel_comp1 R_R_le] by blast
+ finally show ?thesis .
+qed
+
+lemma rel_comp_eq_rel_comp_if_le_if_transitive_if_reflexive:
+ assumes refl_R: "reflexive_on (in_field S) R"
+ and trans_S: "transitive S"
+ and R_le: "R \<le> S \<squnion> (=)"
+ shows "(R \<circ>\<circ> S) = (S \<circ>\<circ> R)"
+proof (intro ext iffI)
+ fix x y assume "(R \<circ>\<circ> S) x y"
+ then obtain z where "R x z" "S z y" by blast
+ with R_le have "(S \<squnion> (=)) x z" by blast
+ with \<open>S z y\<close> trans_S have "S x y" by auto
+ moreover from \<open>S z y\<close> refl_R have "R y y" by blast
+ ultimately show "(S \<circ>\<circ> R) x y" by blast
+next
+ fix x y assume "(S \<circ>\<circ> R) x y"
+ then obtain z where "S x z" "R z y" by blast
+ with R_le have "(S \<squnion> (=)) z y" by blast
+ with \<open>S x z\<close> trans_S have "S x y" by auto
+ moreover from \<open>S x y\<close> refl_R have "R x x" by blast
+ ultimately show "(R \<circ>\<circ> S) x y" by blast
+qed
+
+lemma rel_comp_eq_rel_comp_if_in_field_le_if_le_eq:
+ assumes le_eq: "R \<le> (=)"
+ and in_field_le: "in_field S \<le> in_field R"
+ shows "(R \<circ>\<circ> S) = (S \<circ>\<circ> R)"
+proof (intro ext iffI)
+ fix x y assume "(R \<circ>\<circ> S) x y"
+ then obtain z where "R x z" "S z y" by blast
+ with le_eq have "S x y" by blast
+ with assms show "(S \<circ>\<circ> R) x y" by blast
+next
+ fix x y assume "(S \<circ>\<circ> R) x y"
+ then obtain z where "S x z" "R z y" by blast
+ with le_eq have "S x y" by blast
+ with assms show "(R \<circ>\<circ> S) x y" by blast
+qed
+
+context transport_comp
+begin
+
+lemma left2_right1_left2_le_left2_right1_if_right1_left2_right1_le_left2_right1:
+ assumes "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ using assms by (intro rel_comp_comp_le_rel_comp_if_rel_comp_comp_if_in_codom_leI)
+ auto
+
+lemma left2_right1_left2_le_right1_left2_if_right1_left2_right1_le_right1_left2I:
+ assumes "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom (\<le>\<^bsub>R1\<^esub>)"
+ shows "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ using assms by (intro rel_comp_comp_le_rel_comp_if_rel_comp_comp_if_in_dom_leI)
+ auto
+
+lemma in_dom_right1_left2_right1_le_if_right1_left2_right1_le:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ using monoD[OF mono_in_dom assms] by (auto intro: in_dom_if_in_dom_rel_comp)
+
+lemma in_codom_right1_left2_right1_le_if_right1_left2_right1_le:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ shows "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ using monoD[OF mono_in_codom assms]
+ by (auto intro: in_codom_if_in_codom_rel_comp)
+
+text \<open>Our main results will be derivable for two different sets of compatibility
+conditions. The next two lemmas show the equivalence between those two sets
+under certain assumptions. In cases where these assumptions are met, we will
+only state the result for one of the two compatibility conditions. The other one
+will then be derivable using one of the following lemmas.\<close>
+
+definition "middle_compatible_dom \<equiv>
+ (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)
+ \<and> in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)
+ \<and> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))
+ \<and> in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom (\<le>\<^bsub>R1\<^esub>)"
+
+lemma middle_compatible_domI [intro]:
+ assumes "(\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)"
+ and "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom (\<le>\<^bsub>R1\<^esub>)"
+ shows "middle_compatible_dom"
+ unfolding middle_compatible_dom_def using assms by blast
+
+lemma middle_compatible_domE [elim]:
+ assumes "middle_compatible_dom"
+ obtains "(\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)"
+ and "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom (\<le>\<^bsub>R1\<^esub>)"
+ using assms unfolding middle_compatible_dom_def by blast
+
+definition "middle_compatible_codom \<equiv>
+ ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))
+ \<and> in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)
+ \<and> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)
+ \<and> in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+
+lemma middle_compatible_codomI [intro]:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ and "(\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "middle_compatible_codom"
+ unfolding middle_compatible_codom_def using assms by blast
+
+lemma middle_compatible_codomE [elim]:
+ assumes "middle_compatible_codom"
+ obtains "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ and "(\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ using assms unfolding middle_compatible_codom_def by blast
+
+context
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+
+lemma rel_comp_comp_le_assms_if_in_codom_rel_comp_comp_leI:
+ assumes "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "middle_compatible_dom"
+ using assms by (intro middle_compatible_domI)
+ (auto intro!:
+ left2_right1_left2_le_left2_right1_if_right1_left2_right1_le_left2_right1
+ flip.left2_right1_left2_le_left2_right1_if_right1_left2_right1_le_left2_right1
+ in_dom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_dom_right1_left2_right1_le_if_right1_left2_right1_le
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+
+lemma rel_comp_comp_le_assms_if_in_dom_rel_comp_comp_leI:
+ assumes "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_dom"
+ shows "middle_compatible_codom"
+ using assms by (intro middle_compatible_codomI)
+ (auto intro!:
+ left2_right1_left2_le_right1_left2_if_right1_left2_right1_le_right1_left2I
+ flip.left2_right1_left2_le_right1_left2_if_right1_left2_right1_le_right1_left2I
+ in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+
+lemma middle_compatible_dom_iff_middle_compatible_codom_if_preorder_on:
+ assumes "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ shows "middle_compatible_dom \<longleftrightarrow> middle_compatible_codom"
+ using assms by (intro iffI rel_comp_comp_le_assms_if_in_codom_rel_comp_comp_leI)
+ (auto intro!: rel_comp_comp_le_assms_if_in_dom_rel_comp_comp_leI)
+
+end
+
+text \<open>Finally we derive some sufficient assumptions for the compatibility
+conditions.\<close>
+
+lemma right1_left2_right1_le_assms_if_right1_left2_eqI:
+ assumes "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) = ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ using assms rel_comp_comp_le_rel_comp_if_rel_comp_le_if_transitive[of R1 L2]
+ by auto
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) = ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<equiv> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) = ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ by (simp only: eq_commute)
+
+lemma middle_compatible_codom_if_rel_comp_eq_if_transitive:
+ assumes "transitive (\<le>\<^bsub>R1\<^esub>)" "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) = ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "middle_compatible_codom"
+ using assms by (intro middle_compatible_codomI
+ in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ right1_left2_right1_le_assms_if_right1_left2_eqI
+ flip.right1_left2_right1_le_assms_if_right1_left2_eqI)
+ auto
+
+lemma middle_compatible_codom_if_right1_le_left2_eqI:
+ assumes "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)" "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "(\<le>\<^bsub>R1\<^esub>) \<le> (\<le>\<^bsub>L2\<^esub>) \<squnion> (=)"
+ and "in_field (\<le>\<^bsub>L2\<^esub>) \<le> in_field (\<le>\<^bsub>R1\<^esub>)"
+ shows "middle_compatible_codom"
+ using assms by (intro middle_compatible_codomI
+ in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ right1_left2_right1_le_assms_if_right1_left2_eqI
+ flip.right1_left2_right1_le_assms_if_right1_left2_eqI
+ rel_comp_eq_rel_comp_if_le_if_transitive_if_reflexive)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on)
+
+lemma middle_compatible_codom_if_right1_le_eqI:
+ assumes "(\<le>\<^bsub>R1\<^esub>) \<le> (=)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "in_field (\<le>\<^bsub>L2\<^esub>) \<le> in_field (\<le>\<^bsub>R1\<^esub>)"
+ shows "middle_compatible_codom"
+ using assms by (intro middle_compatible_codomI
+ in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_codom_right1_left2_right1_le_if_right1_left2_right1_le
+ right1_left2_right1_le_assms_if_right1_left2_eqI
+ flip.right1_left2_right1_le_assms_if_right1_left2_eqI
+ rel_comp_eq_rel_comp_if_in_field_le_if_le_eq)
+ auto
+
+end
+
+
+end
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Connection.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Connection.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Connection.thy
@@ -0,0 +1,88 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Connection\<close>
+theory Transport_Compositions_Generic_Galois_Connection
+ imports
+ Transport_Compositions_Generic_Galois_Property
+ Transport_Compositions_Generic_Monotone
+begin
+
+context transport_comp
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit = \<epsilon>\<^sub>1" and "flip.t1.counit \<equiv> \<eta>\<^sub>2"
+ by (simp_all only: t1.flip_unit_eq_counit t2.flip_counit_eq_unit)
+
+lemma galois_connection_left_rightI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "rel_equivalence_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "inflationary_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connectionI galois_prop_left_rightI
+ mono_wrt_rel_leftI flip.mono_wrt_rel_leftI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+lemma galois_connection_left_rightI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_dom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connectionI galois_prop_left_rightI'
+ mono_wrt_rel_leftI' flip.mono_wrt_rel_leftI')
+ (auto elim!: preorder_on_in_fieldE
+ intro!: reflexive_on_in_field_if_transitive_if_rel_equivalence_on
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+
+corollary galois_connection_left_right_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connection_left_rightI)
+ (auto elim!: galois.galois_connectionE
+ intro!: flip.t2.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ t2.inflationary_on_unit_if_reflexive_on_if_galois_equivalence
+ intro: rel_equivalence_on_if_le_pred_if_rel_equivalence_on
+ in_field_if_in_codom)
+
+corollary galois_connection_left_right_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connection_left_rightI')
+ (auto elim!: rel_equivalence_onE
+ intro!: t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ flip.t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ t2.half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel
+ flip.t2.half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel
+ preorder_on_in_field_if_transitive_if_rel_equivalence_on
+ rel_comp_comp_le_assms_if_in_codom_rel_comp_comp_leI
+ intro: inflationary_on_if_le_pred_if_inflationary_on
+ deflationary_on_if_le_pred_if_deflationary_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Equivalence.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Equivalence.thy
@@ -0,0 +1,90 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Equivalence\<close>
+theory Transport_Compositions_Generic_Galois_Equivalence
+ imports
+ Transport_Compositions_Generic_Galois_Connection
+begin
+
+context transport_comp
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit = \<epsilon>\<^sub>1" and "flip.t1.counit \<equiv> \<eta>\<^sub>2" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>2"
+ by (simp_all only: order_functors.flip_unit_eq_counit)
+
+lemma galois_equivalenceI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalenceI galois_connection_left_rightI
+ flip.galois_prop_left_rightI)
+ (auto intro!: preorder_on_in_field_if_transitive_if_rel_equivalence_on
+ intro: rel_equivalence_on_if_le_pred_if_rel_equivalence_on
+ inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+lemma galois_equivalenceI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "inflationary_on (in_dom (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>) \<epsilon>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_dom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois.galois_equivalenceI galois_connection_left_rightI'
+ flip.galois_prop_left_rightI')
+ (auto elim!: rel_equivalence_onE
+ intro!: preorder_on_in_field_if_transitive_if_rel_equivalence_on
+ intro: inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_dom)
+
+corollary galois_equivalence_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalenceI)
+ (auto intro!: t2.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ flip.t2.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+corollary galois_equivalence_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalenceI')
+ (auto elim!: rel_equivalence_onE
+ intro!: t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ flip.t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ t2.half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel
+ flip.t2.half_galois_prop_right_left_right_if_transitive_if_inflationary_on_if_mono_wrt_rel
+ rel_comp_comp_le_assms_if_in_codom_rel_comp_comp_leI
+ preorder_on_in_field_if_transitive_if_rel_equivalence_on
+ intro: deflationary_on_if_le_pred_if_deflationary_on
+ inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Property.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Property.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Property.thy
@@ -0,0 +1,195 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Property\<close>
+theory Transport_Compositions_Generic_Galois_Property
+ imports
+ Transport_Compositions_Generic_Base
+begin
+
+context transport_comp
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit = \<epsilon>\<^sub>1" and "flip.t1.counit \<equiv> \<eta>\<^sub>2"
+ by (simp_all only: t1.flip_unit_eq_counit t2.flip_counit_eq_unit)
+
+lemma half_galois_prop_left_left_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and deflationary_counit1: "deflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and trans_R1: "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_r2: "([in_codom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule half_galois_prop_leftI)
+ fix x z assume "x \<^bsub>L\<^esub>\<lessapprox> z"
+ then show "l x \<le>\<^bsub>R\<^esub> z"
+ proof (intro right_rel_if_left_relI)
+ from \<open>x \<^bsub>L\<^esub>\<lessapprox> z\<close> show "in_codom (\<le>\<^bsub>R2\<^esub>) z" by blast
+ fix y assume "y \<le>\<^bsub>R1\<^esub> l1 (r z)"
+ moreover have "l1 (r z) \<le>\<^bsub>R1\<^esub> r2 z"
+ proof -
+ from mono_in_codom_r2 \<open>x \<^bsub>L\<^esub>\<lessapprox> z\<close> have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)" by blast
+ with deflationary_counit1 show "l1 (r z) \<le>\<^bsub>R1\<^esub> r2 z" by auto
+ qed
+ ultimately show "y \<le>\<^bsub>R1\<^esub> r2 z" using trans_R1 by blast
+ next
+ fix y assume "l1 x \<le>\<^bsub>L2\<^esub> y"
+ with \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> show "l x \<le>\<^bsub>R2\<^esub> l2 y" by auto
+ qed (insert assms, auto)
+qed
+
+lemma half_galois_prop_left_left_rightI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and deflationary_counit1: "deflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and trans_R1: "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_r2: "([in_codom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule half_galois_prop_leftI)
+ fix x z assume "x \<^bsub>L\<^esub>\<lessapprox> z"
+ then show "l x \<le>\<^bsub>R\<^esub> z"
+ proof (intro right_rel_if_left_relI')
+ from \<open>x \<^bsub>L\<^esub>\<lessapprox> z\<close> show "in_codom (\<le>\<^bsub>R2\<^esub>) z" by blast
+ fix y assume "y \<le>\<^bsub>R1\<^esub> l1 (r z)"
+ moreover have "l1 (r z) \<le>\<^bsub>R1\<^esub> r2 z"
+ proof -
+ from mono_in_codom_r2 \<open>x \<^bsub>L\<^esub>\<lessapprox> z\<close> have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)" by blast
+ with deflationary_counit1 show "l1 (r z) \<le>\<^bsub>R1\<^esub> r2 z" by auto
+ qed
+ ultimately show "y \<le>\<^bsub>R1\<^esub> r2 z" using trans_R1 by blast
+ next
+ assume "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)"
+ with refl_L2 have "l1 x \<le>\<^bsub>L2\<^esub> l1 x" by blast
+ with \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> show "in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)" "l x \<le>\<^bsub>R2\<^esub> l2 (l1 x)"
+ by auto
+ qed (insert assms, auto)
+qed
+
+lemma half_galois_prop_right_left_rightI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and inflationary_counit1: "inflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and inflationary_unit2: "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and trans_L2: "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule half_galois_prop_rightI)
+ fix x z assume "x \<lessapprox>\<^bsub>R\<^esub> z"
+ then show "x \<le>\<^bsub>L\<^esub> r z"
+ proof (intro flip.right_rel_if_left_relI)
+ fix y assume "r2 (l x) \<le>\<^bsub>L2\<^esub> y"
+ moreover have "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)"
+ proof -
+ from mono_in_dom_l1 \<open>x \<lessapprox>\<^bsub>R\<^esub> z\<close> have "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with inflationary_unit2 show "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)" by auto
+ qed
+ ultimately show "l1 x \<le>\<^bsub>L2\<^esub> y" using trans_L2 by blast
+ fix y assume "l1 x \<le>\<^bsub>R1\<^esub> y"
+ with \<open>((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> \<open>x \<lessapprox>\<^bsub>R\<^esub> z\<close> show "x \<le>\<^bsub>L1\<^esub> r1 y" by blast
+ next
+ assume "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)"
+ with inflationary_counit1 show "r2 z \<le>\<^bsub>R1\<^esub> l1 (r z)" by auto
+ from \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)\<close> show "in_codom (\<le>\<^bsub>L1\<^esub>) (r z)"
+ by (auto intro: in_codom_if_rel_if_dep_mono_wrt_rel)
+ qed (insert assms, auto elim: galois_rel.left_GaloisE)
+qed
+
+lemma half_galois_prop_right_left_rightI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and inflationary_unit1: "inflationary_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and inflationary_counit1: "\<And>y z. y \<le>\<^bsub>R1\<^esub> r2 z \<Longrightarrow> y \<le>\<^bsub>R1\<^esub> l1 (r z)"
+ and "in_dom (\<le>\<^bsub>R1\<^esub>) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and inflationary_unit2: "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and trans_L2: "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom (\<le>\<^bsub>R1\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule half_galois_prop_rightI)
+ fix x z assume "x \<lessapprox>\<^bsub>R\<^esub> z"
+ then show "x \<le>\<^bsub>L\<^esub> r z"
+ proof (intro flip.right_rel_if_left_relI')
+ from \<open>x \<lessapprox>\<^bsub>R\<^esub> z\<close> inflationary_unit1 show "x \<le>\<^bsub>L1\<^esub> r1 (l1 x)"
+ by (fastforce elim: galois_rel.left_GaloisE)
+ fix y assume "y \<le>\<^bsub>R1\<^esub> r2 z"
+ with inflationary_counit1 show "y \<le>\<^bsub>R1\<^esub> l1 (r z)" by auto
+ next
+ fix y
+ from mono_in_dom_l1 \<open>x \<lessapprox>\<^bsub>R\<^esub> z\<close> have "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with inflationary_unit2 have "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)" by auto
+ moreover assume "r2 (l x) \<le>\<^bsub>L2\<^esub> y"
+ ultimately show "l1 x \<le>\<^bsub>L2\<^esub> y" using trans_L2 by blast
+ qed (insert assms, auto elim: galois_rel.left_GaloisE)
+qed
+
+lemma galois_prop_left_rightI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "rel_equivalence_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_propI
+ half_galois_prop_left_left_rightI half_galois_prop_right_left_rightI
+ flip.mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le
+ mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le
+ in_dom_right1_left2_right1_le_if_right1_left2_right1_le)
+ (auto elim!: preorder_on_in_fieldE
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+
+lemma galois_prop_left_rightI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and rel_equiv_counit1: "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and trans_R1: "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "middle_compatible_dom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule galois_propI)
+ show "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r" using assms
+ by (intro half_galois_prop_left_left_rightI'
+ flip.mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le
+ flip.in_codom_right1_left2_right1_le_if_right1_left2_right1_le)
+ (auto elim!: rel_equivalence_onE preorder_on_in_fieldE
+ intro: deflationary_on_if_le_pred_if_deflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+ have "y \<le>\<^bsub>R1\<^esub> l1 (r1 (r2 z))" if "y \<le>\<^bsub>R1\<^esub> r2 z" for y z
+ proof -
+ note \<open>y \<le>\<^bsub>R1\<^esub> r2 z\<close>
+ moreover with rel_equiv_counit1 have "r2 z \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (r2 z)" by auto
+ ultimately show ?thesis using trans_R1 by auto
+ qed
+ moreover have "in_dom (\<le>\<^bsub>R1\<^esub>) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ proof -
+ from rel_equiv_counit1 trans_R1 have "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ by (intro reflexive_on_in_field_if_transitive_if_rel_equivalence_on) auto
+ then show ?thesis by (simp only: in_codom_eq_in_dom_if_reflexive_on_in_field)
+ qed
+ ultimately show "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r" using assms
+ by (intro half_galois_prop_right_left_rightI'
+ mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le)
+ auto
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Relator.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Galois_Relator.thy
@@ -0,0 +1,151 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Relator\<close>
+theory Transport_Compositions_Generic_Galois_Relator
+ imports
+ Transport_Compositions_Generic_Base
+begin
+
+context transport_comp
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp only: t1.flip_unit_eq_counit)
+
+lemma left_Galois_le_comp_left_GaloisI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and galois_prop1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and preorder_R1: "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and rel_comp_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and mono_in_codom_r2: "([in_codom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) \<le> ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+proof (rule le_relI)
+ fix x z assume "x \<^bsub>L\<^esub>\<lessapprox> z"
+ then have "in_codom (\<le>\<^bsub>R\<^esub>) z" "x \<le>\<^bsub>L\<^esub> r z" by auto
+ with galois_prop1 obtain y y' where "in_dom (\<le>\<^bsub>L1\<^esub>) x" "l1 x \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> y'" "y' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (r2 z)"
+ by (auto elim!: left_relE)
+ moreover have "\<epsilon>\<^sub>1 (r2 z) \<le>\<^bsub>R1\<^esub> r2 z"
+ proof -
+ from mono_in_codom_r2 \<open>in_codom (\<le>\<^bsub>R\<^esub>) z\<close> have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)" by blast
+ with mono_r1 galois_prop1 preorder_R1 show ?thesis by (blast intro!:
+ t1.counit_rel_if_reflexive_on_if_half_galois_prop_left_if_mono_wrt_rel)
+ qed
+ ultimately have "y' \<le>\<^bsub>R1\<^esub> r2 z" using preorder_R1 by blast
+ with \<open>l1 x \<le>\<^bsub>R1\<^esub> y\<close> \<open>y \<le>\<^bsub>L2\<^esub> y'\<close> have "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) (l1 x) (r2 z)"
+ by blast
+ with rel_comp_le obtain y'' where "l1 x \<le>\<^bsub>R1\<^esub> y''" "y'' \<le>\<^bsub>L2\<^esub> r2 z" by blast
+ with galois_prop1 \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x\<close> have "x \<^bsub>L1\<^esub>\<lessapprox> y''"
+ by (intro t1.left_Galois_if_Galois_right_if_half_galois_prop_right t1.left_GaloisI)
+ auto
+ moreover from \<open>in_codom (\<le>\<^bsub>R\<^esub>) z\<close> \<open>y'' \<le>\<^bsub>L2\<^esub> r2 z\<close> have "y'' \<^bsub>L2\<^esub>\<lessapprox> z"
+ by (intro t2.left_GaloisI) auto
+ ultimately show "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) x z" by blast
+qed
+
+lemma comp_left_Galois_le_left_GaloisI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and half_galois_prop_left1: "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and half_galois_prop_right1: "((\<le>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and refl_R1: "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and mono_l2: "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and in_codom_rel_comp_le: "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) \<le> (\<^bsub>L\<^esub>\<lessapprox>)"
+proof (intro le_relI left_GaloisI)
+ fix x z assume "((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) x z"
+ from \<open>((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>)) x z\<close> obtain y where "x \<^bsub>L1\<^esub>\<lessapprox> y" "y \<^bsub>L2\<^esub>\<lessapprox> z" by blast
+ with half_galois_prop_left1 have "l1 x \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> r2 z" by auto
+ with refl_R1 refl_L2 have "y \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> y" by auto
+ show "in_codom (\<le>\<^bsub>R\<^esub>) z"
+ proof (intro in_codomI flip.left_relI)
+ from mono_l2 \<open>y \<le>\<^bsub>L2\<^esub> y\<close> show "l2 y \<^bsub>R2\<^esub>\<lessapprox> y" by blast
+ show "y \<le>\<^bsub>R1\<^esub> y" "y \<^bsub>L2\<^esub>\<lessapprox> z" by fact+
+ qed
+ show "x \<le>\<^bsub>L\<^esub> r z"
+ proof (intro left_relI)
+ show "x \<^bsub>L1\<^esub>\<lessapprox> y" "y \<le>\<^bsub>L2\<^esub> r2 z" by fact+
+ show "r2 z \<^bsub>R1\<^esub>\<lessapprox> r z"
+ proof (intro flip.t2.left_GaloisI)
+ from \<open>y \<le>\<^bsub>L2\<^esub> y\<close> \<open>y \<le>\<^bsub>R1\<^esub> y\<close> \<open>y \<le>\<^bsub>L2\<^esub> r2 z\<close> have "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) y (r2 z)"
+ by blast
+ with in_codom_rel_comp_le have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 z)" by blast
+ with refl_R1 have "r2 z \<le>\<^bsub>R1\<^esub> r2 z" by blast
+ with mono_r1 show "in_codom (\<le>\<^bsub>L1\<^esub>) (r z)" by auto
+ with \<open>r2 z \<le>\<^bsub>R1\<^esub> r2 z\<close> half_galois_prop_right1 mono_r1
+ show "r2 z \<le>\<^bsub>R1\<^esub> l1 (r z)" by (auto intro:
+ flip.t2.rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel)
+ qed
+ qed
+qed
+
+corollary left_Galois_eq_comp_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "([in_codom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms
+ by (intro antisym left_Galois_le_comp_left_GaloisI comp_left_Galois_le_left_GaloisI)
+ (auto elim!: preorder_on_in_fieldE
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+
+corollary left_Galois_eq_comp_left_GaloisI':
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L1\<^esub>)) r1 l1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI
+ flip.mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le)
+ auto
+
+theorem left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<stileturn> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro left_Galois_eq_comp_left_GaloisI')
+ (auto elim!: t1.galois_equivalenceE)
+
+corollary left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<stileturn> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms
+ by (intro left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI'
+ flip.left2_right1_left2_le_left2_right1_if_right1_left2_right1_le_left2_right1)
+ auto
+
+corollary left_Galois_eq_comp_left_Galois_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ and "(\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<le> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<circ>\<circ> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro
+ left_Galois_eq_comp_left_Galois_if_galois_connection_if_galois_equivalenceI)
+ auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Monotone.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Monotone.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Monotone.thy
@@ -0,0 +1,57 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Monotonicity\<close>
+theory Transport_Compositions_Generic_Monotone
+ imports
+ Transport_Compositions_Generic_Base
+begin
+
+context transport_comp
+begin
+
+lemma mono_wrt_rel_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and inflationary_unit2: "inflationary_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_codom (\<le>\<^bsub>L2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+proof (rule dep_mono_wrt_relI)
+ fix x x' assume "x \<le>\<^bsub>L\<^esub> x'"
+ then show "l x \<le>\<^bsub>R\<^esub> l x'"
+ proof (rule right_rel_if_left_relI)
+ fix y' assume "l1 x \<le>\<^bsub>L2\<^esub> y'"
+ with \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> show "l x \<le>\<^bsub>R2\<^esub> l2 y'" by auto
+ next
+ assume "in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x')"
+ with inflationary_unit2 show "l1 x' \<le>\<^bsub>L2\<^esub> r2 (l x')" by auto
+ from \<open>in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x')\<close> \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close>
+ show "in_codom (\<le>\<^bsub>R2\<^esub>) (l x')" by auto
+ qed (insert assms, auto)
+qed
+
+lemma mono_wrt_rel_leftI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ and "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+proof (rule dep_mono_wrt_relI)
+ fix x x' assume "x \<le>\<^bsub>L\<^esub> x'"
+ then show "l x \<le>\<^bsub>R\<^esub> l x'"
+ proof (rule right_rel_if_left_relI')
+ fix y' assume "y' \<le>\<^bsub>L2\<^esub> l1 x'"
+ moreover with \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> have "l2 y' \<le>\<^bsub>R2\<^esub> l x'" by auto
+ ultimately show "in_codom (\<le>\<^bsub>R2\<^esub>) (l x')" "y' \<le>\<^bsub>L2\<^esub> r2 (l x')"
+ using \<open>((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2\<close> by auto
+ next
+ assume "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)"
+ with refl_L2 \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> show "l x \<le>\<^bsub>R2\<^esub> l2 (l1 x)" by auto
+ qed (insert assms, auto)
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Base.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Base.thy
@@ -0,0 +1,237 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basic Order Properties\<close>
+theory Transport_Compositions_Generic_Order_Base
+ imports
+ Transport_Compositions_Generic_Base
+begin
+
+context transport_comp
+begin
+
+interpretation flip1 : galois R1 L1 r1 l1 .
+
+subsubsection \<open>Reflexivity\<close>
+
+lemma reflexive_on_in_dom_leftI:
+ assumes galois_prop: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and in_dom_L1_le: "in_dom (\<le>\<^bsub>L1\<^esub>) \<le> in_codom (\<le>\<^bsub>L1\<^esub>)"
+ and refl_R1: "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ shows "reflexive_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+proof (rule reflexive_onI)
+ fix x assume "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ then obtain x' where "x \<le>\<^bsub>L\<^esub> x'" "in_dom (\<le>\<^bsub>L1\<^esub>) x" by blast
+ show "x \<le>\<^bsub>L\<^esub> x"
+ proof (rule left_relI)
+ from refl_R1 have "l1 x \<le>\<^bsub>R1\<^esub> l1 x"
+ proof (rule reflexive_onD)
+ from \<open>x \<le>\<^bsub>L\<^esub> x'\<close> galois_prop show "in_dom (\<le>\<^bsub>R1\<^esub>) (l1 x)" by blast
+ qed
+ then show "x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ proof (intro t1.left_GaloisI)
+ from galois_prop \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x\<close> \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close> show "x \<le>\<^bsub>L1\<^esub> r1 (l1 x)" by blast
+ qed blast
+ from refl_L2 show "l1 x \<le>\<^bsub>L2\<^esub> l1 x"
+ proof (rule reflexive_onD)
+ from mono_in_dom_l1 \<open>x \<le>\<^bsub>L\<^esub> x'\<close> show "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ qed
+ from \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close> show "l1 x \<^bsub>R1\<^esub>\<lessapprox> x"
+ proof (intro flip1.left_GaloisI)
+ from \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x\<close> in_dom_L1_le show "in_codom (\<le>\<^bsub>L1\<^esub>) x" by blast
+ qed
+ qed
+qed
+
+lemma reflexive_on_in_codom_leftI:
+ assumes L1_r1_l1I: "\<And>x. in_dom (\<le>\<^bsub>L1\<^esub>) x \<Longrightarrow> l1 x \<le>\<^bsub>R1\<^esub> l1 x \<Longrightarrow> x \<le>\<^bsub>L1\<^esub> r1 (l1 x)"
+ and in_codom_L1_le: "in_codom (\<le>\<^bsub>L1\<^esub>) \<le> in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and refl_R1: "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and refl_L2: "reflexive_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_l1: "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ shows "reflexive_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+proof (rule reflexive_onI)
+ fix x assume "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ then obtain x' where "x' \<le>\<^bsub>L\<^esub> x" "in_codom (\<le>\<^bsub>L1\<^esub>) x" "in_codom (\<le>\<^bsub>R1\<^esub>) (l1 x)"
+ by blast
+ show "x \<le>\<^bsub>L\<^esub> x"
+ proof (rule left_relI)
+ from refl_R1 \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" by blast
+ show "x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ proof (rule t1.left_GaloisI)
+ from in_codom_L1_le \<open>in_codom (\<le>\<^bsub>L1\<^esub>) x\<close> have "in_dom (\<le>\<^bsub>L1\<^esub>) x" by blast
+ with \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close> show "x \<le>\<^bsub>L1\<^esub> r1 (l1 x)" by (intro L1_r1_l1I)
+ qed fact
+ from refl_L2 show "l1 x \<le>\<^bsub>L2\<^esub> l1 x"
+ proof (rule reflexive_onD)
+ from mono_in_codom_l1 \<open>x' \<le>\<^bsub>L\<^esub> x\<close> show "in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ qed
+ show "l1 x \<^bsub>R1\<^esub>\<lessapprox> x" by (rule flip1.left_GaloisI) fact+
+ qed
+qed
+
+corollary reflexive_on_in_field_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "([in_field (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_field (\<le>\<^bsub>L2\<^esub>)) l1"
+ shows "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+proof -
+ from assms have "reflexive_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ by (intro reflexive_on_in_dom_leftI)
+ (auto 0 4 intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+ moreover from assms have "reflexive_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ by (intro reflexive_on_in_codom_leftI)
+ (auto 0 4 intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+ ultimately show ?thesis by (auto iff: in_field_iff_in_dom_or_in_codom)
+qed
+
+
+subsubsection \<open>Transitivity\<close>
+
+text\<open>There are many similar proofs for transitivity. They slightly differ in
+their assumptions, particularly which of @{term "(\<le>\<^bsub>R1\<^esub>)"} and @{term "(\<le>\<^bsub>L2\<^esub>)"} has
+to be transitive and the order of commutativity for the relations.
+
+In the following, we just give two of them that suffice for many purposes.\<close>
+
+lemma transitive_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and trans_L2: "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and R1_L2_R1_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "transitive (\<le>\<^bsub>L\<^esub>)"
+proof (rule transitiveI)
+ fix x1 x2 x3 assume "x1 \<le>\<^bsub>L\<^esub> x2" "x2 \<le>\<^bsub>L\<^esub> x3"
+ from \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> obtain y1 y2 where "x1 \<^bsub>L1\<^esub>\<lessapprox> y1" "y1 \<le>\<^bsub>L2\<^esub> y2" "y2 \<le>\<^bsub>R1\<^esub> l1 x2"
+ by blast
+ from \<open>x2 \<le>\<^bsub>L\<^esub> x3\<close> \<open>((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> obtain y3 y4 where
+ "l1 x2 \<le>\<^bsub>R1\<^esub> y3" "y3 \<le>\<^bsub>L2\<^esub> y4" "y4 \<le>\<^bsub>R1\<^esub> l1 x3" "in_codom (\<le>\<^bsub>L1\<^esub>) x3" by blast
+ with R1_L2_R1_le have "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) (l1 x2) (l1 x3)" by blast
+ then obtain y where "l1 x2 \<le>\<^bsub>L2\<^esub> y" "y \<le>\<^bsub>R1\<^esub> l1 x3" by blast
+ with \<open>y2 \<le>\<^bsub>R1\<^esub> l1 x2\<close> R1_L2_R1_le have "((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) y2 (l1 x3)" by blast
+ then obtain y' where "y2 \<le>\<^bsub>L2\<^esub> y'" "y' \<le>\<^bsub>R1\<^esub> l1 x3" by blast
+ with \<open>y1 \<le>\<^bsub>L2\<^esub> y2\<close> have "y1 \<le>\<^bsub>L2\<^esub> y'" using trans_L2 by blast
+ show "x1 \<le>\<^bsub>L\<^esub> x3"
+ proof (rule left_relI)
+ show "x1 \<^bsub>L1\<^esub>\<lessapprox> y1" "y1 \<le>\<^bsub>L2\<^esub> y'" by fact+
+ show "y' \<^bsub>R1\<^esub>\<lessapprox> x3" by (rule flip1.left_GaloisI) fact+
+ qed
+qed
+
+lemma transitive_leftI':
+ assumes galois_prop: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and trans_L2: "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and R1_L2_R1_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ shows "transitive (\<le>\<^bsub>L\<^esub>)"
+proof (rule transitiveI)
+ fix x1 x2 x3 assume "x1 \<le>\<^bsub>L\<^esub> x2" "x2 \<le>\<^bsub>L\<^esub> x3"
+ from \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> galois_prop obtain y1 y2 where
+ "in_dom (\<le>\<^bsub>L1\<^esub>) x1" "l1 x1 \<le>\<^bsub>R1\<^esub> y1" "y1 \<le>\<^bsub>L2\<^esub> y2" "y2 \<le>\<^bsub>R1\<^esub> l1 x2" by blast
+ with R1_L2_R1_le have "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) (l1 x1) (l1 x2)" by blast
+ then obtain y where "l1 x1 \<le>\<^bsub>R1\<^esub> y" "y \<le>\<^bsub>L2\<^esub> l1 x2" by blast
+ moreover from \<open>x2 \<le>\<^bsub>L\<^esub> x3\<close> galois_prop obtain y3 y4 where
+ "l1 x2 \<le>\<^bsub>R1\<^esub> y3" "y3 \<le>\<^bsub>L2\<^esub> y4" "y4 \<^bsub>R1\<^esub>\<lessapprox> x3" by blast
+ moreover note R1_L2_R1_le
+ ultimately have "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) (l1 x1) y3" by blast
+ then obtain y' where "l1 x1 \<le>\<^bsub>R1\<^esub> y'" "y' \<le>\<^bsub>L2\<^esub> y3" by blast
+ with \<open>y3 \<le>\<^bsub>L2\<^esub> y4\<close> have "y' \<le>\<^bsub>L2\<^esub> y4" using trans_L2 by blast
+ show "x1 \<le>\<^bsub>L\<^esub> x3"
+ proof (rule left_relI)
+ from \<open>in_dom (\<le>\<^bsub>L1\<^esub>) x1\<close> \<open>l1 x1 \<le>\<^bsub>R1\<^esub> y'\<close> galois_prop show "x1 \<^bsub>L1\<^esub>\<lessapprox> y'"
+ by (intro t1.left_Galois_if_Galois_right_if_half_galois_prop_right t1.left_GaloisI)
+ auto
+ show "y' \<le>\<^bsub>L2\<^esub> y4" by fact
+ from \<open>y' \<le>\<^bsub>L2\<^esub> y4\<close> \<open>y4 \<^bsub>R1\<^esub>\<lessapprox> x3\<close> show "y4 \<^bsub>R1\<^esub>\<lessapprox> x3" by blast
+ qed
+qed
+
+
+subsubsection \<open>Preorders\<close>
+
+lemma preorder_on_in_field_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_l1: "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and R1_L2_R1_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+proof -
+ have "([in_field (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_field (\<le>\<^bsub>L2\<^esub>)) l1"
+ proof -
+ from \<open>((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> R1_L2_R1_le
+ have "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ by (intro mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le
+ in_dom_right1_left2_right1_le_if_right1_left2_right1_le)
+ auto
+ with mono_in_codom_l1 show ?thesis by (intro dep_mono_wrt_predI) blast
+ qed
+ with assms show ?thesis by (intro preorder_onI)
+ (auto intro: reflexive_on_in_field_leftI transitive_leftI)
+qed
+
+lemma preorder_on_in_field_leftI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and R1_L2_R1_le: "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ shows "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+proof -
+ have "([in_field (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_field (\<le>\<^bsub>L2\<^esub>)) l1"
+ proof -
+ from \<open>((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> R1_L2_R1_le
+ have "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ by (intro mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le
+ in_codom_right1_left2_right1_le_if_right1_left2_right1_le)
+ auto
+ with mono_in_dom_l1 show ?thesis by (intro dep_mono_wrt_predI) blast
+ qed
+ with assms show ?thesis by (intro preorder_onI)
+ (auto intro: reflexive_on_in_field_leftI transitive_leftI')
+qed
+
+
+subsubsection \<open>Symmetry\<close>
+
+lemma symmetric_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>R1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>L2\<^esub>)"
+ shows "symmetric (\<le>\<^bsub>L\<^esub>)"
+proof -
+ from assms have "(\<greaterapprox>\<^bsub>R1\<^esub>) = (\<^bsub>L1\<^esub>\<lessapprox>)" by (intro
+ t1.ge_Galois_right_eq_left_Galois_if_symmetric_if_in_codom_eq_in_dom_if_galois_prop)
+ moreover then have "(\<^bsub>R1\<^esub>\<lessapprox>) = (\<greaterapprox>\<^bsub>L1\<^esub>)"
+ by (subst rel_inv_eq_iff_eq[symmetric]) simp
+ ultimately show ?thesis using assms unfolding left_rel_eq_comp
+ by (subst symmetric_iff_rel_inv_eq_self) (simp add: rel_comp_assoc)
+qed
+
+lemma partial_equivalence_rel_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>R1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>))"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro partial_equivalence_relI transitive_leftI symmetric_leftI)
+ auto
+
+lemma partial_equivalence_rel_leftI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>L1\<^esub>) = in_dom (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>R1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ and "((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>))"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro partial_equivalence_relI transitive_leftI' symmetric_leftI)
+ auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Equivalence.thy b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Generic/Transport_Compositions_Generic_Order_Equivalence.thy
@@ -0,0 +1,331 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order Equivalence\<close>
+theory Transport_Compositions_Generic_Order_Equivalence
+ imports
+ Transport_Compositions_Generic_Monotone
+begin
+
+context transport_comp
+begin
+
+context
+begin
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1 .
+
+subsubsection \<open>Unit\<close>
+paragraph \<open>Inflationary\<close>
+
+lemma inflationary_on_in_dom_unitI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and inflationary_unit1: "inflationary_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and inflationary_counit1: "inflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and refl_R1: "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and inflationary_unit2: "inflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and in_codom_rel_comp_le: "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "inflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof (rule inflationary_onI)
+ fix x assume "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ show "x \<le>\<^bsub>L\<^esub> \<eta> x"
+ proof (rule left_relI)
+ from \<open>in_dom (\<le>\<^bsub>L\<^esub>) x\<close> \<open>((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> have "in_dom (\<le>\<^bsub>R1\<^esub>) (l1 x)" by blast
+ with refl_R1 have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" by blast
+ moreover from \<open>in_dom (\<le>\<^bsub>L\<^esub>) x\<close> have "in_dom (\<le>\<^bsub>L1\<^esub>) x" by blast
+ moreover note inflationary_unit1
+ ultimately show "x \<^bsub>L1\<^esub>\<lessapprox> l1 x" by (intro t1.left_GaloisI) auto
+ from \<open>in_dom (\<le>\<^bsub>L\<^esub>) x\<close> mono_in_dom_l1 have "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with inflationary_unit2 show "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)" by auto
+ show "r2 (l x) \<^bsub>R1\<^esub>\<lessapprox> \<eta> x"
+ proof (rule flip.t2.left_GaloisI)
+ from refl_L2 \<open>in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>L2\<^esub> l1 x" by blast
+ with in_codom_rel_comp_le \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close> \<open>l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)\<close>
+ have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ with \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> show "in_codom (\<le>\<^bsub>L1\<^esub>) (\<eta> x)"
+ by (auto intro: in_codom_if_rel_if_dep_mono_wrt_rel)
+ from \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))\<close> inflationary_counit1
+ show "r2 (l x) \<le>\<^bsub>R1\<^esub> l1 (\<eta> x)" by auto
+ qed
+ qed
+qed
+
+lemma inflationary_on_in_codom_unitI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and inflationary_unit1: "inflationary_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and inflationary_counit1: "inflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and refl_R1: "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and inflationary_unit2: "inflationary_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and refl_L2: "reflexive_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_l1: "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and in_codom_rel_comp_le: "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "inflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof (rule inflationary_onI)
+ fix x assume "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ show "x \<le>\<^bsub>L\<^esub> \<eta> x"
+ proof (rule left_relI)
+ from \<open>in_codom (\<le>\<^bsub>L\<^esub>) x\<close> have "in_codom (\<le>\<^bsub>L1\<^esub>) x" "in_codom (\<le>\<^bsub>R1\<^esub>) (l1 x)" by blast+
+ with inflationary_unit1 show "x \<^bsub>L1\<^esub>\<lessapprox> l1 x" by (intro t1.left_GaloisI) auto
+ from mono_in_codom_l1 \<open>in_codom (\<le>\<^bsub>L\<^esub>) x\<close> have "in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with inflationary_unit2 show "l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)" by auto
+ show "r2 (l x) \<^bsub>R1\<^esub>\<lessapprox> \<eta> x"
+ proof (rule flip.t2.left_GaloisI)
+ from refl_L2 \<open>in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>L2\<^esub> l1 x" by blast
+ moreover from refl_R1 \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" by blast
+ moreover note in_codom_rel_comp_le \<open>l1 x \<le>\<^bsub>L2\<^esub> r2 (l x)\<close>
+ ultimately have "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ with \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> show "in_codom (\<le>\<^bsub>L1\<^esub>) (\<eta> x)"
+ by (auto intro: in_codom_if_rel_if_dep_mono_wrt_rel)
+ from \<open>in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))\<close> inflationary_counit1
+ show "r2 (l x) \<le>\<^bsub>R1\<^esub> l1 (\<eta> x)" by auto
+ qed
+ qed
+qed
+
+corollary inflationary_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "inflationary_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "inflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "inflationary_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof -
+ from assms have "inflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ by (intro inflationary_on_in_dom_unitI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+ moreover from assms have "inflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ by (intro inflationary_on_in_codom_unitI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+ ultimately show ?thesis by (auto iff: in_field_iff_in_dom_or_in_codom)
+qed
+
+
+text \<open>Deflationary\<close>
+
+lemma deflationary_on_in_dom_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and in_dom_R1_le_in_codom_R1: "in_dom (\<le>\<^bsub>R1\<^esub>) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ and deflationary_L2: "deflationary_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and refl_L2: "reflexive_on (in_dom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_dom_l1: "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and in_dom_rel_comp_le: "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "deflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof (rule deflationary_onI)
+ fix x assume "in_dom (\<le>\<^bsub>L\<^esub>) x"
+ show "\<eta> x \<le>\<^bsub>L\<^esub> x"
+ proof (rule left_relI)
+ from refl_L1 \<open>in_dom (\<le>\<^bsub>L\<^esub>) x\<close> have "x \<le>\<^bsub>L1\<^esub> x" by blast
+ moreover with \<open>((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1\<close> have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" by blast
+ ultimately show "l1 x \<^bsub>R1\<^esub>\<lessapprox> x" by auto
+ from mono_in_dom_l1 \<open>in_dom (\<le>\<^bsub>L\<^esub>) x\<close> have "in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with deflationary_L2 show "r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x" by auto
+ show "\<eta> x \<^bsub>L1\<^esub>\<lessapprox> r2 (l x)"
+ proof (rule t1.left_GaloisI)
+ from refl_L2 \<open>in_dom (\<le>\<^bsub>L2\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>L2\<^esub> l1 x" by blast
+ with in_dom_rel_comp_le \<open>r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x\<close> \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>
+ have "in_dom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ with \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> have "in_dom (\<le>\<^bsub>L1\<^esub>) (\<eta> x)"
+ by (auto intro: in_dom_if_rel_if_dep_mono_wrt_rel)
+ with refl_L1 show "\<eta> x \<le>\<^bsub>L1\<^esub> r1 (r2 (l x))"
+ by (auto intro: in_field_if_in_codom)
+ from \<open>in_dom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))\<close> in_dom_R1_le_in_codom_R1
+ show "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ qed
+ qed
+qed
+
+lemma deflationary_on_in_codom_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and refl_L1: "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and in_dom_R1_le_in_codom_R1: "in_dom (\<le>\<^bsub>R1\<^esub>) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ and deflationary_L2: "deflationary_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and refl_L2: "reflexive_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and mono_in_codom_l1: "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and in_dom_rel_comp_le: "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "deflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof (rule deflationary_onI)
+ fix x assume "in_codom (\<le>\<^bsub>L\<^esub>) x"
+ show "\<eta> x \<le>\<^bsub>L\<^esub> x"
+ proof (rule left_relI)
+ from refl_L1 \<open>in_codom (\<le>\<^bsub>L\<^esub>) x\<close> have "x \<le>\<^bsub>L1\<^esub> x" by blast
+ moreover with \<open>((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1\<close> have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" by blast
+ ultimately show "l1 x \<^bsub>R1\<^esub>\<lessapprox> x" by auto
+ from mono_in_codom_l1 \<open>in_codom (\<le>\<^bsub>L\<^esub>) x\<close> have "in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)" by blast
+ with deflationary_L2 show "r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x" by auto
+ show "\<eta> x \<^bsub>L1\<^esub>\<lessapprox> r2 (l x)"
+ proof (rule t1.left_GaloisI)
+ from refl_L2 \<open>in_codom (\<le>\<^bsub>L2\<^esub>) (l1 x)\<close> have "l1 x \<le>\<^bsub>L2\<^esub> l1 x" by blast
+ with in_dom_rel_comp_le \<open>r2 (l x) \<le>\<^bsub>L2\<^esub> l1 x\<close> \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>
+ have "in_dom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ with in_dom_R1_le_in_codom_R1 show "in_codom (\<le>\<^bsub>R1\<^esub>) (r2 (l x))" by blast
+ with \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> have "in_codom (\<le>\<^bsub>L1\<^esub>) (\<eta> x)"
+ by (auto intro: in_codom_if_rel_if_dep_mono_wrt_rel)
+ with refl_L1 show "\<eta> x \<le>\<^bsub>L1\<^esub> r1 (r2 (l x))" by auto
+ qed
+ qed
+qed
+
+corollary deflationary_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "in_dom (\<le>\<^bsub>R1\<^esub>) \<le> in_codom (\<le>\<^bsub>R1\<^esub>)"
+ and "deflationary_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "deflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof -
+ from assms have "deflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ by (intro deflationary_on_in_dom_unitI)
+ (auto intro: deflationary_on_if_le_pred_if_deflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+ moreover from assms have "deflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ by (intro deflationary_on_in_codom_unitI)
+ (auto intro: deflationary_on_if_le_pred_if_deflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+ ultimately show ?thesis by (auto iff: in_field_iff_in_dom_or_in_codom)
+qed
+
+
+text \<open>Relational Equivalence\<close>
+
+corollary rel_equivalence_on_in_field_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "inflationary_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "inflationary_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom ((\<le>\<^bsub>R1\<^esub>))"
+ and "in_codom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_codom ((\<le>\<^bsub>R1\<^esub>))"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro rel_equivalence_onI
+ inflationary_on_in_field_unitI deflationary_on_in_field_unitI)
+ (auto simp only: in_codom_eq_in_dom_if_reflexive_on_in_field)
+
+
+subsubsection \<open>Counit\<close>
+
+text \<open>Corresponding lemmas for the counit can be obtained by flipping the
+interpretation of the locale, i.e.
+\<open>
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit \<equiv> \<epsilon>\<^sub>1" and "flip.t2.counit \<equiv> \<eta>\<^sub>1"
+ and "flip.t1.unit \<equiv> \<epsilon>\<^sub>2" and "flip.t1.counit \<equiv> \<eta>\<^sub>2"
+ and "flip.unit \<equiv> \<epsilon>" and "flip.counit \<equiv> \<eta>"
+ unfolding transport_comp.transport_defs
+ by (auto simp: order_functors.flip_counit_eq_unit)
+\<close>
+\<close>
+
+end
+
+
+subsubsection \<open>Order Equivalence\<close>
+
+interpretation flip : transport_comp R2 L2 r2 l2 R1 L1 r1 l1
+ rewrites "flip.t2.unit \<equiv> \<epsilon>\<^sub>1" and "flip.t2.counit \<equiv> \<eta>\<^sub>1"
+ and "flip.t1.unit \<equiv> \<epsilon>\<^sub>2" and "flip.t1.counit \<equiv> \<eta>\<^sub>2"
+ and "flip.counit \<equiv> \<eta>" and "flip.unit \<equiv> \<epsilon>"
+ by (simp_all only: order_functors.flip_counit_eq_unit)
+
+lemma order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "inflationary_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and rel_equiv_counit1: "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2" "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2"
+ and rel_equiv_unit2: "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "inflationary_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>) \<epsilon>\<^sub>2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and middle_compatible: "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+proof (rule order_equivalenceI)
+ show "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l" using rel_equiv_unit2 \<open>((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close>
+ \<open>((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2\<close> middle_compatible
+ by (intro mono_wrt_rel_leftI) auto
+ show "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r" using rel_equiv_counit1 \<open>((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2\<close>
+ \<open>((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1\<close> middle_compatible
+ by (intro flip.mono_wrt_rel_leftI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ in_field_if_in_codom)
+ from middle_compatible have in_dom_rel_comp_les:
+ "in_dom ((\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>)) \<le> in_dom (\<le>\<^bsub>L2\<^esub>)"
+ "in_dom ((\<le>\<^bsub>L2\<^esub>) \<circ>\<circ> (\<le>\<^bsub>R1\<^esub>) \<circ>\<circ> (\<le>\<^bsub>L2\<^esub>)) \<le> in_dom ((\<le>\<^bsub>R1\<^esub>))"
+ by (auto intro: in_dom_right1_left2_right1_le_if_right1_left2_right1_le
+ flip.in_dom_right1_left2_right1_le_if_right1_left2_right1_le)
+ moreover then have "([in_dom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>L2\<^esub>)) l1"
+ and "([in_codom (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>L2\<^esub>)) l1"
+ using \<open>((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> middle_compatible
+ by (auto intro: mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le
+ mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le)
+ ultimately show "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro rel_equivalence_on_in_field_unitI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ intro!: in_field_if_in_codom)
+ note in_dom_rel_comp_les
+ moreover then have "([in_dom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_dom (\<le>\<^bsub>R1\<^esub>)) r2"
+ and "([in_codom (\<le>\<^bsub>R\<^esub>)] \<Rrightarrow>\<^sub>m in_codom (\<le>\<^bsub>R1\<^esub>)) r2"
+ using \<open>((\<le>\<^bsub>R2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2\<^esub>)) r2 l2\<close> middle_compatible
+ by (auto intro!: flip.mono_in_dom_left_rel_left1_if_in_dom_rel_comp_le
+ flip.mono_in_codom_left_rel_left1_if_in_codom_rel_comp_le)
+ ultimately show "rel_equivalence_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ using assms by (intro flip.rel_equivalence_on_in_field_unitI)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ intro!: in_field_if_in_codom)
+qed
+
+corollary order_equivalence_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalenceI) (auto
+ elim!: t1.order_equivalenceE t2.order_equivalenceE rel_equivalence_onE
+ intro!: reflexive_on_in_field_if_transitive_if_rel_equivalence_on
+ t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ flip.t1.half_galois_prop_left_left_right_if_transitive_if_deflationary_on_if_mono_wrt_rel
+ intro: deflationary_on_if_le_pred_if_deflationary_on in_field_if_in_codom)
+
+corollary order_equivalence_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "reflexive_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>)"
+ and "middle_compatible_codom"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalenceI)
+ (auto elim!: t1.galois_equivalenceE t2.galois_equivalenceE
+ intro!: t1.inflationary_on_unit_if_reflexive_on_if_galois_equivalence
+ flip.t1.inflationary_on_unit_if_reflexive_on_if_galois_equivalence
+ t2.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ flip.t2.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Compositions/Transport_Compositions.thy b/thys/Transport/Transport/Compositions/Transport_Compositions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Compositions/Transport_Compositions.thy
@@ -0,0 +1,18 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport For Compositions\<close>
+theory Transport_Compositions
+ imports
+ Transport_Compositions_Agree
+ Transport_Compositions_Generic
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>We provide two ways to compose transportable components:
+a slightly intricate, generic one in @{locale "transport_comp"} and
+another straightforward but less general one in @{locale "transport_comp_agree"}.
+As a special case from the latter, we obtain @{locale "transport_comp_same"},
+which includes the cases most prominently covered in the literature.
+
+Refer to \<^cite>\<open>"transport"\<close> for more details.\<close>
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Prototype/Transport_Prototype.thy b/thys/Transport/Transport/Examples/Prototype/Transport_Prototype.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Prototype/Transport_Prototype.thy
@@ -0,0 +1,168 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport via Equivalences on PERs (Prototype)\<close>
+theory Transport_Prototype
+ imports
+ Transport_Rel_If
+ ML_Unification.ML_Unification_HOL_Setup
+ ML_Unification.Unify_Resolve_Tactics
+ keywords "trp_term" :: thy_goal_defn
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>We implement a simple Transport prototype. The prototype is restricted
+to work with equivalences on partial equivalence relations.
+It is also not forming the compositions of equivalences so far.
+The support for dependent function relators is restricted to the form
+described in
+@{thm transport_Dep_Fun_Rel_no_dep_fun.partial_equivalence_rel_equivalenceI}:
+The relations can be dependent, but the functions must be simple.
+This is not production ready, but a proof of concept.
+
+The package provides a command @{command trp_term}, which sets up the
+required goals to prove a given term. See the examples in this directory for
+some use cases and refer to \<^cite>\<open>"transport"\<close> for more details.\<close>
+
+paragraph \<open>Theorem Setups\<close>
+
+context transport
+begin
+
+lemma left_Galois_left_if_left_rel_if_partial_equivalence_rel_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> l x"
+ using assms by (intro left_Galois_left_if_left_rel_if_inflationary_on_in_fieldI)
+ (blast elim: preorder_equivalence_order_equivalenceE)+
+
+definition "transport_per x y \<equiv> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r \<and> x \<^bsub>L\<^esub>\<lessapprox> y"
+
+text \<open>The choice of @{term "x'"} is arbitrary. All we need is @{term "in_dom (\<le>\<^bsub>L\<^esub>) x"}.\<close>
+lemma transport_per_start:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "x \<le>\<^bsub>L\<^esub> x'"
+ shows "transport_per x (l x)"
+ using assms unfolding transport_per_def
+ by (blast intro: left_Galois_left_if_left_rel_if_partial_equivalence_rel_equivalence)
+
+lemma left_Galois_if_transport_per:
+ assumes "transport_per x y"
+ shows "x \<^bsub>L\<^esub>\<lessapprox> y"
+ using assms unfolding transport_per_def by blast
+
+end
+
+context transport_Fun_Rel
+begin
+
+text \<open>Simplification of Galois relator for simple function relator.\<close>
+
+corollary left_Galois_eq_Fun_Rel_left_Galois:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))"
+proof (intro ext)
+ fix f g
+ show "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ proof
+ assume "f \<^bsub>L\<^esub>\<lessapprox> g"
+ moreover have "g \<le>\<^bsub>R\<^esub> g"
+ proof -
+ from assms have per: "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ by (intro partial_equivalence_rel_equivalenceI) auto
+ with \<open>f \<^bsub>L\<^esub>\<lessapprox> g\<close> show ?thesis by blast
+ qed
+ ultimately show "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g" using assms
+ by (intro Fun_Rel_left_Galois_if_left_GaloisI)
+ (auto elim!: tdfrs.t1.partial_equivalence_rel_equivalenceE
+ tdfrs.t1.preorder_equivalence_galois_equivalenceE
+ tdfrs.t1.galois_equivalenceE
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+ next
+ assume "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ with assms have "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> f g"
+ by (subst Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_GaloisI) blast+
+ with assms show "f \<^bsub>L\<^esub>\<lessapprox> g"
+ by (intro left_Galois_if_Fun_Rel_left_GaloisI) blast+
+ qed
+qed
+
+end
+
+lemmas related_Fun_Rel_combI = Dep_Fun_Rel_relD[where ?S="\<lambda>_ _. S" for S, rotated]
+lemma related_Fun_Rel_lambdaI:
+ assumes "\<And>x y. R x y \<Longrightarrow> S (f x) (g y)"
+ and "T = (R \<Rrightarrow> S)"
+ shows "T f g"
+ using assms by blast
+
+
+paragraph \<open>General ML setups\<close>
+ML_file\<open>transport_util.ML\<close>
+
+paragraph \<open>Unification Setup\<close>
+
+ML\<open>
+ @{functor_instance struct_name = Transport_Unification_Combine
+ and functor_name = Unification_Combine
+ and id = Transport_Util.transport_id}
+\<close>
+local_setup \<open>Transport_Unification_Combine.setup_attribute NONE\<close>
+ML\<open>
+ @{functor_instance struct_name = Transport_Mixed_Unification
+ and functor_name = Mixed_Unification
+ and id = Transport_Util.transport_id
+ and more_args = \<open>structure UC = Transport_Unification_Combine\<close>}
+\<close>
+
+ML\<open>
+ @{functor_instance struct_name = Transport_Unification_Hints
+ and functor_name = Term_Index_Unification_Hints
+ and id = Transport_Util.transport_id
+ and more_args = \<open>
+ structure TI = Discrimination_Tree
+ val init_args = {
+ concl_unifier = SOME Higher_Order_Pattern_Unification.unify,
+ normalisers = SOME Transport_Mixed_Unification.norms_first_higherp_first_comb_higher_unify,
+ prems_unifier = SOME (Transport_Mixed_Unification.first_higherp_first_comb_higher_unify
+ |> Unification_Combinator.norm_unifier Envir_Normalisation.beta_norm_term_unif),
+ retrieval = SOME (Term_Index_Unification_Hints_Args.mk_sym_retrieval
+ TI.norm_term TI.unifiables),
+ hint_preprocessor = SOME (K I)
+ }\<close>}
+\<close>
+local_setup \<open>Transport_Unification_Hints.setup_attribute NONE\<close>
+declare [[trp_uhint where hint_preprocessor = \<open>Unification_Hints_Base.obj_logic_hint_preprocessor
+ @{thm atomize_eq[symmetric]} (Conv.rewr_conv @{thm eq_eq_True})\<close>]]
+declare [[trp_ucombine add = \<open>Transport_Unification_Combine.eunif_data
+ (Transport_Unification_Hints.try_hints
+ |> Unification_Combinator.norm_unifier
+ (#norm_term Transport_Mixed_Unification.norms_first_higherp_first_comb_higher_unify)
+ |> K)
+ (Transport_Unification_Combine.default_metadata Transport_Unification_Hints.binding)\<close>]]
+
+paragraph \<open>Prototype\<close>
+ML_file\<open>transport.ML\<close>
+
+declare
+ transport_Dep_Fun_Rel.transport_defs[trp_def]
+ transport_Fun_Rel.transport_defs[trp_def]
+
+declare
+ (*dependent case currently disabled by default since they easily make the
+ unifier enumerate many undesired instantiations*)
+ (* transport_Dep_Fun_Rel.partial_equivalence_rel_equivalenceI[per_intro] *)
+ (* transport.rel_if_partial_equivalence_rel_equivalence_if_iff_if_partial_equivalence_rel_equivalenceI[rotated, per_intro]
+ transport_Dep_Fun_Rel_no_dep_fun.partial_equivalence_rel_equivalenceI
+ [ML_Krattr \<open>Conversion_Util.move_prems_to_front_conv [1] |> Conversion_Util.thm_conv\<close>,
+ ML_Krattr \<open>Conversion_Util.move_prems_to_front_conv [2,3] |> Conversion_Util.thm_conv\<close>,
+ per_intro] *)
+ transport_Fun_Rel.partial_equivalence_rel_equivalenceI[rotated, per_intro]
+ transport_eq_id.partial_equivalence_rel_equivalenceI[per_intro]
+ transport_eq_restrict_id.partial_equivalence_rel_equivalence[per_intro]
+
+declare
+ transport_id.left_Galois_eq_left[trp_relator_rewrite]
+ transport_Fun_Rel.left_Galois_eq_Fun_Rel_left_Galois[trp_relator_rewrite]
+
+
+end
diff --git a/thys/Transport/Transport/Examples/Prototype/Transport_Rel_If.thy b/thys/Transport/Transport/Examples/Prototype/Transport_Rel_If.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Prototype/Transport_Rel_If.thy
@@ -0,0 +1,218 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport for Dependent Function Relator with Non-Dependent Functions\<close>
+theory Transport_Rel_If
+ imports
+ Transport
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>We introduce a special case of @{locale transport_Dep_Fun_Rel}.
+The derived theorem is easier to apply and supported by the current prototype.\<close>
+
+context
+ fixes P :: "'a \<Rightarrow> bool" and R :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+begin
+
+lemma reflexive_on_rel_if_if_reflexive_onI [intro]:
+ assumes "B \<Longrightarrow> reflexive_on P R"
+ shows "reflexive_on P (rel_if B R)"
+ using assms by (intro reflexive_onI) blast
+
+lemma transitive_on_rel_if_if_transitive_onI [intro]:
+ assumes "B \<Longrightarrow> transitive_on P R"
+ shows "transitive_on P (rel_if B R)"
+ using assms by (intro transitive_onI) (blast dest: transitive_onD)
+
+lemma preorder_on_rel_if_if_preorder_onI [intro]:
+ assumes "B \<Longrightarrow> preorder_on P R"
+ shows "preorder_on P (rel_if B R)"
+ using assms by (intro preorder_onI) auto
+
+lemma symmetric_on_rel_if_if_symmetric_onI [intro]:
+ assumes "B \<Longrightarrow> symmetric_on P R"
+ shows "symmetric_on P (rel_if B R)"
+ using assms by (intro symmetric_onI) (blast dest: symmetric_onD)
+
+lemma partial_equivalence_rel_on_rel_if_if_partial_equivalence_rel_onI [intro]:
+ assumes "B \<Longrightarrow> partial_equivalence_rel_on P R"
+ shows "partial_equivalence_rel_on P (rel_if B R)"
+ using assms by (intro partial_equivalence_rel_onI)
+ auto
+
+lemma rel_if_dep_mono_wrt_rel_if_iff_if_dep_mono_wrt_relI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ([x y \<Colon> R] \<Rrightarrow>\<^sub>m S x y) f"
+ and "B \<longleftrightarrow> B'"
+ shows "([x y \<Colon> (rel_if B R)] \<Rrightarrow>\<^sub>m (rel_if B' (S x y))) f"
+ using assms by (intro dep_mono_wrt_relI) auto
+
+end
+
+corollary reflexive_rel_if_if_reflexiveI [intro]:
+ assumes "B \<Longrightarrow> reflexive R"
+ shows "reflexive (rel_if B R)"
+ using assms unfolding reflexive_eq_reflexive_on by blast
+
+corollary transitive_rel_if_if_transitiveI [intro]:
+ assumes "B \<Longrightarrow> transitive R"
+ shows "transitive (rel_if B R)"
+ using assms unfolding transitive_eq_transitive_on by blast
+
+corollary preorder_rel_if_if_preorderI [intro]:
+ assumes "B \<Longrightarrow> preorder R"
+ shows "preorder (rel_if B R)"
+ using assms unfolding preorder_eq_preorder_on by blast
+
+corollary symmetric_rel_if_if_symmetricI [intro]:
+ assumes "B \<Longrightarrow> symmetric R"
+ shows "symmetric (rel_if B R)"
+ using assms unfolding symmetric_eq_symmetric_on by blast
+
+corollary partial_equivalence_rel_rel_if_if_partial_equivalence_relI [intro]:
+ assumes "B \<Longrightarrow> partial_equivalence_rel R"
+ shows "partial_equivalence_rel (rel_if B R)"
+ using assms unfolding partial_equivalence_rel_eq_partial_equivalence_rel_on
+ by blast
+
+context galois_prop
+begin
+
+interpretation rel_if : galois_prop "rel_if B (\<le>\<^bsub>L\<^esub>)" "rel_if B' (\<le>\<^bsub>R\<^esub>)" l r .
+interpretation flip_inv : galois_prop "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l .
+
+lemma rel_if_half_galois_prop_left_if_iff_if_half_galois_prop_leftI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<^sub>h\<unlhd> (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.half_galois_prop_leftI) auto
+
+lemma rel_if_half_galois_prop_right_if_iff_if_half_galois_prop_rightI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<unlhd>\<^sub>h (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.half_galois_prop_rightI) fastforce
+
+lemma rel_if_galois_prop_if_iff_if_galois_propI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<unlhd> (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.galois_propI
+ rel_if_half_galois_prop_left_if_iff_if_half_galois_prop_leftI
+ rel_if_half_galois_prop_right_if_iff_if_half_galois_prop_rightI)
+ auto
+
+end
+
+context galois
+begin
+
+interpretation rel_if : galois "rel_if B (\<le>\<^bsub>L\<^esub>)" "rel_if B' (\<le>\<^bsub>R\<^esub>)" l r .
+
+lemma rel_if_galois_connection_if_iff_if_galois_connectionI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<stileturn> (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.galois_connectionI
+ rel_if_dep_mono_wrt_rel_if_iff_if_dep_mono_wrt_relI
+ rel_if_galois_prop_if_iff_if_galois_propI)
+ auto
+
+lemma rel_if_galois_equivalence_if_iff_if_galois_equivalenceI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<equiv>\<^sub>G (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.galois_equivalenceI
+ rel_if_galois_connection_if_iff_if_galois_connectionI
+ galois_prop.rel_if_galois_prop_if_iff_if_galois_propI)
+ (auto elim: galois.galois_connectionE)
+
+end
+
+context transport
+begin
+
+interpretation rel_if : transport "rel_if B (\<le>\<^bsub>L\<^esub>)" "rel_if B' (\<le>\<^bsub>R\<^esub>)" l r .
+
+lemma rel_if_preorder_equivalence_if_iff_if_preorder_equivalenceI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<equiv>\<^bsub>pre\<^esub> (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro rel_if.preorder_equivalence_if_galois_equivalenceI
+ rel_if_galois_equivalence_if_iff_if_galois_equivalenceI
+ preorder_on_rel_if_if_preorder_onI)
+ blast+
+
+lemma rel_if_partial_equivalence_rel_equivalence_if_iff_if_partial_equivalence_rel_equivalenceI:
+ assumes "B \<Longrightarrow> B' \<Longrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "B \<longleftrightarrow> B'"
+ shows "((rel_if B (\<le>\<^bsub>L\<^esub>)) \<equiv>\<^bsub>PER\<^esub> (rel_if B' (\<le>\<^bsub>R\<^esub>))) l r"
+ using assms by (intro
+ rel_if.partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ rel_if_galois_equivalence_if_iff_if_galois_equivalenceI)
+ blast+
+
+end
+
+locale transport_Dep_Fun_Rel_no_dep_fun =
+ transport_Dep_Fun_Rel_syntax L1 R1 l1 r1 L2 R2 "\<lambda>_ _. l2" "\<lambda>_ _. r2" +
+ tdfr : transport_Dep_Fun_Rel L1 R1 l1 r1 L2 R2 "\<lambda>_ _. l2" "\<lambda>_ _. r2"
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'b1 \<Rightarrow> 'b2"
+ and r2 :: "'b2 \<Rightarrow> 'b1"
+begin
+
+notation t2.unit ("\<eta>\<^sub>2")
+notation t2.counit ("\<epsilon>\<^sub>2")
+
+abbreviation "L \<equiv> tdfr.L"
+abbreviation "R \<equiv> tdfr.R"
+
+abbreviation "l \<equiv> tdfr.l"
+abbreviation "r \<equiv> tdfr.r"
+
+notation tdfr.L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation tdfr.R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+notation tdfr.ge_left (infix "\<ge>\<^bsub>L\<^esub>" 50)
+notation tdfr.ge_right (infix "\<ge>\<^bsub>R\<^esub>" 50)
+
+notation tdfr.unit ("\<eta>")
+notation tdfr.counit ("\<epsilon>")
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes per_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and per_equiv2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) l2 r2"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ have per2I: "((\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2 r2"
+ if hyps: "x1 \<le>\<^bsub>L1\<^esub> x2" "x2 \<^bsub>L1\<^esub>\<lessapprox> x1'" "x1' \<le>\<^bsub>R1\<^esub> x2'" for x1 x2 x1' x2'
+ proof -
+ from hyps have "x1 \<^bsub>L1\<^esub>\<lessapprox> x2'"
+ using per_equiv1 t1.left_Galois_if_left_Galois_if_left_relI
+ t1.left_Galois_if_right_rel_if_left_GaloisI
+ by fast
+ with per_equiv2 show ?thesis by blast
+ qed
+ have "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) (\<lambda>_ _. l2)"
+ by (intro dep_mono_wrt_relI Dep_Fun_Rel_relI Dep_Fun_Rel_predI rel_if_if_impI)
+ (auto 8 0 dest!: per2I)
+ moreover have
+ "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) (\<lambda>_ _. r2)"
+ by (intro dep_mono_wrt_relI Dep_Fun_Rel_relI Dep_Fun_Rel_predI rel_if_if_impI)
+ (auto 8 0 dest!: per2I)
+ ultimately show ?thesis
+ using assms by (intro tdfr.partial_equivalence_rel_equivalenceI) auto
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Prototype/transport.ML b/thys/Transport/Transport/Examples/Prototype/transport.ML
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Prototype/transport.ML
@@ -0,0 +1,409 @@
+(* Title: Transport/transport.ML
+ Author: Kevin Kappelmann, Paul Bachmann
+
+Prototype for Transport. See README.md for future work.
+*)
+
+(*TODO: signature*)
+
+structure Transport =
+struct
+
+structure Util = Transport_Util
+
+(*definitions used by Transport that need to be folded before a PER proof and unfolded after
+success.*)
+structure Transport_Defs = Named_Thms(
+ val name = @{binding "trp_def"}
+ val description = "Definitions used by Transport"
+)
+val _ = Theory.setup Transport_Defs.setup
+
+(* simplifying definitions *)
+
+val simp_rhs = Simplifier.rewrite #> Conversion_Util.rhs_conv #> Conversion_Util.thm_conv
+
+(*simplifies the generated definition of a transported term*)
+fun simp_transported_def ctxt simps y_def =
+ let
+ val ctxt = ctxt addsimps simps
+ val y_def_eta_expanded = Util.equality_eta_expand ctxt "x" y_def
+ in apply2 (simp_rhs ctxt) (y_def, y_def_eta_expanded) end
+
+(* resolution setup *)
+
+val any_unify_trp_hints_resolve_tac = Unify_Resolve_Base.unify_resolve_any_tac
+ Transport_Mixed_Unification.norms_first_higherp_first_comb_higher_unify
+ Transport_Mixed_Unification.first_higherp_first_comb_higher_unify
+
+fun get_theorems_tac f get_theorems ctxt = f (get_theorems ctxt) ctxt
+val get_theorems_resolve_tac = get_theorems_tac any_unify_trp_hints_resolve_tac
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_hints_resolve}
+ (Attrib.thms >> (SIMPLE_METHOD' oo any_unify_trp_hints_resolve_tac))
+ "Resolution with unification hints for Transport"
+ )
+
+(* PER equivalence prover *)
+
+(*introduction rules*)
+structure PER_Intros = Named_Thms(
+ val name = @{binding "per_intro"}
+ val description = "Introduction rules for per_prover"
+)
+val _ = Theory.setup PER_Intros.setup
+
+fun per_prover_tac ctxt = REPEAT_ALL_NEW (get_theorems_resolve_tac PER_Intros.get ctxt)
+
+val _ = Theory.setup (
+ Method.setup @{binding per_prover}
+ (Scan.succeed (SIMPLE_METHOD' o per_prover_tac))
+ "PER prover for Transport"
+ )
+
+(* domain prover *)
+
+structure Transport_in_dom = Named_Thms(
+ val name = @{binding "trp_in_dom"}
+ val description = "In domain theorems for Transport"
+)
+val _ = Theory.setup Transport_in_dom.setup
+
+(*discharges the @{term "L x x'"} goals by registered lemmas*)
+fun transport_in_dom_prover_tac ctxt = get_theorems_resolve_tac Transport_in_dom.get ctxt
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_in_dom_prover}
+ (Scan.succeed (SIMPLE_METHOD' o transport_in_dom_prover_tac))
+ "in_dom prover for Transport"
+ )
+
+
+(* blackbox prover *)
+
+(*first derives the PER equivalence, then looks for registered domain lemmas.*)
+fun unfold_tac thms ctxt = simp_tac (clear_simpset ctxt addsimps thms)
+val unfold_transport_defs_tac = get_theorems_tac unfold_tac Transport_Defs.get
+
+fun transport_prover ctxt i =
+ per_prover_tac ctxt i
+ THEN TRY (SOMEGOAL
+ (TRY o unfold_transport_defs_tac ctxt
+ THEN' transport_in_dom_prover_tac ctxt)
+ )
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_prover}
+ (Scan.succeed (SIMPLE_METHOD' o transport_prover))
+ "Blackbox prover for Transport"
+ )
+
+(* whitebox prover intro rules *)
+
+structure Transport_Related_Intros = Named_Thms(
+ val name = @{binding "trp_related_intro"}
+ val description = "Introduction rules for Transport whitebox proofs"
+)
+val _ = Theory.setup Transport_Related_Intros.setup
+
+
+(* relator rewriter *)
+
+(*rewrite rules to simplify the derived Galois relator*)
+structure Transport_Relator_Rewrites = Named_Thms(
+ val name = @{binding "trp_relator_rewrite"}
+ val description = "Rewrite rules for relators used by Transport"
+)
+val _ = Theory.setup Transport_Relator_Rewrites.setup
+
+(*simple rewrite tactic for Galois relators*)
+fun per_simp_prover ctxt thm =
+ let
+ val prems = Thm.cprems_of thm
+ val per_prover_tac = per_prover_tac ctxt
+ fun prove_prem prem = Goal.prove_internal ctxt [] prem (fn _ => HEADGOAL per_prover_tac)
+ in try (map prove_prem) prems |> Option.map (curry (op OF) thm) end
+fun transport_relator_rewrite ctxt thm =
+ let
+ val transport_defs = Transport_Defs.get ctxt
+ val transport_relator_rewrites = Transport_Relator_Rewrites.get ctxt
+ val ctxt = (clear_simpset ctxt) addsimps transport_relator_rewrites
+ in
+ Local_Defs.fold ctxt transport_defs thm
+ |> Raw_Simplifier.rewrite_thm (false, false, false) per_simp_prover ctxt
+ end
+fun transport_relator_rewrite_tac ctxt =
+ EqSubst.eqsubst_tac ctxt [0] (Transport_Relator_Rewrites.get ctxt)
+ THEN_ALL_NEW TRY o SOLVED' (per_prover_tac ctxt)
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_relator_rewrite}
+ (Scan.succeed (SIMPLE_METHOD' o transport_relator_rewrite_tac))
+ "Rewrite Transport relator"
+ )
+
+
+(* term transport command *)
+
+(*parsing*)
+@{parse_entries (struct) PA [L, R, x, y]}
+val parse_cmd_entries =
+ let
+ val parse_value = PA.parse_entry Parse.term Parse.term Parse.term Parse.term
+ val parse_entry = Parse_Key_Value.parse_entry PA.parse_key Parse_Util.eq parse_value
+ in PA.parse_entries_required Parse.and_list1 [PA.key PA.x] parse_entry (PA.empty_entries ()) end
+
+(*some utilities to destruct terms*)
+val transport_per_start_thm = @{thm "transport.transport_per_start"}
+val related_if_transport_per_thm = @{thm "transport.left_Galois_if_transport_per"}
+fun dest_transport_per \<^Const_>\<open>transport.transport_per S T for L R l r x y\<close> =
+ ((S, T), (L, R, l, r, x, y))
+val dest_transport_per_y = dest_transport_per #> (fn (_, (_, _, _, _, _, y)) => y)
+
+fun mk_hom_Galois Ta Tb L R r x y =
+ \<^Const>\<open>galois_rel.Galois Ta Ta Tb Tb for L R r x y\<close>
+fun dest_hom_Galois \<^Const_>\<open>galois_rel.Galois Ta _ Tb _ for L R r x y\<close> =
+ ((Ta, Tb), (L, R, r, x, y))
+val dest_hom_Galois_y = dest_hom_Galois #> (fn (_, (_, _, _, _, y)) => y)
+
+(*bindings for generated theorems and definitions*)
+val binding_transport_per = \<^binding>\<open>transport_per\<close>
+val binding_per = \<^binding>\<open>per\<close>
+val binding_in_dom = \<^binding>\<open>in_dom\<close>
+val binding_related = \<^binding>\<open>related\<close>
+val binding_related_rewritten = \<^binding>\<open>related'\<close>
+val binding_def_simplified = \<^binding>\<open>eq\<close>
+val binding_def_eta_expanded_simplified = \<^binding>\<open>app_eq\<close>
+
+fun note_facts (binding, mixfix) ctxt related_thm y binding_thms_attribs =
+ let
+ val ((_, (_, y_def)), ctxt) = Util.create_local_theory_def (binding, mixfix) [] y ctxt
+ (*create simplified definition theorems*)
+ val transport_defs = Transport_Defs.get ctxt
+ val (y_def_simplified, y_def_eta_expanded_simplified) =
+ simp_transported_def ctxt transport_defs y_def
+ (*create relatedness theorems*)
+ val related_thm_rewritten = transport_relator_rewrite ctxt related_thm
+ fun prepare_fact (suffix, thm, attribs) =
+ let
+ val binding = (Util.add_suffix binding suffix, [])
+ val ctxt = (clear_simpset ctxt) addsimps transport_defs
+ val folded_thm =
+ (*fold definition of transported term*)
+ Local_Defs.fold ctxt [y_def] thm
+ (*simplify other transport definitions in theorem*)
+ |> (Simplifier.rewrite ctxt |> Conversion_Util.thm_conv)
+ val thm_attribs = ([folded_thm], attribs)
+ in (binding, [thm_attribs]) end
+ val facts = map prepare_fact ([
+ (binding_related, related_thm, []),
+ (binding_related_rewritten, related_thm_rewritten,
+ [Util.attrib_to_src (Binding.pos_of binding) Transport_Related_Intros.add]),
+ (binding_def_simplified, y_def_simplified, []),
+ (binding_def_eta_expanded_simplified, y_def_eta_expanded_simplified, [])
+ ] @ binding_thms_attribs)
+ in Local_Theory.notes facts ctxt |> snd end
+
+(*black-box transport as described in the Transport paper*)
+fun after_qed_blackbox (binding, mixfix) [thms as [per_thm, in_dom_thm]] ctxt =
+ let
+ val transport_per_thm = List.foldl (op INCR_COMP) transport_per_start_thm thms
+ (*fix possibly occurring meta type variables*)
+ val ((_, [transport_per_thm]), ctxt) = Variable.importT [transport_per_thm] ctxt
+ val y = Util.real_thm_concl transport_per_thm |> dest_transport_per_y
+
+ val related_thm = transport_per_thm INCR_COMP related_if_transport_per_thm
+ val binding_thms = [
+ (binding_transport_per, transport_per_thm, []),
+ (binding_per, per_thm, []),
+ (binding_in_dom, in_dom_thm,
+ [Util.attrib_to_src (Binding.pos_of binding) Transport_in_dom.add])
+ ]
+ in note_facts (binding, mixfix) ctxt related_thm y binding_thms end
+
+(*experimental white-box transport support*)
+fun after_qed_whitebox (binding, mixfix) [[related_thm]] ctxt =
+ let
+ (*fix possibly occurring meta type variables*)
+ val ((_, [related_thm]), ctxt) = Variable.importT [related_thm] ctxt
+ val y = Util.real_thm_concl related_thm |> dest_hom_Galois_y
+ in note_facts (binding, mixfix) ctxt related_thm y [] end
+
+fun setup_goals_blackbox ctxt (L, R, cx) maxidx =
+ let
+ (*check*)
+ val [cL, cR] = Syntax.check_terms ctxt [L, R] |> map (Thm.cterm_of ctxt)
+ (*instantiate theorem*)
+ val transport_per_start_thm = Thm.incr_indexes (maxidx + 1) transport_per_start_thm
+ val args = [SOME cL, SOME cR, NONE, NONE, SOME cx]
+ val transport_per_start_thm = Drule.infer_instantiate' ctxt args transport_per_start_thm
+ val transport_defs = Transport_Defs.get ctxt
+ val goals = Local_Defs.fold ctxt transport_defs transport_per_start_thm
+ |> Thm.prems_of
+ |> map (rpair [])
+ in goals end
+
+fun setup_goals_whitebox ctxt (yT, L, R, cx, y) maxidx =
+ let
+ val (r, _) = Term_Util.fresh_var "r" dummyT maxidx
+ (*check*)
+ val Galois = mk_hom_Galois (Thm.typ_of_cterm cx) yT L R r (Thm.term_of cx) y
+ |> Syntax.check_term ctxt
+ val goal = Util.mk_judgement Galois |> rpair []
+ in [goal] end
+
+fun setup_proof ((((binding, opt_yT, mixfix), params), unfolds), whitebox) lthy =
+ let
+ val ctxt = Util.set_proof_mode_schematic lthy
+ (*type of transported term*)
+ val yT = Option.map (Syntax.read_typ ctxt) opt_yT |> the_default dummyT
+ (*theorems to unfold*)
+ val unfolds = map (Proof_Context.get_fact ctxt o fst) unfolds |> flat
+ (*term to transport*)
+ val cx =
+ (**read term**)
+ Syntax.read_term ctxt (PA.get_x params) |> Thm.cterm_of ctxt
+ (**unfold passed theorems**)
+ |> Drule.cterm_rule (Local_Defs.unfold ctxt unfolds)
+ (*transport relations and transport term goal*)
+ val ([L, R, y], maxidx) =
+ let
+ (**configuration**)
+ val opts = [PA.get_L_safe params, PA.get_R_safe params, PA.get_y_safe params]
+ val opts_default_names = ["L", "R", "y"]
+ val opts_constraints =
+ [Util.mk_hom_rel_type (Thm.typ_of_cterm cx), Util.mk_hom_rel_type yT, yT]
+ |> map Type.constraint
+ (**parse**)
+ val opts = map (Syntax.parse_term ctxt |> Option.map) opts
+ val params_maxidx = Util.list_max (the_default ~1 o Option.map Term.maxidx_of_term)
+ (Thm.maxidx_of_cterm cx) opts
+ fun create_var (NONE, n) maxidx =
+ Term_Util.fresh_var n dummyT params_maxidx ||> Integer.max maxidx
+ | create_var (SOME t, _) created = (t, created)
+ val (ts, maxidx) =
+ fold_map create_var (opts ~~ opts_default_names) params_maxidx
+ |>> map2 I opts_constraints
+ in (ts, maxidx) end
+ (*initialise goals and callback*)
+ val (goals, after_qed) = if whitebox
+ then (setup_goals_whitebox ctxt (yT, L, R, cx, y) maxidx, after_qed_whitebox)
+ (*TODO: consider y in blackbox proofs*)
+ else (setup_goals_blackbox ctxt (L, R, cx) maxidx, after_qed_blackbox)
+ in
+ Proof.theorem NONE (after_qed (binding, mixfix)) [goals] ctxt
+ |> Proof.refine_singleton Util.split_conjunctions
+ end
+
+val parse_strings =
+ (*binding for transported term*)
+ Parse_Spec.constdecl
+ (*other params*)
+ -- parse_cmd_entries
+ (*optionally pass unfold theorems in case of white-box transports*)
+ -- Scan.optional (Parse.reserved "unfold" |-- Parse.thms1) []
+ (*use a bang "!" to start white-box transport mode (experimental)*)
+ -- Parse.opt_bang
+
+val _ =
+ Outer_Syntax.local_theory_to_proof \<^command_keyword>\<open>trp_term\<close>
+ "Transport term" (parse_strings >> setup_proof)
+
+
+(* experimental white-box prover *)
+
+val any_match_resolve_related_tac =
+ let fun unif binders = Higher_Ordern_Pattern_First_Decomp_Unification.e_match
+ Unification_Util.match_types unif Unification_Combinator.fail_unify binders
+ in
+ Unify_Resolve_Base.unify_resolve_any_tac
+ Higher_Ordern_Pattern_First_Decomp_Unification.norms_match unif
+ end
+
+val related_comb_tac = any_match_resolve_related_tac @{thms related_Fun_Rel_combI}
+val related_lambda_tac = any_match_resolve_related_tac @{thms related_Fun_Rel_lambdaI}
+val related_tac = any_unify_trp_hints_resolve_tac
+val related_assume_tac = assume_tac
+
+fun mk_transport_related_tac cc_comb cc_lambda ctxt =
+ let
+ val transport_related_intros = Transport_Related_Intros.get ctxt
+ val related_tac = related_tac transport_related_intros ctxt
+ val comb_tac = related_comb_tac ctxt
+ val lambda_tac = related_lambda_tac ctxt
+ val assume_tac = related_assume_tac ctxt
+ in
+ Tactic_Util.CONCAT' [
+ related_tac,
+ cc_comb comb_tac,
+ cc_lambda lambda_tac,
+ assume_tac
+ ]
+ end
+val transport_related_step_tac =
+ let fun cc_comb tac i = tac i
+ THEN prefer_tac i
+ THEN prefer_tac (i + 1)
+ in mk_transport_related_tac cc_comb I end
+fun transport_related_tac ctxt =
+ let
+ fun transport_related_tac cc =
+ let
+ fun cc_comb tac = tac THEN_ALL_NEW TRY o cc
+ fun cc_lambda tac = tac THEN' TRY o cc
+ in mk_transport_related_tac cc_comb cc_lambda ctxt end
+ fun fix tac i thm = tac (fix tac) i thm
+ in fix transport_related_tac end
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_related_prover}
+ (Scan.succeed (SIMPLE_METHOD' o transport_related_tac))
+ "Relatedness prover for Transport"
+ )
+
+fun instantiate_tac name ct ctxt =
+ PRIMITIVE (Drule.infer_instantiate_types ctxt [((name, Thm.typ_of_cterm ct), ct)])
+ |> CHANGED
+
+val map_dummyT = Term.map_types (K dummyT)
+
+fun mk_term_skeleton maxidx t =
+ let
+ val consts = Term.add_consts t []
+ val (vars, _) = fold_map (uncurry Term_Util.fresh_var o apfst Long_Name.base_name) consts maxidx
+ val t' = Term.subst_atomic (map2 (pair o Const) consts vars) t
+ in t' end
+
+fun instantiate_skeleton_tac ctxt =
+ let fun tac ct =
+ let
+ val (x, y) = Transport_Util.cdest_judgement ct |> Thm.dest_binop
+ val default_sort = Proof_Context.default_sort ctxt
+ val skeleton =
+ mk_term_skeleton (Thm.maxidx_of_cterm ct) (Thm.term_of x)
+ |> map_dummyT
+ |> Type.constraint (Thm.typ_of_cterm y)
+ |> Syntax.check_term (Util.set_proof_mode_pattern ctxt)
+ (*add sort constraints for type variables*)
+ |> Term.map_types (Term.map_atyps (map_type_tvar (fn (n, _) => TVar (n, default_sort n))))
+ |> Thm.cterm_of ctxt
+ in instantiate_tac (Thm.term_of y |> dest_Var |> fst) skeleton ctxt end
+ in Tactic_Util.CSUBGOAL_DATA I (K o tac) end
+
+fun transport_whitebox_tac ctxt =
+ instantiate_skeleton_tac ctxt
+ THEN' transport_related_tac ctxt
+ THEN_ALL_NEW (
+ TRY o REPEAT1 o transport_relator_rewrite_tac ctxt
+ THEN' TRY o any_unify_trp_hints_resolve_tac @{thms refl} ctxt
+ )
+
+val _ = Theory.setup (
+ Method.setup @{binding trp_whitebox_prover}
+ (Scan.succeed (SIMPLE_METHOD' o transport_whitebox_tac))
+ "Whitebox prover for Transport"
+ )
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Prototype/transport_util.ML b/thys/Transport/Transport/Examples/Prototype/transport_util.ML
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Prototype/transport_util.ML
@@ -0,0 +1,88 @@
+(* Title: Transport/transport_util.ML
+ Author: Kevin Kappelmann
+
+Utilities used by Transport.
+*)
+signature TRANSPORT_UTIL =
+sig
+ val transport_id : string
+
+ (* lists *)
+ val list_aggregate : ('a * 'b -> 'b) -> ('c -> 'a) -> 'b -> 'c list -> 'b
+ val list_max : ('a -> int) -> int -> 'a list -> int
+
+ (* object logic *)
+ val mk_judgement : term -> term
+ val dest_judgement : term -> term
+ val real_thm_concl : thm -> term
+ val cdest_judgement : cterm -> cterm
+ val real_thm_cconcl : thm -> cterm
+ val boolT : typ
+
+ val mk_hom_rel_type : typ -> typ
+
+ (* conversions *)
+ val judgement_conv : conv -> conv
+
+ (* bindings *)
+ val concat_bindings : binding list -> binding
+ val add_suffix : binding -> binding -> binding
+
+ (* contexts *)
+ val set_proof_mode_schematic : Proof.context -> Proof.context
+ val set_proof_mode_pattern : Proof.context -> Proof.context
+
+ (* definitions *)
+ val create_local_theory_def : binding * mixfix -> Token.src list -> term ->
+ local_theory -> (term * (string * thm)) * local_theory
+ val equality_eta_expand : Proof.context -> string -> thm -> thm
+
+ (* methods *)
+ val split_conjunctions : Method.text
+
+ (* attributes *)
+ val attrib_to_src : Position.T -> attribute -> Token.src
+
+end
+
+structure Transport_Util : TRANSPORT_UTIL =
+struct
+
+val transport_id = "trp"
+
+fun list_aggregate aggregate transform = List.foldl (aggregate o apfst transform)
+fun list_max f = list_aggregate Int.max f
+
+val mk_judgement = HOLogic.mk_Trueprop
+val dest_judgement = HOLogic.dest_Trueprop
+val real_thm_concl = dest_judgement o Thm.concl_of
+val cdest_judgement = Thm.dest_comb #> snd
+val real_thm_cconcl = cdest_judgement o Thm.cconcl_of
+val boolT = HOLogic.boolT
+
+fun mk_hom_rel_type T = [T, T] ---> boolT
+
+val judgement_conv = HOLogic.Trueprop_conv
+
+val split_conjunctions =
+ Method.Basic (fn _ => SIMPLE_METHOD (HEADGOAL Goal.conjunction_tac))
+
+fun equality_eta_expand ctxt var_name eq =
+ let
+ val argTs = Thm.lhs_of eq |> Thm.typ_of_cterm |> binder_types
+ val fresh_args = Term_Util.fresh_vars var_name argTs (Thm.maxidx_of eq)
+ |> map (Thm.cterm_of ctxt) o fst
+ in fold (General_Util.flip Drule.fun_cong_rule) fresh_args eq end
+
+val concat_bindings = Binding.conglomerate
+fun add_suffix binding suffix = concat_bindings [binding, suffix]
+
+val set_proof_mode_schematic = Proof_Context.set_mode Proof_Context.mode_schematic
+val set_proof_mode_pattern = Proof_Context.set_mode Proof_Context.mode_pattern
+
+fun create_local_theory_def (binding, mixfix) attribs t =
+ Local_Theory.define ((binding, mixfix), ((Thm.def_binding binding, attribs), t))
+
+fun attrib_to_src pos = Attrib.internal pos o K
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Transport_Dep_Fun_Rel_Examples.thy b/thys/Transport/Transport/Examples/Transport_Dep_Fun_Rel_Examples.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Transport_Dep_Fun_Rel_Examples.thy
@@ -0,0 +1,85 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Example Transports for Dependent Function Relator\<close>
+theory Transport_Dep_Fun_Rel_Examples
+ imports
+ Transport_Prototype
+ Transport_Syntax
+ "HOL-Library.IArray"
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Dependent function relator examples from \<^cite>\<open>"transport"\<close>.
+Refer to the paper for more details.\<close>
+
+context
+ includes galois_rel_syntax transport_syntax
+ notes
+ transport.rel_if_partial_equivalence_rel_equivalence_if_iff_if_partial_equivalence_rel_equivalenceI
+ [rotated, per_intro]
+ transport_Dep_Fun_Rel_no_dep_fun.partial_equivalence_rel_equivalenceI
+ [ML_Krattr \<open>Conversion_Util.move_prems_to_front_conv [1] |> Conversion_Util.thm_conv\<close>,
+ ML_Krattr \<open>Conversion_Util.move_prems_to_front_conv [2,3] |> Conversion_Util.thm_conv\<close>,
+ per_intro]
+begin
+
+interpretation transport L R l r for L R l r .
+
+abbreviation "Zpos \<equiv> ((=\<^bsub>(\<le>)(0 :: int)\<^esub>) :: int \<Rightarrow> _)"
+
+lemma Zpos_per [per_intro]: "(Zpos \<equiv>\<^bsub>PER\<^esub> (=)) nat int"
+ by fastforce
+
+lemma sub_parametric [trp_in_dom]:
+ "([i _ \<Colon> Zpos] \<Rrightarrow> [j _ \<Colon> Zpos | j \<le> i] \<Rrightarrow> Zpos) (-) (-)"
+ by fastforce
+
+trp_term nat_sub :: "nat \<Rightarrow> nat \<Rightarrow> nat" where x = "(-) :: int \<Rightarrow> _"
+ and L = "[i _ \<Colon> Zpos] \<Rrightarrow> [j _ \<Colon> Zpos | j \<le> i] \<Rrightarrow> Zpos"
+ and R = "[n _ \<Colon> (=)] \<Rrightarrow> [m _ \<Colon> (=)| m \<le> n] \<Rrightarrow> (=)"
+ (*fastforce discharges the remaining side-conditions*)
+ by (trp_prover) fastforce+
+
+thm nat_sub_app_eq
+text \<open>Note: as of now, @{command trp_term} does not rewrite the
+Galois relator of dependent function relators.\<close>
+thm nat_sub_related'
+
+abbreviation "LRel \<equiv> list_all2"
+abbreviation "IARel \<equiv> rel_iarray"
+
+lemma transp_eq_transitive: "transp = transitive"
+ by (auto intro: transpI dest: transpD)
+lemma symp_eq_symmetric: "symp = symmetric"
+ by (auto intro: sympI dest: sympD symmetricD)
+
+lemma [per_intro]:
+ assumes "partial_equivalence_rel R"
+ shows "(LRel R \<equiv>\<^bsub>PER\<^esub> IARel R) IArray.IArray IArray.list_of"
+ using assms by (fastforce simp flip: transp_eq_transitive symp_eq_symmetric
+ intro: list.rel_transp list.rel_symp iarray.rel_transp iarray.rel_symp
+ elim: iarray.rel_cases)+
+
+lemma [trp_in_dom]:
+ "([xs _ \<Colon> LRel R] \<Rrightarrow> [i _ \<Colon> (=) | i < length xs] \<Rrightarrow> R) (!) (!)"
+ by (fastforce simp: list_all2_lengthD list_all2_nthD2)
+
+context
+ fixes R :: "'a \<Rightarrow> _" assumes [per_intro]: "partial_equivalence_rel R"
+begin
+
+interpretation Rper : transport_partial_equivalence_rel_id R
+ by unfold_locales per_prover
+
+declare Rper.partial_equivalence_rel_equivalence [per_intro]
+
+trp_term iarray_index where x = "(!) :: 'a list \<Rightarrow> _"
+ and L = "([xs _ \<Colon> LRel R] \<Rrightarrow> [i _ \<Colon> (=) | i < length xs] \<Rrightarrow> R)"
+ and R = "([xs _ \<Colon> IARel R] \<Rrightarrow> [i _ \<Colon> (=) | i < IArray.length xs] \<Rrightarrow> R)"
+ by (trp_prover)
+ (*fastforce discharges the remaining side-conditions*)
+ (fastforce simp: list_all2_lengthD elim: iarray.rel_cases)+
+
+end
+end
+
+end
diff --git a/thys/Transport/Transport/Examples/Transport_Lists_Sets_Examples.thy b/thys/Transport/Transport/Examples/Transport_Lists_Sets_Examples.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Transport_Lists_Sets_Examples.thy
@@ -0,0 +1,167 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Example Transports Between Lists and Sets\<close>
+theory Transport_Lists_Sets_Examples
+ imports
+ Transport_Prototype
+ Transport_Syntax
+ "HOL-Library.FSet"
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Introductory examples from \<^cite>\<open>"transport"\<close>.
+Transports between lists and (finite) sets. Refer to the paper for more details.\<close>
+
+context
+ includes galois_rel_syntax transport_syntax
+begin
+
+paragraph \<open>Introductory examples from paper\<close>
+
+text \<open>Left and right relations.\<close>
+
+definition "LFSL xs xs' \<equiv> fset_of_list xs = fset_of_list xs'"
+abbreviation (input) "(LFSR :: 'a fset \<Rightarrow> _) \<equiv> (=)"
+definition "LSL xs xs' \<equiv> set xs = set xs'"
+abbreviation (input) "(LSR :: 'a set \<Rightarrow> _) \<equiv> (=\<^bsub>finite :: 'a set \<Rightarrow> bool\<^esub>)"
+
+interpretation t : transport LSL R l r for LSL R l r .
+
+text \<open>Proofs of equivalences.\<close>
+
+lemma list_fset_PER [per_intro]: "(LFSL \<equiv>\<^bsub>PER\<^esub> LFSR) fset_of_list sorted_list_of_fset"
+ unfolding LFSL_def by fastforce
+
+lemma list_set_PER [per_intro]: "(LSL \<equiv>\<^bsub>PER\<^esub> LSR) set sorted_list_of_set"
+ unfolding LSL_def by fastforce
+
+text \<open>We can rewrite the Galois relators in the following theorems to the relator of the paper.\<close>
+
+definition "LFS xs s \<equiv> fset_of_list xs = s"
+definition "LS xs s \<equiv> set xs = s"
+
+lemma LFSL_Galois_eq_LFS: "(\<^bsub>LFSL\<^esub>\<lessapprox>\<^bsub>LFSR sorted_list_of_fset\<^esub>) \<equiv> LFS"
+ unfolding LFS_def LFSL_def by (intro eq_reflection ext) (auto)
+lemma LFSR_Galois_eq_inv_LFS: "(\<^bsub>LFSR\<^esub>\<lessapprox>\<^bsub>LFSL fset_of_list\<^esub>) \<equiv> LFS\<inverse>"
+ unfolding LFS_def LFSL_def by (intro eq_reflection ext) (auto)
+lemma LSL_Galois_eq_LS: "(\<^bsub>LSL\<^esub>\<lessapprox>\<^bsub>LSR sorted_list_of_set\<^esub>) \<equiv> LS"
+ unfolding LS_def LSL_def by (intro eq_reflection ext) (auto)
+
+declare LFSL_Galois_eq_LFS[trp_relator_rewrite, trp_uhint]
+ LFSR_Galois_eq_inv_LFS[trp_relator_rewrite, trp_uhint]
+ LSL_Galois_eq_LS[trp_relator_rewrite, trp_uhint]
+
+definition "max_list xs \<equiv> foldr max xs (0 :: nat)"
+
+text \<open>Proof of parametricity for @{term max_list}.\<close>
+
+lemma max_max_list_removeAll_eq_maxlist:
+ assumes "x \<in> set xs"
+ shows "max x (max_list (removeAll x xs)) = max_list xs"
+ unfolding max_list_def using assms by (induction xs)
+ (simp_all, (metis max.left_idem removeAll_id max.left_commute)+)
+
+lemma max_list_parametric [trp_in_dom]: "(LSL \<Rrightarrow> (=)) max_list max_list"
+proof (intro Dep_Fun_Rel_relI)
+ fix xs xs' :: "nat list" assume "LSL xs xs'"
+ then have "finite (set xs)" "set xs = set xs'" unfolding LSL_def by auto
+ then show "max_list xs = max_list xs'"
+ proof (induction "set xs" arbitrary: xs xs' rule: finite_induct)
+ case (insert x F)
+ then have "F = set (removeAll x xs)" by auto
+ moreover from insert have "... = set (removeAll x xs')" by auto
+ ultimately have "max_list (removeAll x xs) = max_list (removeAll x xs')"
+ (is "?lhs = ?rhs") using insert by blast
+ then have "max x ?lhs = max x ?rhs" by simp
+ then show ?case
+ using insert max_max_list_removeAll_eq_maxlist insertI1 by metis
+ qed auto
+qed
+
+lemma LFSL_eq_LSL: "LFSL \<equiv> LSL"
+ unfolding LFSL_def LSL_def by (intro eq_reflection ext) (auto simp: fset_of_list_elem)
+
+lemma max_list_parametricfin [trp_in_dom]: "(LFSL \<Rrightarrow> (=)) max_list max_list"
+ using max_list_parametric by (simp only: LFSL_eq_LSL)
+
+text \<open>Transport from lists to finite sets.\<close>
+
+trp_term max_fset :: "nat fset \<Rightarrow> nat" where x = max_list
+ and L = "(LFSL \<Rrightarrow> (=))"
+ by trp_prover
+
+text \<open>Use @{command print_theorems} to show all theorems. Here's the correctness theorem:\<close>
+lemma "(LFS \<Rrightarrow> (=)) max_list max_fset" by (trp_hints_resolve max_fset_related')
+
+lemma [trp_in_dom]: "(LFSR \<Rrightarrow> (=)) max_fset max_fset" by simp
+
+text \<open>Transport from lists to sets.\<close>
+
+trp_term max_set :: "nat set \<Rightarrow> nat" where x = max_list
+ by trp_prover
+
+lemma "(LS \<Rrightarrow> (=)) max_list max_set" by (trp_hints_resolve max_set_related')
+
+text \<open>The registration of symmetric equivalence rules is not done by default as of now,
+but that would not be a problem in principle.\<close>
+
+lemma list_fset_PER_sym [per_intro]:
+ "(LFSR \<equiv>\<^bsub>PER\<^esub> LFSL) sorted_list_of_fset fset_of_list"
+ by (subst transport.partial_equivalence_rel_equivalence_right_left_iff_partial_equivalence_rel_equivalence_left_right)
+ (fact list_fset_PER)
+
+text \<open>Transport from finite sets to lists.\<close>
+
+trp_term max_list' :: "nat list \<Rightarrow> nat" where x = max_fset
+ by trp_prover
+
+lemma "(LFS\<inverse> \<Rrightarrow> (=)) max_fset max_list'" by (trp_hints_resolve max_list'_related')
+
+text \<open>Transporting higher-order functions.\<close>
+
+lemma map_parametric [trp_in_dom]:
+ "(((=) \<Rrightarrow> (=)) \<Rrightarrow> LSL \<Rrightarrow> LSL) map map"
+ unfolding LSL_def by (intro Dep_Fun_Rel_relI) simp
+
+lemma [trp_uhint]: "P \<equiv> (=) \<Longrightarrow> P \<equiv> (=) \<Rrightarrow> (=)" by simp
+lemma [trp_uhint]: "P \<equiv> \<top> \<Longrightarrow> (=\<^bsub>P :: 'a \<Rightarrow> bool\<^esub>) \<equiv> ((=) :: 'a \<Rightarrow> _)" by simp
+
+(*sorted_list_of_fset requires a linorder, but in theory,
+we could use a different transport function to avoid that constraint*)
+trp_term map_set :: "('a :: linorder \<Rightarrow> 'b) \<Rightarrow> 'a set \<Rightarrow> ('b :: linorder) set"
+ where x = "map :: ('a :: linorder \<Rightarrow> 'b) \<Rightarrow> 'a list \<Rightarrow> ('b :: linorder) list"
+ by trp_prover
+
+lemma "(((=) \<Rrightarrow> (=)) \<Rrightarrow> LS \<Rrightarrow> LS) map map_set" by (trp_hints_resolve map_set_related')
+
+
+lemma filter_parametric [trp_in_dom]:
+ "(((=) \<Rrightarrow> (\<longleftrightarrow>)) \<Rrightarrow> LSL \<Rrightarrow> LSL) filter filter"
+ unfolding LSL_def by (intro Dep_Fun_Rel_relI) simp
+
+trp_term filter_set :: "('a :: linorder \<Rightarrow> bool) \<Rightarrow> 'a set \<Rightarrow> 'a set"
+ where x = "filter :: ('a :: linorder \<Rightarrow> bool) \<Rightarrow> 'a list \<Rightarrow> 'a list"
+ by trp_prover
+
+lemma "(((=) \<Rrightarrow> (=)) \<Rrightarrow> LS \<Rrightarrow> LS) filter filter_set" by (trp_hints_resolve filter_set_related')
+
+lemma append_parametric [trp_in_dom]:
+ "(LSL \<Rrightarrow> LSL \<Rrightarrow> LSL) append append"
+ unfolding LSL_def by (intro Dep_Fun_Rel_relI) simp
+
+trp_term append_set :: "('a :: linorder) set \<Rightarrow> 'a set \<Rightarrow> 'a set"
+ where x = "append :: ('a :: linorder) list \<Rightarrow> 'a list \<Rightarrow> 'a list"
+ by trp_prover
+
+lemma "(LS \<Rrightarrow> LS \<Rrightarrow> LS) append append_set" by (trp_hints_resolve append_set_related')
+
+text \<open>The prototype also provides a simplified definition.\<close>
+lemma "append_set s s' \<equiv> set (sorted_list_of_set s) \<union> set (sorted_list_of_set s')"
+ by (fact append_set_app_eq)
+
+lemma "finite s \<Longrightarrow> finite s' \<Longrightarrow> append_set s s' = s \<union> s'"
+ by (auto simp: append_set_app_eq)
+
+end
+
+
+end
diff --git a/thys/Transport/Transport/Examples/Transport_Partial_Quotient_Types.thy b/thys/Transport/Transport/Examples/Transport_Partial_Quotient_Types.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Transport_Partial_Quotient_Types.thy
@@ -0,0 +1,98 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport for Partial Quotient Types\<close>
+theory Transport_Partial_Quotient_Types
+ imports
+ HOL.Lifting
+ Transport
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Every partial quotient type @{term Quotient}, as used by the Lifting
+package, is transportable.\<close>
+
+context transport
+begin
+
+interpretation t : transport L "(=)" l r .
+
+lemma Quotient_T_eq_Galois:
+ assumes "Quotient (\<le>\<^bsub>L\<^esub>) l r T"
+ shows "T = t.Galois"
+proof (intro ext iffI)
+ fix x y assume "T x y"
+ with assms have "x \<le>\<^bsub>L\<^esub> x" "l x = y" using Quotient_cr_rel by auto
+ with assms have "r (l x) \<le>\<^bsub>L\<^esub> x" "r (l x) \<le>\<^bsub>L\<^esub> r y"
+ using Quotient_rep_abs Quotient_rep_reflp by auto
+ with assms have "x \<le>\<^bsub>L\<^esub> r y" using Quotient_part_equivp
+ by (blast elim: part_equivpE dest: transpD sympD)
+ then show "t.Galois x y" by blast
+next
+ fix x y assume "t.Galois x y"
+ with assms show "T x y" using Quotient_cr_rel Quotient_refl1 Quotient_symp
+ by (fastforce intro: Quotient_rel_abs2[symmetric] dest: sympD)
+qed
+
+lemma Quotient_if_preorder_equivalence:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (=)) l r"
+ shows "Quotient (\<le>\<^bsub>L\<^esub>) l r t.Galois"
+proof (rule QuotientI)
+ from assms show g2: "l (r y) = y" for y by fastforce
+ from assms show "r y \<le>\<^bsub>L\<^esub> r y" for y by blast
+ show g1: "x \<le>\<^bsub>L\<^esub> x' \<longleftrightarrow> x \<le>\<^bsub>L\<^esub> x \<and> x' \<le>\<^bsub>L\<^esub> x' \<and> l x = l x'"
+ (is "?lhs \<longleftrightarrow> ?rhs") for x x'
+ proof (rule iffI)
+ assume ?rhs
+ with assms have "\<eta> x \<le>\<^bsub>L\<^esub> \<eta> x'" by fastforce
+ moreover from \<open>?rhs\<close> assms have "x \<le>\<^bsub>L\<^esub> \<eta> x" "\<eta> x' \<le>\<^bsub>L\<^esub> x'"
+ by (blast elim: t.preorder_equivalence_order_equivalenceE)+
+ moreover from assms have "transitive (\<le>\<^bsub>L\<^esub>)" by blast
+ ultimately show "x \<le>\<^bsub>L\<^esub> x'" by blast
+ next
+ assume ?lhs
+ with assms show ?rhs by blast
+ qed
+ from assms show "t.Galois = (\<lambda>x y. x \<le>\<^bsub>L\<^esub> x \<and> l x = y)"
+ by (intro ext iffI)
+ (metis g1 g2 t.left_GaloisE,
+ auto intro!: t.left_Galois_left_if_left_rel_if_inflationary_on_in_fieldI
+ elim!: t.preorder_equivalence_order_equivalenceE)
+qed
+
+lemma partial_equivalence_rel_equivalence_if_Quotient:
+ assumes "Quotient (\<le>\<^bsub>L\<^esub>) l r T"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (=)) l r"
+proof (rule t.partial_equivalence_rel_equivalence_if_order_equivalenceI)
+ from Quotient_part_equivp[OF assms] show "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ by (blast elim: part_equivpE dest: transpD sympD)
+ have "x \<equiv>\<^bsub>L\<^esub> r (l x)" if "in_field (\<le>\<^bsub>L\<^esub>) x" for x
+ proof -
+ from assms \<open>in_field (\<le>\<^bsub>L\<^esub>) x\<close> have "x \<le>\<^bsub>L\<^esub> x"
+ using Quotient_refl1 Quotient_refl2 by fastforce
+ with assms Quotient_rep_abs Quotient_symp show ?thesis
+ by (fastforce dest: sympD)
+ qed
+ with assms show "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (=)) l r"
+ using Quotient_abs_rep Quotient_rel_abs Quotient_rep_reflp
+ Quotient_abs_rep[symmetric]
+ by (intro t.order_equivalenceI dep_mono_wrt_relI rel_equivalence_onI
+ inflationary_onI deflationary_onI)
+ auto
+qed auto
+
+corollary Quotient_iff_partial_equivalence_rel_equivalence:
+ "Quotient (\<le>\<^bsub>L\<^esub>) l r t.Galois \<longleftrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (=)) l r"
+ using Quotient_if_preorder_equivalence partial_equivalence_rel_equivalence_if_Quotient
+ by blast
+
+corollary Quotient_T_eq_ge_Galois_right:
+ assumes "Quotient (\<le>\<^bsub>L\<^esub>) l r T"
+ shows "T = t.ge_Galois_right"
+ using assms
+ by (subst t.ge_Galois_right_eq_left_Galois_if_symmetric_if_in_codom_eq_in_dom_if_galois_prop)
+ (blast dest: partial_equivalence_rel_equivalence_if_Quotient
+ intro: in_codom_eq_in_dom_if_reflexive_on_in_field Quotient_T_eq_Galois)+
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Transport_Syntax.thy b/thys/Transport/Transport/Examples/Transport_Syntax.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Transport_Syntax.thy
@@ -0,0 +1,39 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Syntax Bundles for Transport\<close>
+theory Transport_Syntax
+ imports
+ Transport
+begin
+
+abbreviation "Galois_infix x L R r y \<equiv> galois_rel.Galois L R r x y"
+abbreviation (input) "ge_Galois R r L \<equiv> galois_rel.ge_Galois_left L R r"
+abbreviation (input) "ge_Galois_infix y R r L x \<equiv> ge_Galois R r L y x"
+
+bundle galois_rel_syntax
+begin
+ notation galois_rel.Galois ("'((\<^bsub>_\<^esub>)\<lessapprox>(\<^bsub>(_) (_)\<^esub>)')")
+ notation Galois_infix ("(_) (\<^bsub>_\<^esub>)\<lessapprox>(\<^bsub>(_) (_)\<^esub>) (_)" [51,51,51,51,51] 50)
+ notation ge_Galois ("'((\<^bsub>(_) (_)\<^esub>)\<greaterapprox>(\<^bsub>_\<^esub>)')")
+ notation ge_Galois_infix ("(_) (\<^bsub>(_) (_)\<^esub>)\<greaterapprox>(\<^bsub>_\<^esub>) (_)" [51,51,51,51,51] 50)
+end
+bundle no_galois_rel_syntax
+begin
+ no_notation galois_rel.Galois ("'((\<^bsub>_\<^esub>)\<lessapprox>(\<^bsub>(_) (_)\<^esub>)')")
+ no_notation Galois_infix ("(_) (\<^bsub>_\<^esub>)\<lessapprox>(\<^bsub>(_) (_)\<^esub>) (_)" [51,51,51,51,51] 50)
+ no_notation ge_Galois ("'((\<^bsub>(_) (_)\<^esub>)\<greaterapprox>(\<^bsub>_\<^esub>)')")
+ no_notation ge_Galois_infix ("(_) (\<^bsub>(_) (_)\<^esub>)\<greaterapprox>(\<^bsub>_\<^esub>) (_)" [51,51,51,51,51] 50)
+end
+
+bundle transport_syntax
+begin
+ notation transport.preorder_equivalence (infix "\<equiv>\<^bsub>pre\<^esub>" 50)
+ notation transport.partial_equivalence_rel_equivalence (infix "\<equiv>\<^bsub>PER\<^esub>" 50)
+end
+bundle no_transport_syntax
+begin
+ no_notation transport.preorder_equivalence (infix "\<equiv>\<^bsub>pre\<^esub>" 50)
+ no_notation transport.partial_equivalence_rel_equivalence (infix "\<equiv>\<^bsub>PER\<^esub>" 50)
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Typedef/Transport_Typedef.thy b/thys/Transport/Transport/Examples/Typedef/Transport_Typedef.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Typedef/Transport_Typedef.thy
@@ -0,0 +1,210 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport_Typedef
+ imports
+ "HOL-Library.FSet"
+ Transport_Typedef_Base
+ Transport_Prototype
+ Transport_Syntax
+begin
+
+context
+ includes galois_rel_syntax transport_syntax
+begin
+
+typedef pint = "{i :: int. 0 \<le> i}" by auto
+
+interpretation typedef_pint : type_definition Rep_pint Abs_pint "{i :: int. 0 \<le> i}"
+ by (fact type_definition_pint)
+
+lemma [trp_relator_rewrite, trp_uhint]:
+ "(\<^bsub>(=\<^bsub>Collect ((\<le>) (0 :: int))\<^esub>)\<^esub>\<lessapprox>\<^bsub>(=) Rep_pint\<^esub>) \<equiv> typedef_pint.AR"
+ using typedef_pint.left_Galois_eq_AR by (intro eq_reflection) simp
+
+typedef 'a fset = "{s :: 'a set. finite s}" by auto
+
+interpretation typedef_fset :
+ type_definition Rep_fset Abs_fset "{s :: 'a set. finite s}"
+ by (fact type_definition_fset)
+
+lemma [trp_relator_rewrite, trp_uhint]:
+ "(\<^bsub>(=\<^bsub>{s :: 'a set. finite s}\<^esub>) :: 'a set \<Rightarrow> _\<^esub>\<lessapprox>\<^bsub>(=) Rep_fset\<^esub>) \<equiv> typedef_fset.AR"
+ using typedef_fset.left_Galois_eq_AR by (intro eq_reflection) simp
+
+lemma eq_restrict_set_eq_eq_uhint [trp_uhint]:
+ "P \<equiv> \<lambda>x. x \<in> A \<Longrightarrow> ((=\<^bsub>A :: 'a set\<^esub>) :: 'a \<Rightarrow> _) \<equiv> (=\<^bsub>P\<^esub>)"
+ by simp
+
+(*could also automatically tagged for every instance in type_definition*)
+declare
+ typedef_pint.partial_equivalence_rel_equivalence[per_intro]
+ typedef_fset.partial_equivalence_rel_equivalence[per_intro]
+
+
+lemma one_parametric [trp_in_dom]: "typedef_pint.L 1 1" by auto
+
+trp_term pint_one :: "pint" where x = "1 :: int"
+ by trp_prover
+
+lemma add_parametric [trp_in_dom]:
+ "(typedef_pint.L \<Rrightarrow> typedef_pint.L \<Rrightarrow> typedef_pint.L) (+) (+)"
+ by (intro Dep_Fun_Rel_relI) (auto intro!: eq_restrictI elim!: eq_restrictE)
+
+trp_term pint_add :: "pint \<Rightarrow> pint \<Rightarrow> pint"
+ where x = "(+) :: int \<Rightarrow> _"
+ by trp_prover
+
+lemma empty_parametric [trp_in_dom]: "typedef_fset.L {} {}"
+ by auto
+
+trp_term fempty :: "'a fset" where x = "{} :: 'a set"
+ by trp_prover
+
+
+lemma insert_parametric [trp_in_dom]:
+ "((=) \<Rrightarrow> typedef_fset.L \<Rrightarrow> typedef_fset.L) insert insert"
+ by auto
+
+trp_term finsert :: "'a \<Rightarrow> 'a fset \<Rightarrow> 'a fset" where x = insert
+ and L = "((=) \<Rrightarrow> typedef_fset.L \<Rrightarrow> typedef_fset.L)"
+ and R = "((=) \<Rrightarrow> typedef_fset.R \<Rrightarrow> typedef_fset.R)"
+ by trp_prover
+
+
+(*experiments with white-box transports*)
+
+context
+ notes refl[trp_related_intro]
+begin
+
+trp_term insert_add_int_fset_whitebox :: "int fset"
+ where x = "insert (1 + (1 :: int)) {}" !
+ by trp_whitebox_prover
+
+lemma empty_parametric' [trp_related_intro]: "(rel_set R) {} {}"
+ by (intro Dep_Fun_Rel_relI rel_setI) (auto dest: rel_setD1 rel_setD2)
+
+lemma insert_parametric' [trp_related_intro]:
+ "(R \<Rrightarrow> rel_set R \<Rrightarrow> rel_set R) insert insert"
+ by (intro Dep_Fun_Rel_relI rel_setI) (auto dest: rel_setD1 rel_setD2)
+
+context
+ assumes [trp_uhint]:
+ (*proven for all natural functors*)
+ "L \<equiv> rel_set (L1 :: int \<Rightarrow> int \<Rightarrow> bool) \<Longrightarrow> R \<equiv> rel_set (R1 :: pint \<Rightarrow> pint \<Rightarrow> bool)
+ \<Longrightarrow> r \<equiv> image r1 \<Longrightarrow> S \<equiv> (\<^bsub>L1\<^esub>\<lessapprox>\<^bsub>R1 r1\<^esub>) \<Longrightarrow> (\<^bsub>L\<^esub>\<lessapprox>\<^bsub>R r\<^esub>) \<equiv> rel_set S"
+begin
+
+trp_term insert_add_pint_set_whitebox :: "pint set"
+ where x = "insert (1 + (1 :: int)) {}" !
+ by trp_whitebox_prover
+
+print_statement insert_add_int_fset_whitebox_def insert_add_pint_set_whitebox_def
+
+end
+end
+
+lemma image_parametric [trp_in_dom]:
+ "(((=) \<Rrightarrow> (=)) \<Rrightarrow> typedef_fset.L \<Rrightarrow> typedef_fset.L) image image"
+ by (intro Dep_Fun_Rel_relI) auto
+
+trp_term fimage :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a fset \<Rightarrow> 'b fset" where x = image
+ by trp_prover
+
+(*experiments with compositions*)
+
+lemma rel_fun_eq_Fun_Rel_rel: "rel_fun = Fun_Rel_rel"
+ by (intro ext iffI Dep_Fun_Rel_relI) (auto elim: rel_funE)
+
+lemma image_parametric' [trp_related_intro]:
+ "((R \<Rrightarrow> S) \<Rrightarrow> rel_set R \<Rrightarrow> rel_set S) image image"
+ using transfer_raw[simplified rel_fun_eq_Fun_Rel_rel Transfer.Rel_def]
+ by simp
+
+lemma Galois_id_hint [trp_uhint]:
+ "(L :: 'a \<Rightarrow> 'a \<Rightarrow> bool) \<equiv> R \<Longrightarrow> r \<equiv> id \<Longrightarrow> E \<equiv> L \<Longrightarrow> (\<^bsub>L\<^esub>\<lessapprox>\<^bsub>R r\<^esub>) \<equiv> E"
+ by (simp only: eq_reflection[OF transport_id.left_Galois_eq_left])
+
+lemma Freq [trp_uhint]: "L \<equiv> (=) \<Rrightarrow> (=) \<Longrightarrow> L \<equiv> (=)"
+ by auto
+
+context
+ fixes L1 R1 l1 r1 L R l r
+ assumes per1: "(L1 \<equiv>\<^bsub>PER\<^esub> R1) l1 r1"
+ defines "L \<equiv> rel_set L1" and "R \<equiv> rel_set R1"
+ and "l \<equiv> image l1" and "r \<equiv> image r1"
+begin
+
+interpretation transport L R l r .
+
+context
+ (*proven for all natural functors*)
+ assumes transport_per_set: "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ and compat: "transport_comp.middle_compatible_codom R typedef_fset.L"
+begin
+
+trp_term fempty_param :: "'b fset"
+ where x = "{} :: 'a set"
+ and L = "transport_comp.L ?L1 ?R1 (?l1 :: 'a set \<Rightarrow> 'b set) ?r1 typedef_fset.L"
+ and R = "transport_comp.L typedef_fset.R typedef_fset.L ?r2 ?l2 ?R1"
+ apply (rule transport_comp.partial_equivalence_rel_equivalenceI)
+ apply (rule transport_per_set)
+ apply per_prover
+ apply (fact compat)
+ apply (rule transport_comp.left_relI[where ?y="{}" and ?y'="{}"])
+ apply (unfold L_def R_def l_def r_def)
+ apply (auto intro!: galois_rel.left_GaloisI in_codomI empty_transfer)
+ done
+
+definition "set_succ \<equiv> image ((+) (1 :: int))"
+
+lemma set_succ_parametric [trp_in_dom]:
+ "(typedef_fset.L \<Rrightarrow> typedef_fset.L) set_succ set_succ"
+ unfolding set_succ_def by auto
+
+trp_term fset_succ :: "int fset \<Rightarrow> int fset"
+ where x = set_succ
+ and L = "typedef_fset.L \<Rrightarrow> typedef_fset.L"
+ and R = "typedef_fset.R \<Rrightarrow> typedef_fset.R"
+ by trp_prover
+
+trp_term fset_succ' :: "int fset \<Rightarrow> int fset"
+ where x = set_succ
+ and L = "typedef_fset.L \<Rrightarrow> typedef_fset.L"
+ and R = "typedef_fset.R \<Rrightarrow> typedef_fset.R"
+ unfold set_succ_def !
+ (*current prototype gets lost in this example*)
+ using refl[trp_related_intro]
+ apply (tactic \<open>Transport.instantiate_skeleton_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply assumption
+ apply assumption
+ prefer 3
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (tactic \<open>Transport.transport_related_step_tac @{context} 1\<close>)
+ apply (fold trp_def)
+ apply (trp_relator_rewrite)+
+ apply (unfold trp_def)
+ apply (trp_hints_resolve refl)
+ done
+
+lemma pint_middle_compat:
+ "transport_comp.middle_compatible_codom (rel_set ((=) :: pint \<Rightarrow> _))
+ (=\<^bsub>Collect (finite :: pint set \<Rightarrow> _)\<^esub>)"
+ by (intro transport_comp.middle_compatible_codom_if_right1_le_eqI)
+ (auto simp: rel_set_eq intro!: transitiveI)
+
+trp_term pint_fset_succ :: "pint fset \<Rightarrow> pint fset"
+ where x = "set_succ :: int set \<Rightarrow> int set"
+ (*automation for composition not supported as of now*)
+ oops
+
+end
+end
+end
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Examples/Typedef/Transport_Typedef_Base.thy b/thys/Transport/Transport/Examples/Typedef/Transport_Typedef_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Examples/Typedef/Transport_Typedef_Base.thy
@@ -0,0 +1,42 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport for HOL Type Definitions\<close>
+theory Transport_Typedef_Base
+ imports
+ HOL_Alignment_Binary_Relations
+ Transport_Bijections
+ HOL.Typedef
+begin
+
+context type_definition
+begin
+
+abbreviation (input) "L :: 'a \<Rightarrow> 'a \<Rightarrow> bool \<equiv> (=\<^bsub>A\<^esub>)"
+abbreviation (input) "R :: 'b \<Rightarrow> 'b \<Rightarrow> bool \<equiv> (=)"
+
+sublocale transport? :
+ transport_eq_restrict_bijection "mem_of A" "\<top> :: 'b \<Rightarrow> bool" Abs Rep
+ rewrites "(=\<^bsub>mem_of A\<^esub>) \<equiv> L"
+ and "(=\<^bsub>\<top> :: 'b \<Rightarrow> bool\<^esub>) \<equiv> R"
+ and "(galois_rel.Galois (=) (=) Rep)\<restriction>\<^bsub>mem_of A\<^esub>\<upharpoonleft>\<^bsub>\<top> :: 'b \<Rightarrow> bool\<^esub> \<equiv>
+ (galois_rel.Galois (=) (=) Rep)"
+ using Abs_inverse Rep_inverse
+ by (intro transport_eq_restrict_bijection.intro bijection_onI)
+ (auto simp: restrict_right_eq
+ intro!: eq_reflection galois_rel.left_GaloisI Rep
+ elim: galois_rel.left_GaloisE)
+
+interpretation galois L R Abs Rep .
+
+lemma Rep_left_Galois_self: "Rep y \<^bsub>L\<^esub>\<lessapprox> y"
+ using Rep by (intro left_GaloisI) auto
+
+definition "AR x y \<equiv> x = Rep y"
+
+lemma left_Galois_eq_AR: "left_Galois = AR"
+ unfolding AR_def
+ by (auto intro!: galois_rel.left_GaloisI Rep elim: galois_rel.left_GaloisE)
+
+end
+
+
+end
diff --git a/thys/Transport/Transport/Functions/Monotone_Function_Relator.thy b/thys/Transport/Transport/Functions/Monotone_Function_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Monotone_Function_Relator.thy
@@ -0,0 +1,105 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Monotone Function Relator\<close>
+theory Monotone_Function_Relator
+ imports
+ Reflexive_Relator
+begin
+
+abbreviation "Mono_Dep_Fun_Rel R S \<equiv> ([x y \<Colon> R] \<Rrightarrow> S x y)\<^sup>\<oplus>"
+abbreviation "Mono_Fun_Rel R S \<equiv> Mono_Dep_Fun_Rel R (\<lambda>_ _. S)"
+
+bundle Mono_Dep_Fun_Rel_syntax begin
+syntax
+ "_Mono_Fun_Rel_rel" :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow>
+ ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("(_) \<Rrightarrow>\<oplus> (_)" [41, 40] 40)
+ "_Mono_Dep_Fun_Rel_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow>\<oplus> (_)" [41, 41, 41, 40] 40)
+ "_Mono_Dep_Fun_Rel_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<oplus> (_)" [41, 41, 41, 41, 40] 40)
+end
+bundle no_Mono_Dep_Fun_Rel_syntax begin
+no_syntax
+ "_Mono_Fun_Rel_rel" :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'c) \<Rightarrow>
+ ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("(_) \<Rrightarrow>\<oplus> (_)" [41, 40] 40)
+ "_Mono_Dep_Fun_Rel_rel" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _] \<Rrightarrow>\<oplus> (_)" [41, 41, 41, 40] 40)
+ "_Mono_Dep_Fun_Rel_rel_if" :: "idt \<Rightarrow> idt \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> bool \<Rightarrow> ('c \<Rightarrow> 'd \<Rightarrow> bool) \<Rightarrow>
+ ('a \<Rightarrow> 'c) \<Rightarrow> ('b \<Rightarrow> 'd) \<Rightarrow> bool" ("[_/ _/ \<Colon>/ _/ |/ _] \<Rrightarrow>\<oplus> (_)" [41, 41, 41, 41, 40] 40)
+end
+unbundle Mono_Dep_Fun_Rel_syntax
+
+translations
+ "R \<Rrightarrow>\<oplus> S" \<rightleftharpoons> "CONST Mono_Fun_Rel R S"
+ "[x y \<Colon> R] \<Rrightarrow>\<oplus> S" \<rightleftharpoons> "CONST Mono_Dep_Fun_Rel R (\<lambda>x y. S)"
+ "[x y \<Colon> R | B] \<Rrightarrow>\<oplus> S" \<rightleftharpoons> "CONST Mono_Dep_Fun_Rel R (\<lambda>x y. CONST rel_if B S)"
+
+locale Dep_Fun_Rel_orders =
+ fixes L :: "'a \<Rightarrow> 'b \<Rightarrow> bool"
+ and R :: "'a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'd \<Rightarrow> bool"
+begin
+
+sublocale o : orders L "R a b" for a b .
+
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation o.ge_left (infix "\<ge>\<^bsub>L\<^esub>" 50)
+
+notation R ("(\<le>\<^bsub>R (_) (_)\<^esub>)" 50)
+abbreviation "right_infix c a b d \<equiv> (\<le>\<^bsub>R a b\<^esub>) c d"
+notation right_infix ("(_) \<le>\<^bsub>R (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+notation o.ge_right ("(\<ge>\<^bsub>R (_) (_)\<^esub>)" 50)
+
+abbreviation (input) "ge_right_infix d a b c \<equiv> (\<ge>\<^bsub>R a b\<^esub>) d c"
+notation ge_right_infix ("(_) \<ge>\<^bsub>R (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+abbreviation (input) "DFR \<equiv> ([a b \<Colon> L] \<Rrightarrow> R a b)"
+
+end
+
+locale hom_Dep_Fun_Rel_orders = Dep_Fun_Rel_orders L R
+ for L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'a \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> bool"
+begin
+
+sublocale ho : hom_orders L "R a b" for a b .
+
+lemma Mono_Dep_Fun_Refl_Rel_right_eq_Mono_Dep_Fun_if_le_if_reflexive_onI:
+ assumes refl_L: "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x2 x2\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x1\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "([x y \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>R x y\<^esub>)\<^sup>\<oplus>) = ([x y \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>R x y\<^esub>))"
+proof -
+ {
+ fix f g x1 x2
+ assume "([x y \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R x y\<^esub>)) f g" "x1 \<le>\<^bsub>L\<^esub> x1" "x1 \<le>\<^bsub>L\<^esub> x2"
+ with assms have "f x1 \<le>\<^bsub>R x1 x2\<^esub> g x1" "f x2 \<le>\<^bsub>R x1 x2\<^esub> g x2" by blast+
+ }
+ with refl_L show ?thesis
+ by (intro ext iffI Refl_RelI Dep_Fun_Rel_relI) (auto elim!: Refl_RelE)
+qed
+
+lemma Mono_Dep_Fun_Refl_Rel_right_eq_Mono_Dep_Fun_if_mono_if_reflexive_onI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L\<^esub>) | x1 \<le>\<^bsub>L\<^esub> x3] \<Rrightarrow> (\<le>)) R"
+ shows "([x y \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>R x y\<^esub>)\<^sup>\<oplus>) = ([x y \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>R x y\<^esub>))"
+ using assms
+ by (intro Mono_Dep_Fun_Refl_Rel_right_eq_Mono_Dep_Fun_if_le_if_reflexive_onI)
+ auto
+
+end
+
+context hom_orders
+begin
+
+sublocale fro : hom_Dep_Fun_Rel_orders L "\<lambda>_ _. R" .
+
+corollary Mono_Fun_Rel_Refl_Rel_right_eq_Mono_Fun_RelI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<oplus> (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) = ((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<oplus> (\<le>\<^bsub>R\<^esub>))"
+ using assms by (intro fro.Mono_Dep_Fun_Refl_Rel_right_eq_Mono_Dep_Fun_if_le_if_reflexive_onI)
+ simp_all
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Reflexive_Relator.thy b/thys/Transport/Transport/Functions/Reflexive_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Reflexive_Relator.thy
@@ -0,0 +1,275 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Reflexive Relator\<close>
+theory Reflexive_Relator
+ imports
+ Galois_Equivalences
+ Galois_Relator
+begin
+
+definition "Refl_Rel R x y \<equiv> R x x \<and> R y y \<and> R x y"
+
+bundle Refl_Rel_syntax begin notation Refl_Rel ("(_\<^sup>\<oplus>)" [1000]) end
+bundle no_Refl_Rel_syntax begin no_notation Refl_Rel ("(_\<^sup>\<oplus>)" [1000]) end
+unbundle Refl_Rel_syntax
+
+lemma Refl_RelI [intro]:
+ assumes "R x x"
+ and "R y y"
+ and "R x y"
+ shows "R\<^sup>\<oplus> x y"
+ using assms unfolding Refl_Rel_def by blast
+
+lemma Refl_Rel_selfI [intro]:
+ assumes "R x x"
+ shows "R\<^sup>\<oplus> x x"
+ using assms by blast
+
+lemma Refl_RelE [elim]:
+ assumes "R\<^sup>\<oplus> x y"
+ obtains "R x x" "R y y" "R x y"
+ using assms unfolding Refl_Rel_def by blast
+
+lemma Refl_Rel_reflexive_on_in_field [iff]:
+ "reflexive_on (in_field R\<^sup>\<oplus>) R\<^sup>\<oplus>"
+ by (rule reflexive_onI) auto
+
+lemma Refl_Rel_le_self [iff]: "R\<^sup>\<oplus> \<le> R" by blast
+
+lemma Refl_Rel_eq_self_if_reflexive_on [simp]:
+ assumes "reflexive_on (in_field R) R"
+ shows "R\<^sup>\<oplus> = R"
+ using assms by blast
+
+lemma reflexive_on_in_field_if_Refl_Rel_eq_self:
+ assumes "R\<^sup>\<oplus> = R"
+ shows "reflexive_on (in_field R) R"
+ by (fact Refl_Rel_reflexive_on_in_field[of R, simplified assms])
+
+corollary Refl_Rel_eq_self_iff_reflexive_on:
+ "R\<^sup>\<oplus> = R \<longleftrightarrow> reflexive_on (in_field R) R"
+ using Refl_Rel_eq_self_if_reflexive_on reflexive_on_in_field_if_Refl_Rel_eq_self
+ by blast
+
+lemma Refl_Rel_Refl_Rel_eq [simp]: "(R\<^sup>\<oplus>)\<^sup>\<oplus> = R\<^sup>\<oplus>"
+ by (intro ext) auto
+
+lemma rel_inv_Refl_Rel_eq [simp]: "(R\<^sup>\<oplus>)\<inverse> = (R\<inverse>)\<^sup>\<oplus>"
+ by (intro ext iffI Refl_RelI rel_invI) auto
+
+lemma Refl_Rel_transitive_onI [intro]:
+ assumes "transitive_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ shows "transitive_on P R\<^sup>\<oplus>"
+ using assms by (intro transitive_onI) (blast dest: transitive_onD)
+
+corollary Refl_Rel_transitiveI [intro]:
+ assumes "transitive R"
+ shows "transitive R\<^sup>\<oplus>"
+ using assms by blast
+
+corollary Refl_Rel_preorder_onI:
+ assumes "transitive_on P R"
+ and "P \<le> in_field R\<^sup>\<oplus>"
+ shows "preorder_on P R\<^sup>\<oplus>"
+ using assms by (intro preorder_onI
+ reflexive_on_if_le_pred_if_reflexive_on[where ?P="in_field R\<^sup>\<oplus>" and ?P'=P])
+ auto
+
+corollary Refl_Rel_preorder_on_in_fieldI [intro]:
+ assumes "transitive R"
+ shows "preorder_on (in_field R\<^sup>\<oplus>) R\<^sup>\<oplus>"
+ using assms by (intro Refl_Rel_preorder_onI) auto
+
+lemma Refl_Rel_symmetric_onI [intro]:
+ assumes "symmetric_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ shows "symmetric_on P R\<^sup>\<oplus>"
+ using assms by (intro symmetric_onI) (auto dest: symmetric_onD)
+
+lemma Refl_Rel_symmetricI [intro]:
+ assumes "symmetric R"
+ shows "symmetric R\<^sup>\<oplus>"
+ using assms by (fold symmetric_on_in_field_iff_symmetric)
+ (blast intro: symmetric_on_if_le_pred_if_symmetric_on)
+
+lemma Refl_Rel_partial_equivalence_rel_onI [intro]:
+ assumes "partial_equivalence_rel_on (P :: 'a \<Rightarrow> bool) (R :: 'a \<Rightarrow> _)"
+ shows "partial_equivalence_rel_on P R\<^sup>\<oplus>"
+ using assms by (intro partial_equivalence_rel_onI Refl_Rel_transitive_onI
+ Refl_Rel_symmetric_onI) auto
+
+lemma Refl_Rel_partial_equivalence_relI [intro]:
+ assumes "partial_equivalence_rel R"
+ shows "partial_equivalence_rel R\<^sup>\<oplus>"
+ using assms
+ by (intro partial_equivalence_relI Refl_Rel_transitiveI Refl_Rel_symmetricI) auto
+
+lemma Refl_Rel_app_leftI:
+ assumes "R (f x) y"
+ and "in_field S\<^sup>\<oplus> x"
+ and "in_field R\<^sup>\<oplus> y"
+ and "(S \<Rrightarrow>\<^sub>m R) f"
+ shows "R\<^sup>\<oplus> (f x) y"
+proof (rule Refl_RelI)
+ from \<open>in_field R\<^sup>\<oplus> y\<close> show "R y y" by blast
+ from \<open>in_field S\<^sup>\<oplus> x\<close> have "S x x" by blast
+ with \<open>(S \<Rrightarrow>\<^sub>m R) f\<close> show "R (f x) (f x)" by blast
+qed fact
+
+corollary Refl_Rel_app_rightI:
+ assumes "R x (f y)"
+ and "in_field S\<^sup>\<oplus> y"
+ and "in_field R\<^sup>\<oplus> x"
+ and "(S \<Rrightarrow>\<^sub>m R) f"
+ shows "R\<^sup>\<oplus> x (f y)"
+proof -
+ from assms have "(R\<inverse>)\<^sup>\<oplus> (f y) x" by (intro Refl_Rel_app_leftI[where ?S="S\<inverse>"])
+ (auto simp flip: rel_inv_Refl_Rel_eq)
+ then show ?thesis by blast
+qed
+
+lemma mono_wrt_rel_Refl_Rel_Refl_Rel_if_mono_wrt_rel [intro]:
+ assumes "(R \<Rrightarrow>\<^sub>m S) f"
+ shows "(R\<^sup>\<oplus> \<Rrightarrow>\<^sub>m S\<^sup>\<oplus>) f"
+ using assms by (intro dep_mono_wrt_relI) auto
+
+context galois
+begin
+
+interpretation gR : galois "(\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>" "(\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>" l r .
+
+lemma Galois_Refl_RelI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> x"
+ and "in_field (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus> y"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) y \<Longrightarrow> x \<^bsub>L\<^esub>\<lessapprox> y"
+ shows "(galois_rel.Galois ((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) ((\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) r) x y"
+ using assms by (intro gR.left_GaloisI in_codomI Refl_Rel_app_rightI[where ?f=r])
+ auto
+
+lemma half_galois_prop_left_Refl_Rel_left_rightI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+ using assms by (intro gR.half_galois_prop_leftI Refl_RelI)
+ (auto elim!: in_codomE gR.left_GaloisE Refl_RelE)
+
+interpretation flip_inv : galois "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l
+ rewrites "((\<ge>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<ge>\<^bsub>L\<^esub>)) \<equiv> ((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>))"
+ and "\<And>R. (R\<inverse>)\<^sup>\<oplus> \<equiv> (R\<^sup>\<oplus>)\<inverse>"
+ and "\<And>R S f g. (R\<inverse> \<^sub>h\<unlhd> S\<inverse>) f g \<equiv> (S \<unlhd>\<^sub>h R) g f"
+ by (simp_all add: galois_prop.half_galois_prop_left_rel_inv_iff_half_galois_prop_right)
+
+lemma half_galois_prop_right_Refl_Rel_right_leftI:
+ assumes "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+ using assms by (fact flip_inv.half_galois_prop_left_Refl_Rel_left_rightI)
+
+corollary galois_prop_Refl_Rel_left_rightI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<unlhd> (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+ using assms
+ by (intro gR.galois_propI half_galois_prop_left_Refl_Rel_left_rightI
+ half_galois_prop_right_Refl_Rel_right_leftI) auto
+
+lemma galois_connection_Refl_Rel_left_rightI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<stileturn> (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+ using assms
+ by (intro gR.galois_connectionI galois_prop_Refl_Rel_left_rightI) auto
+
+lemma galois_equivalence_Refl_RelI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+proof -
+ interpret flip : galois R L r l .
+ show ?thesis using assms by (intro gR.galois_equivalenceI
+ galois_connection_Refl_Rel_left_rightI flip.galois_prop_Refl_Rel_left_rightI)
+ auto
+qed
+
+end
+
+context order_functors
+begin
+
+lemma inflationary_on_in_field_Refl_Rel_left:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "inflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms
+ by (intro inflationary_onI Refl_RelI) (auto elim!: in_fieldE Refl_RelE)
+
+lemma inflationary_on_in_field_Refl_Rel_left':
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms
+ by (intro inflationary_onI Refl_RelI) (auto elim!: in_fieldE Refl_RelE)
+
+interpretation inv : galois "(\<ge>\<^bsub>L\<^esub>)" "(\<ge>\<^bsub>R\<^esub>)" l r
+ rewrites "((\<ge>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<ge>\<^bsub>R\<^esub>)) \<equiv> ((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>))"
+ and "((\<ge>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<ge>\<^bsub>L\<^esub>)) \<equiv> ((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>))"
+ and "\<And>R. (R\<inverse>)\<^sup>\<oplus> \<equiv> (R\<^sup>\<oplus>)\<inverse>"
+ and "\<And>R. in_dom R\<inverse> \<equiv> in_codom R"
+ and "\<And>R. in_codom R\<inverse> \<equiv> in_dom R"
+ and "\<And>R. in_field R\<inverse> \<equiv> in_field R"
+ and "\<And>P R. inflationary_on P R\<inverse> \<equiv> deflationary_on P R"
+ by simp_all
+
+lemma deflationary_on_in_field_Refl_Rel_leftI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "deflationary_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "deflationary_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms by (fact inv.inflationary_on_in_field_Refl_Rel_left')
+
+lemma deflationary_on_in_field_Refl_RelI_left':
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "deflationary_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "deflationary_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms by (fact inv.inflationary_on_in_field_Refl_Rel_left)
+
+lemma rel_equivalence_on_in_field_Refl_Rel_leftI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "rel_equivalence_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms by (intro rel_equivalence_onI
+ inflationary_on_in_field_Refl_Rel_left
+ deflationary_on_in_field_Refl_Rel_leftI)
+ auto
+
+lemma rel_equivalence_on_in_field_Refl_Rel_leftI':
+ assumes "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ and "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ and "rel_equivalence_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>) (\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<eta>"
+ using assms by (intro rel_equivalence_onI
+ inflationary_on_in_field_Refl_Rel_left'
+ deflationary_on_in_field_Refl_RelI_left')
+ auto
+
+interpretation oR : order_functors "(\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus>" "(\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>" l r .
+
+lemma order_equivalence_Refl_RelI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<le>\<^bsub>L\<^esub>)\<^sup>\<oplus> \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)\<^sup>\<oplus>) l r"
+proof -
+ interpret flip : galois R L r l
+ rewrites "flip.unit \<equiv> \<epsilon>"
+ by (simp only: flip_unit_eq_counit)
+ show ?thesis using assms by (intro oR.order_equivalenceI
+ mono_wrt_rel_Refl_Rel_Refl_Rel_if_mono_wrt_rel
+ rel_equivalence_on_in_field_Refl_Rel_leftI
+ flip.rel_equivalence_on_in_field_Refl_Rel_leftI)
+ (auto intro: rel_equivalence_on_if_le_pred_if_rel_equivalence_on
+ in_field_if_in_dom)
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions.thy b/thys/Transport/Transport/Functions/Transport_Functions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions.thy
@@ -0,0 +1,248 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport_Functions
+ imports
+ Transport_Functions_Galois_Equivalence
+ Transport_Functions_Galois_Relator
+ Transport_Functions_Order_Base
+ Transport_Functions_Order_Equivalence
+ Transport_Functions_Relation_Simplifications
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Composition under (dependent) (monotone) function relators.
+Refer to \<^cite>\<open>"transport"\<close> for more details.\<close>
+
+subsection \<open>Summary of Main Results\<close>
+
+text \<open>More precise results can be found in the corresponding subtheories.\<close>
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp_all only: t1.flip_counit_eq_unit t1.flip_unit_eq_counit)
+
+subparagraph \<open>Closure of Order and Galois Concepts\<close>
+
+theorem preorder_galois_connection_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([_ x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' _ \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_galois_connectionI
+ galois_connection_left_right_if_mono_if_galois_connectionI'
+ preorder_on_in_field_leftI flip.preorder_on_in_field_leftI
+ tdfr.transitive_leftI' flip.tdfr.transitive_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+theorem preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 _ \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' _ \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' _ \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_equivalence_if_galois_equivalenceI
+ galois_equivalence_if_mono_if_preorder_equivalenceI'
+ preorder_on_in_field_leftI flip.preorder_on_in_field_leftI
+ tdfr.transitive_leftI' flip.tdfr.transitive_leftI
+ tdfr.transitive_left2_if_preorder_equivalenceI
+ tdfr.transitive_right2_if_preorder_equivalenceI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ flip.tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 _ \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' _ \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' _ \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ galois_equivalence_if_mono_if_preorder_equivalenceI'
+ tdfr.transitive_left2_if_preorder_equivalenceI
+ tdfr.transitive_right2_if_preorder_equivalenceI
+ partial_equivalence_rel_leftI flip.partial_equivalence_rel_leftI
+ tdfr.partial_equivalence_rel_left2_if_partial_equivalence_rel_equivalenceI
+ tdfr.partial_equivalence_rel_right2_if_partial_equivalence_rel_equivalenceI)
+ auto
+
+
+subparagraph \<open>Simplification of Left and Right Relations\<close>
+
+text \<open>See @{thm "left_rel_eq_tdfr_leftI_if_equivalencesI"}.\<close>
+
+
+subparagraph \<open>Simplification of Galois relator\<close>
+
+text \<open>See
+@{thm "left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_mono_if_galois_connectionI"
+"left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_preorder_equivalenceI"
+"left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_preorder_equivalenceI'"
+"Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI"
+"Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq"}\<close>
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+subparagraph \<open>Closure of Order and Galois Concepts\<close>
+
+lemma preorder_galois_connection_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)" "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)" "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.preorder_galois_connectionI
+ galois_connection_left_rightI
+ tpdfr.preorder_on_in_field_leftI flip.tpdfr.preorder_on_in_field_leftI
+ tfr.transitive_leftI' flip.tfr.transitive_leftI)
+ auto
+
+theorem preorder_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_galois_connection_if_galois_connectionI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+theorem preorder_equivalence_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)" "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)" "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.preorder_equivalence_if_galois_equivalenceI
+ galois_equivalenceI
+ tpdfr.preorder_on_in_field_leftI flip.tpdfr.preorder_on_in_field_leftI
+ tfr.transitive_leftI flip.tfr.transitive_leftI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+
+theorem preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_equivalence_if_galois_equivalenceI) auto
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ galois_equivalenceI
+ partial_equivalence_rel_leftI flip.partial_equivalence_rel_leftI)
+ auto
+
+
+subparagraph \<open>Simplification of Left and Right Relations\<close>
+
+text \<open>See @{thm "left_rel_eq_tfr_leftI"}.\<close>
+
+
+subparagraph \<open>Simplification of Galois relator\<close>
+
+text \<open>See @{thm "left_Galois_eq_Fun_Rel_left_Galois_restrictI"
+"Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_GaloisI"
+"Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq"}.\<close>
+
+end
+
+
+paragraph \<open>Dependent Function Relator\<close>
+
+text \<open>While a general transport of functions is only possible for the monotone
+function relator (see above), the locales @{locale "transport_Dep_Fun_Rel"} and
+@{locale "transport_Fun_Rel"} contain special cases to transport functions
+that are proven to be monotone using the standard function space.
+
+Moreover, in the special case of equivalences on partial equivalence relations,
+the standard function space is monotone - see
+@{thm "transport_Mono_Dep_Fun_Rel.left_rel_eq_tdfr_leftI_if_equivalencesI"}
+As such, we can derive general transport theorems from the monotone cases
+above.\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+interpretation tpdfr : transport_Mono_Dep_Fun_Rel L1 R1 l1 r1 L2 R2 l2 r2 .
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from assms have "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) = (tpdfr.L \<equiv>\<^bsub>PER\<^esub> tpdfr.R)"
+ by (subst tpdfr.left_rel_eq_tdfr_leftI_if_equivalencesI
+ flip.left_rel_eq_tdfr_leftI_if_equivalencesI,
+ auto intro!: partial_equivalence_rel_left2_if_partial_equivalence_rel_equivalenceI
+ partial_equivalence_rel_right2_if_partial_equivalence_rel_equivalenceI
+ iff: t1.galois_equivalence_right_left_iff_galois_equivalence_left_right)+
+ with assms show ?thesis
+ by (auto intro!: tpdfr.partial_equivalence_rel_equivalenceI)
+qed
+
+end
+
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+interpretation tpfr : transport_Mono_Fun_Rel L1 R1 l1 r1 L2 R2 l2 r2 .
+interpretation flip_tpfr : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from assms have "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) = (tpfr.tpdfr.L \<equiv>\<^bsub>PER\<^esub> tpfr.tpdfr.R)"
+ by (subst tpfr.left_rel_eq_tfr_leftI flip_tpfr.left_rel_eq_tfr_leftI; auto)+
+ with assms show ?thesis by (auto intro!: tpfr.partial_equivalence_rel_equivalenceI)
+qed
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Base.thy b/thys/Transport/Transport/Functions/Transport_Functions_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Base.thy
@@ -0,0 +1,470 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport For Functions\<close>
+subsection \<open>Basic Setup\<close>
+theory Transport_Functions_Base
+ imports
+ Monotone_Function_Relator
+ Transport_Base
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic setup for closure proofs. We introduce locales for the syntax,
+the dependent relator, the non-dependent relator, the monotone dependent relator,
+and the monotone non-dependent relator.\<close>
+
+
+definition "flip2 f x1 x2 x3 x4 \<equiv> f x2 x1 x4 x3"
+
+lemma flip2_eq: "flip2 f x1 x2 x3 x4 = f x2 x1 x4 x3"
+ unfolding flip2_def by simp
+
+lemma flip2_eq_rel_inv [simp]: "flip2 R x y = (R y x)\<inverse>"
+ by (intro ext) (simp only: flip2_eq rel_inv_iff_rel)
+
+lemma flip2_flip2_eq_self [simp]: "flip2 (flip2 f) = f"
+ by (intro ext) (simp add: flip2_eq)
+
+lemma flip2_eq_flip2_iff_eq [iff]: "flip2 f = flip2 g \<longleftrightarrow> f = g"
+ unfolding flip2_def by (intro iffI ext) (auto dest: fun_cong)
+
+
+paragraph \<open>Dependent Function Relator\<close>
+
+locale transport_Dep_Fun_Rel_syntax =
+ t1 : transport L1 R1 l1 r1 +
+ dfro1 : hom_Dep_Fun_Rel_orders L1 L2 +
+ dfro2 : hom_Dep_Fun_Rel_orders R1 R2
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'a2 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b2"
+ and r2 :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b1"
+begin
+
+notation L1 (infix "\<le>\<^bsub>L1\<^esub>" 50)
+notation R1 (infix "\<le>\<^bsub>R1\<^esub>" 50)
+
+notation t1.ge_left (infix "\<ge>\<^bsub>L1\<^esub>" 50)
+notation t1.ge_right (infix "\<ge>\<^bsub>R1\<^esub>" 50)
+
+notation t1.left_Galois (infix "\<^bsub>L1\<^esub>\<lessapprox>" 50)
+notation t1.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L1\<^esub>" 50)
+notation t1.right_Galois (infix "\<^bsub>R1\<^esub>\<lessapprox>" 50)
+notation t1.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R1\<^esub>" 50)
+notation t1.right_ge_Galois (infix "\<^bsub>R1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_right (infix "\<lessapprox>\<^bsub>R1\<^esub>" 50)
+notation t1.left_ge_Galois (infix "\<^bsub>L1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_left (infix "\<lessapprox>\<^bsub>L1\<^esub>" 50)
+
+notation t1.unit ("\<eta>\<^sub>1")
+notation t1.counit ("\<epsilon>\<^sub>1")
+
+notation L2 ("(\<le>\<^bsub>L2 (_) (_)\<^esub>)" 50)
+notation R2 ("(\<le>\<^bsub>R2 (_) (_)\<^esub>)" 50)
+
+notation dfro1.right_infix ("(_) \<le>\<^bsub>L2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+notation dfro2.right_infix ("(_) \<le>\<^bsub>R2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+notation dfro1.o.ge_right ("(\<ge>\<^bsub>L2 (_) (_)\<^esub>)" 50)
+notation dfro2.o.ge_right ("(\<ge>\<^bsub>R2 (_) (_)\<^esub>)" 50)
+
+notation dfro1.ge_right_infix ("(_) \<ge>\<^bsub>L2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+notation dfro2.ge_right_infix ("(_) \<ge>\<^bsub>R2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+notation l2 ("l2\<^bsub>(_) (_)\<^esub>")
+notation r2 ("r2\<^bsub>(_) (_)\<^esub>")
+
+sublocale t2 : transport "(\<le>\<^bsub>L2 x (r1 x')\<^esub>)" "(\<le>\<^bsub>R2 (l1 x) x'\<^esub>)" "l2\<^bsub>x' x\<^esub>" "r2\<^bsub>x x'\<^esub>" for x x' .
+
+notation t2.left_Galois ("(\<^bsub>L2 (_) (_)\<^esub>\<lessapprox>)" 50)
+notation t2.right_Galois ("(\<^bsub>R2 (_) (_)\<^esub>\<lessapprox>)" 50)
+
+abbreviation "left2_Galois_infix y x x' y' \<equiv> (\<^bsub>L2 x x'\<^esub>\<lessapprox>) y y'"
+notation left2_Galois_infix ("(_) \<^bsub>L2 (_) (_)\<^esub>\<lessapprox> (_)" [51,51,51,51] 50)
+abbreviation "right2_Galois_infix y' x x' y \<equiv> (\<^bsub>R2 x x'\<^esub>\<lessapprox>) y' y"
+notation right2_Galois_infix ("(_) \<^bsub>R2 (_) (_)\<^esub>\<lessapprox> (_)" [51,51,51,51] 50)
+
+notation t2.ge_Galois_left ("(\<greaterapprox>\<^bsub>L2 (_) (_)\<^esub>)" 50)
+notation t2.ge_Galois_right ("(\<greaterapprox>\<^bsub>R2 (_) (_)\<^esub>)" 50)
+
+abbreviation (input) "ge_Galois_left_left2_infix y' x x' y \<equiv> (\<greaterapprox>\<^bsub>L2 x x'\<^esub>) y' y"
+notation ge_Galois_left_left2_infix ("(_) \<greaterapprox>\<^bsub>L2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+abbreviation (input) "ge_Galois_left_right2_infix y x x' y' \<equiv> (\<greaterapprox>\<^bsub>R2 x x'\<^esub>) y y'"
+notation ge_Galois_left_right2_infix ("(_) \<greaterapprox>\<^bsub>R2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+notation t2.right_ge_Galois ("(\<^bsub>R2 (_) (_)\<^esub>\<greaterapprox>)" 50)
+notation t2.left_ge_Galois ("(\<^bsub>L2 (_) (_)\<^esub>\<greaterapprox>)" 50)
+
+abbreviation "left2_ge_Galois_left_infix y x x' y' \<equiv> (\<^bsub>L2 x x'\<^esub>\<greaterapprox>) y y'"
+notation left2_ge_Galois_left_infix ("(_) \<^bsub>L2 (_) (_)\<^esub>\<greaterapprox> (_)" [51,51,51,51] 50)
+abbreviation "right2_ge_Galois_left_infix y' x x' y \<equiv> (\<^bsub>R2 x x'\<^esub>\<greaterapprox>) y' y"
+notation right2_ge_Galois_left_infix ("(_) \<^bsub>R2 (_) (_)\<^esub>\<greaterapprox> (_)" [51,51,51,51] 50)
+
+notation t2.Galois_right ("(\<lessapprox>\<^bsub>R2 (_) (_)\<^esub>)" 50)
+notation t2.Galois_left ("(\<lessapprox>\<^bsub>L2 (_) (_)\<^esub>)" 50)
+
+abbreviation (input) "Galois_left2_infix y' x x' y \<equiv> (\<lessapprox>\<^bsub>L2 x x'\<^esub>) y' y"
+notation Galois_left2_infix ("(_) \<lessapprox>\<^bsub>L2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+abbreviation (input) "Galois_right2_infix y x x' y' \<equiv> (\<lessapprox>\<^bsub>R2 x x'\<^esub>) y y'"
+notation Galois_right2_infix ("(_) \<lessapprox>\<^bsub>R2 (_) (_)\<^esub> (_)" [51,51,51,51] 50)
+
+abbreviation "t2_unit x x' \<equiv> t2.unit x' x"
+notation t2_unit ("\<eta>\<^bsub>2 (_) (_)\<^esub>")
+abbreviation "t2_counit x x' \<equiv> t2.counit x' x"
+notation t2_counit ("\<epsilon>\<^bsub>2 (_) (_)\<^esub>")
+
+end
+
+locale transport_Dep_Fun_Rel =
+ transport_Dep_Fun_Rel_syntax L1 R1 l1 r1 L2 R2 l2 r2
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'a2 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b2"
+ and r2 :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b1"
+begin
+
+definition "L \<equiv> [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+
+lemma left_rel_eq_Dep_Fun_Rel: "L = ([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>))"
+ unfolding L_def ..
+
+definition "l \<equiv> ([x' : r1] \<rightarrow> l2 x')"
+
+lemma left_eq_dep_fun_map: "l = ([x' : r1] \<rightarrow> l2 x')"
+ unfolding l_def ..
+
+lemma left_eq [simp]: "l f x' = l2\<^bsub>x' (r1 x')\<^esub> (f (r1 x'))"
+ unfolding left_eq_dep_fun_map by simp
+
+context
+begin
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+abbreviation "R \<equiv> flip.L"
+abbreviation "r \<equiv> flip.l"
+
+lemma right_rel_eq_Dep_Fun_Rel: "R = ([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>))"
+ unfolding flip.L_def ..
+
+lemma right_eq_dep_fun_map: "r = ([x : l1] \<rightarrow> r2 x)"
+ unfolding flip.l_def ..
+
+end
+
+lemma right_eq [simp]: "r g x = r2\<^bsub>x (l1 x)\<^esub> (g (l1 x))"
+ unfolding right_eq_dep_fun_map by simp
+
+lemmas transport_defs = left_rel_eq_Dep_Fun_Rel left_eq_dep_fun_map
+ right_rel_eq_Dep_Fun_Rel right_eq_dep_fun_map
+
+sublocale transport L R l r .
+
+(*FIXME: somehow the notation for the fixed parameters L and R, defined in
+Order_Functions_Base.thy, is lost. We hence re-declare it here.*)
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+lemma left_relI [intro]:
+ assumes "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> f x1 \<le>\<^bsub>L2 x1 x2\<^esub> f' x2"
+ shows "f \<le>\<^bsub>L\<^esub> f'"
+ unfolding left_rel_eq_Dep_Fun_Rel using assms by blast
+
+lemma left_relE [elim]:
+ assumes "f \<le>\<^bsub>L\<^esub> f'"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ obtains "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> f' x2"
+ using assms unfolding left_rel_eq_Dep_Fun_Rel by blast
+
+interpretation flip_inv :
+ transport_Dep_Fun_Rel "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 "flip2 R2" "flip2 L2" r2 l2 .
+
+lemma flip_inv_right_eq_ge_left: "flip_inv.R = (\<ge>\<^bsub>L\<^esub>)"
+ unfolding left_rel_eq_Dep_Fun_Rel flip_inv.right_rel_eq_Dep_Fun_Rel
+ by (simp only: rel_inv_Dep_Fun_Rel_rel_eq flip2_eq_rel_inv[symmetric, of "L2"])
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma flip_inv_left_eq_ge_right: "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)"
+ unfolding flip.flip_inv_right_eq_ge_left .
+
+
+subparagraph \<open>Useful Rewritings for Dependent Relation\<close>
+
+lemma left_rel2_unit_eqs_left_rel2I:
+ assumes "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ and "x \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x"
+ shows "(\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "(\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ using assms by (auto intro!: antisym)
+
+lemma left2_eq_if_bi_related_if_monoI:
+ assumes mono_L2: "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ and "x1 \<equiv>\<^bsub>L1\<^esub> x3"
+ and "x2 \<equiv>\<^bsub>L1\<^esub> x4"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ shows "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x3 x4\<^esub>)"
+proof (intro antisym)
+ from \<open>x1 \<equiv>\<^bsub>L1\<^esub> x3\<close> \<open>x2 \<equiv>\<^bsub>L1\<^esub> x4\<close> have "x3 \<le>\<^bsub>L1\<^esub> x1" "x2 \<le>\<^bsub>L1\<^esub> x4" by auto
+ with \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> mono_L2 show "(\<le>\<^bsub>L2 x1 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x3 x4\<^esub>)" by blast
+ from \<open>x1 \<equiv>\<^bsub>L1\<^esub> x3\<close> \<open>x2 \<equiv>\<^bsub>L1\<^esub> x4\<close> have "x1 \<le>\<^bsub>L1\<^esub> x3" "x4 \<le>\<^bsub>L1\<^esub> x2" by auto
+ moreover from \<open>x3 \<le>\<^bsub>L1\<^esub> x1\<close> \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> \<open>x2 \<le>\<^bsub>L1\<^esub> x4\<close> have "x3 \<le>\<^bsub>L1\<^esub> x4"
+ using trans_L1 by blast
+ ultimately show "(\<le>\<^bsub>L2 x3 x4\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" using mono_L2 by blast
+qed
+
+end
+
+paragraph \<open>Function Relator\<close>
+
+locale transport_Fun_Rel_syntax =
+ tdfrs : transport_Dep_Fun_Rel_syntax L1 R1 l1 r1 "\<lambda>_ _. L2" "\<lambda>_ _. R2"
+ "\<lambda>_ _. l2" "\<lambda>_ _. r2"
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'b1 \<Rightarrow> 'b2"
+ and r2 :: "'b2 \<Rightarrow> 'b1"
+begin
+
+notation L1 (infix "\<le>\<^bsub>L1\<^esub>" 50)
+notation R1 (infix "\<le>\<^bsub>R1\<^esub>" 50)
+
+notation tdfrs.t1.ge_left (infix "\<ge>\<^bsub>L1\<^esub>" 50)
+notation tdfrs.t1.ge_right (infix "\<ge>\<^bsub>R1\<^esub>" 50)
+
+notation tdfrs.t1.left_Galois (infix "\<^bsub>L1\<^esub>\<lessapprox>" 50)
+notation tdfrs.t1.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L1\<^esub>" 50)
+notation tdfrs.t1.right_Galois (infix "\<^bsub>R1\<^esub>\<lessapprox>" 50)
+notation tdfrs.t1.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R1\<^esub>" 50)
+notation tdfrs.t1.right_ge_Galois (infix "\<^bsub>R1\<^esub>\<greaterapprox>" 50)
+notation tdfrs.t1.Galois_right (infix "\<lessapprox>\<^bsub>R1\<^esub>" 50)
+notation tdfrs.t1.left_ge_Galois (infix "\<^bsub>L1\<^esub>\<greaterapprox>" 50)
+notation tdfrs.t1.Galois_left (infix "\<lessapprox>\<^bsub>L1\<^esub>" 50)
+
+notation tdfrs.t1.unit ("\<eta>\<^sub>1")
+notation tdfrs.t1.counit ("\<epsilon>\<^sub>1")
+
+notation L2 (infix "\<le>\<^bsub>L2\<^esub>" 50)
+notation R2 (infix "\<le>\<^bsub>R2\<^esub>" 50)
+
+notation tdfrs.t2.ge_left (infix "\<ge>\<^bsub>L2\<^esub>" 50)
+notation tdfrs.t2.ge_right (infix "\<ge>\<^bsub>R2\<^esub>" 50)
+
+notation tdfrs.t2.left_Galois (infix "\<^bsub>L2\<^esub>\<lessapprox>" 50)
+notation tdfrs.t2.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L2\<^esub>" 50)
+notation tdfrs.t2.right_Galois (infix "\<^bsub>R2\<^esub>\<lessapprox>" 50)
+notation tdfrs.t2.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R2\<^esub>" 50)
+notation tdfrs.t2.right_ge_Galois (infix "\<^bsub>R2\<^esub>\<greaterapprox>" 50)
+notation tdfrs.t2.Galois_right (infix "\<lessapprox>\<^bsub>R2\<^esub>" 50)
+notation tdfrs.t2.left_ge_Galois (infix "\<^bsub>L2\<^esub>\<greaterapprox>" 50)
+notation tdfrs.t2.Galois_left (infix "\<lessapprox>\<^bsub>L2\<^esub>" 50)
+
+notation tdfrs.t2.unit ("\<eta>\<^sub>2")
+notation tdfrs.t2.counit ("\<epsilon>\<^sub>2")
+
+end
+
+locale transport_Fun_Rel =
+ transport_Fun_Rel_syntax L1 R1 l1 r1 L2 R2 l2 r2 +
+ tdfr : transport_Dep_Fun_Rel L1 R1 l1 r1 "\<lambda>_ _. L2" "\<lambda>_ _. R2"
+ "\<lambda>_ _. l2" "\<lambda>_ _. r2"
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'b1 \<Rightarrow> 'b2"
+ and r2 :: "'b2 \<Rightarrow> 'b1"
+begin
+
+(*FIXME: we have to repeat the Galois syntax here since tdfr already contains
+a Galois instance, blocking a galois sublocale interpretation here*)
+notation tdfr.L ("L")
+notation tdfr.R ("R")
+
+abbreviation "l \<equiv> tdfr.l"
+abbreviation "r \<equiv> tdfr.r"
+
+notation tdfr.L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation tdfr.R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+notation tdfr.ge_left (infix "\<ge>\<^bsub>L\<^esub>" 50)
+notation tdfr.ge_right (infix "\<ge>\<^bsub>R\<^esub>" 50)
+
+notation tdfr.left_Galois (infix "\<^bsub>L\<^esub>\<lessapprox>" 50)
+notation tdfr.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L\<^esub>" 50)
+notation tdfr.right_Galois (infix "\<^bsub>R\<^esub>\<lessapprox>" 50)
+notation tdfr.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R\<^esub>" 50)
+notation tdfr.right_ge_Galois (infix "\<^bsub>R\<^esub>\<greaterapprox>" 50)
+notation tdfr.Galois_right (infix "\<lessapprox>\<^bsub>R\<^esub>" 50)
+notation tdfr.left_ge_Galois (infix "\<^bsub>L\<^esub>\<greaterapprox>" 50)
+notation tdfr.Galois_left (infix "\<lessapprox>\<^bsub>L\<^esub>" 50)
+
+notation tdfr.unit ("\<eta>")
+notation tdfr.counit ("\<epsilon>")
+
+lemma left_rel_eq_Fun_Rel: "(\<le>\<^bsub>L\<^esub>) = ((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow> (\<le>\<^bsub>L2\<^esub>))"
+ unfolding tdfr.left_rel_eq_Dep_Fun_Rel by simp
+
+lemma left_eq_fun_map: "l = (r1 \<rightarrow> l2)"
+ by (intro ext) simp
+
+interpretation flip : transport_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma right_rel_eq_Fun_Rel: "(\<le>\<^bsub>R\<^esub>) = ((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow> (\<le>\<^bsub>R2\<^esub>))"
+ unfolding flip.left_rel_eq_Fun_Rel ..
+
+lemma right_eq_fun_map: "r = (l1 \<rightarrow> r2)"
+ unfolding flip.left_eq_fun_map ..
+
+lemmas transport_defs = left_rel_eq_Fun_Rel right_rel_eq_Fun_Rel
+ left_eq_fun_map right_eq_fun_map
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+locale transport_Mono_Dep_Fun_Rel =
+ transport_Dep_Fun_Rel_syntax L1 R1 l1 r1 L2 R2 l2 r2
+ + tdfr : transport_Dep_Fun_Rel L1 R1 l1 r1 L2 R2 l2 r2
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'a2 \<Rightarrow> 'a1 \<Rightarrow> 'b1 \<Rightarrow> 'b2"
+ and r2 :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b2 \<Rightarrow> 'b1"
+begin
+
+definition "L \<equiv> tdfr.L\<^sup>\<oplus>"
+
+lemma left_rel_eq_tdfr_left_Refl_Rel: "L = tdfr.L\<^sup>\<oplus>"
+ unfolding L_def ..
+
+lemma left_rel_eq_Mono_Dep_Fun_Rel: "L = ([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>L2 x1 x2\<^esub>))"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel tdfr.left_rel_eq_Dep_Fun_Rel by simp
+
+lemma left_rel_eq_tdfr_left_rel_if_reflexive_on:
+ assumes "reflexive_on (in_field tdfr.L) tdfr.L"
+ shows "L = tdfr.L"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel using assms
+ by (rule Refl_Rel_eq_self_if_reflexive_on)
+
+abbreviation "l \<equiv> tdfr.l"
+
+lemma left_eq_tdfr_left: "l = tdfr.l" ..
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+abbreviation "R \<equiv> flip.L"
+
+lemma right_rel_eq_tdfr_right_Refl_Rel: "R = tdfr.R\<^sup>\<oplus>"
+ unfolding flip.left_rel_eq_tdfr_left_Refl_Rel ..
+
+lemma right_rel_eq_Mono_Dep_Fun_Rel: "R = ([y1 y2 \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<oplus> (\<le>\<^bsub>R2 y1 y2\<^esub>))"
+ unfolding flip.left_rel_eq_Mono_Dep_Fun_Rel ..
+
+lemma right_rel_eq_tdfr_right_rel_if_reflexive_on:
+ assumes "reflexive_on (in_field tdfr.R) tdfr.R"
+ shows "R = tdfr.R"
+ using assms by (rule flip.left_rel_eq_tdfr_left_rel_if_reflexive_on)
+
+abbreviation "r \<equiv> tdfr.r"
+
+lemma right_eq_tdfr_right: "r = tdfr.r" ..
+
+lemmas transport_defs = left_rel_eq_tdfr_left_Refl_Rel
+ right_rel_eq_tdfr_right_Refl_Rel
+
+sublocale transport L R l r .
+
+(*FIXME: somehow the notation for the fixed parameters L and R, defined in
+Order_Functions_Base.thy, is lost. We hence re-declare it here.*)
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+locale transport_Mono_Fun_Rel =
+ transport_Fun_Rel_syntax L1 R1 l1 r1 L2 R2 l2 r2 +
+ tfr : transport_Fun_Rel L1 R1 l1 r1 L2 R2 l2 r2 +
+ tpdfr : transport_Mono_Dep_Fun_Rel L1 R1 l1 r1 "\<lambda>_ _. L2" "\<lambda>_ _. R2"
+ "\<lambda>_ _. l2" "\<lambda>_ _. r2"
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'a2"
+ and r1 :: "'a2 \<Rightarrow> 'a1"
+ and L2 :: "'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and R2 :: "'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'b1 \<Rightarrow> 'b2"
+ and r2 :: "'b2 \<Rightarrow> 'b1"
+begin
+
+(*FIXME: we have to repeat the Galois syntax here since tdfr already contains
+a Galois instance, blocking a galois sublocale interpretation here*)
+notation tpdfr.L ("L")
+notation tpdfr.R ("R")
+
+abbreviation "l \<equiv> tpdfr.l"
+abbreviation "r \<equiv> tpdfr.r"
+
+notation tpdfr.L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation tpdfr.R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+notation tpdfr.ge_left (infix "\<ge>\<^bsub>L\<^esub>" 50)
+notation tpdfr.ge_right (infix "\<ge>\<^bsub>R\<^esub>" 50)
+
+notation tpdfr.left_Galois (infix "\<^bsub>L\<^esub>\<lessapprox>" 50)
+notation tpdfr.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L\<^esub>" 50)
+notation tpdfr.right_Galois (infix "\<^bsub>R\<^esub>\<lessapprox>" 50)
+notation tpdfr.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R\<^esub>" 50)
+notation tpdfr.right_ge_Galois (infix "\<^bsub>R\<^esub>\<greaterapprox>" 50)
+notation tpdfr.Galois_right (infix "\<lessapprox>\<^bsub>R\<^esub>" 50)
+notation tpdfr.left_ge_Galois (infix "\<^bsub>L\<^esub>\<greaterapprox>" 50)
+notation tpdfr.Galois_left (infix "\<lessapprox>\<^bsub>L\<^esub>" 50)
+
+notation tpdfr.unit ("\<eta>")
+notation tpdfr.counit ("\<epsilon>")
+
+lemma left_rel_eq_Mono_Fun_Rel: "(\<le>\<^bsub>L\<^esub>) = ((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<oplus> (\<le>\<^bsub>L2\<^esub>))"
+ unfolding tpdfr.left_rel_eq_Mono_Dep_Fun_Rel by simp
+
+lemma left_eq_fun_map: "l = (r1 \<rightarrow> l2)"
+ unfolding tfr.left_eq_fun_map ..
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma right_rel_eq_Mono_Fun_Rel: "(\<le>\<^bsub>R\<^esub>) = ((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<oplus> (\<le>\<^bsub>R2\<^esub>))"
+ unfolding flip.left_rel_eq_Mono_Fun_Rel ..
+
+lemma right_eq_fun_map: "r = (l1 \<rightarrow> r2)"
+ unfolding flip.left_eq_fun_map ..
+
+lemmas transport_defs = tpdfr.transport_defs
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Galois_Connection.thy b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Connection.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Connection.thy
@@ -0,0 +1,307 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Connection\<close>
+theory Transport_Functions_Galois_Connection
+ imports
+ Transport_Functions_Galois_Property
+ Transport_Functions_Monotone
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+subparagraph \<open>Lemmas for Monotone Function Relator\<close>
+
+lemma galois_connection_left_right_if_galois_connection_mono_2_assms_leftI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_codom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and R2_le1: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and mono_l2_2: "([x' \<Colon> in_codom (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x'\<^esub>)) l2"
+ shows "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+proof -
+ show "([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ if "x1' \<le>\<^bsub>R1\<^esub> x2'" for x1' x2'
+ proof -
+ from galois_conn1 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> have "r1 x1' \<le>\<^bsub>L1\<^esub> r1 x2'" "r1 x2' \<^bsub>L1\<^esub>\<lessapprox> x2'"
+ using refl_R1 by (auto intro: t1.right_left_Galois_if_reflexive_onI)
+ with mono_l2_2 show ?thesis using R2_le1 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> by fastforce
+ qed
+ show "([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ if "x \<le>\<^bsub>L1\<^esub> x" for x
+ proof -
+ from galois_conn1 \<open>x \<le>\<^bsub>L1\<^esub> x\<close> have "x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x" "\<eta>\<^sub>1 x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ by (auto intro!: t1.right_left_Galois_if_right_relI
+ t1.rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel
+ [unfolded t1.unit_eq])
+ with mono_l2_2 show ?thesis by fastforce
+ qed
+qed
+
+lemma galois_connection_left_right_if_galois_connection_mono_assms_leftI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and R2_le1: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and mono_l2: "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ shows "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "([x' \<Colon> in_codom (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x'\<^esub>)) l2"
+proof -
+ show "([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ if "x1' \<le>\<^bsub>R1\<^esub> x2'" for x1' x2'
+ proof -
+ from galois_conn1 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> have "r1 x1' \<le>\<^bsub>L1\<^esub> r1 x1'" "r1 x1' \<^bsub>L1\<^esub>\<lessapprox> x1'"
+ using refl_R1 by blast+
+ with mono_l2 show ?thesis using \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> R2_le1 by (auto 9 0)
+ qed
+ from mono_l2 show "([x' \<Colon> in_codom (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x'\<^esub>)) l2" using refl_R1 by blast
+qed
+
+text \<open>In theory, the following lemmas can be obtained by taking the flipped,
+inverse interpretation of the locale; however, rewriting the assumptions is more
+involved than simply copying and adapting above proofs.\<close>
+
+lemma galois_connection_left_right_if_galois_connection_mono_2_assms_rightI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and L2_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and mono_r2_2: "([x \<Colon> in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>R2 (l1 x) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x2')\<^esub>)) r2"
+ shows "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+proof -
+ show "([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ if "x1 \<le>\<^bsub>L1\<^esub> x2" for x1 x2
+ proof -
+ from galois_conn1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x1" "l1 x1 \<le>\<^bsub>R1\<^esub> l1 x2"
+ using refl_L1 by (auto intro!: t1.left_Galois_left_if_reflexive_on_if_half_galois_prop_rightI)
+ with mono_r2_2 show ?thesis using L2_le2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> by (auto 9 0)
+ qed
+ show "([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ if "x' \<le>\<^bsub>R1\<^esub> x'" for x'
+ proof -
+ from galois_conn1 \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close> have "r1 x' \<^bsub>L1\<^esub>\<lessapprox> \<epsilon>\<^sub>1 x'" "\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'"
+ by (auto intro!: t1.left_Galois_left_if_left_relI
+ t1.counit_rel_if_right_rel_if_half_galois_prop_left_if_mono_wrt_rel
+ [unfolded t1.counit_eq])
+ with mono_r2_2 show ?thesis by fastforce
+ qed
+qed
+
+lemma galois_connection_left_right_if_galois_connection_mono_assms_rightI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and L2_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "([x \<Colon> in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>R2 (l1 x) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x2')\<^esub>)) r2"
+proof -
+ show "([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ if "x1 \<le>\<^bsub>L1\<^esub> x2" for x1 x2
+ proof -
+ from galois_conn1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x2 \<^bsub>L1\<^esub>\<lessapprox> l1 x2" "l1 x2 \<le>\<^bsub>R1\<^esub> l1 x2"
+ using refl_L1 by (blast intro: t1.left_Galois_left_if_reflexive_on_if_half_galois_prop_rightI)+
+ with mono_r2 show ?thesis using \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> L2_le2 by fastforce
+ qed
+ from mono_r2 show "([x \<Colon> in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>R2 (l1 x) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x2')\<^esub>)) r2" using refl_L1 by blast
+qed
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma galois_connection_left_rightI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro galois_connectionI galois_prop_left_rightI' mono_wrt_rel_leftI
+ flip.mono_wrt_rel_leftI)
+ auto
+
+lemma galois_connection_left_rightI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro galois_connection_left_rightI tdfr.mono_wrt_rel_left_if_transitiveI
+ tdfr.mono_wrt_rel_right_if_transitiveI)
+ auto
+
+lemma galois_connection_left_right_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro galois_connection_left_rightI'
+ tdfr.mono_wrt_rel_left2_if_mono_wrt_rel_left2_if_left_GaloisI
+ tdfr.mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI)
+ (auto 7 0)
+
+corollary galois_connection_left_right_if_galois_connectionI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "([x' \<Colon> in_codom (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x'\<^esub>)) l2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "([x \<Colon> in_dom (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>\<^sub>m
+ [in_field (\<le>\<^bsub>R2 (l1 x) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connection_left_right_if_galois_connectionI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_2_assms_leftI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_2_assms_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom in_field_if_in_codom)
+
+corollary galois_connection_left_right_if_mono_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connection_left_right_if_galois_connectionI'
+ tdfr.galois_connection_left_right_if_galois_connection_mono_assms_leftI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_assms_rightI)
+ auto
+
+corollary galois_connection_left_right_if_mono_if_galois_connectionI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([_ x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' _ \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_connection_left_right_if_mono_if_galois_connectionI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI)
+ auto
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma galois_connection_left_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.galois_connectionI galois_prop_left_rightI
+ mono_wrt_rel_leftI flip.mono_wrt_rel_leftI)
+ auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Galois_Equivalence.thy b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Equivalence.thy
@@ -0,0 +1,351 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Equivalence\<close>
+theory Transport_Functions_Galois_Equivalence
+ imports
+ Transport_Functions_Galois_Connection
+ Transport_Functions_Order_Base
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+subparagraph \<open>Lemmas for Monotone Function Relator\<close>
+
+lemma flip_half_galois_prop_left2_if_half_galois_prop_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and half_galois_prop_left2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>) (l2\<^bsub>x' x\<^esub>) "
+ and "(\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "(\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ shows "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)"
+proof -
+ from assms have "x \<^bsub>L1\<^esub>\<lessapprox> l1 x" by (intro t1.left_Galois_left_if_left_relI) auto
+ with half_galois_prop_left2
+ have "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)" by auto
+ with assms show ?thesis by simp
+qed
+
+lemma flip_half_galois_prop_right2_if_half_galois_prop_right2_if_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and half_galois_prop_right2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>) (l2\<^bsub>x' x\<^esub>)"
+ and "(\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) = (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "(\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) = (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "x' \<le>\<^bsub>R1\<^esub> x'"
+ shows "((\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (l2\<^bsub>x' (r1 x')\<^esub>)"
+proof -
+ from assms have "r1 x' \<^bsub>L1\<^esub>\<lessapprox> x'" by (intro t1.right_left_Galois_if_right_relI) auto
+ with half_galois_prop_right2
+ have "((\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (l2\<^bsub>x' (r1 x')\<^esub>)" by auto
+ with assms show ?thesis by simp
+qed
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp_all only: t1.flip_counit_eq_unit t1.flip_unit_eq_counit)
+
+lemma galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI:
+ assumes galois_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and preorder_L1: "preorder_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_L2: "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ shows "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | \<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x1] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2" (is ?goal1)
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2" (is ?goal2)
+proof -
+ show ?goal1
+ proof (intro dep_mono_wrt_relI rel_if_if_impI Dep_Fun_Rel_relI)
+ fix x1 x2 x3 x4 assume "x1 \<le>\<^bsub>L1\<^esub> x2"
+ moreover with galois_equiv1 preorder_L1 have "x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast intro: t1.rel_unit_if_reflexive_on_if_galois_connection)
+ moreover assume "\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x1"
+ ultimately have "x2 \<equiv>\<^bsub>L1\<^esub> x1" using preorder_L1 by blast
+ moreover assume "x3 \<le>\<^bsub>L1\<^esub> x4" "x2 \<le>\<^bsub>L1\<^esub> x3"
+ ultimately show "(\<le>\<^bsub>L2 x1 x3\<^esub>) \<le> (\<le>\<^bsub>L2 x2 x4\<^esub>)" using preorder_L1 mono_L2 by blast
+ qed
+ show ?goal2
+ proof (intro dep_mono_wrt_relI rel_if_if_impI Dep_Fun_Rel_relI)
+ fix x1 x2 x3 x4 presume "x3 \<le>\<^bsub>L1\<^esub> x4" "x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3"
+ moreover with galois_equiv1 preorder_L1 have "\<eta>\<^sub>1 x3 \<le>\<^bsub>L1\<^esub> x3"
+ by (blast intro: flip.t1.counit_rel_if_reflexive_on_if_galois_connection)
+ ultimately have "x3 \<equiv>\<^bsub>L1\<^esub> x4" using preorder_L1 by blast
+ moreover presume "x1 \<le>\<^bsub>L1\<^esub> x2" "x2 \<le>\<^bsub>L1\<^esub> x3"
+ ultimately show "(\<le>\<^bsub>L2 x2 x4\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x3\<^esub>)" using preorder_L1 mono_L2 by fast
+ qed auto
+qed
+
+lemma galois_equivalence_if_mono_if_galois_equivalence_Dep_Fun_Rel_pred_assm_leftI:
+ assumes galois_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and refl_R1: "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and mono_L2: "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and mono_R2: "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and mono_l2: "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ shows "([in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)"
+proof (intro Dep_Fun_Rel_predI)
+ fix y assume "in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y"
+ moreover from \<open>x \<le>\<^bsub>L1\<^esub> x\<close> galois_equiv1 refl_L1 have "x \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x"
+ by (blast intro: bi_related_if_rel_equivalence_on
+ t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)
+ moreover with refl_L1 have "\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x" by blast
+ ultimately have "in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) (\<eta>\<^sub>1 x)\<^esub>) y" using mono_L2 by blast
+ moreover from \<open>x \<le>\<^bsub>L1\<^esub> x\<close> galois_equiv1
+ have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" "\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x" "x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ by (blast intro: t1.left_Galois_left_if_left_relI
+ flip.t1.counit_rel_if_right_rel_if_galois_connection)+
+ moreover note
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_l2 \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>] \<open>\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x\<close>]
+ ultimately have "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 (l1 x)) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y" by auto
+ moreover note \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>
+ moreover with galois_equiv1 refl_R1 have "l1 x \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (l1 x)"
+ by (blast intro: bi_related_if_rel_equivalence_on
+ flip.t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)
+ ultimately show "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y"
+ using mono_R2 by blast
+qed
+
+lemma galois_equivalence_if_mono_if_galois_equivalence_Dep_Fun_Rel_pred_assm_right:
+ assumes galois_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and mono_L2: "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and mono_R2: "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "x' \<le>\<^bsub>R1\<^esub> x'"
+ shows "([in_dom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>)"
+proof (intro Dep_Fun_Rel_predI)
+ fix y assume "in_dom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) y"
+ moreover from \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close> galois_equiv1 refl_R1 have "x' \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'"
+ by (blast intro: bi_related_if_rel_equivalence_on
+ flip.t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)
+ moreover with refl_R1 have "\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'" by blast
+ ultimately have "in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') (\<epsilon>\<^sub>1 x')\<^esub>) y" using mono_R2 by blast
+ moreover from \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close> galois_equiv1
+ have "r1 x' \<le>\<^bsub>L1\<^esub> r1 x'" "x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'" "r1 x' \<^bsub>L1\<^esub>\<lessapprox> x'"
+ by (blast intro: t1.right_left_Galois_if_right_relI
+ flip.t1.rel_unit_if_left_rel_if_galois_connection)+
+ moreover note
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>] \<open>x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'\<close>]
+ ultimately have "r2\<^bsub>(r1 x') x'\<^esub> y \<le>\<^bsub>L2 (r1 x') (\<eta>\<^sub>1 (r1 x'))\<^esub> r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y" by auto
+ moreover note \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>
+ moreover with galois_equiv1 refl_R1 have "r1 x' \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 (r1 x')"
+ by (blast intro: bi_related_if_rel_equivalence_on
+ t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)
+ ultimately show "r2\<^bsub>(r1 x') x'\<^esub> y \<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y"
+ using mono_L2 by blast
+qed
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+context
+begin
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp_all only: t1.flip_counit_eq_unit t1.flip_unit_eq_counit)
+
+lemma galois_equivalence_if_galois_equivalenceI:
+ assumes galois_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and galois_equiv2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x2' x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from galois_equiv2 have
+ "((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<stileturn> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ "((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>) (l2\<^bsub>x' x\<^esub>)"
+ "((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>) (l2\<^bsub>x' x\<^esub>)"
+ if "x \<^bsub>L1\<^esub>\<lessapprox> x'" for x x' using \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close>
+ by (blast elim: galois.galois_connectionE galois_prop.galois_propE)+
+ moreover from galois_equiv1 galois_equiv2 have
+ "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ by (intro tdfr.mono_wrt_rel_left2_if_mono_wrt_rel_left2_if_left_GaloisI) auto
+ moreover from galois_equiv1 galois_equiv2 have
+ "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ by (intro tdfr.mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI)
+ (auto elim!: t1.galois_equivalenceE)
+ moreover from galois_equiv1 refl_L1 have
+ "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> x \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x"
+ "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> x' \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'"
+ by (blast intro!: bi_related_if_rel_equivalence_on
+ t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence
+ flip.t1.rel_equivalence_on_unit_if_reflexive_on_if_galois_equivalence)+
+ ultimately show ?thesis using assms
+ by (intro galois_equivalenceI
+ galois_connection_left_right_if_galois_connectionI flip.galois_prop_left_rightI
+ tdfr.flip_half_galois_prop_left2_if_half_galois_prop_left2_if_left_GaloisI
+ tdfr.flip_half_galois_prop_right2_if_half_galois_prop_right2_if_GaloisI
+ tdfr.mono_wrt_rel_left_if_transitiveI tdfr.mono_wrt_rel_right_if_transitiveI
+ flip.tdfr.left_rel_right_if_left_right_rel_le_right2_assmI
+ flip.tdfr.left_right_rel_if_left_rel_right_ge_left2_assmI
+ tdfr.left_rel2_unit_eqs_left_rel2I
+ flip.tdfr.left_rel2_unit_eqs_left_rel2I)
+ (auto elim!: t1.galois_equivalenceE
+ intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom
+ in_field_if_in_codom)
+qed
+
+corollary galois_equivalence_if_galois_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x2' x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalence_if_galois_equivalenceI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_assms_leftI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_assms_rightI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_2_assms_leftI
+ tdfr.galois_connection_left_right_if_galois_connection_mono_2_assms_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom
+ in_field_if_in_codom)
+
+corollary galois_equivalence_if_mono_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | \<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x1] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | (x2' \<le>\<^bsub>R1\<^esub> x3' \<and> x4' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x3')] \<Rrightarrow> (\<ge>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalence_if_galois_equivalenceI'
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ flip.tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI
+ flip.tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI)
+ auto
+
+end
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp_all only: t1.flip_counit_eq_unit t1.flip_unit_eq_counit)
+
+lemma galois_equivalence_if_mono_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalence_if_mono_if_galois_equivalenceI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ flip.tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_Dep_Fun_Rel_pred_assm_leftI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_Dep_Fun_Rel_pred_assm_right)
+ auto
+
+theorem galois_equivalence_if_mono_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_equivalence_if_mono_if_preorder_equivalenceI
+ tdfr.transitive_left2_if_preorder_equivalenceI
+ tdfr.transitive_right2_if_preorder_equivalenceI)
+ auto
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.galois_equivalenceI
+ galois_connection_left_rightI flip.galois_prop_left_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Galois_Property.thy b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Property.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Property.thy
@@ -0,0 +1,474 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Property\<close>
+theory Transport_Functions_Galois_Property
+ imports
+ Transport_Functions_Monotone
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+context
+begin
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma left_right_rel_if_left_rel_rightI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and half_galois_prop_left1: "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and half_galois_prop_left2: "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and R2_le1: "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and R2_le2: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and ge_L2_r2_le2: "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y')"
+ and trans_R2: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ and "f \<le>\<^bsub>L\<^esub> r g"
+ shows "l f \<le>\<^bsub>R\<^esub> g"
+proof (rule flip.left_relI)
+ fix x1' x2'
+ assume [iff]: "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ with refl_R1 have [iff]: "x1' \<le>\<^bsub>R1\<^esub> x1'" by auto
+ with mono_r1 half_galois_prop_left1 have [iff]: "\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> x1'"
+ by (intro t1.counit_rel_if_right_rel_if_half_galois_prop_left_if_mono_wrt_rel)
+ with refl_R1 have "\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x1'" by blast
+ with \<open>g \<le>\<^bsub>R\<^esub> g\<close> have "g (\<epsilon>\<^sub>1 x1') \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') (\<epsilon>\<^sub>1 x1')\<^esub> g (\<epsilon>\<^sub>1 x1')" by blast
+ with R2_le2 have "g (\<epsilon>\<^sub>1 x1') \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g (\<epsilon>\<^sub>1 x1')" by blast
+
+ let ?x1 = "r1 x1'"
+ from \<open>f \<le>\<^bsub>L\<^esub> r g\<close> \<open>x1' \<le>\<^bsub>R1\<^esub> x1'\<close> have "f ?x1 \<le>\<^bsub>L2 ?x1 ?x1\<^esub> r g ?x1" using mono_r1 by blast
+ then have "f ?x1 \<le>\<^bsub>L2 ?x1 ?x1\<^esub> r2\<^bsub>?x1 (\<epsilon>\<^sub>1 x1')\<^esub> (g (\<epsilon>\<^sub>1 x1'))" by simp
+ with ge_L2_r2_le2 have "f ?x1 \<le>\<^bsub>L2 ?x1 ?x1\<^esub> r2\<^bsub>?x1 x1'\<^esub> (g (\<epsilon>\<^sub>1 x1'))"
+ using \<open>_ \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g (\<epsilon>\<^sub>1 x1')\<close> by blast
+ with half_galois_prop_left2 have "l2\<^bsub> x1' ?x1\<^esub> (f ?x1) \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g (\<epsilon>\<^sub>1 x1')"
+ using \<open>_ \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g (\<epsilon>\<^sub>1 x1')\<close> by auto
+ moreover from \<open>g \<le>\<^bsub>R\<^esub> g\<close> \<open>\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> x1'\<close> have "... \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g x1'" by blast
+ ultimately have "l2\<^bsub> x1' ?x1\<^esub> (f ?x1) \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x1'\<^esub> g x1'" using trans_R2 by blast
+ with R2_le1 R2_le2 have "l2\<^bsub> x1' ?x1\<^esub> (f ?x1) \<le>\<^bsub>R2 x1' x2'\<^esub> g x1'" by blast
+ moreover from \<open>g \<le>\<^bsub>R\<^esub> g\<close> \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> have "... \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'" by blast
+ ultimately have "l2\<^bsub> x1' ?x1\<^esub> (f ?x1) \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'" using trans_R2 by blast
+ then show "l f x1' \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'" by simp
+qed
+
+lemma left_right_rel_if_left_rel_right_ge_left2_assmI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>))
+ (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "x' \<le>\<^bsub>R1\<^esub> x'"
+ and "in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y'"
+ shows "(\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y')"
+ using dep_mono_wrt_relD[OF mono_r1 \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close>] assms(2-4,6)
+ by (blast dest!: t1.half_galois_prop_leftD)
+
+interpretation flip_inv :
+ transport_Dep_Fun_Rel "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 "flip2 R2" "flip2 L2" r2 l2
+ rewrites "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)" and "flip_inv.R \<equiv> (\<ge>\<^bsub>L\<^esub>)"
+ and "flip_inv.t1.counit \<equiv> \<eta>\<^sub>1"
+ and "\<And>R x y. (flip2 R x y)\<inverse> \<equiv> R y x"
+ and "\<And>R. in_dom R\<inverse> \<equiv> in_codom R"
+ and "\<And>R x1 x2. in_codom (flip2 R x1 x2) \<equiv> in_dom (R x2 x1)"
+ and "\<And>R S. (R\<inverse> \<Rrightarrow>\<^sub>m S\<inverse>) \<equiv> (R \<Rrightarrow>\<^sub>m S)"
+ and "\<And>R S x1 x2 x1' x2'. (flip2 R x1 x2 \<^sub>h\<unlhd> flip2 S x1' x2') \<equiv> (S x2' x1' \<unlhd>\<^sub>h R x2 x1)\<inverse>"
+ and "\<And>R S. (R\<inverse> \<^sub>h\<unlhd> S\<inverse>) \<equiv> (S \<unlhd>\<^sub>h R)\<inverse>"
+ and "\<And>x1 x2 x3 x4. flip2 L2 x1 x2 \<le> flip2 L2 x3 x4 \<equiv> (\<le>\<^bsub>L2 x2 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x4 x3\<^esub>)"
+ and "\<And>(R :: 'z \<Rightarrow> _) (P :: 'z \<Rightarrow> bool). reflexive_on P R\<inverse> \<equiv> reflexive_on P R"
+ and "\<And>R x1 x2. transitive (flip2 R x1 x2) \<equiv> transitive (R x2 x1)"
+ and "\<And>x x. ([in_dom (\<le>\<^bsub>L2 x' \<eta>\<^sub>1 x'\<^esub>)] \<Rrightarrow> flip2 R2 (l1 x') (l1 x'))
+ \<equiv> ([in_dom (\<le>\<^bsub>L2 x' \<eta>\<^sub>1 x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x') (l1 x')\<^esub>))\<inverse>"
+ by (simp_all add: flip_inv_left_eq_ge_right flip_inv_right_eq_ge_left
+ t1.flip_counit_eq_unit
+ galois_prop.rel_inv_half_galois_prop_right_eq_half_galois_prop_left_rel_inv)
+
+lemma left_rel_right_if_left_right_relI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "l f \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g"
+ using assms
+ by (intro flip_inv.left_right_rel_if_left_rel_rightI[simplified rel_inv_iff_rel])
+
+lemma left_rel_right_if_left_right_rel_le_right2_assmI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>))\<inverse> r1 l1"
+ and "([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ and "in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y"
+ shows "(\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y)"
+ using assms by (intro flip_inv.left_right_rel_if_left_rel_right_ge_left2_assmI
+ [simplified rel_inv_iff_rel])
+ auto
+
+end
+
+lemma left_rel_right_iff_left_right_relI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y')"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g \<longleftrightarrow> l f \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro iffI left_right_rel_if_left_rel_rightI)
+ (auto intro!: left_rel_right_if_left_right_relI)
+
+lemma half_galois_prop_left2_if_half_galois_prop_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x' \<le>\<^bsub>R1\<^esub> x'"
+ shows "((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ using assms by (auto intro: t1.right_left_Galois_if_right_relI)
+
+lemma half_galois_prop_right2_if_half_galois_prop_right2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ shows "((\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ by (auto intro!: assms t1.left_Galois_left_if_left_relI)
+
+lemma left_rel_right_iff_left_right_relI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and galois_prop2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g \<longleftrightarrow> l f \<le>\<^bsub>R\<^esub> g"
+proof -
+ from galois_prop2 have
+ "((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ "((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ if "x \<^bsub>L1\<^esub>\<lessapprox> x'" for x x'
+ using \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> by blast+
+ with assms show ?thesis
+ by (intro left_rel_right_iff_left_right_relI
+ left_right_rel_if_left_rel_right_ge_left2_assmI
+ left_rel_right_if_left_right_rel_le_right2_assmI
+ half_galois_prop_left2_if_half_galois_prop_left2_if_left_GaloisI
+ half_galois_prop_right2_if_half_galois_prop_right2_if_left_GaloisI)
+ auto
+qed
+
+lemma left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and antimono_L2:
+ "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ shows "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ fix x1 x2 assume "x1 \<le>\<^bsub>L1\<^esub> x2"
+ with galois_conn1 refl_L1 have "x1 \<le>\<^bsub>L1\<^esub> x1" "x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast intro:
+ t1.rel_unit_if_left_rel_if_half_galois_prop_right_if_mono_wrt_rel)+
+ moreover with refl_L1 have "x2 \<le>\<^bsub>L1\<^esub> x2" "\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" by auto
+ moreover note dep_mono_wrt_relD[OF antimono_L2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>]
+ and dep_mono_wrt_relD[OF antimono_L2 \<open>x1 \<le>\<^bsub>L1\<^esub> x1\<close>]
+ ultimately show "(\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" "(\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ using \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> by auto
+qed
+
+lemma left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and mono_R2:
+ "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ shows "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+proof -
+ fix x1' x2' assume "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ with galois_conn1 refl_R1 have "x2' \<le>\<^bsub>R1\<^esub> x2'" "\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> x1'"
+ by (blast intro:
+ t1.counit_rel_if_right_rel_if_half_galois_prop_left_if_mono_wrt_rel)+
+ moreover with refl_R1 have "x1' \<le>\<^bsub>R1\<^esub> x1'" "\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x1'" by auto
+ moreover note dep_mono_wrt_relD[OF mono_R2 \<open>\<epsilon>\<^sub>1 x1' \<le>\<^bsub>R1\<^esub> x1'\<close>]
+ and dep_mono_wrt_relD[OF mono_R2 \<open>x1' \<le>\<^bsub>R1\<^esub> x1'\<close>]
+ ultimately show "(\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)" "(\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ using \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> by auto
+qed
+
+corollary left_rel_right_iff_left_right_rel_if_monoI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g \<longleftrightarrow> l f \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro left_rel_right_iff_left_right_relI'
+ left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+end
+
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+corollary left_right_rel_if_left_rel_rightI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ and "f \<le>\<^bsub>L\<^esub> r g"
+ shows "l f \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro tdfr.left_right_rel_if_left_rel_rightI) simp_all
+
+corollary left_rel_right_if_left_right_relI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "l f \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g"
+ using assms by (intro tdfr.left_rel_right_if_left_right_relI) simp_all
+
+corollary left_rel_right_iff_left_right_relI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<le>\<^bsub>L\<^esub> r g \<longleftrightarrow> l f \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro tdfr.left_rel_right_iff_left_right_relI) auto
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+lemma half_galois_prop_left_left_rightI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y')"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel using assms
+ by (intro
+ half_galois_prop_leftI[unfolded left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel]
+ Refl_Rel_app_leftI[where ?f=l]
+ tdfr.left_right_rel_if_left_rel_rightI)
+ (auto elim!: galois_rel.left_GaloisE)
+
+lemma half_galois_prop_right_left_rightI:
+ assumes "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel using assms
+ by (intro
+ half_galois_prop_rightI[unfolded left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel]
+ Refl_Rel_app_rightI[where ?f=r]
+ tdfr.left_rel_right_if_left_right_relI)
+ (auto elim!: galois_rel.left_GaloisE in_codomE Refl_RelE intro!: in_fieldI)
+
+corollary galois_prop_left_rightI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y')"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_propI half_galois_prop_left_left_rightI
+ half_galois_prop_right_left_rightI)
+ auto
+
+corollary galois_prop_left_rightI':
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and galois_prop2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) \<le> (\<le>\<^bsub>L2 x x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) \<le> (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from galois_prop2 have
+ "((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ "((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ if "x \<^bsub>L1\<^esub>\<lessapprox> x'" for x x'
+ using \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> by blast+
+ with assms show ?thesis by (intro galois_prop_left_rightI
+ tdfr.left_right_rel_if_left_rel_right_ge_left2_assmI
+ tdfr.left_rel_right_if_left_right_rel_le_right2_assmI
+ tdfr.half_galois_prop_left2_if_half_galois_prop_left2_if_left_GaloisI
+ tdfr.half_galois_prop_right2_if_half_galois_prop_right2_if_left_GaloisI)
+ auto
+qed
+
+corollary galois_prop_left_right_if_mono_if_galois_propI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<unlhd> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro galois_prop_left_rightI'
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+text \<open>Note that we could further rewrite
+@{thm "galois_prop_left_right_if_mono_if_galois_propI"},
+as we will do later for Galois connections, by applying
+@{thm "tdfr.mono_wrt_rel_leftI"} and @{thm "tdfr.mono_wrt_rel_rightI"} to the
+first premises. However, this is not really helpful here.
+Moreover, the resulting theorem will not result in a
+useful lemma for the flipped instance of @{locale transport_Dep_Fun_Rel}
+since @{thm "tdfr.mono_wrt_rel_leftI"} and @{thm "tdfr.mono_wrt_rel_rightI"} are
+not flipped dual but only flipped-inversed dual.\<close>
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+lemma half_galois_prop_left_left_rightI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro tpdfr.half_galois_prop_left_left_rightI tfr.mono_wrt_rel_leftI)
+ simp_all
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma half_galois_prop_right_left_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro tpdfr.half_galois_prop_right_left_rightI flip.tfr.mono_wrt_rel_leftI)
+ simp_all
+
+corollary galois_prop_left_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.galois_propI
+ half_galois_prop_left_left_rightI half_galois_prop_right_left_rightI)
+ auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Galois_Relator.thy b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Galois_Relator.thy
@@ -0,0 +1,865 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Relator\<close>
+theory Transport_Functions_Galois_Relator
+ imports
+ Transport_Functions_Relation_Simplifications
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" by (simp only: t1.flip_counit_eq_unit)
+
+lemma Dep_Fun_Rel_left_Galois_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_r2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and L2_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and ge_L2_r2_le2: "\<And>x x' y'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x (l1 x)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x x'\<^esub> y')"
+ and trans_L2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ and "f \<^bsub>L\<^esub>\<lessapprox> g"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+proof (intro Dep_Fun_Rel_relI)
+ fix x x' assume "x \<^bsub>L1\<^esub>\<lessapprox> x'"
+ show "f x \<^bsub>L2 x x'\<^esub>\<lessapprox> g x'"
+ proof (intro t2.left_GaloisI)
+ from \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> \<open>((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1\<close> have "x \<le>\<^bsub>L1\<^esub> r1 x'" "l1 x \<le>\<^bsub>R1\<^esub> x'" by auto
+ with \<open>g \<le>\<^bsub>R\<^esub> g\<close> have "g (l1 x) \<le>\<^bsub>R2 (l1 x) x'\<^esub> g x'" by blast
+ then show "in_codom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>) (g x')" by blast
+
+ from \<open>f \<^bsub>L\<^esub>\<lessapprox> g\<close> have "f \<le>\<^bsub>L\<^esub> r g" by blast
+ moreover from refl_L1 \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> have "x \<le>\<^bsub>L1\<^esub> x" by blast
+ ultimately have "f x \<le>\<^bsub>L2 x x\<^esub> (r g) x" by blast
+ with L2_le2 \<open>x \<le>\<^bsub>L1\<^esub> r1 x'\<close> have "f x \<le>\<^bsub>L2 x (r1 x')\<^esub> (r g) x" by blast
+ then have "f x \<le>\<^bsub>L2 x (r1 x')\<^esub> r2\<^bsub>x (l1 x)\<^esub> (g (l1 x))" by simp
+ with ge_L2_r2_le2 have "f x \<le>\<^bsub>L2 x (r1 x')\<^esub> r2\<^bsub>x x'\<^esub> (g (l1 x))"
+ using \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> \<open>g (l1 x) \<le>\<^bsub>R2 (l1 x) x'\<^esub> _\<close> by blast
+ moreover have "... \<le>\<^bsub>L2 x (r1 x')\<^esub> r2\<^bsub>x x'\<^esub> (g x')"
+ using mono_r2 \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> \<open>g (l1 x) \<le>\<^bsub>R2 (l1 x) x'\<^esub> g x'\<close> by blast
+ ultimately show "f x \<le>\<^bsub>L2 x (r1 x')\<^esub> r2\<^bsub>x x'\<^esub> (g x')"
+ using trans_L2 \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close> by blast
+ qed
+qed
+
+lemma left_rel_right_if_Dep_Fun_Rel_left_GaloisI:
+ assumes mono_l1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and half_galois_prop_right1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and L2_unit_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and ge_L2_r2_le1: "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and rel_f_g: "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ shows "f \<le>\<^bsub>L\<^esub> r g"
+proof (intro left_relI)
+ fix x1 x2 assume "x1 \<le>\<^bsub>L1\<^esub> x2"
+ with mono_l1 half_galois_prop_right1 have "x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x2"
+ by (intro t1.left_Galois_left_if_left_relI) auto
+ with rel_f_g have "f x1 \<^bsub>L2 x1 (l1 x2)\<^esub>\<lessapprox> g (l1 x2)" by blast
+ then have "in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) (g (l1 x2))"
+ "f x1 \<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub> r2\<^bsub>x1 (l1 x2)\<^esub> (g (l1 x2))" by auto
+ with L2_unit_le2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> r2\<^bsub>x1 (l1 x2)\<^esub> (g (l1 x2))" by blast
+ with ge_L2_r2_le1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> \<open>in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) (g (l1 x2))\<close>
+ have "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> r2\<^bsub>x2 (l1 x2)\<^esub> (g (l1 x2))" by blast
+ then show "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> r g x2" by simp
+qed
+
+lemma left_Galois_if_Dep_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ and "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms by (intro left_GaloisI left_rel_right_if_Dep_Fun_Rel_left_GaloisI) auto
+
+lemma left_right_rel_if_Dep_Fun_Rel_left_GaloisI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and half_galois_prop_left2: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and R2_le1: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and R2_l2_le1: "\<And>x1' x2' y. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x1' (r1 x1')\<^esub> y)"
+ and rel_f_g: "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ shows "l f \<le>\<^bsub>R\<^esub> g"
+proof (rule flip.left_relI)
+ fix x1' x2' assume "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ with mono_r1 have "r1 x1' \<^bsub>L1\<^esub>\<lessapprox> x2'" by blast
+ with rel_f_g have "f (r1 x1') \<^bsub>L2 (r1 x1') x2'\<^esub>\<lessapprox> g x2'" by blast
+ with half_galois_prop_left2[OF \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close>]
+ have "l2\<^bsub>x2' (r1 x1')\<^esub> (f (r1 x1')) \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub> g x2'" by auto
+ with R2_le1 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> have "l2\<^bsub>x2' (r1 x1')\<^esub> (f (r1 x1')) \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'"
+ by blast
+ with R2_l2_le1 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> \<open>f (r1 x1') \<^bsub>L2 (r1 x1') x2'\<^esub>\<lessapprox> _\<close>
+ have "l2\<^bsub>x1' (r1 x1')\<^esub> (f (r1 x1')) \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'" by blast
+ then show "l f x1' \<le>\<^bsub>R2 x1' x2'\<^esub> g x2'" by simp
+qed
+
+lemma left_Galois_if_Dep_Fun_Rel_left_GaloisI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and "\<And>x1' x2' y. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x1' (r1 x1')\<^esub> y)"
+ and "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms by (intro left_Galois_if_Dep_Fun_Rel_left_GaloisI in_codomI[where ?x="l f"])
+ (auto intro!: left_right_rel_if_Dep_Fun_Rel_left_GaloisI)
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and "\<And>x x' y'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x (l1 x)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x x'\<^esub> y')"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro iffI)
+ (auto intro!: Dep_Fun_Rel_left_Galois_if_left_GaloisI left_Galois_if_Dep_Fun_Rel_left_GaloisI)
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI:
+ assumes "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ using assms by blast
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI':
+ assumes "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "\<And>x x' y'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x (l1 x)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x x'\<^esub> y')"
+ using assms by blast
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_codom_rightI:
+ assumes mono_l1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and half_galois_prop_right1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and L2_le_unit2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+proof (intro Dep_Fun_Rel_predI)
+ from mono_l1 half_galois_prop_right1 refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>
+ have "l1 x2 \<le>\<^bsub>R1\<^esub> l1 x2" "x2 \<^bsub>L1\<^esub>\<lessapprox> l1 x2"
+ by (blast intro: t1.left_Galois_left_if_left_relI)+
+ fix y' assume "in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y'"
+ with Dep_Fun_Rel_relD[OF
+ dep_mono_wrt_relD[OF mono_r2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>] \<open>l1 x2 \<le>\<^bsub>R1\<^esub> l1 x2\<close>]
+ have "r2\<^bsub>x1 (l1 x2)\<^esub> y' \<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub> r2\<^bsub>x2 (l1 x2)\<^esub> y'"
+ using \<open>x2 \<^bsub>L1\<^esub>\<lessapprox> l1 x2\<close> by (auto dest: in_field_if_in_codom)
+ with L2_le_unit2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> show "r2\<^bsub>x1 (l1 x2)\<^esub> y' \<le>\<^bsub>L2 x1 x2\<^esub> r2\<^bsub>x2 (l1 x2)\<^esub> y'"
+ by blast
+qed
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_dom_rightI:
+ assumes mono_l1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and half_galois_prop_right1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "x \<^bsub>L1\<^esub>\<lessapprox> x'"
+ shows "([in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+proof -
+ from mono_l1 half_galois_prop_right1 refl_L1 \<open>x \<^bsub>L1\<^esub>\<lessapprox> x'\<close>
+ have "x \<le>\<^bsub>L1\<^esub> x" "l1 x \<le>\<^bsub>R1\<^esub> x'" "x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ by (auto intro!: t1.half_galois_prop_leftD t1.left_Galois_left_if_left_relI)
+ with Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>x \<le>\<^bsub>L1\<^esub> x\<close>] \<open>l1 x \<le>\<^bsub>R1\<^esub> x'\<close>]
+ show ?thesis by blast
+qed
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_if_monoI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_GaloisI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI'
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_dom_rightI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_codom_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom
+ in_field_if_in_codom)
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_le_assmI:
+ assumes refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_L2: "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "(\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x1 \<le>\<^bsub>L1\<^esub> x1" by blast
+ with dep_mono_wrt_relD[OF dep_mono_wrt_predD[OF mono_L2] \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>]
+ show "(\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" by auto
+qed
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assmI:
+ assumes mono_l1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and half_galois_prop_right1: "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and antimono_L2:
+ "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x1 \<le>\<^bsub>L1\<^esub> x2 \<and> x3 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2)] \<Rrightarrow>\<^sub>m (\<ge>)) L2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "(\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from mono_l1 half_galois_prop_right1 refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast intro: t1.rel_unit_if_reflexive_on_if_half_galois_prop_right_if_mono_wrt_rel)
+ with refl_L1 have "\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" by blast
+ with dep_mono_wrt_relD[OF dep_mono_wrt_predD[OF antimono_L2] \<open>x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2\<close>]
+ show "(\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" using \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> by auto
+qed
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_if_monoI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x1 \<le>\<^bsub>L1\<^esub> x2 \<and> x3 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2)] \<Rrightarrow>\<^sub>m (\<ge>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_monoI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assmI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_le_assmI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom
+ in_field_if_in_dom)
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x1 \<le>\<^bsub>L1\<^esub> x2 \<and> x3 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2)] \<Rrightarrow>\<^sub>m (\<ge>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_monoI') auto
+
+interpretation flip_inv : galois "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 .
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assm_if_galois_equivI:
+ assumes galois_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_L2: "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "(\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x1 \<le>\<^bsub>L1\<^esub> x1" by blast
+ from galois_equiv1 refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x2" by (intro
+ flip.t1.counit_rel_if_reflexive_on_if_half_galois_prop_left_if_mono_wrt_rel)
+ blast+
+ have "x1 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" by (rule t1.rel_unit_if_left_rel_if_mono_wrt_relI)
+ (insert galois_equiv1 refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>, auto)
+ with dep_mono_wrt_relD[OF dep_mono_wrt_predD[OF mono_L2] \<open>\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x2\<close>]
+ show "(\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" by auto
+qed
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_if_monoI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_le_assmI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assm_if_galois_equivI)
+ auto
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI
+ reflexive_on_in_field_mono_assm_left2I)
+ auto
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI')
+ auto
+
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI
+ transitive_left2_if_preorder_equivalenceI)
+ (auto 5 0)
+
+
+subparagraph \<open>Simplification of Restricted Function Relator\<close>
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2' y. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x1' (r1 x1')\<^esub> y)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>
+ = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ in_domI[where ?y="r _"] left_rel_right_if_Dep_Fun_Rel_left_GaloisI
+ in_codomI[where ?x="l _"] left_right_rel_if_Dep_Fun_Rel_left_GaloisI)
+ auto
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>
+ = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))"
+ using assms by (intro
+ Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI
+ left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ reflexive_on_in_field_mono_assm_left2I
+ left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI
+ mono_wrt_rel_left_in_dom_mono_left_assm
+ galois_connection_left_right_if_galois_connection_mono_assms_leftI
+ galois_connection_left_right_if_galois_connection_mono_assms_rightI
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI)
+ auto
+
+text \<open>Simplification of Restricted Function Relator for Nested Transports\<close>
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq:
+ fixes S :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (S x x')\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L2 x (r1 x')\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)\<^esub>)
+ \<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> =
+ ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> S x x')\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>" (is "?lhs = ?rhs")
+proof -
+ have "?lhs =
+ ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (S x x')\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)\<^esub>)
+ \<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ by (subst restrict_left_right_eq_restrict_right_left,
+ subst restrict_left_Dep_Fun_Rel_rel_restrict_left_eq)
+ auto
+ also have "... = ?rhs"
+ using assms by (subst restrict_left_right_eq_restrict_right_left,
+ subst restrict_right_Dep_Fun_Rel_rel_restrict_right_eq)
+ (auto elim!: in_codomE t1.left_GaloisE
+ simp only: restrict_left_right_eq_restrict_right_left)
+ finally show ?thesis .
+qed
+
+end
+
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+corollary Fun_Rel_left_Galois_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ and "f \<^bsub>L\<^esub>\<lessapprox> g"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ using assms by (intro tdfr.Dep_Fun_Rel_left_Galois_if_left_GaloisI) simp_all
+
+corollary left_Galois_if_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ and "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms by (intro tdfr.left_Galois_if_Dep_Fun_Rel_left_GaloisI) simp_all
+
+lemma left_Galois_if_Fun_Rel_left_GaloisI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms by (intro tdfr.left_Galois_if_Dep_Fun_Rel_left_GaloisI') simp_all
+
+corollary left_Galois_iff_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ using assms by (intro tdfr.left_Galois_iff_Dep_Fun_Rel_left_GaloisI) simp_all
+
+
+subparagraph \<open>Simplification of Restricted Function Relator\<close>
+
+lemma Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> = ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms
+ by (intro tdfr.Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI)
+ simp_all
+
+text \<open>Simplification of Restricted Function Relator for Nested Transports\<close>
+
+lemma Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq:
+ fixes S :: "'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> S\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L2\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R2\<^esub>)\<^esub>)\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> =
+ ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> S)\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms
+ by (intro tdfr.Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq)
+ simp_all
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+lemma Dep_Fun_Rel_left_Galois_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x x' y'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x (l1 x)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x (r1 x')\<^esub>) (r2\<^bsub>x x'\<^esub> y')"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "f \<^bsub>L\<^esub>\<lessapprox> g"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel
+ by (intro tdfr.Dep_Fun_Rel_left_Galois_if_left_GaloisI tdfr.left_GaloisI)
+ (auto elim!: galois_rel.left_GaloisE in_codomE)
+
+lemma left_Galois_if_Dep_Fun_Rel_left_GaloisI:
+ assumes "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ and "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel
+ by (intro tdfr.Galois_Refl_RelI tdfr.left_Galois_if_Dep_Fun_Rel_left_GaloisI)
+ (auto simp: in_codom_eq_in_dom_if_reflexive_on_in_field)
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_GaloisI:
+ assumes "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro iffI Dep_Fun_Rel_left_Galois_if_left_GaloisI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI'
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_dom_rightI)
+ (auto intro!: left_Galois_if_Dep_Fun_Rel_left_GaloisI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_codom_rightI
+ intro: reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI:
+ assumes galois_conn1: "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and L2_le_unit2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and trans_L2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g" (is "?lhs \<longleftrightarrow> ?rhs")
+proof -
+ have "(\<le>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x1)\<^esub> y')"
+ if hyps: "x1 \<le>\<^bsub>L1\<^esub> x2" "in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y'" for x1 x2 y'
+ proof -
+ have "([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ proof (intro Dep_Fun_Rel_predI)
+ from galois_conn1 refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>
+ have "x1 \<le>\<^bsub>L1\<^esub> x1" "l1 x1 \<le>\<^bsub>R1\<^esub> l1 x2" "x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x1"
+ by (blast intro: t1.left_Galois_left_if_left_relI)+
+ fix y' assume "in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y'"
+ with Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>x1 \<le>\<^bsub>L1\<^esub> x1\<close>]
+ \<open>l1 x1 \<le>\<^bsub>R1\<^esub> l1 x2\<close>]
+ have "r2\<^bsub>x1 (l1 x1)\<^esub> y' \<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub> r2\<^bsub>x1 (l1 x2)\<^esub> y'"
+ using \<open>x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x1\<close> by (auto dest: in_field_if_in_dom)
+ with L2_le_unit2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> show "r2\<^bsub>x1 (l1 x1)\<^esub> y' \<le>\<^bsub>L2 x1 x2\<^esub> r2\<^bsub>x1 (l1 x2)\<^esub> y'"
+ by blast
+ qed
+ with hyps show ?thesis using trans_L2 by blast
+ qed
+ then show ?thesis using assms
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_GaloisI
+ tdfr.mono_wrt_rel_rightI
+ tdfr.mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_ge_left_rel2_assmI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_mono_assm_in_codom_rightI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+qed
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x1 \<le>\<^bsub>L1\<^esub> x2 \<and> x3 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2)] \<Rrightarrow>\<^sub>m (\<ge>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g" (is "?lhs \<longleftrightarrow> ?rhs")
+ using assms by (intro
+ left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assmI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_le_assmI)
+ auto
+
+corollary left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_mono_if_galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 _ \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x1 \<le>\<^bsub>L1\<^esub> x2 \<and> x3 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2)] \<Rrightarrow>\<^sub>m (\<ge>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ iffD1[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI'])
+ (auto intro!:
+ iffD2[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI'])
+
+lemma left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_le_assmI
+ tdfr.reflexive_on_in_field_mono_assm_left2I
+ tdfr.left_Galois_iff_Dep_Fun_Rel_left_Galois_left_rel2_unit1_le_assm_if_galois_equivI)
+ auto
+
+theorem left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ iffD1[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI])
+ (auto intro!: iffD2[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI])
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_galois_equivalenceI)
+ auto
+
+corollary left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ iffD1[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI])
+ (auto intro!: iffD2[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI])
+
+corollary left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>)) f g"
+ using assms by (intro left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI
+ tdfr.transitive_left2_if_preorder_equivalenceI)
+ (auto 5 0)
+
+corollary left_Galois_eq_Dep_Fun_Rel_left_Galois_restrict_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ iffD1[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI'])
+ (auto intro!: iffD2[OF left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI'])
+
+
+subparagraph \<open>Simplification of Restricted Function Relator\<close>
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_Galois_if_reflexive_onI:
+ assumes "reflexive_on (in_field tdfr.L) tdfr.L"
+ and "reflexive_on (in_field tdfr.R) tdfr.R"
+ and "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>
+ = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))"
+ using assms by (auto simp only: left_rel_eq_tdfr_left_rel_if_reflexive_on
+ right_rel_eq_tdfr_right_rel_if_reflexive_on
+ intro!: tdfr.Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI')
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.unit \<equiv> \<epsilon>\<^sub>1" by (simp only: t1.flip_unit_eq_counit)
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (r2\<^bsub>(r1 x1') x2'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and PERS: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>
+ = ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (\<^bsub>L2 x x'\<^esub>\<lessapprox>))"
+ using assms by (intro
+ Dep_Fun_Rel_left_Galois_restrict_left_right_eq_Dep_Fun_Rel_left_Galois_if_reflexive_onI
+ tdfr.reflexive_on_in_field_left_if_equivalencesI
+ flip.reflexive_on_in_field_left_if_equivalencesI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ flip.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI)
+ (auto dest!: PERS)
+
+
+text \<open>Simplification of Restricted Function Relator for Nested Transports\<close>
+
+lemma Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq:
+ fixes S :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> 'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ shows "([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> (S x x')\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L2 x (r1 x')\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)\<^esub>)
+ \<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> =
+ ([x x' \<Colon> (\<^bsub>L1\<^esub>\<lessapprox>)] \<Rrightarrow> S x x')\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ (is "?lhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub> = ?rhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub>")
+proof (intro ext)
+ fix f g
+ have "?lhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub> f g \<longleftrightarrow> ?lhs f g \<and> ?DL f \<and> ?CR g" by blast
+ also have "... \<longleftrightarrow> ?lhs\<restriction>\<^bsub>in_dom tdfr.L\<^esub>\<upharpoonleft>\<^bsub>in_codom tdfr.R\<^esub> f g \<and> ?DL f \<and> ?CR g"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel
+ by blast
+ also with assms have "... \<longleftrightarrow> ?rhs\<restriction>\<^bsub>in_dom tdfr.L\<^esub>\<upharpoonleft>\<^bsub>in_codom tdfr.R\<^esub> f g \<and> ?DL f \<and> ?CR g"
+ by (simp only:
+ tdfr.Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq)
+ also have "... \<longleftrightarrow> ?rhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub> f g"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel right_rel_eq_tdfr_right_Refl_Rel
+ by blast
+ finally show "?lhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub> f g \<longleftrightarrow> ?rhs\<restriction>\<^bsub>?DL\<^esub>\<upharpoonleft>\<^bsub>?CR\<^esub> f g" .
+qed
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+corollary Fun_Rel_left_Galois_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) (r2)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "f \<^bsub>L\<^esub>\<lessapprox> g"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ using assms by (intro tpdfr.Dep_Fun_Rel_left_Galois_if_left_GaloisI) simp_all
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma left_Galois_if_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ and "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g"
+ using assms
+ by (intro tpdfr.left_Galois_if_Dep_Fun_Rel_left_GaloisI flip.tfr.mono_wrt_rel_leftI)
+ simp_all
+
+corollary left_Galois_iff_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) (r2)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "in_dom (\<le>\<^bsub>L\<^esub>) f"
+ and "in_codom (\<le>\<^bsub>R\<^esub>) g"
+ shows "f \<^bsub>L\<^esub>\<lessapprox> g \<longleftrightarrow> ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>)) f g"
+ using assms by (intro iffI Fun_Rel_left_Galois_if_left_GaloisI)
+ (auto intro!: left_Galois_if_Fun_Rel_left_GaloisI)
+
+theorem left_Galois_eq_Fun_Rel_left_Galois_restrictI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "(\<^bsub>L\<^esub>\<lessapprox>) = ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms by (intro ext iffI restrict_leftI restrict_rightI
+ iffD1[OF left_Galois_iff_Fun_Rel_left_GaloisI])
+ (auto elim!: tpdfr.left_GaloisE intro!: iffD2[OF left_Galois_iff_Fun_Rel_left_GaloisI])
+
+
+subparagraph \<open>Simplification of Restricted Function Relator\<close>
+
+lemma Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_Galois_if_reflexive_onI:
+ assumes "reflexive_on (in_field tfr.tdfr.L) tfr.tdfr.L"
+ and "reflexive_on (in_field tfr.tdfr.R) tfr.tdfr.R"
+ and "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> = ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (auto simp only: tpdfr.left_rel_eq_tdfr_left_rel_if_reflexive_on
+ tpdfr.right_rel_eq_tdfr_right_rel_if_reflexive_on
+ intro!: tfr.Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_GaloisI)
+
+lemma Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>R2\<^esub>)"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> = ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> (\<^bsub>L2\<^esub>\<lessapprox>))"
+ using assms by (intro
+ Fun_Rel_left_Galois_restrict_left_right_eq_Fun_Rel_left_Galois_if_reflexive_onI
+ tfr.reflexive_on_in_field_leftI
+ flip.tfr.reflexive_on_in_field_leftI)
+ auto
+
+
+text \<open>Simplification of Restricted Function Relator for Nested Transports\<close>
+
+lemma Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq:
+ fixes S :: "'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ shows "((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> S\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L2\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R2\<^esub>)\<^esub>)\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub> =
+ ((\<^bsub>L1\<^esub>\<lessapprox>) \<Rrightarrow> S)\<restriction>\<^bsub>in_dom (\<le>\<^bsub>L\<^esub>)\<^esub>\<upharpoonleft>\<^bsub>in_codom (\<le>\<^bsub>R\<^esub>)\<^esub>"
+ using assms
+ by (intro tpdfr.Dep_Fun_Rel_left_Galois_restrict_left_right_restrict_left_right_eq)
+ simp_all
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Monotone.thy b/thys/Transport/Transport/Functions/Transport_Functions_Monotone.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Monotone.thy
@@ -0,0 +1,174 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Monotonicity\<close>
+theory Transport_Functions_Monotone
+ imports
+ Transport_Functions_Base
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma mono_wrt_rel_leftI:
+ assumes mono_r1: "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and mono_l2: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and R2_le1: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and R2_l2_le1: "\<And>x1' x2' y. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x1' (r1 x1')\<^esub> y)"
+ and ge_R2_l2_le2: "\<And>x1' x2' y. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<ge>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub> y)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+proof (intro dep_mono_wrt_relI flip.left_relI)
+ fix f1 f2 x1' x2' assume [iff]: "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ with mono_r1 have "r1 x1' \<le>\<^bsub>L1\<^esub> r1 x2'" (is "?x1 \<le>\<^bsub>L1\<^esub> ?x2") by blast
+ moreover assume "f1 \<le>\<^bsub>L\<^esub> f2"
+ ultimately have "f1 ?x1 \<le>\<^bsub>L2 ?x1 ?x2\<^esub> f2 ?x2" (is "?y1 \<le>\<^bsub>L2 ?x1 ?x2\<^esub> ?y2") by blast
+ with mono_l2 have "l2\<^bsub>x2' ?x1\<^esub> ?y1 \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub> l2\<^bsub>x2' ?x1\<^esub> ?y2" by blast
+ with R2_le1 have "l2\<^bsub>x2' ?x1\<^esub> ?y1 \<le>\<^bsub>R2 x1' x2'\<^esub> l2\<^bsub>x2' ?x1\<^esub> ?y2" by blast
+ with R2_l2_le1 have "l2\<^bsub>x1' ?x1\<^esub> ?y1 \<le>\<^bsub>R2 x1' x2'\<^esub> l2\<^bsub>x2' ?x1\<^esub> ?y2"
+ using \<open>?y1 \<le>\<^bsub>L2 ?x1 ?x2\<^esub> _\<close> by blast
+ with ge_R2_l2_le2 have "l2\<^bsub>x1' ?x1\<^esub> ?y1 \<le>\<^bsub>R2 x1' x2'\<^esub> l2\<^bsub>x2' ?x2\<^esub> ?y2"
+ using \<open>_ \<le>\<^bsub>L2 ?x1 ?x2\<^esub> ?y2\<close> by blast
+ then show "l f1 x1' \<le>\<^bsub>R2 x1' x2'\<^esub> l f2 x2'" by simp
+qed
+
+lemma mono_wrt_rel_left_in_dom_mono_left_assm:
+ assumes "([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>))
+ (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ and "in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y"
+ shows "(\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x1' (r1 x1')\<^esub> y)"
+ using assms by blast
+
+lemma mono_wrt_rel_left_in_codom_mono_left_assm:
+ assumes "([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>))
+ (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ and "in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) y"
+ shows "(\<ge>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub> y) \<le> (\<ge>\<^bsub>R2 x1' x2'\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub> y)"
+ using assms by blast
+
+lemma mono_wrt_rel_left_if_transitiveI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ using assms by (intro mono_wrt_rel_leftI
+ mono_wrt_rel_left_in_dom_mono_left_assm
+ mono_wrt_rel_left_in_codom_mono_left_assm)
+ auto
+
+lemma mono_wrt_rel_left2_if_mono_wrt_rel_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>)"
+ shows "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ using assms by (intro dep_mono_wrt_relI) fastforce
+
+interpretation flip_inv :
+ transport_Dep_Fun_Rel "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 "flip2 R2" "flip2 L2" r2 l2
+ rewrites "flip_inv.R \<equiv> (\<ge>\<^bsub>L\<^esub>)" and "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)"
+ and "flip_inv.t1.counit \<equiv> \<eta>\<^sub>1"
+ and "\<And>R x y. (flip2 R x y)\<inverse> \<equiv> R y x"
+ and "\<And>R x1 x2. in_dom (flip2 R x1 x2) \<equiv> in_codom (R x2 x1)"
+ and "\<And>R x1 x2. in_codom (flip2 R x1 x2) \<equiv> in_dom (R x2 x1)"
+ and "\<And>R S. (R\<inverse> \<Rrightarrow>\<^sub>m S\<inverse>) \<equiv> (R \<Rrightarrow>\<^sub>m S)"
+ and "\<And>x1 x2 x1' x2'. (flip2 R2 x1' x2' \<Rrightarrow>\<^sub>m flip2 L2 x1 x2) \<equiv>
+ ((\<le>\<^bsub>R2 x2' x1'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x2 x1\<^esub>))"
+ and "\<And>x1 x2 x3 x4. flip2 L2 x1 x2 \<le> flip2 L2 x3 x4 \<equiv> (\<le>\<^bsub>L2 x2 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x4 x3\<^esub>)"
+ and "\<And>x1' x2' y1 y2.
+ flip_inv.dfro2.right_infix y1 x1' x2' \<le> flip_inv.dfro2.right_infix y2 x1' x2' \<equiv>
+ (\<ge>\<^bsub>L2 x2' x1'\<^esub>) y1 \<le> (\<ge>\<^bsub>L2 x2' x1'\<^esub>) y2"
+ and "\<And>P x1 x2. ([P] \<Rrightarrow> flip2 L2 x1 x2) \<equiv> ([P] \<Rrightarrow> (\<ge>\<^bsub>L2 x2 x1\<^esub>))"
+ and "\<And>P R. ([P] \<Rrightarrow> R\<inverse>) \<equiv> ([P] \<Rrightarrow> R)\<inverse>"
+ and "\<And>x1 x2. transitive (flip2 L2 x1 x2) \<equiv> transitive (\<le>\<^bsub>L2 x2 x1\<^esub>)"
+ by (simp_all add: flip_inv_left_eq_ge_right flip_inv_right_eq_ge_left
+ t1.flip_counit_eq_unit del: rel_inv_iff_rel)
+
+lemma mono_wrt_rel_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<ge>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub> y')"
+ and "\<And>x1 x2 y'. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) y' \<Longrightarrow>
+ (\<le>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub> y') \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>) (r2\<^bsub>x1 (l1 x1)\<^esub> y')"
+ shows "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ using assms by (intro flip_inv.mono_wrt_rel_leftI[simplified rel_inv_iff_rel])
+
+lemma mono_wrt_rel_right_if_transitiveI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>R\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L\<^esub>)) r"
+ using assms by (intro flip_inv.mono_wrt_rel_left_if_transitiveI
+ [simplified rel_inv_iff_rel])
+
+lemma mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI:
+ assumes assms1: "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1" "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and mono_r2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ shows "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+proof -
+ show "((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)" if "x1 \<le>\<^bsub>L1\<^esub> x2" for x1 x2
+ proof -
+ from \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x2"
+ using assms1 by (intro t1.left_Galois_left_if_left_relI) blast
+ with mono_r2 show ?thesis by auto
+ qed
+qed
+
+end
+
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+lemma mono_wrt_rel_leftI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ using assms by (intro tdfr.mono_wrt_rel_leftI) simp_all
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+lemmas mono_wrt_rel_leftI = mono_wrt_rel_Refl_Rel_Refl_Rel_if_mono_wrt_rel
+ [of tdfr.L tdfr.R l, folded transport_defs]
+
+end
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+lemmas mono_wrt_rel_leftI = tpdfr.mono_wrt_rel_leftI[OF tfr.mono_wrt_rel_leftI]
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Order_Base.thy b/thys/Transport/Transport/Functions/Transport_Functions_Order_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Order_Base.thy
@@ -0,0 +1,428 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basic Order Properties\<close>
+theory Transport_Functions_Order_Base
+ imports
+ Transport_Functions_Base
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context hom_Dep_Fun_Rel_orders
+begin
+
+lemma reflexive_on_in_domI:
+ assumes refl_L: "reflexive_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and R_le_R_if_L: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x2 x2\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and pequiv_R: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "reflexive_on (in_dom DFR) DFR"
+proof (intro reflexive_onI Dep_Fun_Rel_relI)
+ fix f x1 x2
+ assume "in_dom DFR f"
+ then obtain g where "DFR f g" by auto
+ moreover assume "x1 \<le>\<^bsub>L\<^esub> x2"
+ moreover with refl_L have "x2 \<le>\<^bsub>L\<^esub> x2" by blast
+ ultimately have "f x1 \<le>\<^bsub>R x1 x2\<^esub> g x2" "f x2 \<le>\<^bsub>R x1 x2\<^esub> g x2"
+ using R_le_R_if_L by auto
+ moreover with pequiv_R \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> have "g x2 \<le>\<^bsub>R x1 x2\<^esub> f x2"
+ by (blast dest: symmetricD)
+ ultimately show "f x1 \<le>\<^bsub>R x1 x2\<^esub> f x2" using pequiv_R \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+qed
+
+lemma reflexive_on_in_codomI:
+ assumes refl_L: "reflexive_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and R_le_R_if_L: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x1\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and pequiv_R: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "reflexive_on (in_codom DFR) DFR"
+proof (intro reflexive_onI Dep_Fun_Rel_relI)
+ fix f x1 x2
+ assume "in_codom DFR f"
+ then obtain g where "DFR g f" by auto
+ moreover assume "x1 \<le>\<^bsub>L\<^esub> x2"
+ moreover with refl_L have "x1 \<le>\<^bsub>L\<^esub> x1" by blast
+ ultimately have "g x1 \<le>\<^bsub>R x1 x2\<^esub> f x2" "g x1 \<le>\<^bsub>R x1 x2\<^esub> f x1"
+ using R_le_R_if_L by auto
+ moreover with pequiv_R \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> have "f x1 \<le>\<^bsub>R x1 x2\<^esub> g x1"
+ by (blast dest: symmetricD)
+ ultimately show "f x1 \<le>\<^bsub>R x1 x2\<^esub> f x2" using pequiv_R \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+qed
+
+corollary reflexive_on_in_fieldI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x2 x2\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x1\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "reflexive_on (in_field DFR) DFR"
+proof -
+ from assms have "reflexive_on (in_dom DFR) DFR"
+ by (intro reflexive_on_in_domI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_codom)
+ moreover from assms have "reflexive_on (in_codom DFR) DFR"
+ by (intro reflexive_on_in_codomI)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+ ultimately show ?thesis by (auto iff: in_field_iff_in_dom_or_in_codom)
+qed
+
+lemma transitiveI:
+ assumes refl_L: "reflexive_on (in_dom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and R_le_R_if_L: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x1\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and trans: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "transitive DFR"
+proof (intro transitiveI Dep_Fun_Rel_relI)
+ fix f1 f2 f3 x1 x2 assume "x1 \<le>\<^bsub>L\<^esub> x2"
+ with refl_L have "x1 \<le>\<^bsub>L\<^esub> x1" by blast
+ moreover assume "DFR f1 f2"
+ ultimately have "f1 x1 \<le>\<^bsub>R x1 x1\<^esub> f2 x1" by blast
+ with R_le_R_if_L have "f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f2 x1" using \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+ assume "DFR f2 f3"
+ with \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> have "f2 x1 \<le>\<^bsub>R x1 x2\<^esub> f3 x2" by blast
+ with \<open>f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f2 x1\<close> show "f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f3 x2"
+ using trans \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+qed
+
+lemma transitiveI':
+ assumes refl_L: "reflexive_on (in_codom (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and R_le_R_if_L: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x2 x2\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and trans: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "transitive DFR"
+proof (intro Binary_Relations_Transitive.transitiveI Dep_Fun_Rel_relI)
+ fix f1 f2 f3 x1 x2 assume "DFR f1 f2" "x1 \<le>\<^bsub>L\<^esub> x2"
+ then have "f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f2 x2" by blast
+ from \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> refl_L have "x2 \<le>\<^bsub>L\<^esub> x2" by blast
+ moreover assume "DFR f2 f3"
+ ultimately have "f2 x2 \<le>\<^bsub>R x2 x2\<^esub> f3 x2" by blast
+ with R_le_R_if_L have "f2 x2 \<le>\<^bsub>R x1 x2\<^esub> f3 x2" using \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+ with \<open>f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f2 x2\<close> show "f1 x1 \<le>\<^bsub>R x1 x2\<^esub> f3 x2"
+ using trans \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> by blast
+qed
+
+lemma preorder_on_in_fieldI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x2 x2\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x1\<^esub>) \<le> (\<le>\<^bsub>R x1 x2\<^esub>)"
+ and pequiv_R: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "preorder_on (in_field DFR) DFR"
+ using assms by (intro preorder_onI reflexive_on_in_fieldI)
+ (auto intro!: transitiveI dest: pequiv_R elim!: partial_equivalence_relE)
+
+lemma symmetricI:
+ assumes sym_L: "symmetric (\<le>\<^bsub>L\<^esub>)"
+ and R_le_R_if_L: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>R x1 x2\<^esub>) \<le> (\<le>\<^bsub>R x2 x1\<^esub>)"
+ and sym_R: "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> symmetric (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "symmetric DFR"
+proof (intro symmetricI Dep_Fun_Rel_relI)
+ fix f g x y assume "x \<le>\<^bsub>L\<^esub> y"
+ with sym_L have "y \<le>\<^bsub>L\<^esub> x" by (rule symmetricD)
+ moreover assume "DFR f g"
+ ultimately have "f y \<le>\<^bsub>R y x\<^esub> g x" by blast
+ with sym_R \<open>y \<le>\<^bsub>L\<^esub> x\<close> have "g x \<le>\<^bsub>R y x\<^esub> f y" by (blast dest: symmetricD)
+ with R_le_R_if_L \<open>y \<le>\<^bsub>L\<^esub> x\<close> show "g x \<le>\<^bsub>R x y\<^esub> f y" by blast
+qed
+
+corollary partial_equivalence_relI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and sym_L: "symmetric (\<le>\<^bsub>L\<^esub>)"
+ and mono_R: "([x1 x2 \<Colon> (\<le>\<^bsub>L\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L\<^esub>) | x1 \<le>\<^bsub>L\<^esub> x3] \<Rrightarrow> (\<le>)) R"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R x1 x2\<^esub>)"
+ shows "partial_equivalence_rel DFR"
+proof -
+ have "(\<le>\<^bsub>R x1 x2\<^esub>) \<le> (\<le>\<^bsub>R x2 x1\<^esub>)" if "x1 \<le>\<^bsub>L\<^esub> x2" for x1 x2
+ proof -
+ from sym_L \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> have "x2 \<le>\<^bsub>L\<^esub> x1" by (rule symmetricD)
+ with mono_R \<open>x1 \<le>\<^bsub>L\<^esub> x2\<close> show ?thesis by blast
+ qed
+ with assms show ?thesis
+ by (intro partial_equivalence_relI transitiveI symmetricI)
+ (auto elim: partial_equivalence_relE[OF assms(4)])
+qed
+
+end
+
+context transport_Dep_Fun_Rel
+begin
+
+lemmas reflexive_on_in_field_leftI = dfro1.reflexive_on_in_fieldI
+ [folded left_rel_eq_Dep_Fun_Rel]
+lemmas transitive_leftI = dfro1.transitiveI[folded left_rel_eq_Dep_Fun_Rel]
+lemmas transitive_leftI' = dfro1.transitiveI'[folded left_rel_eq_Dep_Fun_Rel]
+lemmas preorder_on_in_field_leftI = dfro1.preorder_on_in_fieldI
+ [folded left_rel_eq_Dep_Fun_Rel]
+lemmas symmetric_leftI = dfro1.symmetricI[folded left_rel_eq_Dep_Fun_Rel]
+lemmas partial_equivalence_rel_leftI = dfro1.partial_equivalence_relI
+ [folded left_rel_eq_Dep_Fun_Rel]
+
+
+subparagraph \<open>Introduction Rules for Assumptions\<close>
+
+lemma transitive_left2_if_transitive_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and L2_eq: "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> transitive (\<le>\<^bsub>L2 x (r1 x')\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ by (subst L2_eq) (auto intro!: assms t1.left_Galois_left_if_left_relI)
+
+lemma symmetric_left2_if_symmetric_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and L2_eq: "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> symmetric (\<le>\<^bsub>L2 x (r1 x')\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "symmetric (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ by (subst L2_eq) (auto intro!: assms t1.left_Galois_left_if_left_relI)
+
+lemma partial_equivalence_rel_left2_if_partial_equivalence_rel_left2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and L2_eq: "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>L2 x (r1 x')\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ by (subst L2_eq) (auto intro!: assms t1.left_Galois_left_if_left_relI)
+
+context
+ assumes galois_prop: "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+begin
+
+interpretation flip_inv :
+ transport_Dep_Fun_Rel "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 "flip2 R2" "flip2 L2" r2 l2
+ rewrites "flip_inv.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ and "\<And>R x y. (flip2 R x y) \<equiv> (R y x)\<inverse>"
+ and "\<And>R S. R\<inverse> = S\<inverse> \<equiv> R = S"
+ and "\<And>R S. (R\<inverse> \<Rrightarrow>\<^sub>m S\<inverse>) \<equiv> (R \<Rrightarrow>\<^sub>m S)"
+ and "\<And>x x'. x' \<^bsub>R1\<^esub>\<greaterapprox> x \<equiv> x \<^bsub>L1\<^esub>\<lessapprox> x'"
+ and "((\<ge>\<^bsub>R1\<^esub>) \<unlhd>\<^sub>h (\<ge>\<^bsub>L1\<^esub>)) r1 l1 \<equiv> True"
+ and "\<And>R. transitive R\<inverse> \<equiv> transitive R"
+ and "\<And>R. symmetric R\<inverse> \<equiv> symmetric R"
+ and "\<And>R. partial_equivalence_rel R\<inverse> \<equiv> partial_equivalence_rel R"
+ and "\<And>P. (True \<Longrightarrow> P) \<equiv> Trueprop P"
+ and "\<And>P Q. (True \<Longrightarrow> PROP P \<Longrightarrow> PROP Q) \<equiv> (PROP P \<Longrightarrow> True \<Longrightarrow> PROP Q)"
+ using galois_prop
+ by (auto intro!: Eq_TrueI simp add: t1.flip_unit_eq_counit
+ galois_prop.half_galois_prop_right_rel_inv_iff_half_galois_prop_left
+ simp del: rel_inv_iff_rel)
+
+lemma transitive_right2_if_transitive_right2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "(\<le>\<^bsub>R2 x1 x2\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1) x2\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> transitive (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)"
+ and "x1 \<le>\<^bsub>R1\<^esub> x2"
+ shows "transitive (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ using galois_prop assms
+ by (intro flip_inv.transitive_left2_if_transitive_left2_if_left_GaloisI
+ [simplified rel_inv_iff_rel, of x1])
+ auto
+
+lemma symmetric_right2_if_symmetric_right2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "(\<le>\<^bsub>R2 x1 x2\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1) x2\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> symmetric (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)"
+ and "x1 \<le>\<^bsub>R1\<^esub> x2"
+ shows "symmetric (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ using galois_prop assms
+ by (intro flip_inv.symmetric_left2_if_symmetric_left2_if_left_GaloisI
+ [simplified rel_inv_iff_rel, of x1])
+ auto
+
+lemma partial_equivalence_rel_right2_if_partial_equivalence_rel_right2_if_left_GaloisI:
+ assumes "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "(\<le>\<^bsub>R2 x1 x2\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1) x2\<^esub>)"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)"
+ and "x1 \<le>\<^bsub>R1\<^esub> x2"
+ shows "partial_equivalence_rel (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ using galois_prop assms
+ by (intro flip_inv.partial_equivalence_rel_left2_if_partial_equivalence_rel_left2_if_left_GaloisI
+ [simplified rel_inv_iff_rel, of x1])
+ auto
+
+end
+
+lemma transitive_left2_if_preorder_equivalenceI:
+ assumes pre_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> pre_equiv1 have "x2 \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ by (intro left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro transitive_left2_if_transitive_left2_if_left_GaloisI[of x1]) blast+
+qed
+
+lemma symmetric_left2_if_partial_equivalence_rel_equivalenceI:
+ assumes PER_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "symmetric (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> PER_equiv1 have "x2 \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ by (intro left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro symmetric_left2_if_symmetric_left2_if_left_GaloisI[of x1]) blast+
+qed
+
+lemma partial_equivalence_rel_left2_if_partial_equivalence_rel_equivalenceI:
+ assumes PER_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> PER_equiv1 have "x2 \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>L2 x1 x2\<^esub>) = (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)"
+ by (intro left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro partial_equivalence_rel_left2_if_partial_equivalence_rel_left2_if_left_GaloisI[of x1])
+ blast+
+qed
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.t1.counit \<equiv> \<eta>\<^sub>1" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ by (simp_all only: t1.flip_counit_eq_unit t1.flip_unit_eq_counit)
+
+lemma transitive_right2_if_preorder_equivalenceI:
+ assumes pre_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ shows "transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+proof -
+ from \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> pre_equiv1 have "x1' \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x1'"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>R2 x1' x2'\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)"
+ by (intro flip.left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro transitive_right2_if_transitive_right2_if_left_GaloisI[of x1']) blast+
+qed
+
+lemma symmetric_right2_if_partial_equivalence_rel_equivalenceI:
+ assumes PER_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ shows "symmetric (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+proof -
+ from \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> PER_equiv1 have "x1' \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x1'"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>R2 x1' x2'\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)"
+ by (intro flip.left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro symmetric_right2_if_symmetric_right2_if_left_GaloisI[of x1']) blast+
+qed
+
+lemma partial_equivalence_rel_right2_if_partial_equivalence_rel_equivalenceI:
+ assumes PER_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ shows "partial_equivalence_rel (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+proof -
+ from \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close> PER_equiv1 have "x1' \<equiv>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x1'"
+ by (blast elim: t1.preorder_equivalence_order_equivalenceE
+ intro: bi_related_if_rel_equivalence_on)
+ with assms have "(\<le>\<^bsub>R2 x1' x2'\<^esub>) = (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>)"
+ by (intro flip.left2_eq_if_bi_related_if_monoI) blast+
+ with assms show ?thesis
+ by (intro partial_equivalence_rel_right2_if_partial_equivalence_rel_right2_if_left_GaloisI[of x1'])
+ blast+
+qed
+
+end
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+lemma reflexive_on_in_field_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ shows "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.reflexive_on_in_field_leftI) simp_all
+
+lemma transitive_leftI:
+ assumes "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "transitive (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.transitive_leftI) simp_all
+
+lemma transitive_leftI':
+ assumes "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "transitive (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.transitive_leftI') simp_all
+
+lemma preorder_on_in_field_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ shows "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.preorder_on_in_field_leftI) simp_all
+
+lemma symmetric_leftI:
+ assumes "symmetric (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>L2\<^esub>)"
+ shows "symmetric (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.symmetric_leftI) simp_all
+
+corollary partial_equivalence_rel_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>L1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tdfr.partial_equivalence_rel_leftI) auto
+
+end
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+lemmas reflexive_on_in_field_leftI = Refl_Rel_reflexive_on_in_field[of tdfr.L,
+ folded left_rel_eq_tdfr_left_Refl_Rel]
+lemmas transitive_leftI = Refl_Rel_transitiveI
+ [of tdfr.L, folded left_rel_eq_tdfr_left_Refl_Rel]
+lemmas preorder_on_in_field_leftI = Refl_Rel_preorder_on_in_fieldI[of tdfr.L,
+ folded left_rel_eq_tdfr_left_Refl_Rel]
+lemmas symmetric_leftI = Refl_Rel_symmetricI[of tdfr.L,
+ OF tdfr.symmetric_leftI, folded left_rel_eq_tdfr_left_Refl_Rel]
+lemmas partial_equivalence_rel_leftI = Refl_Rel_partial_equivalence_relI[of tdfr.L,
+ OF tdfr.partial_equivalence_rel_leftI, folded left_rel_eq_tdfr_left_Refl_Rel]
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+lemma symmetric_leftI:
+ assumes "symmetric (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>L2\<^esub>)"
+ shows "symmetric (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tpdfr.symmetric_leftI) auto
+
+lemma partial_equivalence_rel_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "symmetric (\<le>\<^bsub>L1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ shows "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ using assms by (intro tpdfr.partial_equivalence_rel_leftI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Order_Equivalence.thy b/thys/Transport/Transport/Functions/Transport_Functions_Order_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Order_Equivalence.thy
@@ -0,0 +1,725 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order Equivalence\<close>
+theory Transport_Functions_Order_Equivalence
+ imports
+ Transport_Functions_Monotone
+ Transport_Functions_Galois_Equivalence
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+subparagraph \<open>Inflationary\<close>
+
+lemma rel_unit_self_if_rel_selfI:
+ assumes inflationary_unit1: "inflationary_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and refl_L1: "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and mono_l2: "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and mono_r2: "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and inflationary_unit2: "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ inflationary_on (in_codom (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and L2_le1: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and L2_unit_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and ge_R2_l2_le2: "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and trans_L2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ shows "f \<le>\<^bsub>L\<^esub> \<eta> f"
+proof (intro left_relI)
+ fix x1 x2 assume [iff]: "x1 \<le>\<^bsub>L1\<^esub> x2"
+ moreover with inflationary_unit1 have "x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" by blast
+ ultimately have "x1 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" using trans_L1 by blast
+ with \<open>f \<le>\<^bsub>L\<^esub> f\<close> have "f x1 \<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub> f (\<eta>\<^sub>1 x2)" by blast
+ with L2_unit_le2 have "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> f (\<eta>\<^sub>1 x2)" by blast
+ moreover have "... \<le>\<^bsub>L2 x1 x2\<^esub> \<eta> f x2"
+ proof -
+ from refl_L1 \<open>x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2\<close> have "\<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2" by blast
+ with \<open>f \<le>\<^bsub>L\<^esub> f\<close> have "f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 (\<eta>\<^sub>1 x2) (\<eta>\<^sub>1 x2)\<^esub> f (\<eta>\<^sub>1 x2)" by blast
+ with L2_le1 have "f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 (\<eta>\<^sub>1 x2)\<^esub> f (\<eta>\<^sub>1 x2)"
+ using \<open>x2 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x2\<close> by blast
+ moreover from refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have [iff]: "x2 \<le>\<^bsub>L1\<^esub> x2" by blast
+ ultimately have "f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 x2\<^esub> f (\<eta>\<^sub>1 x2)" using L2_unit_le2 by blast
+ with inflationary_unit2 have "f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 x2\<^esub> \<eta>\<^bsub>2 x2 (l1 x2)\<^esub> (f (\<eta>\<^sub>1 x2))" by blast
+ moreover have "... \<le>\<^bsub>L2 x2 x2\<^esub> \<eta> f x2"
+ proof -
+ from \<open>f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 x2\<^esub> f (\<eta>\<^sub>1 x2)\<close> mono_l2
+ have "l2\<^bsub>(l1 x2) x2\<^esub> (f (\<eta>\<^sub>1 x2)) \<le>\<^bsub>R2 (l1 x2) (l1 x2)\<^esub> l2\<^bsub>(l1 x2) x2\<^esub> (f (\<eta>\<^sub>1 x2))"
+ by blast
+ with ge_R2_l2_le2
+ have "l2\<^bsub>(l1 x2) x2\<^esub> (f (\<eta>\<^sub>1 x2)) \<le>\<^bsub>R2 (l1 x2) (l1 x2)\<^esub> l2\<^bsub>(l1 x2) (\<eta>\<^sub>1 x2)\<^esub> (f (\<eta>\<^sub>1 x2))"
+ using \<open>f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 (\<eta>\<^sub>1 x2)\<^esub> f (\<eta>\<^sub>1 x2)\<close> by blast
+ with mono_r2 have "\<eta>\<^bsub>2 x2 (l1 x2)\<^esub> (f (\<eta>\<^sub>1 x2)) \<le>\<^bsub>L2 x2 (\<eta>\<^sub>1 x2)\<^esub> \<eta> f x2"
+ by auto
+ with L2_unit_le2 show ?thesis by blast
+ qed
+ ultimately have "f (\<eta>\<^sub>1 x2) \<le>\<^bsub>L2 x2 x2\<^esub> \<eta> f x2" using trans_L2 by blast
+ with L2_le1 show ?thesis by blast
+ qed
+ ultimately show "f x1 \<le>\<^bsub>L2 x1 x2\<^esub> \<eta> f x2" using trans_L2 by blast
+qed
+
+subparagraph \<open>Deflationary\<close>
+
+interpretation flip_inv :
+ transport_Dep_Fun_Rel "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1 "flip2 R2" "flip2 L2" r2 l2
+ rewrites "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)" and "flip_inv.R \<equiv> (\<ge>\<^bsub>L\<^esub>)"
+ and "flip_inv.unit \<equiv> \<epsilon>"
+ and "flip_inv.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ and "\<And>x y. flip_inv.t2_unit x y \<equiv> \<epsilon>\<^bsub>2 y x\<^esub>"
+ and "\<And>R x y. (flip2 R x y)\<inverse> \<equiv> R y x"
+ and "\<And>R. in_codom R\<inverse> \<equiv> in_dom R"
+ and "\<And>R x1 x2. in_codom (flip2 R x1 x2) \<equiv> in_dom (R x2 x1)"
+ and "\<And>x1 x2 x1' x2'. (flip2 R2 x1' x2' \<Rrightarrow>\<^sub>m flip2 L2 x1 x2) \<equiv> ((\<le>\<^bsub>R2 x2' x1'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x2 x1\<^esub>))"
+ and "\<And>x1 x2 x1' x2'. (flip2 L2 x1 x2 \<Rrightarrow>\<^sub>m flip2 R2 x1' x2') \<equiv> ((\<le>\<^bsub>L2 x2 x1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 x2' x1'\<^esub>))"
+ and "\<And>P. inflationary_on P (\<ge>\<^bsub>R1\<^esub>) \<equiv> deflationary_on P (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>P x. inflationary_on P (flip2 R2 x x) \<equiv> deflationary_on P (\<le>\<^bsub>R2 x x\<^esub>)"
+ and "\<And>x1 x2 x3 x4. flip2 R2 x1 x2 \<le> flip2 R2 x3 x4 \<equiv> (\<le>\<^bsub>R2 x2 x1\<^esub>) \<le> (\<le>\<^bsub>R2 x4 x3\<^esub>)"
+ and "\<And>(R :: 'z \<Rightarrow> _) (P :: 'z \<Rightarrow> bool). reflexive_on P R\<inverse> \<equiv> reflexive_on P R"
+ and "\<And>R. transitive R\<inverse> \<equiv> transitive R"
+ and "\<And>x1' x2'. transitive (flip2 R2 x1' x2') \<equiv> transitive (\<le>\<^bsub>R2 x2' x1'\<^esub>)"
+ by (simp_all add: flip_inv_left_eq_ge_right flip_inv_right_eq_ge_left
+ flip_unit_eq_counit t1.flip_unit_eq_counit t2.flip_unit_eq_counit
+ galois_prop.rel_inv_half_galois_prop_right_eq_half_galois_prop_left_rel_inv)
+
+lemma counit_rel_self_if_rel_selfI:
+ assumes "deflationary_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>)"
+ and "\<And>x' x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> ((\<le>\<^bsub>R2 x' x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> deflationary_on (in_dom (\<le>\<^bsub>R2 x' x'\<^esub>)) (\<le>\<^bsub>R2 x' x'\<^esub>) (\<epsilon>\<^bsub>2 (r1 x') x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "\<epsilon> g \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro flip_inv.rel_unit_self_if_rel_selfI[simplified rel_inv_iff_rel])
+
+
+subparagraph \<open>Relational Equivalence\<close>
+
+lemma bi_related_unit_self_if_rel_self_aux:
+ assumes rel_equiv_unit1: "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and mono_r2: "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and rel_equiv_unit2: "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ rel_equivalence_on (in_field (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and L2_le1: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and L2_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and [iff]: "x \<le>\<^bsub>L1\<^esub> x"
+ shows "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "deflationary_on (in_dom (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) \<eta>\<^bsub>2 x (l1 x)\<^esub>"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) \<eta>\<^bsub>2 x (l1 x)\<^esub>"
+proof -
+ from rel_equiv_unit1 have "x \<equiv>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x" by blast
+ with mono_r2 show "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ using L2_le1 L2_le2 by blast+
+qed (insert rel_equiv_unit2, blast+)
+
+interpretation flip : transport_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.counit \<equiv> \<eta>" and "flip.t1.counit \<equiv> \<eta>\<^sub>1"
+ and "\<And>x y. flip.t2_counit x y \<equiv> \<eta>\<^bsub>2 y x\<^esub>"
+ by (simp_all add: order_functors.flip_counit_eq_unit)
+
+lemma bi_related_unit_self_if_rel_selfI:
+ assumes rel_equiv_unit1: "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow>
+ rel_equivalence_on (in_field (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x1) x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ shows "f \<equiv>\<^bsub>L\<^esub> \<eta> f"
+proof -
+ from rel_equiv_unit1 trans_L1 have "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ by (intro reflexive_on_in_field_if_transitive_if_rel_equivalence_on)
+ with assms show ?thesis
+ by (intro bi_relatedI rel_unit_self_if_rel_selfI
+ flip.counit_rel_self_if_rel_selfI
+ bi_related_unit_self_if_rel_self_aux)
+ (auto intro: inflationary_on_if_le_pred_if_inflationary_on
+ deflationary_on_if_le_pred_if_deflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom)
+qed
+
+
+subparagraph \<open>Lemmas for Monotone Function Relator\<close>
+
+lemma order_equivalence_if_order_equivalence_mono_assms_leftI:
+ assumes order_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_R1: "reflexive_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and R2_counit_le1: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and mono_l2: "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and [iff]: "x1' \<le>\<^bsub>R1\<^esub> x2'"
+ shows "([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+proof -
+ from refl_R1 have "x1' \<le>\<^bsub>R1\<^esub> x1'" "x2' \<le>\<^bsub>R1\<^esub> x2'" by auto
+ moreover with order_equiv1
+ have "r1 x1' \<le>\<^bsub>L1\<^esub> r1 x2'" "r1 x1' \<le>\<^bsub>L1\<^esub> r1 x1'" "r1 x2' \<le>\<^bsub>L1\<^esub> r1 x2'" by auto
+ ultimately have "r1 x1' \<^bsub>L1\<^esub>\<lessapprox> x1'" "r1 x2' \<^bsub>L1\<^esub>\<lessapprox> x2'" by blast+
+ note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_l2 \<open>x1' \<le>\<^bsub>R1\<^esub> x2'\<close>]
+ \<open>r1 x1' \<le>\<^bsub>L1\<^esub> r1 x1'\<close>]
+ with \<open>r1 x1' \<^bsub>L1\<^esub>\<lessapprox> x1'\<close> R2_counit_le1
+ show "([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ by (intro Dep_Fun_Rel_predI) (auto dest!: in_field_if_in_dom)
+ note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_l2 \<open>x2' \<le>\<^bsub>R1\<^esub> x2'\<close>]
+ \<open>r1 x1' \<le>\<^bsub>L1\<^esub> r1 x2'\<close>]
+ with \<open>r1 x2' \<^bsub>L1\<^esub>\<lessapprox> x2'\<close> R2_counit_le1
+ show "([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ by (intro Dep_Fun_Rel_predI) (auto dest!: in_field_if_in_codom)
+qed
+
+lemma order_equivalence_if_order_equivalence_mono_assms_rightI:
+ assumes order_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and refl_L1: "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and L2_unit_le2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and [iff]: "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+proof -
+ from refl_L1 have "x1 \<le>\<^bsub>L1\<^esub> x1" "x2 \<le>\<^bsub>L1\<^esub> x2" by auto
+ moreover with order_equiv1
+ have "l1 x1 \<le>\<^bsub>R1\<^esub> l1 x2" "l1 x1 \<le>\<^bsub>R1\<^esub> l1 x1" "l1 x2 \<le>\<^bsub>R1\<^esub> l1 x2" by auto
+ ultimately have "x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x1" "x2 \<^bsub>L1\<^esub>\<lessapprox> l1 x2" using order_equiv1
+ by (auto intro!: t1.left_Galois_left_if_in_codom_if_inflationary_onI)
+ note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>]
+ \<open>l1 x2 \<le>\<^bsub>R1\<^esub> l1 x2\<close>]
+ with \<open>x2 \<^bsub>L1\<^esub>\<lessapprox> l1 x2\<close> L2_unit_le2
+ show "([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ by (intro Dep_Fun_Rel_predI) (auto dest!: in_field_if_in_codom)
+ note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>x1 \<le>\<^bsub>L1\<^esub> x1\<close>]
+ \<open>l1 x1 \<le>\<^bsub>R1\<^esub> l1 x2\<close>]
+ with \<open>x1 \<^bsub>L1\<^esub>\<lessapprox> l1 x1\<close> L2_unit_le2
+ show "([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ by (intro Dep_Fun_Rel_predI) (auto dest!: in_field_if_in_dom)
+qed
+
+lemma l2_unit_bi_rel_selfI:
+ assumes pre_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and mono_L2:
+ "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and mono_R2:
+ "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | (x2' \<le>\<^bsub>R1\<^esub> x3' \<and> x4' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x3')] \<Rrightarrow> (\<ge>)) R2"
+ and mono_l2: "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "x \<le>\<^bsub>L1\<^esub> x"
+ and "in_field (\<le>\<^bsub>L2 x x\<^esub>) y"
+ shows "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<equiv>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y"
+proof (rule bi_relatedI)
+ note t1.preorder_equivalence_order_equivalenceE[elim!]
+ from \<open>x \<le>\<^bsub>L1\<^esub> x\<close> pre_equiv1 have "l1 x \<le>\<^bsub>R1\<^esub> l1 x" "x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x" "\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x" by blast+
+ with pre_equiv1 have "x \<^bsub>L1\<^esub>\<lessapprox> l1 x" "\<eta>\<^sub>1 x \<^bsub>L1\<^esub>\<lessapprox> l1 x" by (auto 4 3)
+ from pre_equiv1 \<open>x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x\<close> have "x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 (\<eta>\<^sub>1 x)" by fastforce
+ moreover note \<open>in_field (\<le>\<^bsub>L2 x x\<^esub>) y\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_L2 \<open>\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x\<close>] \<open>\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x\<close>]
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_L2 \<open>x \<le>\<^bsub>L1\<^esub> x\<close>] \<open>\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x\<close>]
+ ultimately have "in_field (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) (\<eta>\<^sub>1 x)\<^esub>) y" "in_field (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y"
+ using \<open>x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x\<close> by blast+
+ moreover note \<open>x \<^bsub>L1\<^esub>\<lessapprox> l1 x\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_l2 \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>] \<open>\<eta>\<^sub>1 x \<le>\<^bsub>L1\<^esub> x\<close>]
+ ultimately have "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<le>\<^bsub>R2 (\<epsilon>\<^sub>1 (l1 x)) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y" by auto
+ moreover from pre_equiv1 \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>
+ have "\<epsilon>\<^sub>1 (l1 x) \<le>\<^bsub>R1\<^esub> l1 x" "l1 x \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (l1 x)" by fastforce+
+ moreover note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD
+ [OF mono_R2 \<open>l1 x \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (l1 x)\<close>] \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>]
+ ultimately show "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y" by blast
+ note \<open>\<eta>\<^sub>1 x \<^bsub>L1\<^esub>\<lessapprox> l1 x\<close> \<open>in_field (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_l2 \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close>] \<open>x \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x\<close>]
+ then show "l2\<^bsub>(l1 x) x\<^esub> y \<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y" by auto
+qed
+
+lemma r2_counit_bi_rel_selfI:
+ assumes pre_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and mono_L2:
+ "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and mono_R2:
+ "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | (x2' \<le>\<^bsub>R1\<^esub> x3' \<and> x4' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x3')] \<Rrightarrow> (\<ge>)) R2"
+ and mono_r2: "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "x' \<le>\<^bsub>R1\<^esub> x'"
+ and "in_field (\<le>\<^bsub>R2 x' x'\<^esub>) y'"
+ shows "r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y' \<equiv>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') x'\<^esub> y'"
+proof (rule bi_relatedI)
+ note t1.preorder_equivalence_order_equivalenceE[elim!]
+ from \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close> pre_equiv1 have "r1 x' \<le>\<^bsub>L1\<^esub> r1 x'" "x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'" "\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'" by blast+
+ with pre_equiv1 have "r1 x' \<^bsub>L1\<^esub>\<lessapprox> x'" "r1 x' \<^bsub>L1\<^esub>\<lessapprox> \<epsilon>\<^sub>1 x'" by auto
+ from pre_equiv1 \<open>x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'\<close> have "x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 (\<epsilon>\<^sub>1 x')" by fastforce
+ moreover note \<open>in_field (\<le>\<^bsub>R2 x' x'\<^esub>) y'\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_R2 \<open>\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'\<close>] \<open>\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'\<close>]
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_R2 \<open>\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'\<close>] \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close>]
+ ultimately have "in_field (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') (\<epsilon>\<^sub>1 x')\<^esub>) y'" "in_field (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y'"
+ using \<open>x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'\<close> \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close> by blast+
+ moreover note \<open>r1 x' \<^bsub>L1\<^esub>\<lessapprox> \<epsilon>\<^sub>1 x'\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>] \<open>\<epsilon>\<^sub>1 x' \<le>\<^bsub>R1\<^esub> x'\<close>]
+ ultimately show "r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y' \<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') x'\<^esub> y'" by auto
+ note \<open>r1 x' \<^bsub>L1\<^esub>\<lessapprox> x'\<close> \<open>in_field (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') (\<epsilon>\<^sub>1 x')\<^esub>) y'\<close>
+ Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_r2 \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>] \<open>x' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x'\<close>]
+ then have "r2\<^bsub>(r1 x') x'\<^esub> y' \<le>\<^bsub>L2 (r1 x') (\<eta>\<^sub>1 (r1 x'))\<^esub> r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y'" by auto
+ moreover from pre_equiv1 \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>
+ have "\<eta>\<^sub>1 (r1 x') \<le>\<^bsub>L1\<^esub> r1 x'" "r1 x' \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 (r1 x')" by fastforce+
+ moreover note Dep_Fun_Rel_relD[OF dep_mono_wrt_relD
+ [OF mono_L2 \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close>] \<open>r1 x' \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 (r1 x')\<close>]
+ ultimately show "r2\<^bsub>(r1 x') x'\<^esub> y' \<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y'"
+ using pre_equiv1 by blast
+qed
+
+end
+
+
+paragraph \<open>Function Relator\<close>
+
+context transport_Fun_Rel
+begin
+
+corollary rel_unit_self_if_rel_selfI:
+ assumes "inflationary_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ shows "f \<le>\<^bsub>L\<^esub> \<eta> f"
+ using assms by (intro tdfr.rel_unit_self_if_rel_selfI) simp_all
+
+corollary counit_rel_self_if_rel_selfI:
+ assumes "deflationary_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "deflationary_on (in_dom (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>) \<epsilon>\<^sub>2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ and "g \<le>\<^bsub>R\<^esub> g"
+ shows "\<epsilon> g \<le>\<^bsub>R\<^esub> g"
+ using assms by (intro tdfr.counit_rel_self_if_rel_selfI) simp_all
+
+lemma bi_related_unit_self_if_rel_selfI:
+ assumes "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ and "f \<le>\<^bsub>L\<^esub> f"
+ shows "f \<equiv>\<^bsub>L\<^esub> \<eta> f"
+ using assms by (intro tdfr.bi_related_unit_self_if_rel_selfI) simp_all
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+subparagraph \<open>Inflationary\<close>
+
+lemma inflationary_on_unitI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> inflationary_on (in_codom (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ unfolding left_rel_eq_tdfr_left_Refl_Rel using assms
+ by (intro inflationary_onI Refl_RelI)
+ (auto intro: tdfr.rel_unit_self_if_rel_selfI[simplified unit_eq] elim!: Refl_RelE)
+
+
+subparagraph \<open>Deflationary\<close>
+
+lemma deflationary_on_counitI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "deflationary_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>)) (l2\<^bsub> x' (r1 x')\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ ((\<le>\<^bsub>R2 x' x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> deflationary_on (in_dom (\<le>\<^bsub>R2 x' x'\<^esub>)) (\<le>\<^bsub>R2 x' x'\<^esub>) (\<epsilon>\<^bsub>2 (r1 x') x'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ shows "deflationary_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ unfolding right_rel_eq_tdfr_right_Refl_Rel using assms
+ by (intro deflationary_onI Refl_RelI)
+ (auto intro: tdfr.counit_rel_self_if_rel_selfI[simplified counit_eq]
+ elim!: Refl_RelE)
+
+
+subparagraph \<open>Relational Equivalence\<close>
+
+context
+begin
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.counit \<equiv> \<eta>" and "flip.t1.counit \<equiv> \<eta>\<^sub>1"
+ and "\<And>x y. flip.t2_counit x y \<equiv> \<eta>\<^bsub>2 y x\<^esub>"
+ by (simp_all add: order_functors.flip_counit_eq_unit)
+
+lemma rel_equivalence_on_unitI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and rel_equiv_unit1: "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and trans_L1: "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> rel_equivalence_on (in_field (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x1) x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+proof -
+ from rel_equiv_unit1 trans_L1 have "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ by (intro reflexive_on_in_field_if_transitive_if_rel_equivalence_on)
+ with assms show ?thesis
+ by (intro rel_equivalence_onI inflationary_on_unitI
+ flip.deflationary_on_counitI)
+ (auto intro!: tdfr.bi_related_unit_self_if_rel_self_aux
+ intro: inflationary_on_if_le_pred_if_inflationary_on
+ deflationary_on_if_le_pred_if_deflationary_on
+ reflexive_on_if_le_pred_if_reflexive_on
+ in_field_if_in_dom in_field_if_in_codom
+ elim!: rel_equivalence_onE
+ simp only:)
+qed
+
+end
+
+subparagraph \<open>Order Equivalence\<close>
+
+interpretation flip : transport_Mono_Dep_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2
+ rewrites "flip.unit \<equiv> \<epsilon>" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ and "flip.counit \<equiv> \<eta>" and "flip.t1.counit \<equiv> \<eta>\<^sub>1"
+ and "\<And>x y. flip.t2_unit x y \<equiv> \<epsilon>\<^bsub>2 y x\<^esub>"
+ by (simp_all add: order_functors.flip_counit_eq_unit)
+
+lemma order_equivalenceI:
+ assumes "(tdfr.L \<Rrightarrow>\<^sub>m tdfr.R) l" and "(tdfr.R \<Rrightarrow>\<^sub>m tdfr.L) r"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)" and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> ((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 x' x'\<^esub>)) (l2\<^bsub>x' (r1 x')\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> ((\<le>\<^bsub>R2 x' x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x x\<^esub>)) (r2\<^bsub>x (l1 x)\<^esub>)"
+ and "\<And>x. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> rel_equivalence_on (in_field (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)"
+ and "\<And>x'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow>
+ rel_equivalence_on (in_field (\<le>\<^bsub>R2 x' x'\<^esub>)) (\<le>\<^bsub>R2 x' x'\<^esub>) (\<epsilon>\<^bsub>2 (r1 x') x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x1) x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x2' x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' (\<epsilon>\<^sub>1 x2')\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_dom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_codom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>R1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms
+ by (intro order_equivalenceI rel_equivalence_on_unitI flip.rel_equivalence_on_unitI
+ mono_wrt_rel_leftI flip.mono_wrt_rel_leftI)
+ auto
+
+lemma order_equivalence_if_preorder_equivalenceI:
+ assumes pre_equiv1: "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and order_equiv2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow>
+ ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and L2_les: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x1) x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and R2_les: "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x2' x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' (\<epsilon>\<^sub>1 x2')\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x1' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>) (l2\<^bsub>x2' (r1 x2')\<^esub>)"
+ and l2_bi_rel: "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_field (\<le>\<^bsub>L2 x x\<^esub>) y \<Longrightarrow>
+ l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<equiv>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_codom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>) (r2\<^bsub>x2 (l1 x2)\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow>
+ ([in_dom (\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x1)\<^esub>) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ and r2_bi_rel: "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_field (\<le>\<^bsub>R2 x' x'\<^esub>) y' \<Longrightarrow>
+ r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y' \<equiv>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') x'\<^esub> y'"
+ and trans_L2: "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and trans_R2: "\<And>x1 x2. x1 \<le>\<^bsub>R1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+proof -
+ from pre_equiv1 L2_les have L2_unit_eq1: "(\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ and L2_unit_eq2: "(\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) = (\<le>\<^bsub>L2 x x\<^esub>)"
+ if "x \<le>\<^bsub>L1\<^esub> x" for x using \<open>x \<le>\<^bsub>L1\<^esub> x\<close>
+ by (auto elim!: t1.preorder_equivalence_order_equivalenceE
+ intro!: tdfr.left_rel2_unit_eqs_left_rel2I bi_related_if_rel_equivalence_on
+ simp del: t1.unit_eq)
+ from pre_equiv1 R2_les have R2_counit_eq1: "(\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) = (\<le>\<^bsub>R2 x' x'\<^esub>)"
+ and R2_counit_eq2: "(\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) = (\<le>\<^bsub>R2 x' x'\<^esub>)" (is ?goal2)
+ if "x' \<le>\<^bsub>R1\<^esub> x'" for x' using \<open>x' \<le>\<^bsub>R1\<^esub> x'\<close>
+ by (auto elim!: t1.preorder_equivalence_order_equivalenceE
+ intro!: flip.tdfr.left_rel2_unit_eqs_left_rel2I bi_related_if_rel_equivalence_on
+ simp del: t1.counit_eq)
+ from order_equiv2 have
+ mono_l2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>)"
+ and mono_r2: "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x) x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x (r1 x')\<^esub>)) (r2\<^bsub>x x'\<^esub>)"
+ by auto
+ moreover have "rel_equivalence_on (in_field (\<le>\<^bsub>L2 x x\<^esub>)) (\<le>\<^bsub>L2 x x\<^esub>) (\<eta>\<^bsub>2 x (l1 x)\<^esub>)" (is ?goal1)
+ and "((\<le>\<^bsub>L2 x x\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>)" (is ?goal2)
+ if [iff]: "x \<le>\<^bsub>L1\<^esub> x" for x
+ proof -
+ from pre_equiv1 have "x \<^bsub>L1\<^esub>\<lessapprox> l1 x"
+ by (auto intro!: t1.left_GaloisI
+ elim!: t1.preorder_equivalence_order_equivalenceE t1.order_equivalenceE)
+ with order_equiv2 have "((\<le>\<^bsub>L2 x x\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>)) (l2\<^bsub>(l1 x) x\<^esub>) (r2\<^bsub>x (l1 x)\<^esub>)"
+ by (auto simp flip: L2_unit_eq2)
+ then show ?goal1 ?goal2 by (auto elim: order_functors.order_equivalenceE)
+ qed
+ moreover have
+ "rel_equivalence_on (in_field (\<le>\<^bsub>R2 x' x'\<^esub>)) (\<le>\<^bsub>R2 x' x'\<^esub>) (\<epsilon>\<^bsub>2 (r1 x') x'\<^esub>)" (is ?goal1)
+ and "((\<le>\<^bsub>R2 x' x'\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>)) (r2\<^bsub>(r1 x') x'\<^esub>)" (is ?goal2)
+ if [iff]: "x' \<le>\<^bsub>R1\<^esub> x'" for x'
+ proof -
+ from pre_equiv1 have "r1 x' \<^bsub>L1\<^esub>\<lessapprox> x'" by blast
+ with order_equiv2 have "((\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2 x' x'\<^esub>)) (l2\<^bsub>x' (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub>)"
+ by (auto simp flip: R2_counit_eq1)
+ then show ?goal1 ?goal2 by (auto elim: order_functors.order_equivalenceE)
+ qed
+ moreover from mono_l2 tdfr.mono_wrt_rel_left2_if_mono_wrt_rel_left2_if_left_GaloisI
+ have "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> ((\<le>\<^bsub>L2 (r1 x1') (r1 x2')\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2 x1' x2'\<^esub>)) (l2\<^bsub>x2' (r1 x1')\<^esub>)"
+ using pre_equiv1 R2_les(2) by blast
+ moreover from pre_equiv1 have "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ by (intro t1.half_galois_prop_right_left_right_if_transitive_if_order_equivalence)
+ (auto elim!: t1.preorder_equivalence_order_equivalenceE)
+ moreover with mono_r2 tdfr.mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI
+ have "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ using pre_equiv1 by blast
+ moreover with L2_les
+ have "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> ((\<le>\<^bsub>R2 (l1 x1) (l1 x2)\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2 x1 x2\<^esub>)) (r2\<^bsub>x1 (l1 x2)\<^esub>)"
+ by blast
+ moreover have "in_dom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y \<Longrightarrow>
+ (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<le>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ (is "_ \<Longrightarrow> ?goal1")
+ and "in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y \<Longrightarrow>
+ (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) x\<^esub> y) \<le> (\<ge>\<^bsub>R2 (l1 x) (l1 x)\<^esub>) (l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y)"
+ (is "_ \<Longrightarrow> ?goal2")
+ if [iff]: "x \<le>\<^bsub>L1\<^esub> x" for x y
+ proof -
+ presume "in_dom (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x) x\<^esub>) y \<or> in_codom (\<le>\<^bsub>L2 x (\<eta>\<^sub>1 x)\<^esub>) y"
+ then have "in_field (\<le>\<^bsub>L2 x x\<^esub>) y" using L2_unit_eq1 L2_unit_eq2 by auto
+ with l2_bi_rel have "l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<equiv>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y" by blast
+ moreover from pre_equiv1 have \<open>l1 x \<le>\<^bsub>R1\<^esub> l1 x\<close> by blast
+ ultimately show ?goal1 ?goal2 using trans_R2 by blast+
+ qed auto
+ moreover have "in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<Longrightarrow>
+ (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<le>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ (is "_ \<Longrightarrow> ?goal1")
+ and "in_codom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) y' \<Longrightarrow>
+ (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') x'\<^esub> y') \<le> (\<ge>\<^bsub>L2 (r1 x') (r1 x')\<^esub>) (r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y')"
+ (is "_ \<Longrightarrow> ?goal2")
+ if [iff]: "x' \<le>\<^bsub>R1\<^esub> x'" for x' y'
+ proof -
+ presume "in_dom (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x') x'\<^esub>) y' \<or> in_codom (\<le>\<^bsub>R2 x' (\<epsilon>\<^sub>1 x')\<^esub>) y'"
+ then have "in_field (\<le>\<^bsub>R2 x' x'\<^esub>) y'" using R2_counit_eq1 R2_counit_eq2 by auto
+ with r2_bi_rel have "r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y' \<equiv>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') x'\<^esub> y'"
+ by blast
+ moreover from pre_equiv1 have \<open>r1 x' \<le>\<^bsub>L1\<^esub> r1 x'\<close> by blast
+ ultimately show ?goal1 ?goal2 using trans_L2 by blast+
+ qed auto
+ ultimately show ?thesis using assms
+ by (intro order_equivalenceI
+ tdfr.mono_wrt_rel_left_if_transitiveI
+ tdfr.mono_wrt_rel_left2_if_mono_wrt_rel_left2_if_left_GaloisI
+ tdfr.mono_wrt_rel_right_if_transitiveI
+ tdfr.mono_wrt_rel_right2_if_mono_wrt_rel_right2_if_left_GaloisI)
+ (auto elim!: t1.preorder_equivalence_order_equivalenceE)
+qed
+
+lemma order_equivalence_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 (\<eta>\<^sub>1 x1) x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 (\<eta>\<^sub>1 x2)\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x2' x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 (\<epsilon>\<^sub>1 x1') x2'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' x1'\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "\<And>x1' x2'. x1' \<le>\<^bsub>R1\<^esub> x2' \<Longrightarrow> (\<le>\<^bsub>R2 x1' (\<epsilon>\<^sub>1 x2')\<^esub>) \<le> (\<le>\<^bsub>R2 x1' x2'\<^esub>)"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "\<And>x y. x \<le>\<^bsub>L1\<^esub> x \<Longrightarrow> in_field (\<le>\<^bsub>L2 x x\<^esub>) y \<Longrightarrow>
+ l2\<^bsub>(l1 x) (\<eta>\<^sub>1 x)\<^esub> y \<equiv>\<^bsub>R2 (l1 x) (l1 x)\<^esub> l2\<^bsub>(l1 x) x\<^esub> y"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x' y'. x' \<le>\<^bsub>R1\<^esub> x' \<Longrightarrow> in_field (\<le>\<^bsub>R2 x' x'\<^esub>) y' \<Longrightarrow>
+ r2\<^bsub>(r1 x') (\<epsilon>\<^sub>1 x')\<^esub> y' \<equiv>\<^bsub>L2 (r1 x') (r1 x')\<^esub> r2\<^bsub>(r1 x') x'\<^esub> y'"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>R1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalence_if_preorder_equivalenceI
+ tdfr.order_equivalence_if_order_equivalence_mono_assms_leftI
+ tdfr.order_equivalence_if_order_equivalence_mono_assms_rightI
+ reflexive_on_in_field_if_transitive_if_rel_equivalence_on)
+ (auto elim!: t1.preorder_equivalence_order_equivalenceE)
+
+lemma order_equivalence_if_mono_if_preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | \<eta>\<^sub>1 x2 \<le>\<^bsub>L1\<^esub> x1] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | (x2 \<le>\<^bsub>L1\<^esub> x3 \<and> x4 \<le>\<^bsub>L1\<^esub> \<eta>\<^sub>1 x3)] \<Rrightarrow> (\<ge>)) L2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | \<epsilon>\<^sub>1 x2' \<le>\<^bsub>R1\<^esub> x1'] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | (x2' \<le>\<^bsub>R1\<^esub> x3' \<and> x4' \<le>\<^bsub>R1\<^esub> \<epsilon>\<^sub>1 x3')] \<Rrightarrow> (\<ge>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>R1\<^esub> x2 \<Longrightarrow> transitive (\<le>\<^bsub>R2 x1 x2\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalence_if_preorder_equivalenceI'
+ tdfr.l2_unit_bi_rel_selfI tdfr.r2_counit_bi_rel_selfI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ flip.tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI
+ flip.tdfr.left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_rightI
+ t1.galois_connection_left_right_if_transitive_if_order_equivalence
+ flip.t1.galois_connection_left_right_if_transitive_if_order_equivalence
+ reflexive_on_in_field_if_transitive_if_rel_equivalence_on)
+ (auto elim!: t1.preorder_equivalence_order_equivalenceE)
+
+theorem order_equivalence_if_mono_if_preorder_equivalenceI':
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "\<And>x x'. x \<^bsub>L1\<^esub>\<lessapprox> x' \<Longrightarrow> ((\<le>\<^bsub>L2 x (r1 x')\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2 (l1 x) x'\<^esub>)) (l2\<^bsub>x' x\<^esub>) (r2\<^bsub>x x'\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "([x1' x2' \<Colon> (\<ge>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x3' x4' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x1' \<le>\<^bsub>R1\<^esub> x3'] \<Rrightarrow> (\<le>)) R2"
+ and "([x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>)] \<Rrightarrow>\<^sub>m [x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)) l2"
+ and "([x1 x2 \<Colon> (\<le>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x1' x2' \<Colon> (\<le>\<^bsub>R1\<^esub>) | x2 \<^bsub>L1\<^esub>\<lessapprox> x1'] \<Rrightarrow>
+ [in_field (\<le>\<^bsub>R2 (l1 x1) x2'\<^esub>)] \<Rrightarrow> (\<le>\<^bsub>L2 x1 (r1 x2')\<^esub>)) r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro order_equivalence_if_mono_if_preorder_equivalenceI
+ tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ flip.tdfr.galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ tdfr.transitive_left2_if_preorder_equivalenceI
+ tdfr.transitive_right2_if_preorder_equivalenceI
+ t1.preorder_on_in_field_left_if_transitive_if_order_equivalence
+ flip.t1.preorder_on_in_field_left_if_transitive_if_order_equivalence
+ t1.galois_equivalence_left_right_if_transitive_if_order_equivalence
+ flip.t1.galois_equivalence_left_right_if_transitive_if_order_equivalence)
+ (auto elim!: t1.preorder_equivalence_order_equivalenceE
+ t2.preorder_equivalence_order_equivalenceE)
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+interpretation flip : transport_Mono_Fun_Rel R1 L1 r1 l1 R2 L2 r2 l2 .
+
+lemma inflationary_on_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "reflexive_on (in_codom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "inflationary_on (in_codom (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "inflationary_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro tpdfr.inflationary_on_unitI
+ tfr.mono_wrt_rel_leftI flip.tfr.mono_wrt_rel_leftI)
+ simp_all
+
+lemma deflationary_on_counitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "deflationary_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>) \<epsilon>\<^sub>1"
+ and "reflexive_on (in_dom (\<le>\<^bsub>R1\<^esub>)) (\<le>\<^bsub>R1\<^esub>)"
+ and "transitive (\<le>\<^bsub>R1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "deflationary_on (in_dom (\<le>\<^bsub>R2\<^esub>)) (\<le>\<^bsub>R2\<^esub>) \<epsilon>\<^sub>2"
+ and "transitive (\<le>\<^bsub>R2\<^esub>)"
+ shows "deflationary_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>) \<epsilon>"
+ using assms by (intro tpdfr.deflationary_on_counitI
+ tfr.mono_wrt_rel_leftI flip.tfr.mono_wrt_rel_leftI)
+ simp_all
+
+lemma rel_equivalence_on_unitI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>R1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L1\<^esub>)) r1"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>) \<eta>\<^sub>1"
+ and "transitive (\<le>\<^bsub>L1\<^esub>)"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>R2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>L2\<^esub>)) r2"
+ and "rel_equivalence_on (in_field (\<le>\<^bsub>L2\<^esub>)) (\<le>\<^bsub>L2\<^esub>) \<eta>\<^sub>2"
+ and "transitive (\<le>\<^bsub>L2\<^esub>)"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms by (intro tpdfr.rel_equivalence_on_unitI
+ tfr.mono_wrt_rel_leftI flip.tfr.mono_wrt_rel_leftI)
+ simp_all
+
+lemma order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro tpdfr.order_equivalenceI
+ tfr.mono_wrt_rel_leftI flip.tfr.mono_wrt_rel_leftI)
+ (auto elim!: tdfrs.t1.preorder_equivalence_order_equivalenceE
+ tdfrs.t2.preorder_equivalence_order_equivalenceE)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Functions/Transport_Functions_Relation_Simplifications.thy b/thys/Transport/Transport/Functions/Transport_Functions_Relation_Simplifications.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Functions/Transport_Functions_Relation_Simplifications.thy
@@ -0,0 +1,102 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Simplification of Left and Right Relations\<close>
+theory Transport_Functions_Relation_Simplifications
+ imports
+ Transport_Functions_Order_Base
+ Transport_Functions_Galois_Equivalence
+begin
+
+paragraph \<open>Dependent Function Relator\<close>
+
+context transport_Dep_Fun_Rel
+begin
+
+text \<open>Due to
+@{thm "transport_Mono_Dep_Fun_Rel.left_rel_eq_tdfr_left_rel_if_reflexive_on"},
+we can apply all results from @{locale "transport_Mono_Dep_Fun_Rel"} to
+@{locale "transport_Dep_Fun_Rel"} whenever @{term "(\<le>\<^bsub>L\<^esub>)"} and @{term "(\<le>\<^bsub>R\<^esub>)"} are
+reflexive.\<close>
+
+lemma reflexive_on_in_field_left_rel2_le_assmI:
+ assumes refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and mono_L2: "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+ and "x1 \<le>\<^bsub>L1\<^esub> x2"
+ shows "(\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+proof -
+ from refl_L1 \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close> have "x1 \<le>\<^bsub>L1\<^esub> x1" by blast
+ with dep_mono_wrt_relD[OF dep_mono_wrt_predD[OF mono_L2] \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>]
+ show "(\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)" by auto
+qed
+
+lemma reflexive_on_in_field_mono_assm_left2I:
+ assumes mono_L2: "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and refl_L1: "reflexive_on (in_dom (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ shows "([x1 \<Colon> \<top>] \<Rrightarrow>\<^sub>m [x2 x3 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x2] \<Rrightarrow>\<^sub>m (\<le>)) L2"
+proof (intro dep_mono_wrt_predI dep_mono_wrt_relI rel_if_if_impI)
+ fix x1 x2 x3 assume "x1 \<le>\<^bsub>L1\<^esub> x2" "x2 \<le>\<^bsub>L1\<^esub> x3"
+ with refl_L1 have "x1 \<ge>\<^bsub>L1\<^esub> x1" by blast
+ from Dep_Fun_Rel_relD[OF dep_mono_wrt_relD[OF mono_L2 \<open>x1 \<ge>\<^bsub>L1\<^esub> x1\<close>]
+ \<open>x2 \<le>\<^bsub>L1\<^esub> x3\<close>] \<open>x1 \<le>\<^bsub>L1\<^esub> x2\<close>
+ show "(\<le>\<^bsub>L2 x1 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x3\<^esub>)" by blast
+qed
+
+lemma reflexive_on_in_field_left_if_equivalencesI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ using assms
+ by (intro reflexive_on_in_field_leftI
+ left_rel_right_iff_left_right_rel_if_galois_prop_le_assms_leftI
+ galois_equivalence_if_mono_if_galois_equivalence_mono_assms_leftI
+ reflexive_on_in_field_left_rel2_le_assmI
+ reflexive_on_in_field_mono_assm_left2I)
+ (auto intro: reflexive_on_if_le_pred_if_reflexive_on in_field_if_in_dom)
+
+end
+
+
+paragraph \<open>Monotone Dependent Function Relator\<close>
+
+context transport_Mono_Dep_Fun_Rel
+begin
+
+lemma left_rel_eq_tdfr_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x2 x2\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> (\<le>\<^bsub>L2 x1 x1\<^esub>) \<le> (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "(\<le>\<^bsub>L\<^esub>) = tdfr.L"
+ using assms by (intro left_rel_eq_tdfr_left_rel_if_reflexive_on
+ tdfr.reflexive_on_in_field_leftI)
+ auto
+
+lemma left_rel_eq_tdfr_leftI_if_equivalencesI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "preorder_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "([x1 x2 \<Colon> (\<ge>\<^bsub>L1\<^esub>)] \<Rrightarrow>\<^sub>m [x3 x4 \<Colon> (\<le>\<^bsub>L1\<^esub>) | x1 \<le>\<^bsub>L1\<^esub> x3] \<Rrightarrow> (\<le>)) L2"
+ and "\<And>x1 x2. x1 \<le>\<^bsub>L1\<^esub> x2 \<Longrightarrow> partial_equivalence_rel (\<le>\<^bsub>L2 x1 x2\<^esub>)"
+ shows "(\<le>\<^bsub>L\<^esub>) = tdfr.L"
+ using assms by (intro left_rel_eq_tdfr_left_rel_if_reflexive_on
+ tdfr.reflexive_on_in_field_left_if_equivalencesI)
+ auto
+
+end
+
+
+paragraph \<open>Monotone Function Relator\<close>
+
+context transport_Mono_Fun_Rel
+begin
+
+lemma left_rel_eq_tfr_leftI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L1\<^esub>)) (\<le>\<^bsub>L1\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>L2\<^esub>)"
+ shows "(\<le>\<^bsub>L\<^esub>) = tfr.tdfr.L"
+ using assms by (intro tpdfr.left_rel_eq_tdfr_leftI) auto
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors.thy
@@ -0,0 +1,57 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport_Natural_Functors
+ imports
+ Transport_Natural_Functors_Galois
+ Transport_Natural_Functors_Galois_Relator
+ Transport_Natural_Functors_Order_Base
+ Transport_Natural_Functors_Order_Equivalence
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Summary of results for a fixed natural functor with 3 parameters. All
+apply-style proofs are written such that they also apply to functors with other
+arities. An automatic derivation of these results for all natural functors needs
+to be implemented in the BNF package. This is future work.\<close>
+
+context transport_natural_functor
+begin
+
+interpretation flip :
+ transport_natural_functor R1 L1 r1 l1 R2 L2 r2 l2 R3 L3 r3 l3 .
+
+theorem preorder_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ apply (insert assms)
+ apply (elim transport.preorder_equivalence_galois_equivalenceE)
+ apply (intro preorder_equivalence_if_galois_equivalenceI
+ galois_equivalenceI
+ preorder_on_in_field_leftI flip.preorder_on_in_field_leftI)
+ apply assumption+
+ done
+
+theorem partial_equivalence_rel_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ apply (insert assms)
+ apply (elim transport.partial_equivalence_rel_equivalenceE
+ transport.preorder_equivalence_galois_equivalenceE
+ preorder_on_in_fieldE)
+ apply (intro partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ galois_equivalenceI
+ partial_equivalence_rel_leftI flip.partial_equivalence_rel_leftI
+ partial_equivalence_relI)
+ apply assumption+
+ done
+
+text \<open>For the simplification of the Galois relator see
+@{thm "left_Galois_eq_Frel_left_Galois"}.\<close>
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Base.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Base.thy
@@ -0,0 +1,663 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport for Natural Functors\<close>
+subsection \<open>Basic Setup\<close>
+theory Transport_Natural_Functors_Base
+ imports
+ HOL.BNF_Def
+ HOL_Alignment_Functions
+ Transport_Base
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic setup for closure proofs and simple lemmas.\<close>
+
+text \<open>In the following, we willingly use granular apply-style proofs since,
+in practice, these theorems have to be automatically generated whenever we
+declare a new natural functor.
+
+Note that "HOL-Library" provides a command \<open>bnf_axiomatization\<close> which allows
+one to axiomatically declare a bounded natural functor. However, we only need a
+subset of these axioms - the boundedness of the functor is irrelevant for our
+purposes. For this reason - and the sake of completeness - we state all the
+required axioms explicitly below.\<close>
+
+lemma Grp_UNIV_eq_eq_comp: "BNF_Def.Grp UNIV f = (=) \<circ> f"
+ by (intro ext) (auto elim: GrpE intro: GrpI)
+
+lemma eq_comp_rel_comp_eq_comp: "(=) \<circ> f \<circ>\<circ> R = R \<circ> f"
+ by (intro ext) auto
+
+lemma Domain_Collect_case_prod_eq_Collect_in_dom:
+ "Domain {(x, y). R x y} = {x. in_dom R x}"
+ by blast
+
+lemma ball_in_dom_iff_ball_ex:
+ "(\<forall>x \<in> S. in_dom R x) \<longleftrightarrow> (\<forall>x \<in> S. \<exists>y. R x y)"
+ by blast
+
+lemma pair_mem_Collect_case_prod_iff: "(x, y) \<in> {(x, y). R x y} \<longleftrightarrow> R x y"
+ by blast
+
+
+paragraph \<open>Natural Functor Axiomatisation\<close>
+
+typedecl ('d, 'a, 'b, 'c) F
+
+consts Fmap :: "('a1 \<Rightarrow> 'a2) \<Rightarrow> ('b1 \<Rightarrow> 'b2) \<Rightarrow> ('c1 \<Rightarrow> 'c2) \<Rightarrow>
+ ('d, 'a1, 'b1, 'c1) F \<Rightarrow> ('d, 'a2, 'b2, 'c2) F"
+ Fset1 :: "('d, 'a, 'b, 'c) F \<Rightarrow> 'a set"
+ Fset2 :: "('d, 'a, 'b, 'c) F \<Rightarrow> 'b set"
+ Fset3 :: "('d, 'a, 'b, 'c) F \<Rightarrow> 'c set"
+
+axiomatization
+ where Fmap_id: "Fmap id id id = id"
+ and Fmap_comp: "\<And>f1 f2 f3 g1 g2 g3.
+ Fmap (g1 \<circ> f1) (g2 \<circ> f2) (g3 \<circ> f3) = Fmap g1 g2 g3 \<circ> Fmap f1 f2 f3"
+ and Fmap_cong: "\<And>f1 f2 f3 g1 g2 g3 x.
+ (\<And>x1. x1 \<in> Fset1 x \<Longrightarrow> f1 x1 = g1 x1) \<Longrightarrow>
+ (\<And>x2. x2 \<in> Fset2 x \<Longrightarrow> f2 x2 = g2 x2) \<Longrightarrow>
+ (\<And>x3. x3 \<in> Fset3 x \<Longrightarrow> f3 x3 = g3 x3) \<Longrightarrow>
+ Fmap f1 f2 f3 x = Fmap g1 g2 g3 x"
+ and Fset1_natural: "\<And>f1 f2 f3. Fset1 \<circ> Fmap f1 f2 f3 = image f1 \<circ> Fset1"
+ and Fset2_natural: "\<And>f1 f2 f3. Fset2 \<circ> Fmap f1 f2 f3 = image f2 \<circ> Fset2"
+ and Fset3_natural: "\<And>f1 f2 f3. Fset3 \<circ> Fmap f1 f2 f3 = image f3 \<circ> Fset3"
+
+lemma Fmap_id_eq_self: "Fmap id id id x = x"
+ by (subst Fmap_id, subst id_eq_self, rule refl)
+
+lemma Fmap_comp_eq_Fmap_Fmap:
+ "Fmap (g1 \<circ> f1) (g2 \<circ> f2) (g3 \<circ> f3) x = Fmap g1 g2 g3 (Fmap f1 f2 f3 x)"
+ by (fact fun_cong[OF Fmap_comp, simplified comp_eq])
+
+lemma Fset1_Fmap_eq_image_Fset1: "Fset1 (Fmap f1 f2 f3 x) = f1 ` Fset1 x"
+ by (fact fun_cong[OF Fset1_natural, simplified comp_eq])
+
+lemma Fset2_Fmap_eq_image_Fset2: "Fset2 (Fmap f1 f2 f3 x) = f2 ` Fset2 x"
+ by (fact fun_cong[OF Fset2_natural, simplified comp_eq])
+
+lemma Fset3_Fmap_eq_image_Fset3: "Fset3 (Fmap f1 f2 f3 x) = f3 ` Fset3 x"
+ by (fact fun_cong[OF Fset3_natural, simplified comp_eq])
+
+lemmas Fset_Fmap_eqs = Fset1_Fmap_eq_image_Fset1 Fset2_Fmap_eq_image_Fset2
+ Fset3_Fmap_eq_image_Fset3
+
+paragraph \<open>Relator\<close>
+
+definition Frel :: "('a1 \<Rightarrow> 'a2 \<Rightarrow> bool) \<Rightarrow> ('b1 \<Rightarrow> 'b2 \<Rightarrow> bool) \<Rightarrow> ('c1 \<Rightarrow> 'c2 \<Rightarrow> bool) \<Rightarrow>
+ ('d, 'a1, 'b1, 'c1) F \<Rightarrow> ('d, 'a2, 'b2, 'c2) F \<Rightarrow> bool"
+ where "Frel R1 R2 R3 x y \<equiv> (\<exists>z.
+ z \<in> {x. Fset1 x \<subseteq> {(x, y). R1 x y} \<and> Fset2 x \<subseteq> {(x, y). R2 x y}
+ \<and> Fset3 x \<subseteq> {(x, y). R3 x y}}
+ \<and> Fmap fst fst fst z = x
+ \<and> Fmap snd snd snd z = y)"
+
+lemma FrelI:
+ assumes "Fset1 z \<subseteq> {(x, y). R1 x y}"
+ and "Fset2 z \<subseteq> {(x, y). R2 x y}"
+ and "Fset3 z \<subseteq> {(x, y). R3 x y}"
+ and "Fmap fst fst fst z = x"
+ and "Fmap snd snd snd z = y"
+ shows "Frel R1 R2 R3 x y"
+ apply (subst Frel_def)
+ apply (intro exI conjI CollectI)
+ apply (fact assms)+
+ done
+
+lemma FrelE:
+ assumes "Frel R1 R2 R3 x y"
+ obtains z where "Fset1 z \<subseteq> {(x, y). R1 x y}" "Fset2 z \<subseteq> {(x, y). R2 x y}"
+ "Fset3 z \<subseteq> {(x, y). R3 x y}" "Fmap fst fst fst z = x" "Fmap snd snd snd z = y"
+ apply (insert assms)
+ apply (subst (asm) Frel_def)
+ apply (elim exE CollectE conjE)
+ apply assumption
+ done
+
+lemma Grp_UNIV_Fmap_eq_Frel_Grp: "BNF_Def.Grp UNIV (Fmap f1 f2 f3) =
+ Frel (BNF_Def.Grp UNIV f1) (BNF_Def.Grp UNIV f2) (BNF_Def.Grp UNIV f3)"
+ apply (intro ext iffI)
+ apply (rule FrelI[where
+ ?z="Fmap (BNF_Def.convol id f1) (BNF_Def.convol id f2) (BNF_Def.convol id f3) _"])
+ apply (subst Fset_Fmap_eqs,
+ rule image_subsetI,
+ rule convol_mem_GrpI[simplified Fun_id_eq_id],
+ rule UNIV_I)+
+ apply (unfold Fmap_comp_eq_Fmap_Fmap[symmetric]
+ fst_convol[simplified Fun_comp_eq_comp]
+ snd_convol[simplified Fun_comp_eq_comp]
+ Fmap_id id_eq_self)
+ apply (rule refl)
+ apply (subst (asm) Grp_UNIV_eq_eq_comp)
+ apply (subst (asm) comp_eq)
+ apply assumption
+ apply (erule FrelE)
+ apply hypsubst
+ apply (subst Grp_UNIV_eq_eq_comp)
+ apply (subst comp_eq)
+ apply (subst Fmap_comp_eq_Fmap_Fmap[symmetric])
+ apply (rule Fmap_cong;
+ rule Collect_case_prod_Grp_eqD[simplified Fun_comp_eq_comp],
+ drule rev_subsetD,
+ assumption+)
+ done
+
+lemma Frel_Grp_UNIV_Fmap:
+ "Frel (BNF_Def.Grp UNIV f1) (BNF_Def.Grp UNIV f2) (BNF_Def.Grp UNIV f3)
+ x (Fmap f1 f2 f3 x)"
+ apply (subst Grp_UNIV_Fmap_eq_Frel_Grp[symmetric])
+ apply (subst Grp_UNIV_eq_eq_comp)
+ apply (subst comp_eq)
+ apply (rule refl)
+ done
+
+lemma Frel_Grp_UNIV_iff_eq_Fmap:
+ "Frel (BNF_Def.Grp UNIV f1) (BNF_Def.Grp UNIV f2) (BNF_Def.Grp UNIV f3) x y \<longleftrightarrow>
+ (y = Fmap f1 f2 f3 x)"
+ by (subst eq_commute[of y])
+ (fact fun_cong[OF fun_cong[OF Grp_UNIV_Fmap_eq_Frel_Grp],
+ simplified Grp_UNIV_eq_eq_comp comp_eq, folded Grp_UNIV_eq_eq_comp, symmetric])
+
+lemma Frel_eq: "Frel (=) (=) (=) = (=)"
+ apply (unfold BNF_Def.eq_alt[simplified Fun_id_eq_id])
+ apply (subst Grp_UNIV_Fmap_eq_Frel_Grp[symmetric])
+ apply (subst Fmap_id)
+ apply (fold BNF_Def.eq_alt[simplified Fun_id_eq_id])
+ apply (rule refl)
+ done
+
+corollary Frel_eq_self: "Frel (=) (=) (=) x x"
+ by (fact iffD2[OF fun_cong[OF fun_cong[OF Frel_eq]] refl])
+
+lemma Frel_mono_strong:
+ assumes "Frel R1 R2 R3 x y"
+ and "\<And>x1 y1. x1 \<in> Fset1 x \<Longrightarrow> y1 \<in> Fset1 y \<Longrightarrow> R1 x1 y1 \<Longrightarrow> S1 x1 y1"
+ and "\<And>x2 y2. x2 \<in> Fset2 x \<Longrightarrow> y2 \<in> Fset2 y \<Longrightarrow> R2 x2 y2 \<Longrightarrow> S2 x2 y2"
+ and "\<And>x3 y3. x3 \<in> Fset3 x \<Longrightarrow> y3 \<in> Fset3 y \<Longrightarrow> R3 x3 y3 \<Longrightarrow> S3 x3 y3"
+ shows "Frel S1 S2 S3 x y"
+ apply (insert assms(1))
+ apply (erule FrelE)
+ apply (rule FrelI)
+ apply (rule subsetI,
+ frule rev_subsetD,
+ assumption,
+ frule imageI[of _ "Fset1 _" fst]
+ imageI[of _ "Fset2 _" fst]
+ imageI[of _ "Fset3 _" fst],
+ drule imageI[of _ "Fset1 _" snd]
+ imageI[of _ "Fset2 _" snd]
+ imageI[of _ "Fset3 _" snd],
+ (subst (asm) Fset_Fmap_eqs[symmetric])+,
+ intro CollectI case_prodI2,
+ rule assms;
+ hypsubst,
+ unfold fst_conv snd_conv,
+ (elim CollectE case_prodE Pair_inject, hypsubst)?,
+ assumption)+
+ apply assumption+
+ done
+
+corollary Frel_mono:
+ assumes "R1 \<le> S1" "R2 \<le> S2" "R3 \<le> S3"
+ shows "Frel R1 R2 R3 \<le> Frel S1 S2 S3"
+ apply (intro le_relI)
+ apply (rule Frel_mono_strong)
+ apply assumption
+ apply (insert assms)
+ apply (drule le_relD[OF assms(1)] le_relD[OF assms(2)] le_relD[OF assms(3)],
+ assumption)+
+ done
+
+lemma Frel_refl_strong:
+ assumes "\<And>x1. x1 \<in> Fset1 x \<Longrightarrow> R1 x1 x1"
+ and "\<And>x2. x2 \<in> Fset2 x \<Longrightarrow> R2 x2 x2"
+ and "\<And>x3. x3 \<in> Fset3 x \<Longrightarrow> R3 x3 x3"
+ shows "Frel R1 R2 R3 x x"
+ by (rule Frel_mono_strong[OF Frel_eq_self[of x]];
+ drule assms, hypsubst, assumption)
+
+lemma Frel_cong:
+ assumes "\<And>x1 y1. x1 \<in> Fset1 x \<Longrightarrow> y1 \<in> Fset1 y \<Longrightarrow> R1 x1 y1 \<longleftrightarrow> R1' x1 y1"
+ and "\<And>x2 y2. x2 \<in> Fset2 x \<Longrightarrow> y2 \<in> Fset2 y \<Longrightarrow> R2 x2 y2 \<longleftrightarrow> R2' x2 y2"
+ and "\<And>x3 y3. x3 \<in> Fset3 x \<Longrightarrow> y3 \<in> Fset3 y \<Longrightarrow> R3 x3 y3 \<longleftrightarrow> R3' x3 y3"
+ shows "Frel R1 R2 R3 x y = Frel R1' R2' R3' x y"
+ by (rule iffI;
+ rule Frel_mono_strong,
+ assumption;
+ rule iffD1[OF assms(1)] iffD1[OF assms(2)] iffD1[OF assms(3)]
+ iffD2[OF assms(1)] iffD2[OF assms(2)] iffD2[OF assms(3)];
+ assumption)
+
+lemma Frel_rel_inv_eq_rel_inv_Frel: "Frel R1\<inverse> R2\<inverse> R3\<inverse> = (Frel R1 R2 R3)\<inverse>"
+ by (intro ext iffI;
+ unfold rel_inv_iff_rel,
+ erule FrelE,
+ hypsubst,
+ rule FrelI[where ?z="Fmap prod.swap prod.swap prod.swap _"];
+ ((subst Fset_Fmap_eqs,
+ rule image_subsetI,
+ drule rev_subsetD,
+ assumption,
+ elim CollectE case_prodE,
+ hypsubst,
+ subst swap_simp,
+ subst pair_mem_Collect_case_prod_iff,
+ assumption) |
+ (subst Fmap_comp_eq_Fmap_Fmap[symmetric],
+ rule Fmap_cong;
+ unfold comp_eq fst_swap snd_swap,
+ rule refl)))
+
+text \<open>Given the former axioms, the following axiom - subdistributivity of the
+relator - is equivalent to the (F, Fmap) functor preserving weak pullbacks.\<close>
+
+axiomatization
+ where Frel_comp_le_Frel_rel_comp: "\<And>R1 R2 R3 S1 S2 S3.
+ Frel R1 R2 R3 \<circ>\<circ> Frel S1 S2 S3 \<le> Frel (R1 \<circ>\<circ> S1) (R2 \<circ>\<circ> S2) (R3 \<circ>\<circ> S3)"
+
+lemma fst_sndOp_eq_snd_fstOp: "fst \<circ> BNF_Def.sndOp P Q = snd \<circ> BNF_Def.fstOp P Q"
+ unfolding fstOp_def sndOp_def by (intro ext) simp
+
+lemma Frel_rel_comp_le_Frel_comp:
+ "Frel (R1 \<circ>\<circ> S1) (R2 \<circ>\<circ> S2) (R3 \<circ>\<circ> S3) \<le> (Frel R1 R2 R3 \<circ>\<circ> Frel S1 S2 S3)"
+ apply (rule le_relI)
+ apply (erule FrelE)
+ apply (rule rel_compI[where ?y="Fmap (snd \<circ> BNF_Def.fstOp R1 S1)
+ (snd \<circ> BNF_Def.fstOp R2 S2) (snd \<circ> BNF_Def.fstOp R3 S3) _"])
+ apply (rule FrelI[where ?z="Fmap (BNF_Def.fstOp R1 S1)
+ (BNF_Def.fstOp R2 S2) (BNF_Def.fstOp R3 S3) _"])
+ apply (subst Fset_Fmap_eqs,
+ intro image_subsetI,
+ rule fstOp_in[unfolded relcompp_eq_rel_comp],
+ drule rev_subsetD,
+ assumption+)+
+ apply (subst Fmap_comp_eq_Fmap_Fmap[symmetric])
+ apply (fold ext[of fst "fst \<circ> _", OF fst_fstOp[unfolded Fun_comp_eq_comp]])
+ apply hypsubst
+ apply (rule refl)
+ apply (subst Fmap_comp_eq_Fmap_Fmap[symmetric])
+ apply (rule refl)
+ apply (rule FrelI[where ?z="Fmap (BNF_Def.sndOp R1 S1)
+ (BNF_Def.sndOp R2 S2) (BNF_Def.sndOp R3 S3) _"])
+ apply (subst Fset_Fmap_eqs,
+ intro image_subsetI,
+ rule sndOp_in[unfolded relcompp_eq_rel_comp],
+ drule rev_subsetD,
+ assumption+)+
+ apply (subst Fmap_comp_eq_Fmap_Fmap[symmetric])
+ apply (unfold fst_sndOp_eq_snd_fstOp)
+ apply (rule refl)
+ apply (subst Fmap_comp_eq_Fmap_Fmap[symmetric])
+ apply (fold ext[of snd "snd \<circ> _", OF snd_sndOp[unfolded Fun_comp_eq_comp]])
+ apply hypsubst
+ apply (rule refl)
+ done
+
+corollary Frel_comp_eq_Frel_rel_comp:
+ "Frel R1 R2 R3 \<circ>\<circ> Frel S1 S2 S3 = Frel (R1 \<circ>\<circ> S1) (R2 \<circ>\<circ> S2) (R3 \<circ>\<circ> S3)"
+ by (rule antisym; rule Frel_comp_le_Frel_rel_comp Frel_rel_comp_le_Frel_comp)
+
+lemma Frel_Fmap_eq1: "Frel R1 R2 R3 (Fmap f1 f2 f3 x) y =
+ Frel (\<lambda>x. R1 (f1 x)) (\<lambda>x. R2 (f2 x)) (\<lambda>x. R3 (f3 x)) x y"
+ apply (rule iffI)
+ apply (fold comp_eq[of R1] comp_eq[of R2] comp_eq[of R3])
+ apply (drule rel_compI[where ?R="Frel _ _ _" and ?S="Frel _ _ _",
+ OF Frel_Grp_UNIV_Fmap])
+ apply (unfold Grp_UNIV_eq_eq_comp)
+ apply (drule le_relD[OF Frel_comp_le_Frel_rel_comp])
+ apply (unfold eq_comp_rel_comp_eq_comp)
+ apply assumption
+ apply (fold eq_comp_rel_comp_eq_comp[where ?R=R1]
+ eq_comp_rel_comp_eq_comp[where ?R=R2]
+ eq_comp_rel_comp_eq_comp[where ?R=R3]
+ Grp_UNIV_eq_eq_comp)
+ apply (drule le_relD[OF Frel_rel_comp_le_Frel_comp])
+ apply (erule rel_compE)
+ apply (subst (asm) Frel_Grp_UNIV_iff_eq_Fmap)
+ apply hypsubst
+ apply assumption
+ done
+
+lemma Frel_Fmap_eq2: "Frel R1 R2 R3 x (Fmap g1 g2 g3 y) =
+ Frel (\<lambda>x y. R1 x (g1 y)) (\<lambda>x y. R2 x (g2 y)) (\<lambda>x y. R3 x (g3 y)) x y"
+ apply (subst rel_inv_iff_rel[of "Frel _ _ _", symmetric])
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (subst Frel_Fmap_eq1)
+ apply (rule sym)
+ apply (subst rel_inv_iff_rel[of "Frel _ _ _", symmetric])
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (unfold rel_inv_iff_rel)
+ apply (rule refl)
+ done
+
+lemmas Frel_Fmap_eqs = Frel_Fmap_eq1 Frel_Fmap_eq2
+
+
+paragraph \<open>Predicator\<close>
+
+definition Fpred :: "('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> bool) \<Rightarrow> ('c \<Rightarrow> bool) \<Rightarrow>
+ ('d, 'a, 'b, 'c) F \<Rightarrow> bool"
+ where "Fpred P1 P2 P3 x \<equiv> Frel ((=)\<restriction>\<^bsub>P1\<^esub>) ((=)\<restriction>\<^bsub>P2\<^esub>) ((=)\<restriction>\<^bsub>P3\<^esub>) x x"
+
+lemma Fpred_mono_strong:
+ assumes "Fpred P1 P2 P3 x"
+ and "\<And>x1. x1 \<in> Fset1 x \<Longrightarrow> P1 x1 \<Longrightarrow> Q1 x1"
+ and "\<And>x2. x2 \<in> Fset2 x \<Longrightarrow> P2 x2 \<Longrightarrow> Q2 x2"
+ and "\<And>x3. x3 \<in> Fset3 x \<Longrightarrow> P3 x3 \<Longrightarrow> Q3 x3"
+ shows "Fpred Q1 Q2 Q3 x"
+ apply (insert assms(1))
+ apply (unfold Fpred_def)
+ apply (rule Frel_mono_strong,
+ assumption;
+ erule restrict_leftE,
+ rule restrict_leftI,
+ assumption,
+ rule assms,
+ assumption+)
+ done
+
+lemma Fpred_top: "Fpred \<top> \<top> \<top> x"
+ apply (subst Fpred_def)
+ apply (rule Frel_refl_strong;
+ subst restrict_left_top_eq,
+ rule refl)
+ done
+
+lemma FpredI:
+ assumes "\<And>x1. x1 \<in> Fset1 x \<Longrightarrow> P1 x1"
+ and "\<And>x2. x2 \<in> Fset2 x \<Longrightarrow> P2 x2"
+ and "\<And>x3. x3 \<in> Fset3 x \<Longrightarrow> P3 x3"
+ shows "Fpred P1 P2 P3 x"
+ using assms by (rule Fpred_mono_strong[OF Fpred_top])
+
+lemma FpredE:
+ assumes "Fpred P1 P2 P3 x"
+ obtains "\<And>x1. x1 \<in> Fset1 x \<Longrightarrow> P1 x1"
+ "\<And>x2. x2 \<in> Fset2 x \<Longrightarrow> P2 x2"
+ "\<And>x3. x3 \<in> Fset3 x \<Longrightarrow> P3 x3"
+ by (elim meta_impE; (assumption |
+ insert assms,
+ subst (asm) Fpred_def,
+ erule FrelE,
+ hypsubst,
+ subst (asm) Fset_Fmap_eqs,
+ subst (asm) Domain_fst[symmetric],
+ drule rev_subsetD,
+ rule Domain_mono,
+ assumption,
+ unfold Domain_Collect_case_prod_eq_Collect_in_dom in_dom_restrict_left_eq,
+ elim CollectE inf1E,
+ assumption))
+
+lemma Fpred_eq_ball: "Fpred P1 P2 P3 =
+ (\<lambda>x. Ball (Fset1 x) P1 \<and> Ball (Fset2 x) P2 \<and> Ball (Fset3 x) P3)"
+ by (intro ext iffI conjI ballI FpredI; elim FpredE conjE bspec)
+
+lemma Fpred_Fmap_eq:
+ "Fpred P1 P2 P3 (Fmap f1 f2 f3 x) = Fpred (P1 \<circ> f1) (P2 \<circ> f2) (P3 \<circ> f3) x"
+ by (unfold Fpred_def Frel_Fmap_eqs)
+ (rule iffI;
+ erule FrelE,
+ hypsubst,
+ unfold Frel_Fmap_eqs,
+ rule Frel_refl_strong;
+ rule restrict_leftI,
+ rule refl,
+ drule rev_subsetD,
+ assumption,
+ elim CollectE case_prodE restrict_leftE,
+ hypsubst,
+ unfold comp_eq fst_conv,
+ assumption)
+
+lemma Fpred_in_dom_if_in_dom_Frel:
+ assumes "in_dom (Frel R1 R2 R3) x"
+ shows "Fpred (in_dom R1) (in_dom R2) (in_dom R3) x"
+ apply (insert assms)
+ apply (elim in_domE FrelE)
+ apply hypsubst
+ apply (subst Fpred_Fmap_eq)
+ apply (rule FpredI;
+ drule rev_subsetD,
+ assumption,
+ elim CollectE case_prodE,
+ hypsubst,
+ unfold comp_eq fst_conv,
+ rule in_domI,
+ assumption)
+ done
+
+lemma in_dom_Frel_if_Fpred_in_dom:
+ assumes "Fpred (in_dom R1) (in_dom R2) (in_dom R3) x"
+ shows "in_dom (Frel R1 R2 R3) x"
+ apply (insert assms)
+ apply (subst (asm) Fpred_eq_ball)
+ apply (elim conjE)
+ apply (subst (asm) ball_in_dom_iff_ball_ex,
+ drule bchoice, \<comment>\<open>requires the axiom of choice.\<close>
+ erule exE)+
+ apply (rule in_domI[where ?x=x and ?y="Fmap _ _ _ x" for x])
+ apply (subst Frel_Fmap_eq2)
+ apply (rule Frel_refl_strong)
+ apply (drule bspec[of "Fset1 _"])
+ apply assumption+
+ apply (drule bspec[of "Fset2 _"])
+ apply assumption+
+ apply (drule bspec[of "Fset3 _"])
+ apply assumption+
+ done
+
+lemma in_dom_Frel_eq_Fpred_in_dom:
+ "in_dom (Frel R1 R2 R3) = Fpred (in_dom R1) (in_dom R2) (in_dom R3)"
+ by (intro ext iffI; rule Fpred_in_dom_if_in_dom_Frel in_dom_Frel_if_Fpred_in_dom)
+
+lemma in_codom_Frel_eq_Fpred_in_codom:
+ "in_codom (Frel R1 R2 R3) = Fpred (in_codom R1) (in_codom R2) (in_codom R3)"
+ apply (subst in_dom_rel_inv_eq_in_codom[symmetric])
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (subst in_dom_Frel_eq_Fpred_in_dom)
+ apply (subst in_dom_rel_inv_eq_in_codom)+
+ apply (rule refl)
+ done
+
+lemma in_field_Frel_eq_Fpred_in_in_field:
+ "in_field (Frel R1 R2 R3) =
+ Fpred (in_dom R1) (in_dom R2) (in_dom R3) \<squnion>
+ Fpred (in_codom R1) (in_codom R2) (in_codom R3)"
+ apply (subst in_field_eq_in_dom_sup_in_codom)
+ apply (subst in_dom_Frel_eq_Fpred_in_dom)
+ apply (subst in_codom_Frel_eq_Fpred_in_codom)
+ apply (rule refl)
+ done
+
+lemma Frel_restrict_left_Fpred_eq_Frel_restrict_left:
+ fixes R1 :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and R2 :: "'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and R3 :: "'c1 \<Rightarrow> 'c2 \<Rightarrow> bool"
+ and P1 :: "'a1 \<Rightarrow> bool"
+ and P2 :: "'b1 \<Rightarrow> bool"
+ and P3 :: "'c1 \<Rightarrow> bool"
+ shows "(Frel R1 R2 R3 :: ('d, 'a1, 'b1, 'c1) F \<Rightarrow> _)\<restriction>\<^bsub>Fpred P1 P2 P3 :: ('d, 'a1, 'b1, 'c1) F \<Rightarrow> _\<^esub> =
+ Frel (R1\<restriction>\<^bsub>P1\<^esub>) (R2\<restriction>\<^bsub>P2\<^esub>) (R3\<restriction>\<^bsub>P3\<^esub>)"
+ apply (intro ext)
+ apply (rule iffI)
+ apply (erule restrict_leftE)
+ apply (elim FpredE)
+ apply (rule Frel_mono_strong,
+ assumption;
+ rule restrict_leftI,
+ assumption+)
+ apply (rule restrict_leftI)
+ apply (rule Frel_mono_strong,
+ assumption;
+ erule restrict_leftE,
+ assumption)
+ apply (drule in_domI[of "Frel (R1\<restriction>\<^bsub>P1\<^esub>) (R2\<restriction>\<^bsub>P2\<^esub>) (R3\<restriction>\<^bsub>P3\<^esub>)"])
+ apply (drule Fpred_in_dom_if_in_dom_Frel)
+ apply (rule Fpred_mono_strong,
+ assumption;
+ unfold in_dom_restrict_left_eq inf_apply inf_bool_def;
+ rule conjunct2,
+ assumption)
+ done
+
+lemma Frel_restrict_right_Fpred_eq_Frel_restrict_right:
+ fixes R1 :: "'a1 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and R2 :: "'b1 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and R3 :: "'c1 \<Rightarrow> 'c2 \<Rightarrow> bool"
+ and P1 :: "'a2 \<Rightarrow> bool"
+ and P2 :: "'b2 \<Rightarrow> bool"
+ and P3 :: "'c2 \<Rightarrow> bool"
+ shows "(Frel R1 R2 R3 :: _ \<Rightarrow> ('d, 'a2, 'b2, 'c2) F \<Rightarrow> _)\<upharpoonleft>\<^bsub>Fpred P1 P2 P3 :: ('d, 'a2, 'b2, 'c2) F \<Rightarrow> _\<^esub> =
+ Frel (R1\<upharpoonleft>\<^bsub>P1\<^esub>) (R2\<upharpoonleft>\<^bsub>P2\<^esub>) (R3\<upharpoonleft>\<^bsub>P3\<^esub>)"
+ apply (subst restrict_right_eq)
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (subst Frel_restrict_left_Fpred_eq_Frel_restrict_left)
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (fold restrict_right_eq)
+ apply (rule refl)
+ done
+
+locale transport_natural_functor =
+ t1 : transport L1 R1 l1 r1 + t2 : transport L2 R2 l2 r2 +
+ t3 : transport L3 R3 l3 r3
+ for L1 :: "'a1 \<Rightarrow> 'a1 \<Rightarrow> bool"
+ and R1 :: "'b1 \<Rightarrow> 'b1 \<Rightarrow> bool"
+ and l1 :: "'a1 \<Rightarrow> 'b1"
+ and r1 :: "'b1 \<Rightarrow> 'a1"
+ and L2 :: "'a2 \<Rightarrow> 'a2 \<Rightarrow> bool"
+ and R2 :: "'b2 \<Rightarrow> 'b2 \<Rightarrow> bool"
+ and l2 :: "'a2 \<Rightarrow> 'b2"
+ and r2 :: "'b2 \<Rightarrow> 'a2"
+ and L3 :: "'a3 \<Rightarrow> 'a3 \<Rightarrow> bool"
+ and R3 :: "'b3 \<Rightarrow> 'b3 \<Rightarrow> bool"
+ and l3 :: "'a3 \<Rightarrow> 'b3"
+ and r3 :: "'b3 \<Rightarrow> 'a3"
+begin
+
+notation L1 (infix "\<le>\<^bsub>L1\<^esub>" 50)
+notation R1 (infix "\<le>\<^bsub>R1\<^esub>" 50)
+notation L2 (infix "\<le>\<^bsub>L2\<^esub>" 50)
+notation R2 (infix "\<le>\<^bsub>R2\<^esub>" 50)
+notation L3 (infix "\<le>\<^bsub>L3\<^esub>" 50)
+notation R3 (infix "\<le>\<^bsub>R3\<^esub>" 50)
+
+notation t1.ge_left (infix "\<ge>\<^bsub>L1\<^esub>" 50)
+notation t1.ge_right (infix "\<ge>\<^bsub>R1\<^esub>" 50)
+notation t2.ge_left (infix "\<ge>\<^bsub>L2\<^esub>" 50)
+notation t2.ge_right (infix "\<ge>\<^bsub>R2\<^esub>" 50)
+notation t3.ge_left (infix "\<ge>\<^bsub>L3\<^esub>" 50)
+notation t3.ge_right (infix "\<ge>\<^bsub>R3\<^esub>" 50)
+
+notation t1.left_Galois (infix "\<^bsub>L1\<^esub>\<lessapprox>" 50)
+notation t1.right_Galois (infix "\<^bsub>R1\<^esub>\<lessapprox>" 50)
+notation t2.left_Galois (infix "\<^bsub>L2\<^esub>\<lessapprox>" 50)
+notation t2.right_Galois (infix "\<^bsub>R2\<^esub>\<lessapprox>" 50)
+notation t3.left_Galois (infix "\<^bsub>L3\<^esub>\<lessapprox>" 50)
+notation t3.right_Galois (infix "\<^bsub>R3\<^esub>\<lessapprox>" 50)
+
+notation t1.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L1\<^esub>" 50)
+notation t1.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R1\<^esub>" 50)
+notation t2.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L2\<^esub>" 50)
+notation t2.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R2\<^esub>" 50)
+notation t3.ge_Galois_left (infix "\<greaterapprox>\<^bsub>L3\<^esub>" 50)
+notation t3.ge_Galois_right (infix "\<greaterapprox>\<^bsub>R3\<^esub>" 50)
+
+notation t1.right_ge_Galois (infix "\<^bsub>R1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_right (infix "\<lessapprox>\<^bsub>R1\<^esub>" 50)
+notation t2.right_ge_Galois (infix "\<^bsub>R2\<^esub>\<greaterapprox>" 50)
+notation t2.Galois_right (infix "\<lessapprox>\<^bsub>R2\<^esub>" 50)
+notation t3.right_ge_Galois (infix "\<^bsub>R3\<^esub>\<greaterapprox>" 50)
+notation t3.Galois_right (infix "\<lessapprox>\<^bsub>R3\<^esub>" 50)
+
+notation t1.left_ge_Galois (infix "\<^bsub>L1\<^esub>\<greaterapprox>" 50)
+notation t1.Galois_left (infix "\<lessapprox>\<^bsub>L1\<^esub>" 50)
+notation t2.left_ge_Galois (infix "\<^bsub>L2\<^esub>\<greaterapprox>" 50)
+notation t2.Galois_left (infix "\<lessapprox>\<^bsub>L2\<^esub>" 50)
+notation t3.left_ge_Galois (infix "\<^bsub>L3\<^esub>\<greaterapprox>" 50)
+notation t3.Galois_left (infix "\<lessapprox>\<^bsub>L3\<^esub>" 50)
+
+notation t1.unit ("\<eta>\<^sub>1")
+notation t1.counit ("\<epsilon>\<^sub>1")
+notation t2.unit ("\<eta>\<^sub>2")
+notation t2.counit ("\<epsilon>\<^sub>2")
+notation t3.unit ("\<eta>\<^sub>3")
+notation t3.counit ("\<epsilon>\<^sub>3")
+
+definition "L \<equiv> Frel (\<le>\<^bsub>L1\<^esub>) (\<le>\<^bsub>L2\<^esub>) (\<le>\<^bsub>L3\<^esub>)"
+
+lemma left_rel_eq_Frel: "L = Frel (\<le>\<^bsub>L1\<^esub>) (\<le>\<^bsub>L2\<^esub>) (\<le>\<^bsub>L3\<^esub>)"
+ unfolding L_def ..
+
+definition "l \<equiv> Fmap l1 l2 l3"
+
+lemma left_eq_Fmap: "l = Fmap l1 l2 l3"
+ unfolding l_def ..
+
+context
+begin
+
+interpretation flip :
+ transport_natural_functor R1 L1 r1 l1 R2 L2 r2 l2 R3 L3 r3 l3 .
+
+abbreviation "R \<equiv> flip.L"
+abbreviation "r \<equiv> flip.l"
+
+lemma right_rel_eq_Frel: "R = Frel (\<le>\<^bsub>R1\<^esub>) (\<le>\<^bsub>R2\<^esub>) (\<le>\<^bsub>R3\<^esub>)"
+ unfolding flip.left_rel_eq_Frel ..
+
+lemma right_eq_Fmap: "r = Fmap r1 r2 r3"
+ unfolding flip.left_eq_Fmap ..
+
+lemmas transport_defs = left_rel_eq_Frel left_eq_Fmap
+ right_rel_eq_Frel right_eq_Fmap
+
+end
+
+sublocale transport L R l r .
+
+(*FIXME: somehow the notation for the fixed parameters L and R, defined in
+Order_Functions_Base.thy, is lost. We hence re-declare it here.*)
+notation L (infix "\<le>\<^bsub>L\<^esub>" 50)
+notation R (infix "\<le>\<^bsub>R\<^esub>" 50)
+
+lemma unit_eq_Fmap: "\<eta> = Fmap \<eta>\<^sub>1 \<eta>\<^sub>2 \<eta>\<^sub>3"
+ unfolding unit_eq_comp by (simp only: right_eq_Fmap left_eq_Fmap
+ flip: Fmap_comp t1.unit_eq_comp t2.unit_eq_comp t3.unit_eq_comp)
+
+interpretation flip_inv : transport_natural_functor "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1
+ "(\<ge>\<^bsub>R2\<^esub>)" "(\<ge>\<^bsub>L2\<^esub>)" r2 l2 "(\<ge>\<^bsub>R3\<^esub>)" "(\<ge>\<^bsub>L3\<^esub>)" r3 l3
+ rewrites "flip_inv.unit \<equiv> \<epsilon>" and "flip_inv.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ and "flip_inv.t2.unit \<equiv> \<epsilon>\<^sub>2" and "flip_inv.t3.unit \<equiv> \<epsilon>\<^sub>3"
+ by (simp_all only: order_functors.flip_counit_eq_unit)
+
+lemma counit_eq_Fmap: "\<epsilon> = Fmap \<epsilon>\<^sub>1 \<epsilon>\<^sub>2 \<epsilon>\<^sub>3"
+ by (fact flip_inv.unit_eq_Fmap)
+
+lemma flip_inv_right_eq_ge_left: "flip_inv.R = (\<ge>\<^bsub>L\<^esub>)"
+ unfolding left_rel_eq_Frel flip_inv.right_rel_eq_Frel
+ by (fact Frel_rel_inv_eq_rel_inv_Frel)
+
+interpretation flip :
+ transport_natural_functor R1 L1 r1 l1 R2 L2 r2 l2 R3 L3 r3 l3 .
+
+lemma flip_inv_left_eq_ge_right: "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)"
+ unfolding flip.flip_inv_right_eq_ge_left .
+
+lemma mono_wrt_rel_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R1\<^esub>)) l1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R2\<^esub>)) l2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R3\<^esub>)) l3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<Rrightarrow>\<^sub>m (\<le>\<^bsub>R\<^esub>)) l"
+ apply (unfold left_rel_eq_Frel right_rel_eq_Frel left_eq_Fmap)
+ apply (rule dep_mono_wrt_relI)
+ apply (unfold Frel_Fmap_eqs)
+ apply (fold rel_map_eq)
+ apply (rule le_relD[OF Frel_mono])
+ apply (subst mono_wrt_rel_iff_le_rel_map[symmetric], rule assms)+
+ apply assumption
+ done
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois.thy
@@ -0,0 +1,76 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Concepts\<close>
+theory Transport_Natural_Functors_Galois
+ imports
+ Transport_Natural_Functors_Base
+begin
+
+context transport_natural_functor
+begin
+
+lemma half_galois_prop_leftI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ apply (rule half_galois_prop_leftI)
+ apply (erule left_GaloisE)
+ apply (unfold left_rel_eq_Frel right_rel_eq_Frel left_eq_Fmap right_eq_Fmap)
+ apply (subst (asm) in_codom_Frel_eq_Fpred_in_codom)
+ apply (erule FpredE)
+ apply (unfold Frel_Fmap_eqs)
+ apply (rule Frel_mono_strong,
+ assumption;
+ rule t1.half_galois_prop_leftD t2.half_galois_prop_leftD t3.half_galois_prop_leftD,
+ rule assms,
+ rule t1.left_GaloisI t2.left_GaloisI t3.left_GaloisI;
+ assumption)
+ done
+
+interpretation flip_inv : transport_natural_functor "(\<ge>\<^bsub>R1\<^esub>)" "(\<ge>\<^bsub>L1\<^esub>)" r1 l1
+ "(\<ge>\<^bsub>R2\<^esub>)" "(\<ge>\<^bsub>L2\<^esub>)" r2 l2 "(\<ge>\<^bsub>R3\<^esub>)" "(\<ge>\<^bsub>L3\<^esub>)" r3 l3
+ rewrites "flip_inv.R \<equiv> (\<ge>\<^bsub>L\<^esub>)"
+ and "flip_inv.L \<equiv> (\<ge>\<^bsub>R\<^esub>)"
+ and "\<And>R S f g. (R\<inverse> \<^sub>h\<unlhd> S\<inverse>) f g \<equiv> (S \<unlhd>\<^sub>h R) g f"
+ by (simp_all only: flip_inv_left_eq_ge_right flip_inv_right_eq_ge_left
+ galois_prop.half_galois_prop_left_rel_inv_iff_half_galois_prop_right)
+
+lemma half_galois_prop_rightI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro flip_inv.half_galois_prop_leftI)
+
+corollary galois_propI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<unlhd> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<unlhd> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<unlhd> (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (elim galois_prop.galois_propE)
+ (intro galois_propI half_galois_prop_leftI half_galois_prop_rightI)
+
+interpretation flip :
+ transport_natural_functor R1 L1 r1 l1 R2 L2 r2 l2 R3 L3 r3 l3 .
+
+corollary galois_connectionI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<stileturn> (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<stileturn> (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<stileturn> (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (elim galois.galois_connectionE) (intro
+ galois_connectionI galois_propI mono_wrt_rel_leftI flip.mono_wrt_rel_leftI)
+
+corollary galois_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (elim galois.galois_equivalenceE flip.t1.galois_connectionE
+ flip.t2.galois_connectionE flip.t3.galois_connectionE)
+ (intro galois_equivalenceI galois_connectionI flip.galois_propI)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois_Relator.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois_Relator.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Galois_Relator.thy
@@ -0,0 +1,55 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Galois Relator\<close>
+theory Transport_Natural_Functors_Galois_Relator
+ imports
+ Transport_Natural_Functors_Base
+begin
+
+context transport_natural_functor
+begin
+
+lemma left_Galois_Frel_left_Galois: "(\<^bsub>L\<^esub>\<lessapprox>) \<le> Frel (\<^bsub>L1\<^esub>\<lessapprox>) (\<^bsub>L2\<^esub>\<lessapprox>) (\<^bsub>L3\<^esub>\<lessapprox>)"
+ apply (rule le_relI)
+ apply (erule left_GaloisE)
+ apply (unfold left_rel_eq_Frel right_rel_eq_Frel right_eq_Fmap)
+ apply (subst (asm) in_codom_Frel_eq_Fpred_in_codom)
+ apply (erule FpredE)
+ apply (subst (asm) Frel_Fmap_eq2)
+ apply (rule Frel_mono_strong,
+ assumption;
+ rule t1.left_GaloisI t2.left_GaloisI t3.left_GaloisI;
+ assumption)
+ done
+
+lemma Frel_left_Galois_le_left_Galois:
+ "Frel (\<^bsub>L1\<^esub>\<lessapprox>) (\<^bsub>L2\<^esub>\<lessapprox>) (\<^bsub>L3\<^esub>\<lessapprox>) \<le> (\<^bsub>L\<^esub>\<lessapprox>)"
+ apply (rule le_relI)
+ apply (unfold t1.left_Galois_iff_in_codom_and_left_rel_right
+ t2.left_Galois_iff_in_codom_and_left_rel_right
+ t3.left_Galois_iff_in_codom_and_left_rel_right)
+ apply (fold
+ restrict_right_eq[of "\<lambda>x y. x \<le>\<^bsub>L1\<^esub> r1 y" "in_codom (\<le>\<^bsub>R1\<^esub>)",
+ unfolded restrict_left_pred_def rel_inv_iff_rel]
+ restrict_right_eq[of "\<lambda>x y. x \<le>\<^bsub>L2\<^esub> r2 y" "in_codom (\<le>\<^bsub>R2\<^esub>)",
+ unfolded restrict_left_pred_def rel_inv_iff_rel]
+ restrict_right_eq[of "\<lambda>x y. x \<le>\<^bsub>L3\<^esub> r3 y" "in_codom (\<le>\<^bsub>R3\<^esub>)",
+ unfolded restrict_left_pred_def rel_inv_iff_rel])
+ apply (subst (asm) Frel_restrict_right_Fpred_eq_Frel_restrict_right[symmetric])
+ apply (erule restrict_rightE)
+ apply (subst (asm) in_codom_Frel_eq_Fpred_in_codom[symmetric])
+ apply (erule in_codomE)
+ apply (rule left_GaloisI)
+ apply (rule in_codomI)
+ apply (subst right_rel_eq_Frel)
+ apply assumption
+ apply (unfold left_rel_eq_Frel right_eq_Fmap Frel_Fmap_eq2)
+ apply assumption
+ done
+
+corollary left_Galois_eq_Frel_left_Galois: "(\<^bsub>L\<^esub>\<lessapprox>) = Frel (\<^bsub>L1\<^esub>\<lessapprox>) (\<^bsub>L2\<^esub>\<lessapprox>) (\<^bsub>L3\<^esub>\<lessapprox>)"
+ by (intro antisym left_Galois_Frel_left_Galois Frel_left_Galois_le_left_Galois)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Base.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Base.thy
@@ -0,0 +1,99 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Basic Order Properties\<close>
+theory Transport_Natural_Functors_Order_Base
+ imports
+ Transport_Natural_Functors_Base
+begin
+
+lemma reflexive_on_in_field_FrelI:
+ assumes "reflexive_on (in_field R1) R1"
+ and "reflexive_on (in_field R2) R2"
+ and "reflexive_on (in_field R3) R3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "reflexive_on (in_field R) R"
+ apply (subst reflexive_on_iff_eq_restrict_left_le)
+ apply (subst Frel_eq[symmetric])
+ apply (unfold R_def)
+ apply (subst in_field_Frel_eq_Fpred_in_in_field)
+ apply (subst restrict_left_sup_eq)
+ apply (subst Frel_restrict_left_Fpred_eq_Frel_restrict_left)+
+ apply (rule le_supI;
+ rule Frel_mono;
+ subst reflexive_on_iff_eq_restrict_left_le[symmetric],
+ rule reflexive_on_if_le_pred_if_reflexive_on,
+ rule assms,
+ rule le_predI[OF in_field_if_in_dom]
+ le_predI[OF in_field_if_in_codom],
+ assumption)
+ done
+
+lemma transitive_FrelI:
+ assumes "transitive R1"
+ and "transitive R2"
+ and "transitive R3"
+ shows "transitive (Frel R1 R2 R3)"
+ apply (subst transitive_iff_rel_comp_le_self)
+ apply (subst Frel_comp_eq_Frel_rel_comp)
+ apply (rule Frel_mono;
+ subst transitive_iff_rel_comp_le_self[symmetric],
+ rule assms)
+ done
+
+lemma preorder_on_in_field_FrelI:
+ assumes "preorder_on (in_field R1) R1"
+ and "preorder_on (in_field R2) R2"
+ and "preorder_on (in_field R3) R3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "preorder_on (in_field R) R"
+ apply (unfold R_def)
+ apply (insert assms)
+ apply (elim preorder_on_in_fieldE)
+ apply (rule preorder_onI)
+ apply (rule reflexive_on_in_field_FrelI; assumption)
+ apply (subst transitive_on_in_field_iff_transitive)
+ apply (rule transitive_FrelI; assumption)
+ done
+
+lemma symmetric_FrelI:
+ assumes "symmetric R1"
+ and "symmetric R2"
+ and "symmetric R3"
+ shows "symmetric (Frel R1 R2 R3)"
+ apply (subst symmetric_iff_rel_inv_eq_self)
+ apply (subst Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (subst rel_inv_eq_self_if_symmetric, fact)+
+ apply (rule refl)
+ done
+
+lemma partial_equivalence_rel_FrelI:
+ assumes "partial_equivalence_rel R1"
+ and "partial_equivalence_rel R2"
+ and "partial_equivalence_rel R3"
+ shows "partial_equivalence_rel (Frel R1 R2 R3)"
+ apply (insert assms)
+ apply (elim partial_equivalence_relE preorder_on_in_fieldE)
+ apply (rule partial_equivalence_relI;
+ rule transitive_FrelI symmetric_FrelI;
+ assumption)
+ done
+
+context transport_natural_functor
+begin
+
+lemmas reflexive_on_in_field_leftI = reflexive_on_in_field_FrelI
+ [of L1 L2 L3, folded transport_defs]
+
+lemmas transitive_leftI = transitive_FrelI[of L1 L2 L3, folded transport_defs]
+
+lemmas preorder_on_in_field_leftI = preorder_on_in_field_FrelI
+ [of L1 L2 L3, folded transport_defs]
+
+lemmas symmetricI = symmetric_FrelI[of L1 L2 L3, folded transport_defs]
+
+lemmas partial_equivalence_rel_leftI = partial_equivalence_rel_FrelI
+ [of L1 L2 L3, folded transport_defs]
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Equivalence.thy b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Equivalence.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Natural_Functors/Transport_Natural_Functors_Order_Equivalence.thy
@@ -0,0 +1,165 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+subsection \<open>Order Equivalence\<close>
+theory Transport_Natural_Functors_Order_Equivalence
+ imports
+ Transport_Natural_Functors_Base
+begin
+
+lemma inflationary_on_in_dom_FrelI:
+ assumes "inflationary_on (in_dom R1) R1 f1"
+ and "inflationary_on (in_dom R2) R2 f2"
+ and "inflationary_on (in_dom R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "inflationary_on (in_dom R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (rule inflationary_onI)
+ apply (subst (asm) in_dom_Frel_eq_Fpred_in_dom)
+ apply (erule FpredE)
+ apply (subst Frel_Fmap_eq2)
+ apply (rule Frel_refl_strong)
+ apply (rule inflationary_onD[where ?R=R1] inflationary_onD[where ?R=R2]
+ inflationary_onD[where ?R=R3],
+ rule assms,
+ assumption+)+
+ done
+
+lemma inflationary_on_in_codom_FrelI:
+ assumes "inflationary_on (in_codom R1) R1 f1"
+ and "inflationary_on (in_codom R2) R2 f2"
+ and "inflationary_on (in_codom R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "inflationary_on (in_codom R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (rule inflationary_onI)
+ apply (subst (asm) in_codom_Frel_eq_Fpred_in_codom)
+ apply (erule FpredE)
+ apply (subst Frel_Fmap_eq2)
+ apply (rule Frel_refl_strong)
+ apply (rule inflationary_onD[where ?R=R1] inflationary_onD[where ?R=R2]
+ inflationary_onD[where ?R=R3],
+ rule assms,
+ assumption+)+
+ done
+
+lemma inflationary_on_in_field_FrelI:
+ assumes "inflationary_on (in_field R1) R1 f1"
+ and "inflationary_on (in_field R2) R2 f2"
+ and "inflationary_on (in_field R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "inflationary_on (in_field R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (subst in_field_eq_in_dom_sup_in_codom)
+ apply (subst inflationary_on_sup_eq)
+ apply (unfold inf_apply)
+ apply (subst inf_bool_def)
+ apply (rule conjI;
+ rule inflationary_on_in_dom_FrelI inflationary_on_in_codom_FrelI;
+ rule inflationary_on_if_le_pred_if_inflationary_on,
+ rule assms,
+ rule le_predI,
+ rule in_field_if_in_dom in_field_if_in_codom,
+ assumption)
+ done
+
+lemma deflationary_on_in_dom_FrelI:
+ assumes "deflationary_on (in_dom R1) R1 f1"
+ and "deflationary_on (in_dom R2) R2 f2"
+ and "deflationary_on (in_dom R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "deflationary_on (in_dom R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (subst deflationary_on_eq_inflationary_on_rel_inv)
+ apply (subst in_codom_rel_inv_eq_in_dom[symmetric])
+ apply (unfold Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (rule inflationary_on_in_codom_FrelI;
+ subst deflationary_on_eq_inflationary_on_rel_inv[symmetric],
+ subst in_codom_rel_inv_eq_in_dom,
+ rule assms)
+ done
+
+lemma deflationary_on_in_codom_FrelI:
+ assumes "deflationary_on (in_codom R1) R1 f1"
+ and "deflationary_on (in_codom R2) R2 f2"
+ and "deflationary_on (in_codom R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "deflationary_on (in_codom R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (subst deflationary_on_eq_inflationary_on_rel_inv)
+ apply (subst in_dom_rel_inv_eq_in_codom[symmetric])
+ apply (unfold Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (rule inflationary_on_in_dom_FrelI;
+ subst deflationary_on_eq_inflationary_on_rel_inv[symmetric],
+ subst in_dom_rel_inv_eq_in_codom,
+ rule assms)
+ done
+
+lemma deflationary_on_in_field_FrelI:
+ assumes "deflationary_on (in_field R1) R1 f1"
+ and "deflationary_on (in_field R2) R2 f2"
+ and "deflationary_on (in_field R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "deflationary_on (in_field R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (subst deflationary_on_eq_inflationary_on_rel_inv)
+ apply (subst in_field_rel_inv_eq[symmetric])
+ apply (unfold Frel_rel_inv_eq_rel_inv_Frel[symmetric])
+ apply (rule inflationary_on_in_field_FrelI;
+ subst deflationary_on_eq_inflationary_on_rel_inv[symmetric],
+ subst in_field_rel_inv_eq,
+ rule assms)
+ done
+
+lemma rel_equivalence_on_in_field_FrelI:
+ assumes "rel_equivalence_on (in_field R1) R1 f1"
+ and "rel_equivalence_on (in_field R2) R2 f2"
+ and "rel_equivalence_on (in_field R3) R3 f3"
+ defines "R \<equiv> Frel R1 R2 R3"
+ shows "rel_equivalence_on (in_field R) R (Fmap f1 f2 f3)"
+ apply (unfold R_def)
+ apply (subst rel_equivalence_on_eq)
+ apply (unfold inf_apply)
+ apply (subst inf_bool_def)
+ apply (insert assms)
+ apply (elim rel_equivalence_onE)
+ apply (rule conjI;
+ rule inflationary_on_in_field_FrelI deflationary_on_in_field_FrelI;
+ assumption)
+ done
+
+context transport_natural_functor
+begin
+
+lemmas inflationary_on_in_field_unitI = inflationary_on_in_field_FrelI
+ [of L1 "\<eta>\<^sub>1" L2 "\<eta>\<^sub>2" L3 "\<eta>\<^sub>3", folded transport_defs unit_eq_Fmap]
+
+lemmas deflationary_on_in_field_unitI = deflationary_on_in_field_FrelI
+ [of L1 "\<eta>\<^sub>1" L2 "\<eta>\<^sub>2" L3 "\<eta>\<^sub>3", folded transport_defs unit_eq_Fmap]
+
+lemmas rel_equivalence_on_in_field_unitI = rel_equivalence_on_in_field_FrelI
+ [of L1 "\<eta>\<^sub>1" L2 "\<eta>\<^sub>2" L3 "\<eta>\<^sub>3", folded transport_defs unit_eq_Fmap]
+
+interpretation flip :
+ transport_natural_functor R1 L1 r1 l1 R2 L2 r2 l2 R3 L3 r3 l3
+ rewrites "flip.unit \<equiv> \<epsilon>" and "flip.t1.unit \<equiv> \<epsilon>\<^sub>1"
+ and "flip.t2.unit \<equiv> \<epsilon>\<^sub>2" and "flip.t3.unit \<equiv> \<epsilon>\<^sub>3"
+ by (simp_all only: order_functors.flip_counit_eq_unit)
+
+lemma order_equivalenceI:
+ assumes "((\<le>\<^bsub>L1\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R1\<^esub>)) l1 r1"
+ and "((\<le>\<^bsub>L2\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R2\<^esub>)) l2 r2"
+ and "((\<le>\<^bsub>L3\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R3\<^esub>)) l3 r3"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ apply (insert assms)
+ apply (elim order_functors.order_equivalenceE)
+ apply (rule order_equivalenceI;
+ rule mono_wrt_rel_leftI
+ flip.mono_wrt_rel_leftI
+ rel_equivalence_on_in_field_unitI
+ flip.rel_equivalence_on_in_field_unitI;
+ assumption)
+ done
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Transport.thy b/thys/Transport/Transport/Transport.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Transport.thy
@@ -0,0 +1,18 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+theory Transport
+ imports
+ Transport_Bijections
+ Transport_Compositions
+ Transport_Functions
+ Transport_Identity
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>We formalise the theory for the Transport framework.
+The Transport framework allows us to transport terms along (partial) Galois
+connections (@{term "galois.galois_connection"}) and equivalences
+(@{term "galois.galois_equivalence"}).
+For details, refer to \<^cite>\<open>"transport"\<close>.\<close>
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Transport_Base.thy b/thys/Transport/Transport/Transport_Base.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Transport_Base.thy
@@ -0,0 +1,222 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+chapter \<open>Transport\<close>
+section \<open>Basic Setup\<close>
+theory Transport_Base
+ imports
+ Galois_Equivalences
+ Galois_Relator
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Basic setup for commonly used concepts in Transport, including a suitable
+locale.\<close>
+
+locale transport = galois L R l r
+ for L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+begin
+
+subsection \<open>Ordered Galois Connections\<close>
+
+definition "preorder_galois_connection \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r
+ \<and> preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)
+ \<and> preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+
+notation transport.preorder_galois_connection (infix "\<stileturn>\<^bsub>pre\<^esub>" 50)
+
+lemma preorder_galois_connectionI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding preorder_galois_connection_def using assms by blast
+
+lemma preorder_galois_connectionE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r" "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ using assms unfolding preorder_galois_connection_def by blast
+
+context
+begin
+
+interpretation t : transport S T f g for S T f g .
+
+lemma rel_inv_preorder_galois_connection_eq_preorder_galois_connection_rel_inv [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) (auto intro!: t.preorder_galois_connectionI)
+
+end
+
+corollary preorder_galois_connection_rel_inv_iff_preorder_galois_connection [iff]:
+ "((\<ge>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<ge>\<^bsub>R\<^esub>)) l r \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>L\<^esub>)) r l"
+ by (simp flip:
+ rel_inv_preorder_galois_connection_eq_preorder_galois_connection_rel_inv)
+
+definition "partial_equivalence_rel_galois_connection \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r
+ \<and> partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)
+ \<and> partial_equivalence_rel (\<le>\<^bsub>R\<^esub>)"
+
+notation transport.partial_equivalence_rel_galois_connection (infix "\<stileturn>\<^bsub>PER\<^esub>" 50)
+
+lemma partial_equivalence_rel_galois_connectionI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ and "partial_equivalence_rel_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "partial_equivalence_rel_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding partial_equivalence_rel_galois_connection_def using assms by blast
+
+lemma partial_equivalence_rel_galois_connectionE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r" "symmetric (\<le>\<^bsub>L\<^esub>)" "symmetric (\<le>\<^bsub>R\<^esub>)"
+ using assms unfolding partial_equivalence_rel_galois_connection_def by blast
+
+context
+begin
+
+interpretation t : transport S T f g for S T f g .
+
+lemma rel_inv_partial_equivalence_rel_galois_connection_eq_partial_equivalence_rel_galois_connection_rel_inv
+ [simp]: "((\<le>\<^bsub>R\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<ge>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<ge>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+end
+
+corollary partial_equivalence_rel_galois_connection_rel_inv_iff_partial_equivalence_rel_galois_connection
+ [iff]: "((\<ge>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<ge>\<^bsub>R\<^esub>)) l r \<longleftrightarrow> ((\<le>\<^bsub>R\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<le>\<^bsub>L\<^esub>)) r l"
+ by (simp flip:
+ rel_inv_partial_equivalence_rel_galois_connection_eq_partial_equivalence_rel_galois_connection_rel_inv)
+
+lemma left_Galois_comp_ge_Galois_left_eq_left_if_partial_equivalence_rel_galois_connection:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<stileturn>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ shows "((\<^bsub>L\<^esub>\<lessapprox>) \<circ>\<circ> (\<greaterapprox>\<^bsub>L\<^esub>)) = (\<le>\<^bsub>L\<^esub>)"
+proof (intro ext iffI)
+ fix x x' assume "((\<^bsub>L\<^esub>\<lessapprox>) \<circ>\<circ> (\<greaterapprox>\<^bsub>L\<^esub>)) x x'"
+ then obtain y where "x \<le>\<^bsub>L\<^esub> r y" "r y \<ge>\<^bsub>L\<^esub> x'" by blast
+ with assms show "x \<le>\<^bsub>L\<^esub> x'" by (blast dest: symmetricD)
+next
+ fix x x' assume "x \<le>\<^bsub>L\<^esub> x'"
+ with assms have "x \<^bsub>L\<^esub>\<lessapprox> l x'" "x' \<^bsub>L\<^esub>\<lessapprox> l x'"
+ by (blast intro: left_Galois_left_if_left_relI)+
+ with assms show "((\<^bsub>L\<^esub>\<lessapprox>) \<circ>\<circ> (\<greaterapprox>\<^bsub>L\<^esub>)) x x'" by auto
+qed
+
+
+subsection \<open>Ordered Equivalences\<close>
+
+definition "preorder_equivalence \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r
+ \<and> preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)
+ \<and> preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+
+notation transport.preorder_equivalence (infix "\<equiv>\<^bsub>pre\<^esub>" 50)
+
+lemma preorder_equivalence_if_galois_equivalenceI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding preorder_equivalence_def using assms by blast
+
+lemma preorder_equivalence_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "transitive (\<le>\<^bsub>L\<^esub>)"
+ and "transitive (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding preorder_equivalence_def using assms
+ by (blast intro: reflexive_on_in_field_if_transitive_if_rel_equivalence_on
+ dest: galois_equivalence_left_right_if_transitive_if_order_equivalence)
+
+lemma preorder_equivalence_galois_equivalenceE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r" "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ using assms unfolding preorder_equivalence_def by blast
+
+lemma preorder_equivalence_order_equivalenceE:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r" "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ using assms by (blast intro:
+ order_equivalence_if_reflexive_on_in_field_if_galois_equivalence)
+
+context
+begin
+
+interpretation t : transport S T f g for S T f g .
+
+lemma rel_inv_preorder_equivalence_eq_preorder_equivalence [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+end
+
+corollary preorder_equivalence_right_left_iff_preorder_equivalence_left_right:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>L\<^esub>)) r l \<longleftrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ by (simp flip: rel_inv_preorder_equivalence_eq_preorder_equivalence)
+
+lemma preorder_equivalence_rel_inv_eq_preorder_equivalence [simp]:
+ "((\<ge>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<ge>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext iffI)
+ (auto intro!: transport.preorder_equivalence_if_galois_equivalenceI
+ elim!: transport.preorder_equivalence_galois_equivalenceE)
+
+definition "partial_equivalence_rel_equivalence \<equiv>
+ ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r
+ \<and> partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)
+ \<and> partial_equivalence_rel (\<le>\<^bsub>R\<^esub>)"
+
+notation transport.partial_equivalence_rel_equivalence (infix "\<equiv>\<^bsub>PER\<^esub>" 50)
+
+lemma partial_equivalence_rel_equivalence_if_galois_equivalenceI [intro]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ and "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding partial_equivalence_rel_equivalence_def using assms by blast
+
+lemma partial_equivalence_rel_equivalence_if_order_equivalenceI:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ and "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ unfolding partial_equivalence_rel_equivalence_def using assms
+ by (blast dest: galois_equivalence_left_right_if_transitive_if_order_equivalence)
+
+lemma partial_equivalence_rel_equivalenceE [elim]:
+ assumes "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ obtains "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r" "symmetric (\<le>\<^bsub>L\<^esub>)" "symmetric (\<le>\<^bsub>R\<^esub>)"
+ using assms unfolding partial_equivalence_rel_equivalence_def by blast
+
+context
+begin
+
+interpretation t : transport S T f g for S T f g .
+
+lemma rel_inv_partial_equivalence_rel_equivalence_eq_partial_equivalence_rel_equivalence [simp]:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>L\<^esub>))\<inverse> = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext) blast
+
+end
+
+corollary partial_equivalence_rel_equivalence_right_left_iff_partial_equivalence_rel_equivalence_left_right:
+ "((\<le>\<^bsub>R\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>L\<^esub>)) r l \<longleftrightarrow> ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ by (simp flip:
+ rel_inv_partial_equivalence_rel_equivalence_eq_partial_equivalence_rel_equivalence)
+
+lemma partial_equivalence_rel_equivalence_rel_inv_eq_partial_equivalence_rel_equivalence
+ [simp]: "((\<ge>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<ge>\<^bsub>R\<^esub>)) = ((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>))"
+ by (intro ext iffI)
+ (auto intro!: transport.partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ elim!: transport.partial_equivalence_rel_equivalenceE
+ transport.preorder_equivalence_galois_equivalenceE
+ preorder_on_in_fieldE)
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Transport_Bijections.thy b/thys/Transport/Transport/Transport_Bijections.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Transport_Bijections.thy
@@ -0,0 +1,202 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport using Bijections\<close>
+theory Transport_Bijections
+ imports
+ Functions_Bijection
+ Transport_Base
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Setup for Transport using bijective transport functions.\<close>
+
+locale transport_bijection =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes mono_wrt_rel_left: "(L \<Rrightarrow>\<^sub>m R) l"
+ and mono_wrt_rel_right: "(R \<Rrightarrow>\<^sub>m L) r"
+ and inverse_left_right: "inverse_on (in_field L) l r"
+ and inverse_right_left: "inverse_on (in_field R) r l"
+begin
+
+interpretation transport L R l r .
+interpretation g_flip_inv : galois "(\<ge>\<^bsub>R\<^esub>)" "(\<ge>\<^bsub>L\<^esub>)" r l .
+
+lemma bijection_on_in_field: "bijection_on (in_field (\<le>\<^bsub>L\<^esub>)) (in_field (\<le>\<^bsub>R\<^esub>)) l r"
+ using mono_wrt_rel_left mono_wrt_rel_right inverse_left_right inverse_right_left
+ by (intro bijection_onI in_field_if_in_field_if_mono_wrt_rel)
+ auto
+
+lemma half_galois_prop_left: "((\<le>\<^bsub>L\<^esub>) \<^sub>h\<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using mono_wrt_rel_left inverse_right_left
+ by (intro half_galois_prop_leftI)
+ (auto dest!: in_field_if_in_codom inverse_onD)
+
+lemma half_galois_prop_right: "((\<le>\<^bsub>L\<^esub>) \<unlhd>\<^sub>h (\<le>\<^bsub>R\<^esub>)) l r"
+ using mono_wrt_rel_right inverse_left_right
+ by (intro half_galois_prop_rightI)
+ (force dest: in_field_if_in_dom inverse_onD)
+
+lemma galois_prop: "((\<le>\<^bsub>L\<^esub>) \<unlhd> (\<le>\<^bsub>R\<^esub>)) l r"
+ using half_galois_prop_left half_galois_prop_right
+ by (intro galois_propI)
+
+lemma galois_connection: "((\<le>\<^bsub>L\<^esub>) \<stileturn> (\<le>\<^bsub>R\<^esub>)) l r"
+ using mono_wrt_rel_left mono_wrt_rel_right galois_prop
+ by (intro galois_connectionI)
+
+lemma rel_equivalence_on_unitI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ shows "rel_equivalence_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>) \<eta>"
+ using assms inverse_left_right
+ by (subst rel_equivalence_on_unit_iff_reflexive_on_if_inverse_on)
+
+interpretation flip : transport_bijection R L r l
+ rewrites "order_functors.unit r l \<equiv> \<epsilon>"
+ using mono_wrt_rel_left mono_wrt_rel_right inverse_left_right inverse_right_left
+ by unfold_locales (simp_all only: flip_unit_eq_counit)
+
+lemma galois_equivalence: "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>G (\<le>\<^bsub>R\<^esub>)) l r"
+ using galois_connection flip.galois_prop by (intro galois_equivalenceI)
+
+lemmas rel_equivalence_on_counitI = flip.rel_equivalence_on_unitI
+
+lemma order_equivalenceI:
+ assumes "reflexive_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "reflexive_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^sub>o (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms mono_wrt_rel_left mono_wrt_rel_right rel_equivalence_on_unitI
+ rel_equivalence_on_counitI
+ by (intro order_equivalenceI)
+
+lemma preorder_equivalenceI:
+ assumes "preorder_on (in_field (\<le>\<^bsub>L\<^esub>)) (\<le>\<^bsub>L\<^esub>)"
+ and "preorder_on (in_field (\<le>\<^bsub>R\<^esub>)) (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>pre\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro preorder_equivalence_if_galois_equivalenceI
+ galois_equivalence)
+ simp_all
+
+lemma partial_equivalence_rel_equivalenceI:
+ assumes "partial_equivalence_rel (\<le>\<^bsub>L\<^esub>)"
+ and "partial_equivalence_rel (\<le>\<^bsub>R\<^esub>)"
+ shows "((\<le>\<^bsub>L\<^esub>) \<equiv>\<^bsub>PER\<^esub> (\<le>\<^bsub>R\<^esub>)) l r"
+ using assms by (intro partial_equivalence_rel_equivalence_if_galois_equivalenceI
+ galois_equivalence)
+ simp_all
+
+end
+
+locale transport_reflexive_on_in_field_bijection =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes reflexive_on_in_field_left: "reflexive_on (in_field L) L"
+ and reflexive_on_in_field_right: "reflexive_on (in_field R) R"
+ and transport_bijection: "transport_bijection L R l r"
+begin
+
+sublocale tbij? : transport_bijection L R l r
+ rewrites "reflexive_on (in_field L) L \<equiv> True"
+ and "reflexive_on (in_field R) R \<equiv> True"
+ and "\<And>P. (True \<Longrightarrow> P) \<equiv> Trueprop P"
+ using transport_bijection reflexive_on_in_field_left reflexive_on_in_field_right
+ by auto
+
+lemmas rel_equivalence_on_unit = rel_equivalence_on_unitI
+lemmas rel_equivalence_on_counit = rel_equivalence_on_counitI
+lemmas order_equivalence = order_equivalenceI
+
+end
+
+locale transport_preorder_on_in_field_bijection =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes preorder_on_in_field_left: "preorder_on (in_field L) L"
+ and preorder_on_in_field_right: "preorder_on (in_field R) R"
+ and transport_bijection: "transport_bijection L R l r"
+begin
+
+sublocale trefl_bij? : transport_reflexive_on_in_field_bijection L R l r
+ rewrites "preorder_on (in_field L) L \<equiv> True"
+ and "preorder_on (in_field R) R \<equiv> True"
+ and "\<And>P. (True \<Longrightarrow> P) \<equiv> Trueprop P"
+ using transport_bijection
+ by (intro transport_reflexive_on_in_field_bijection.intro)
+ (insert preorder_on_in_field_left preorder_on_in_field_right, auto)
+
+lemmas preorder_equivalence = preorder_equivalenceI
+
+end
+
+locale transport_partial_equivalence_rel_bijection =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ and R :: "'b \<Rightarrow> 'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes partial_equivalence_rel_left: "partial_equivalence_rel L"
+ and partial_equivalence_rel_right: "partial_equivalence_rel R"
+ and transport_bijection: "transport_bijection L R l r"
+begin
+
+sublocale tpre_bij? : transport_preorder_on_in_field_bijection L R l r
+ rewrites "partial_equivalence_rel L \<equiv> True"
+ and "partial_equivalence_rel R \<equiv> True"
+ and "\<And>P. (True \<Longrightarrow> P) \<equiv> Trueprop P"
+ using transport_bijection
+ by (intro transport_preorder_on_in_field_bijection.intro)
+ (insert partial_equivalence_rel_left partial_equivalence_rel_right, auto)
+
+lemmas partial_equivalence_rel_equivalence = partial_equivalence_rel_equivalenceI
+
+end
+
+locale transport_eq_restrict_bijection =
+ fixes P :: "'a \<Rightarrow> bool"
+ and Q :: "'b \<Rightarrow> bool"
+ and l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes bijection_on_in_field:
+ "bijection_on (in_field ((=\<^bsub>P\<^esub>) :: 'a \<Rightarrow> _)) (in_field ((=\<^bsub>Q\<^esub>) :: 'b \<Rightarrow> _)) l r"
+begin
+
+interpretation transport "(=\<^bsub>P\<^esub>)" "(=\<^bsub>Q\<^esub>)" l r .
+
+sublocale tper_bij? : transport_partial_equivalence_rel_bijection "(=\<^bsub>P\<^esub>)" "(=\<^bsub>Q\<^esub>)" l r
+ using bijection_on_in_field partial_equivalence_rel_eq_restrict
+ eq_restrict_le_eq
+ by unfold_locales
+ (auto elim: bijection_onE intro!:
+ mono_wrt_rel_left_if_reflexive_on_if_le_eq_if_mono_wrt_in_field
+ [of "in_field (=\<^bsub>Q\<^esub>)"]
+ flip_of.mono_wrt_rel_left_if_reflexive_on_if_le_eq_if_mono_wrt_in_field
+ [of "in_field (=\<^bsub>P\<^esub>)"])
+
+lemma left_Galois_eq_Galois_eq_eq_restrict: "(\<^bsub>L\<^esub>\<lessapprox>) = (galois_rel.Galois (=) (=) r)\<restriction>\<^bsub>P\<^esub>\<upharpoonleft>\<^bsub>Q\<^esub>"
+ by (subst galois_rel.left_Galois_restrict_left_eq_left_Galois_left_restrict_left
+ galois_rel.left_Galois_restrict_right_eq_left_Galois_right_restrict_right
+ restrict_right_eq rel_inv_eq_self_if_symmetric)+
+ (auto simp: eq_restrict_eq_eq_restrict_left)
+
+end
+
+locale transport_eq_bijection =
+ fixes l :: "'a \<Rightarrow> 'b"
+ and r :: "'b \<Rightarrow> 'a"
+ assumes bijection_on_in_field:
+ "bijection_on (in_field ((=) :: 'a \<Rightarrow> _)) (in_field ((=) :: 'b \<Rightarrow> _)) l r"
+begin
+
+sublocale teq_restr_bij? : transport_eq_restrict_bijection \<top> \<top> l r
+ rewrites "(=\<^bsub>\<top> :: 'a \<Rightarrow> bool\<^esub>) = ((=) :: 'a \<Rightarrow> _)"
+ and "(=\<^bsub>\<top> :: 'b \<Rightarrow> bool\<^esub>) = ((=) :: 'b \<Rightarrow> _)"
+ using bijection_on_in_field by unfold_locales simp_all
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Transport/Transport/Transport_Identity.thy b/thys/Transport/Transport/Transport_Identity.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Transport_Identity.thy
@@ -0,0 +1,64 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport using Identity\<close>
+theory Transport_Identity
+ imports
+ Transport_Bijections
+begin
+
+paragraph \<open>Summary\<close>
+text \<open>Setup for Transport using the identity transport function.\<close>
+
+
+locale transport_id =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+begin
+
+sublocale tbij? : transport_bijection L L id id
+ by (intro transport_bijection.intro) auto
+
+interpretation transport L L id id .
+
+lemma left_Galois_eq_left: "(\<^bsub>L\<^esub>\<lessapprox>) = (\<le>\<^bsub>L\<^esub>)"
+ by (intro ext iffI) auto
+
+end
+
+locale transport_reflexive_on_in_field_id =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes reflexive_on_in_field: "reflexive_on (in_field L) L"
+begin
+
+sublocale trefl_bij? : transport_reflexive_on_in_field_bijection L L id id
+ using reflexive_on_in_field by unfold_locales auto
+
+end
+
+locale transport_preorder_on_in_field_id =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes preorder_on_in_field: "preorder_on (in_field L) L"
+begin
+
+sublocale tpre_bij? : transport_preorder_on_in_field_bijection L L id id
+ using preorder_on_in_field by unfold_locales auto
+
+end
+
+locale transport_partial_equivalence_rel_id =
+ fixes L :: "'a \<Rightarrow> 'a \<Rightarrow> bool"
+ assumes partial_equivalence_rel: "partial_equivalence_rel L"
+begin
+
+sublocale tper_bij? : transport_partial_equivalence_rel_bijection L L id id
+ using partial_equivalence_rel by unfold_locales auto
+
+end
+
+interpretation transport_eq_restrict_id :
+ transport_eq_restrict_bijection P P id id for P :: "'a \<Rightarrow> bool"
+ using bijection_on_self_id by (unfold_locales) auto
+
+interpretation transport_eq_id : transport_eq_bijection id id
+ using bijection_on_self_id by (unfold_locales) auto
+
+
+end
diff --git a/thys/Transport/Transport/Transport_Via_Partial_Galois_Connections_Equivalences_Paper.thy b/thys/Transport/Transport/Transport_Via_Partial_Galois_Connections_Equivalences_Paper.thy
new file mode 100644
--- /dev/null
+++ b/thys/Transport/Transport/Transport_Via_Partial_Galois_Connections_Equivalences_Paper.thy
@@ -0,0 +1,124 @@
+\<^marker>\<open>creator "Kevin Kappelmann"\<close>
+section \<open>Transport Paper Guide\<close>
+theory Transport_Via_Partial_Galois_Connections_Equivalences_Paper
+ imports
+ Transport
+ Transport_Natural_Functors
+ Transport_Partial_Quotient_Types
+ Transport_Prototype
+ Transport_Lists_Sets_Examples
+ Transport_Dep_Fun_Rel_Examples
+ Transport_Typedef_Base
+begin
+
+text \<open>
+
+\<^item> Section 3.1: Order basics can be found in
+ @{theory "Transport.Binary_Relation_Properties"},
+ @{theory "Transport.Preorders"},
+ @{theory "Transport.Partial_Equivalence_Relations"},
+ @{theory "Transport.Equivalence_Relations"}, and
+ @{theory "Transport.Order_Functions_Base"}.
+Theorem
+
+\<^item> Section 3.2: Function relators and monotonicity can be found in
+ @{theory "Transport.Function_Relators"} and
+ @{theory "Transport.Functions_Monotone"}
+
+\<^item> Section 3.3: Galois relator can be found in
+ @{theory "Transport.Galois_Relator_Base"}.
+
+ \<^item> Lemma 1: @{theory "Transport.Transport_Partial_Quotient_Types"}
+ (*results from Appendix*)
+
+ \<^item> Lemma 3: @{thm "galois_prop.Galois_right_iff_left_Galois_if_galois_prop"}
+
+\<^item> Section 3.4: Partial Galois Connections and Equivalences can be found in
+ @{theory "Transport.Half_Galois_Property"},
+ @{theory "Transport.Galois_Property"},
+ @{theory "Transport.Galois_Connections"},
+ @{theory "Transport.Galois_Equivalences"}, and
+ @{theory "Transport.Order_Equivalences"}.
+
+ \<^item> Lemma 2: @{theory "Transport.Transport_Partial_Quotient_Types"}
+ (*results from Appendix*)
+
+ \<^item> Lemma 4: @{thm "galois.galois_equivalence_left_right_if_transitive_if_order_equivalence"}
+
+ \<^item> Lemma 5: @{thm "galois.order_equivalence_if_reflexive_on_in_field_if_galois_equivalence"}
+
+\<^item> Section 4.1: Closure (Dependent) Function Relator can be found in
+ @{dir "Functions"}.
+
+ \<^item> Monotone function relator @{theory "Transport.Monotone_Function_Relator"}.
+
+ \<^item> Setup of construction @{theory "Transport.Transport_Functions_Base"}.
+
+ \<^item> Theorem 1: see @{theory "Transport.Transport_Functions"}
+
+ \<^item> Theorem 2: see @{thm "transport_Mono_Dep_Fun_Rel.left_Galois_iff_Dep_Fun_Rel_left_Galois_if_preorder_equivalenceI'"}
+ (*results from Appendix*)
+
+ \<^item> Lemma 6: @{thm "transport_Mono_Fun_Rel.galois_connection_left_rightI"}
+
+ \<^item> Lemma 7: @{thm "transport_Mono_Fun_Rel.left_Galois_iff_Fun_Rel_left_GaloisI"}
+
+ \<^item> Theorem 7: @{thm "transport_Mono_Dep_Fun_Rel.galois_connection_left_right_if_mono_if_galois_connectionI'"}
+
+ \<^item> Theorem 8: @{thm "transport_Mono_Dep_Fun_Rel.left_Galois_iff_Dep_Fun_Rel_left_Galois_if_mono_if_galois_connectionI'"}
+
+ \<^item> Lemma 8 @{thm "transport_Mono_Dep_Fun_Rel.left_rel_eq_tdfr_leftI_if_equivalencesI"}
+
+ \<^item> Lemma 9: @{thm "transport_Mono_Fun_Rel.left_rel_eq_tfr_leftI"}
+
+\<^item> Section 4.2: Closure Natural Functors can be found in
+ @{dir "Natural_Functors"}.
+ \<^item> Theorem 3: see @{theory "Transport.Transport_Natural_Functors"}
+
+ \<^item> Theorem 4: @{thm "transport_natural_functor.left_Galois_eq_Frel_left_Galois"}
+
+
+\<^item> Section 4.3: Closure Compositions can be found in @{dir "Compositions"}.
+
+ \<^item> Setup for simple case in @{theory "Transport.Transport_Compositions_Agree_Base"}
+
+ \<^item> Setup for generic case in @{theory "Transport.Transport_Compositions_Generic_Base"}
+
+ \<^item> Theorem 5: @{thm "transport_comp.preorder_equivalenceI"} and
+
+ @{thm "transport_comp.partial_equivalence_rel_equivalenceI"}
+ \<^item> Theorem 6: @{thm "transport_comp.left_Galois_eq_comp_left_GaloisI"}
+
+ (*results from Appendix*)
+ \<^item> Theorem 9: see @{dir "Compositions/Agree"}, results in
+
+ @{locale transport_comp_same}.
+ \<^item> Theorem 10: @{thm "transport_comp.galois_connection_left_right_if_galois_equivalenceI"}
+
+ \<^item> Theorem 11: @{thm "transport_comp.left_Galois_eq_comp_left_GaloisI'"}
+
+\<^item> Section 5:
+
+ \<^item> Implementation @{theory "Transport.Transport_Prototype"}:
+ Note: the command "trp" from the paper is called @{command trp_term} and the
+ method "trprover" is called "trp\_term\_prover".
+
+ \<^item> Example 1: @{theory "Transport.Transport_Lists_Sets_Examples"}
+
+ \<^item> Example 2: @{theory "Transport.Transport_Dep_Fun_Rel_Examples"}
+
+ \<^item> Example 3: \<^url>\<open>https://github.com/kappelmann/Isabelle-Set/blob/fdf59444d9a53b5279080fb4d24893c9efa31160/Isabelle_Set/Integers/Integers_Transport.thy\<close>
+
+\<^item> Proof: Partial Quotient Types are a special case:
+ @{theory "Transport.Transport_Partial_Quotient_Types"}
+
+\<^item> Proof: Typedefs are a special case:
+ @{theory "Transport.Transport_Typedef_Base"}
+
+\<^item> Proof: Set-Extensions are a special case: \<^url>\<open>https://github.com/kappelmann/Isabelle-Set/blob/fdf59444d9a53b5279080fb4d24893c9efa31160/Isabelle_Set/Set_Extensions/Set_Extensions_Transport.thy\<close>
+
+\<^item> Proof: Bijections as special case:
+ @{theory "Transport.Transport_Bijections"}
+\<close>
+
+end
diff --git a/thys/Transport/document/root.bib b/thys/Transport/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Transport/document/root.bib
@@ -0,0 +1,20 @@
+@misc{transport,
+ title={{Transport via Partial Galois Connections and Equivalences}},
+ author={{Kevin Kappelmann}},
+ year={2023},
+ eprint={2303.05244},
+ archivePrefix={arXiv},
+ primaryClass={cs.PL},
+ doi={10.48550/arXiv.2303.05244}
+}
+
+@inproceedings{lifting,
+ title={{Lifting and Transfer: A modular design for quotients in Isabelle/HOL}},
+ author={{Huffman, Brian and Kun{\v{c}}ar, Ond{\v{r}}ej}},
+ booktitle={Certified Programs and Proofs: Third International Conference, CPP 2013, Melbourne, VIC, Australia, December 11-13, 2013, Proceedings 3},
+ pages={131--146},
+ year={2013},
+ organization={Springer},
+ doi={10.1007/978-3-319-03545-1_9}
+}
+
diff --git a/thys/Transport/document/root.tex b/thys/Transport/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Transport/document/root.tex
@@ -0,0 +1,39 @@
+\documentclass[11pt,a4paper]{report}
+\usepackage[T1]{fontenc}
+\usepackage{amssymb}
+\usepackage{isabelle,isabellesym}
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+\begin{document}
+
+\title{Transport via Partial Galois Connections and Equivalences}
+\author{Kevin Kappelmann}
+\maketitle
+
+\begin{abstract}
+This entry contains the accompanying formalisation of the paper
+``Transport via Partial Galois Connections and Equivalences'' (APLAS 2023)~\cite{transport}.
+It contains a theoretical framework to transport programs via equivalences,
+subsuming the theory of Isabelle's Lifting package~\cite{lifting}.
+It also contains a prototype to automate transports using this framework in Isabelle/HOL,\@
+but this prototype is not yet ready for production.
+Finally, it contains a library on top of Isabelle/HOL's axioms,
+including various relativised concepts on orders, functions, binary relations,
+and Galois connections and equivalences.
+\end{abstract}
+
+\tableofcontents
+
+% include generated text of all theories
+\input{session}
+
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
diff --git a/web/authors/bisping/index.html b/web/authors/bisping/index.html
--- a/web/authors/bisping/index.html
+++ b/web/authors/bisping/index.html
@@ -1,148 +1,170 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Benjamin Bisping - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/bisping/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="bisping" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/bisping/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="bisping"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>B</span>enjamin <span class='first'>B</span>isping
</h1>
<div>
</div>
</header>
<div>
+ <a href="https://orcid.org/0000-0002-0637-0171">
+ <img alt="ORCID logo" src="https://info.orcid.org/wp-content/uploads/2019/11/orcid_16x16.png"
+ width="16" height="16" />
+ 0000-0002-0637-0171
+ </a>
+ <h2>Homepages 🌐</h2>
+ <ul>
+ <li><a href="https://bbisping.de">https://bbisping.de</a></li>
+ </ul>
<h2>E-Mails 📧</h2>
<ul>
<li>
- <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">
- <span class="rev">ed</span>.<span class="rev">nilreb-ut</span>.<span class="rev">supmac</span>
+ <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">
+ <span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">gnipsib</span>.<span class="rev">nimajneb</span>
</a>
</li>
</ul>
<h2>Entries</h2>
+ <h3 class="head">2023</h3>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a href="https://bbisping.de">🌐</a> and <a href="../../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">
+ Aug 18
+ </span>
+ </article>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/bisping/index.xml b/web/authors/bisping/index.xml
--- a/web/authors/bisping/index.xml
+++ b/web/authors/bisping/index.xml
@@ -1,24 +1,31 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>bisping on Archive of Formal Proofs
</title>
<link>/authors/bisping/</link>
<description>
Recent content in bisping
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Wed, 18 May 2016 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/authors/bisping/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/brodmann/index.html b/web/authors/brodmann/index.html
--- a/web/authors/brodmann/index.html
+++ b/web/authors/brodmann/index.html
@@ -1,148 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Paul-David Brodmann - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/brodmann/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="brodmann" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/brodmann/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="brodmann"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>P</span>aul-<span class='first'>D</span>avid <span class='first'>B</span>rodmann
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">nnamdorb</span>.<span class="rev">p</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/hirata/index.html b/web/authors/hirata/index.html
--- a/web/authors/hirata/index.html
+++ b/web/authors/hirata/index.html
@@ -1,139 +1,173 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Michikazu Hirata - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/hirata/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="hirata" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/hirata/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="hirata"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>ichikazu <span class='first'>H</span>irata
</h1>
<div>
</div>
</header>
<div>
+ <h2>E-Mails 📧</h2>
+ <ul>
+ <li>
+ <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">
+ <span class="rev">pj</span>.<span class="rev">ca</span>.<span class="rev">hcetit</span>.<span class="rev">m</span>
+@<span class="rev">ca</span>.<span class="rev">m</span>.<span class="rev">atarih</span>
+ </a>
+ </li>
+ </ul>
<h2>Entries</h2>
+ <h3 class="head">2023</h3>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></h5>
+ <br>
+ by
+ <a href="../../authors/hirata">Michikazu Hirata</a> <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">📧</a>
+
+ </div>
+ <span class="date">
+ Aug 08
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by
+ <a href="../../authors/hirata">Michikazu Hirata</a> <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">📧</a> and <a href="../../authors/minamide">Yasuhiko Minamide</a> <a class="obfuscated" data="eyJob3N0IjpbImlzIiwidGl0ZWNoIiwiYWMiLCJqcCJdLCJ1c2VyIjpbIm1pbmFtaWRlIl19">📧</a>
+
+ </div>
+ <span class="date">
+ Aug 08
+ </span>
+ </article>
<h3 class="head">2022</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by
<a href="../../authors/hirata">Michikazu Hirata</a>, <a href="../../authors/minamide">Yasuhiko Minamide</a> <a href="https://sv.c.titech.ac.jp/minamide/index.en.html">🌐</a> and <a href="../../authors/sato">Tetsuya Sato</a> <a href="https://sites.google.com/view/tetsuyasato/">🌐</a>
</div>
<span class="date">
Feb 03
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/hirata/index.xml b/web/authors/hirata/index.xml
--- a/web/authors/hirata/index.xml
+++ b/web/authors/hirata/index.xml
@@ -1,24 +1,38 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>hirata on Archive of Formal Proofs
</title>
<link>/authors/hirata/</link>
<description>
Recent content in hirata
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 03 Feb 2022 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Tue, 08 Aug 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/authors/hirata/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/index.html b/web/authors/index.html
--- a/web/authors/index.html
+++ b/web/authors/index.html
@@ -1,1997 +1,2001 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Archive of Formal Proofs </title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<meta property="og:title" content="Authors" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Authors"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>A</span>uthors
</h1>
<div>
</div>
</header>
<div>
<table class="entries">
<tbody>
<tr>
<td>
<ul>
<li>
<a href="../authors/abdulaziz/">Mohammad Abdulaziz
</a>
</li>
<li>
<a href="../authors/adelsberger/">Stephan Adelsberger
</a>
</li>
<li>
<a href="../authors/aehlig/">Klaus Aehlig
</a>
</li>
<li>
<a href="../authors/aissat/">Romain Aissat
</a>
</li>
<li>
<a href="../authors/amani/">Sidney Amani
</a>
</li>
<li>
<a href="../authors/ammer/">Thomas Ammer
</a>
</li>
<li>
<a href="../authors/andreka/">Hajnal Andreka
</a>
</li>
<li>
<a href="../authors/andronick/">June Andronick
</a>
</li>
<li>
<a href="../authors/aransay/">Jesús Aransay
</a>
</li>
<li>
<a href="../authors/argyraki/">Angeliki Koutsoukou-Argyraki
</a>
</li>
<li>
<a href="../authors/armstrong/">Alasdair Armstrong
</a>
</li>
<li>
<a href="../authors/aspinall/">David Aspinall
</a>
</li>
<li>
<a href="../authors/ausaf/">Fahad Ausaf
</a>
</li>
<li>
<a href="../authors/avigad/">Jeremy Avigad
</a>
</li>
<li>
<a href="../authors/back/">Ralph-Johan Back
</a>
</li>
<li>
<a href="../authors/baksys/">Mantas Bakšys
</a>
</li>
<li>
<a href="../authors/balbach/">Frank J. Balbach
</a>
</li>
<li>
<a href="../authors/ballarin/">Clemens Ballarin
</a>
</li>
<li>
<a href="../authors/barsotti/">Damián Barsotti
</a>
</li>
<li>
<a href="../authors/bauer/">Gertrud Bauer
</a>
</li>
<li>
<a href="../authors/bauereiss/">Thomas Bauereiss
</a>
</li>
<li>
<a href="../authors/bayer/">Jonas Bayer
</a>
</li>
<li>
<a href="../authors/becker/">Heiko Becker
</a>
</li>
<li>
<a href="../authors/beeren/">Joel Beeren
</a>
</li>
<li>
<a href="../authors/bella/">Giampaolo Bella
</a>
</li>
<li>
<a href="../authors/bengtson/">Jesper Bengtson
</a>
</li>
<li>
<a href="../authors/bentkamp/">Alexander Bentkamp
</a>
</li>
<li>
<a href="../authors/benzmueller/">Christoph Benzmüller
</a>
</li>
<li>
<a href="../authors/beresford/">Alastair R. Beresford
</a>
</li>
<li>
<a href="../authors/berghofer/">Stefan Berghofer
</a>
</li>
<li>
<a href="../authors/beringer/">Lennart Beringer
</a>
</li>
<li>
<a href="../authors/bharadwaj/">Abhijith Bharadwaj
</a>
</li>
<li>
<a href="../authors/bhatt/">Bhargav Bhatt
</a>
</li>
<li>
<a href="../authors/biendarra/">Julian Biendarra
</a>
</li>
<li>
<a href="../authors/bisping/">Benjamin Bisping
</a>
</li>
<li>
<a href="../authors/blanchette/">Jasmin Christian Blanchette
</a>
</li>
<li>
<a href="../authors/blasum/">Holger Blasum
</a>
</li>
<li>
<a href="../authors/blumson/">Ben Blumson
</a>
</li>
<li>
<a href="../authors/bockenek/">Joshua Bockenek
</a>
</li>
<li>
<a href="../authors/boehme/">Sascha Böhme
</a>
</li>
<li>
<a href="../authors/bohrer/">Rose Bohrer
</a>
</li>
<li>
<a href="../authors/bordg/">Anthony Bordg
</a>
</li>
<li>
<a href="../authors/borgstroem/">Johannes Borgström
</a>
</li>
<li>
<a href="../authors/bortin/">Maksym Bortin
</a>
</li>
<li>
<a href="../authors/bottesch/">Ralph Bottesch
</a>
</li>
<li>
<a href="../authors/boulanger/">Frédéric Boulanger
</a>
</li>
<li>
<a href="../authors/bourke/">Timothy Bourke
</a>
</li>
<li>
<a href="../authors/boutry/">Pierre Boutry
</a>
</li>
<li>
<a href="../authors/boyton/">Andrew Boyton
</a>
</li>
<li>
<a href="../authors/bracevac/">Oliver Bračevac
</a>
</li>
<li>
<a href="../authors/brandt/">Felix Brandt
</a>
</li>
<li>
<a href="../authors/breitner/">Joachim Breitner
</a>
</li>
<li>
<a href="../authors/brien/">Nicolas Robinson-O&#39;Brien
</a>
</li>
<li>
<a href="../authors/brinkop/">Hauke Brinkop
</a>
</li>
<li>
<a href="../authors/brodmann/">Paul-David Brodmann
</a>
</li>
<li>
<a href="../authors/brucker/">Achim D. Brucker
</a>
</li>
<li>
<a href="../authors/bruegger/">Lukas Brügger
</a>
</li>
<li>
<a href="../authors/brun/">Matthias Brun
</a>
</li>
<li>
<a href="../authors/brunner/">Julian Brunner
</a>
</li>
<li>
<a href="../authors/bulwahn/">Lukas Bulwahn
</a>
</li>
<li>
<a href="../authors/butler/">David Butler
</a>
</li>
<li>
<a href="../authors/buyse/">Maxime Buyse
</a>
</li>
<li>
<a href="../authors/caballero/">José Manuel Rodríguez Caballero
</a>
</li>
<li>
<a href="../authors/calk/">Cameron Calk
</a>
</li>
<li>
<a href="../authors/caminati/">Marco B. Caminati
</a>
</li>
<li>
<a href="../authors/campo/">Alejandro del Campo
</a>
</li>
<li>
<a href="../authors/chapman/">Peter Chapman
</a>
</li>
<li>
<a href="../authors/chen/">L. Chen
</a>
</li>
<li>
<a href="../authors/chevalier/">Loïc Chevalier
</a>
</li>
<li>
<a href="../authors/christfort/">Axel Christfort
</a>
</li>
<li>
<a href="../authors/clouston/">Ranald Clouston
</a>
</li>
<li>
<a href="../authors/cock/">David Cock
</a>
</li>
<li>
<a href="../authors/coghetto/">Roland Coghetto
</a>
</li>
<li>
<a href="../authors/coglio/">Alessandro Coglio
</a>
</li>
<li>
<a href="../authors/cohen/">Ernie Cohen
</a>
</li>
<li>
<a href="../authors/cordwell/">Katherine Kosaian
</a>
</li>
<li>
<a href="../authors/cousin/">Marie Cousin
</a>
</li>
<li>
<a href="../authors/cremer/">Nils Cremer
</a>
</li>
<li>
<a href="../authors/crighton/">Aaron Crighton
</a>
</li>
<li>
<a href="../authors/dalvit/">Christian Dalvit
</a>
</li>
<li>
<a href="../authors/danilkin/">Anton Danilkin
</a>
</li>
<li>
<a href="../authors/dardinier/">Thibault Dardinier
</a>
</li>
<li>
<a href="../authors/david/">Marco David
</a>
</li>
<li>
<a href="../authors/debois/">Søren Debois
</a>
</li>
<li>
<a href="../authors/debrat/">Henri Debrat
</a>
</li>
<li>
<a href="../authors/decova/">Sára Decova
</a>
</li>
<li>
<a href="../authors/delemazure/">Théo Delemazure
</a>
</li>
<li>
<a href="../authors/demeulemeester/">Tom Demeulemeester
</a>
</li>
<li>
<a href="../authors/derrick/">John Derrick
</a>
</li>
<li>
<a href="../authors/desharnais/">Martin Desharnais
</a>
</li>
<li>
<a href="../authors/diaz/">Javier Díaz
</a>
</li>
<li>
<a href="../authors/diekmann/">Cornelius Diekmann
</a>
</li>
<li>
<a href="../authors/dirix/">Stefan Dirix
</a>
</li>
<li>
<a href="../authors/dittmann/">Christoph Dittmann
</a>
</li>
<li>
<a href="../authors/divason/">Jose Divasón
</a>
</li>
<li>
<a href="../authors/doczkal/">Christian Doczkal
</a>
</li>
<li>
<a href="../authors/dongol/">Brijesh Dongol
</a>
</li>
<li>
<a href="../authors/doty/">Matthew Doty
</a>
</li>
<li>
<a href="../authors/dubut/">Jérémy Dubut
</a>
</li>
<li>
<a href="../authors/dunaev/">Georgy Dunaev
</a>
</li>
<li>
<a href="../authors/dyckhoff/">Roy Dyckhoff
</a>
</li>
<li>
<a href="../authors/eberl/">Manuel Eberl
</a>
</li>
<li>
<a href="../authors/echenim/">Mnacho Echenim
</a>
</li>
<li>
<a href="../authors/edmonds/">Chelsea Edmonds
</a>
</li>
<li>
<a href="../authors/engelhardt/">Kai Engelhardt
</a>
</li>
<li>
<a href="../authors/eriksson/">Lars-Henrik Eriksson
</a>
</li>
<li>
<a href="../authors/esparza/">Javier Esparza
</a>
</li>
<li>
<a href="../authors/essmann/">Robin Eßmann
</a>
</li>
<li>
<a href="../authors/felgenhauer/">Bertram Felgenhauer
</a>
</li>
<li>
<a href="../authors/feliachi/">Abderrahmane Feliachi
</a>
</li>
<li>
<a href="../authors/fell/">Julian Fell
</a>
</li>
<li>
<a href="../authors/fernandez/">Matthew Fernandez
</a>
</li>
<li>
<a href="../authors/fiedler/">Ben Fiedler
</a>
</li>
<li>
<a href="../authors/fleuriot/">Jacques D. Fleuriot
</a>
</li>
<li>
<a href="../authors/fleury/">Mathias Fleury
</a>
</li>
<li>
<a href="../authors/foster/">Michael Foster
</a>
</li>
<li>
<a href="../authors/fosterj/">J. Nathan Foster
</a>
</li>
<li>
<a href="../authors/fosters/">Simon Foster
</a>
</li>
<li>
<a href="../authors/fouillard/">Valentin Fouillard
</a>
</li>
<li>
<a href="../authors/friedrich/">Stefan Friedrich
</a>
</li>
<li>
<a href="../authors/from/">Asta Halkjær From
</a>
</li>
<li>
<a href="../authors/fuenmayor/">David Fuenmayor
</a>
</li>
<li>
<a href="../authors/furusawa/">Hitoshi Furusawa
</a>
</li>
<li>
<a href="../authors/gammie/">Peter Gammie
</a>
</li>
<li>
<a href="../authors/gao/">Xin Gao
</a>
</li>
<li>
<a href="../authors/gaudel/">Marie-Claude Gaudel
</a>
</li>
<li>
<a href="../authors/gay/">Richard Gay
</a>
</li>
<li>
<a href="../authors/georgescu/">George Georgescu
</a>
</li>
<li>
<a href="../authors/gheri/">Lorenzo Gheri
</a>
</li>
<li>
<a href="../authors/ghourabi/">Fadoua Ghourabi
</a>
</li>
<li>
<a href="../authors/gioiosa/">Gianpaolo Gioiosa
</a>
</li>
<li>
<a href="../authors/glabbeek/">Rob van Glabbeek
</a>
</li>
<li>
<a href="../authors/gomes/">Victor B. F. Gomes
</a>
</li>
<li>
<a href="../authors/gonzalez/">Edgar Gonzàlez
</a>
</li>
<li>
<a href="../authors/gore/">Rajeev Gore
</a>
</li>
<li>
<a href="../authors/gouezel/">Sebastien Gouezel
</a>
</li>
<li>
<a href="../authors/grechuk/">Bogdan Grechuk
</a>
</li>
<li>
<a href="../authors/grewe/">Sylvia Grewe
</a>
</li>
<li>
<a href="../authors/griebel/">Simon Griebel
</a>
</li>
<li>
<a href="../authors/grov/">Gudmund Grov
</a>
</li>
<li>
<a href="../authors/guerraoui/">Rachid Guerraoui
</a>
</li>
<li>
<a href="../authors/guiol/">Hervé Guiol
</a>
</li>
<li>
<a href="../authors/gunther/">Emmanuel Gunther
</a>
</li>
<li>
<a href="../authors/gutkovas/">Ramunas Gutkovas
</a>
</li>
<li>
<a href="../authors/guttmann/">Walter Guttmann
</a>
</li>
<li>
<a href="../authors/guzman/">Laura P. Gamboa Guzman
</a>
</li>
<li>
<a href="../authors/haftmann/">Florian Haftmann
</a>
</li>
<li>
<a href="../authors/haslbeck/">Max W. Haslbeck
</a>
</li>
<li>
<a href="../authors/haslbeckm/">Maximilian P. L. Haslbeck
</a>
</li>
<li>
<a href="../authors/havle/">Oto Havle
</a>
</li>
<li>
<a href="../authors/hayes/">Ian J. Hayes
</a>
</li>
<li>
<a href="../authors/he/">Yijun He
</a>
</li>
<li>
<a href="../authors/heimes/">Lukas Heimes
</a>
</li>
<li>
<a href="../authors/helke/">Steffen Helke
</a>
</li>
<li>
<a href="../authors/hellauer/">Fabian Hellauer
</a>
</li>
<li>
<a href="../authors/heller/">Armin Heller
</a>
</li>
<li>
<a href="../authors/henrio/">Ludovic Henrio
</a>
</li>
<li>
<a href="../authors/herzberg/">Michael Herzberg
</a>
</li>
<li>
<a href="../authors/hess/">Andreas V. Hess
</a>
</li>
<li>
<a href="../authors/hetzl/">Stefan Hetzl
</a>
</li>
<li>
<a href="../authors/hibon/">Quentin Hibon
</a>
</li>
<li>
<a href="../authors/higgins/">Edward Higgins
</a>
</li>
<li>
<a href="../authors/hirata/">Michikazu Hirata
</a>
</li>
<li>
<a href="../authors/hoefner/">Peter Höfner
</a>
</li>
<li>
<a href="../authors/hoelzl/">Johannes Hölzl
</a>
</li>
<li>
<a href="../authors/hofmann/">Martin Hofmann
</a>
</li>
<li>
<a href="../authors/hofmeier/">Paul Hofmeier
</a>
</li>
<li>
<a href="../authors/holub/">Štěpán Holub
</a>
</li>
<li>
<a href="../authors/hosking/">Tony Hosking
</a>
</li>
<li>
<a href="../authors/hou/">Zhe Hou
</a>
</li>
<li>
<a href="../authors/hu/">Shuwei Hu
</a>
</li>
<li>
<a href="../authors/huffman/">Brian Huffman
</a>
</li>
<li>
<a href="../authors/hupel/">Lars Hupel
</a>
</li>
<li>
<a href="../authors/ijbema/">Mark Ijbema
</a>
</li>
<li>
<a href="../authors/immler/">Fabian Immler
</a>
</li>
<li>
<a href="../authors/israel/">Jonas Israel
</a>
</li>
<li>
<a href="../authors/ito/">Yosuke Ito
</a>
</li>
<li>
<a href="../authors/iwama/">Fumiya Iwama
</a>
</li>
<li>
<a href="../authors/jacobsen/">Frederik Krogsdal Jacobsen
</a>
</li>
<li>
<a href="../authors/jaskelioff/">Mauro Jaskelioff
</a>
</li>
<li>
<a href="../authors/jaskolka/">Jason Jaskolka
</a>
</li>
<li>
<a href="../authors/jensen/">Alexander Birch Jensen
</a>
</li>
<li>
<a href="../authors/jiang/">Nan Jiang
</a>
</li>
<li>
<a href="../authors/jiangd/">Dongchen Jiang
</a>
</li>
<li>
<a href="../authors/joosten/">Sebastiaan J. C. Joosten
</a>
</li>
<li>
<a href="../authors/jungnickel/">Tim Jungnickel
</a>
</li>
<li>
<a href="../authors/kadzioka/">Maya Kądziołka
</a>
</li>
<li>
<a href="../authors/kaliszyk/">Cezary Kaliszyk
</a>
</li>
<li>
<a href="../authors/kammueller/">Florian Kammüller
</a>
</li>
<li>
<a href="../authors/kappelmann/">Kevin Kappelmann
</a>
</li>
<li>
<a href="../authors/karayel/">Emin Karayel
</a>
</li>
<li>
<a href="../authors/kastermans/">Bart Kastermans
</a>
</li>
<li>
<a href="../authors/katovsky/">Alexander Katovsky
</a>
</li>
<li>
<a href="../authors/kaufmann/">Daniela Kaufmann
</a>
</li>
<li>
<a href="../authors/keefe/">Greg O&#39;Keefe
</a>
</li>
<li>
<a href="../authors/keinholz/">Jonas Keinholz
</a>
</li>
<li>
<a href="../authors/kerber/">Manfred Kerber
</a>
</li>
<li>
<a href="../authors/keskin/">Ata Keskin
</a>
</li>
<li>
<a href="../authors/ketland/">Jeffrey Ketland
</a>
</li>
<li>
<a href="../authors/kim/">Sunpill Kim
</a>
</li>
<li>
<a href="../authors/kirchner/">Daniel Kirchner
</a>
</li>
<li>
<a href="../authors/klein/">Gerwin Klein
</a>
</li>
<li>
<a href="../authors/klenze/">Tobias Klenze
</a>
</li>
<li>
<a href="../authors/kleppmann/">Martin Kleppmann
</a>
</li>
<li>
<a href="../authors/kobayashi/">Hidetsune Kobayashi
</a>
</li>
<li>
<a href="../authors/koerner/">Stefan Körner
</a>
</li>
<li>
<a href="../authors/kolanski/">Rafal Kolanski
</a>
</li>
<li>
<a href="../authors/koller/">Lukas Koller
</a>
</li>
<li>
<a href="../authors/krauss/">Alexander Krauss
</a>
</li>
<li>
<a href="../authors/kreuzer/">Katharina Kreuzer
</a>
</li>
<li>
<a href="../authors/kuncak/">Viktor Kuncak
</a>
</li>
<li>
<a href="../authors/kuncar/">Ondřej Kunčar
</a>
</li>
<li>
<a href="../authors/kurz/">Friedrich Kurz
</a>
</li>
<li>
<a href="../authors/lachnitt/">Hanna Lachnitt
</a>
</li>
<li>
<a href="../authors/lallemand/">Joseph Lallemand
</a>
</li>
<li>
<a href="../authors/lammich/">Peter Lammich
</a>
</li>
<li>
<a href="../authors/lange/">Christoph Lange
</a>
</li>
<li>
<a href="../authors/langenstein/">Bruno Langenstein
</a>
</li>
<li>
<a href="../authors/lattuada/">Andrea Lattuada
</a>
</li>
<li>
<a href="../authors/lauermann/">Nils Lauermann
</a>
</li>
<li>
<a href="../authors/laursen/">Christian Pardillo-Laursen
</a>
</li>
<li>
<a href="../authors/lederer/">Patrick Lederer
</a>
</li>
<li>
<a href="../authors/lee/">Holden Lee
</a>
</li>
<li>
<a href="../authors/leek/">Kevin Lee
</a>
</li>
<li>
<a href="../authors/leustean/">Laurentiu Leustean
</a>
</li>
<li>
<a href="../authors/lewis/">Corey Lewis
</a>
</li>
<li>
<a href="../authors/li/">Wenda Li
</a>
</li>
<li>
<a href="../authors/lim/">Japheth Lim
</a>
</li>
<li>
<a href="../authors/lindenberg/">Christina Lindenberg
</a>
</li>
<li>
<a href="../authors/linker/">Sven Linker
</a>
</li>
<li>
<a href="../authors/liu/">Junyi Liu
</a>
</li>
<li>
<a href="../authors/liut/">Tao Liu
</a>
</li>
<li>
<a href="../authors/liuy/">Yang Liu
</a>
</li>
<li>
<a href="../authors/liy/">Yangjia Li
</a>
</li>
<li>
<a href="../authors/lochbihler/">Andreas Lochbihler
</a>
</li>
<li>
<a href="../authors/lochmann/">Alexander Lochmann
</a>
</li>
<li>
<a href="../authors/lohner/">Denis Lohner
</a>
</li>
<li>
<a href="../authors/loibl/">Matthias Loibl
</a>
</li>
<li>
<a href="../authors/londono/">Alejandro Gómez-Londoño
</a>
</li>
<li>
<a href="../authors/losa/">Giuliano Losa
</a>
</li>
<li>
<a href="../authors/lutz/">Bianca Lutz
</a>
</li>
<li>
<a href="../authors/lux/">Alexander Lux
</a>
</li>
<li>
<a href="../authors/madarasz/">Judit Madarasz
</a>
</li>
<li>
<a href="../authors/makarios/">T. J. M. Makarios
</a>
</li>
<li>
<a href="../authors/maletzky/">Alexander Maletzky
</a>
</li>
<li>
<a href="../authors/mansky/">Susannah Mansky
</a>
</li>
<li>
<a href="../authors/mantel/">Heiko Mantel
</a>
</li>
<li>
<a href="../authors/margetson/">James Margetson
</a>
</li>
<li>
<a href="../authors/maric/">Ognjen Marić
</a>
</li>
<li>
<a href="../authors/maricf/">Filip Marić
</a>
</li>
<li>
<a href="../authors/marmsoler/">Diego Marmsoler
</a>
</li>
<li>
<a href="../authors/matache/">Cristina Matache
</a>
</li>
<li>
<a href="../authors/mateo/">Adrián Doña Mateo
</a>
</li>
<li>
<a href="../authors/matichuk/">Daniel Matichuk
</a>
</li>
<li>
<a href="../authors/matiyasevich/">Yuri Matiyasevich
</a>
</li>
<li>
<a href="../authors/maximova/">Alexandra Maximova
</a>
</li>
<li>
<a href="../authors/meis/">Rene Meis
</a>
</li>
<li>
<a href="../authors/merz/">Stephan Merz
</a>
</li>
<li>
<a href="../authors/messner/">Florian Messner
</a>
</li>
<li>
<a href="../authors/mhalla/">Mehdi Mhalla
</a>
</li>
<li>
<a href="../authors/michaelis/">Julius Michaelis
</a>
</li>
<li>
<a href="../authors/milehins/">Mihails Milehins
</a>
</li>
<li>
<a href="../authors/minamide/">Yasuhiko Minamide
</a>
</li>
<li>
<a href="../authors/mitchell/">Neil Mitchell
</a>
</li>
<li>
<a href="../authors/mitsch/">Stefan Mitsch
</a>
</li>
<li>
<a href="../authors/moedersheim/">Sebastian Mödersheim
</a>
</li>
<li>
<a href="../authors/moeller/">Bernhard Möller
</a>
</li>
<li>
+ <a href="../authors/montanari/">Luisa Montanari
+ </a>
+ </li>
+ <li>
<a href="../authors/mori/">Coraline Mori
</a>
</li>
<li>
<a href="../authors/muendler/">Niels Mündler
</a>
</li>
<li>
<a href="../authors/mulligan/">Dominic P. Mulligan
</a>
</li>
<li>
<a href="../authors/munive/">Jonathan Julian Huerta y Munive
</a>
</li>
<li>
<a href="../authors/murao/">H. Murao
</a>
</li>
<li>
<a href="../authors/murray/">Toby Murray
</a>
</li>
<li>
<a href="../authors/myreen/">Magnus O. Myreen
</a>
</li>
<li>
<a href="../authors/nagashima/">Yutaka Nagashima
</a>
</li>
<li>
<a href="../authors/nagele/">Julian Nagele
</a>
</li>
<li>
<a href="../authors/naraschewski/">Wolfgang Naraschewski
</a>
</li>
<li>
<a href="../authors/nedzelsky/">Michael Nedzelsky
</a>
</li>
<li>
<a href="../authors/nemeti/">István Németi
</a>
</li>
<li>
<a href="../authors/nemouchi/">Yakoub Nemouchi
</a>
</li>
<li>
<a href="../authors/nestmann/">Uwe Nestmann
</a>
</li>
<li>
<a href="../authors/neumann/">René Neumann
</a>
</li>
<li>
<a href="../authors/nielsen/">Finn Nielsen
</a>
</li>
<li>
<a href="../authors/nikiforov/">Denis Nikiforov
</a>
</li>
<li>
<a href="../authors/nipkow/">Tobias Nipkow
</a>
</li>
<li>
<a href="../authors/nishihara/">Toshiaki Nishihara
</a>
</li>
<li>
<a href="../authors/noce/">Pasquale Noce
</a>
</li>
<li>
<a href="../authors/nordhoff/">Benedikt Nordhoff
</a>
</li>
<li>
<a href="../authors/noschinski/">Lars Noschinski
</a>
</li>
<li>
<a href="../authors/obua/">Steven Obua
</a>
</li>
<li>
<a href="../authors/ogawa/">Mizuhito Ogawa
</a>
</li>
<li>
<a href="../authors/oldenburg/">Lennart Oldenburg
</a>
</li>
<li>
<a href="../authors/olm/">Markus Müller-Olm
</a>
</li>
<li>
<a href="../authors/oosterhuis/">Roelof Oosterhuis
</a>
</li>
<li>
<a href="../authors/oostrom/">Vincent van Oostrom
</a>
</li>
<li>
<a href="../authors/ortner/">Veronika Ortner
</a>
</li>
<li>
<a href="../authors/overbeek/">Roy Overbeek
</a>
</li>
<li>
<a href="../authors/pagano/">Miguel Pagano
</a>
</li>
<li>
<a href="../authors/pal/">Abhik Pal
</a>
</li>
<li>
<a href="../authors/paleo/">Bruno Woltzenlogel Paleo
</a>
</li>
<li>
<a href="../authors/palmer/">Jake Palmer
</a>
</li>
<li>
<a href="../authors/park/">Seung Hoon Park
</a>
</li>
<li>
<a href="../authors/parkinson/">Matthew Parkinson
</a>
</li>
<li>
<a href="../authors/parrow/">Joachim Parrow
</a>
</li>
<li>
<a href="../authors/parsert/">Julian Parsert
</a>
</li>
<li>
<a href="../authors/paulson/">Lawrence C. Paulson
</a>
</li>
<li>
<a href="../authors/peltier/">Nicolas Peltier
</a>
</li>
<li>
<a href="../authors/peters/">Kirstin Peters
</a>
</li>
<li>
<a href="../authors/petrovic/">Danijela Petrovic
</a>
</li>
<li>
<a href="../authors/pierzchalski/">Edward Pierzchalski
</a>
</li>
<li>
<a href="../authors/platzer/">André Platzer
</a>
</li>
<li>
<a href="../authors/pohjola/">Johannes Åman Pohjola
</a>
</li>
<li>
<a href="../authors/pollak/">Florian Pollak
</a>
</li>
<li>
<a href="../authors/popescu/">Andrei Popescu
</a>
</li>
<li>
<a href="../authors/porter/">Benjamin Porter
</a>
</li>
<li>
<a href="../authors/prathamesh/">T.V.H. Prathamesh
</a>
</li>
<li>
<a href="../authors/preoteasa/">Viorel Preoteasa
</a>
</li>
<li>
<a href="../authors/pusch/">Cornelia Pusch
</a>
</li>
<li>
<a href="../authors/qiu/">Qi Qiu
</a>
</li>
<li>
<a href="../authors/rabe/">Markus N. Rabe
</a>
</li>
<li>
<a href="../authors/rabing/">Mathias Schack Rabing
</a>
</li>
<li>
<a href="../authors/raedle/">Jonas Rädle
</a>
</li>
<li>
<a href="../authors/raska/">Martin Raška
</a>
</li>
<li>
<a href="../authors/raszyk/">Martin Raszyk
</a>
</li>
<li>
<a href="../authors/rau/">Martin Rau
</a>
</li>
<li>
<a href="../authors/rauch/">Nicole Rauch
</a>
</li>
<li>
<a href="../authors/raumer/">Jakob von Raumer
</a>
</li>
<li>
<a href="../authors/ravindran/">Binoy Ravindran
</a>
</li>
<li>
<a href="../authors/rawson/">Michael Rawson
</a>
</li>
<li>
<a href="../authors/raya/">Rodrigo Raya
</a>
</li>
<li>
<a href="../authors/regensburger/">Franz Regensburger
</a>
</li>
<li>
<a href="../authors/reiche/">Sebastian Reiche
</a>
</li>
<li>
<a href="../authors/reiter/">Markus Reiter
</a>
</li>
<li>
<a href="../authors/reynaud/">Alban Reynaud
</a>
</li>
<li>
<a href="../authors/ribeiro/">Pedro Ribeiro
</a>
</li>
<li>
<a href="../authors/richter/">Stefan Richter
</a>
</li>
<li>
<a href="../authors/rickmann/">Christina Rickmann
</a>
</li>
<li>
<a href="../authors/ridge/">Tom Ridge
</a>
</li>
<li>
<a href="../authors/rizaldi/">Albert Rizaldi
</a>
</li>
<li>
<a href="../authors/rizkallah/">Christine Rizkallah
</a>
</li>
<li>
<a href="../authors/robillard/">Simon Robillard
</a>
</li>
<li>
<a href="../authors/roessle/">Ian Roessle
</a>
</li>
<li>
<a href="../authors/romanos/">Ralph Romanos
</a>
</li>
<li>
<a href="../authors/rosskopf/">Simon Roßkopf
</a>
</li>
<li>
<a href="../authors/rowat/">Colin Rowat
</a>
</li>
<li>
<a href="../authors/sabouret/">Nicolas Sabouret
</a>
</li>
<li>
<a href="../authors/sachtleben/">Robert Sachtleben
</a>
</li>
<li>
<a href="../authors/saile/">Christian Saile
</a>
</li>
<li>
<a href="../authors/sanan/">David Sanan
</a>
</li>
<li>
<a href="../authors/sato/">Tetsuya Sato
</a>
</li>
<li>
<a href="../authors/sauer/">Jens Sauer
</a>
</li>
<li>
<a href="../authors/schaeffeler/">Maximilian Schäffeler
</a>
</li>
<li>
<a href="../authors/scharager/">Matias Scharager
</a>
</li>
<li>
<a href="../authors/schimpf/">Alexander Schimpf
</a>
</li>
<li>
<a href="../authors/schirmer/">Norbert Schirmer
</a>
</li>
<li>
<a href="../authors/schleicher/">Dierk Schleicher
</a>
</li>
<li>
<a href="../authors/schlichtkrull/">Anders Schlichtkrull
</a>
</li>
<li>
<a href="../authors/schmaltz/">Julien Schmaltz
</a>
</li>
<li>
<a href="../authors/schmidinger/">Lukas Schmidinger
</a>
</li>
<li>
<a href="../authors/schmoetten/">Richard Schmoetten
</a>
</li>
<li>
<a href="../authors/schneider/">Joshua Schneider
</a>
</li>
<li>
<a href="../authors/schoepe/">Daniel Schoepe
</a>
</li>
<li>
<a href="../authors/schoepf/">Jonas Schöpf
</a>
</li>
<li>
<a href="../authors/scott/">Dana Scott
</a>
</li>
<li>
<a href="../authors/sefidgar/">S. Reza Sefidgar
</a>
</li>
<li>
<a href="../authors/seidl/">Benedikt Seidl
</a>
</li>
<li>
<a href="../authors/seidler/">Henning Seidler
</a>
</li>
<li>
<a href="../authors/sewell/">Thomas Sewell
</a>
</li>
<li>
<a href="../authors/sickert/">Salomon Sickert
</a>
</li>
<li>
<a href="../authors/siek/">Jeremy Siek
</a>
</li>
<li>
<a href="../authors/simic/">Danijela Simić
</a>
</li>
<li>
<a href="../authors/sison/">Robert Sison
</a>
</li>
<li>
<a href="../authors/smaus/">Jan-Georg Smaus
</a>
</li>
<li>
<a href="../authors/smola/">Filip Smola
</a>
</li>
<li>
<a href="../authors/snelting/">Gregor Snelting
</a>
</li>
<li>
<a href="../authors/somaini/">Ivano Somaini
</a>
</li>
<li>
<a href="../authors/somogyi/">Dániel Somogyi
</a>
</li>
<li>
<a href="../authors/spasic/">Mirko Spasić
</a>
</li>
<li>
<a href="../authors/spichkova/">Maria Spichkova
</a>
</li>
<li>
<a href="../authors/spitz/">Maximilian Spitz
</a>
</li>
<li>
<a href="../authors/sprenger/">Christoph Sprenger
</a>
</li>
<li>
<a href="../authors/staats/">Charles Staats
</a>
</li>
<li>
<a href="../authors/stannett/">Mike Stannett
</a>
</li>
<li>
<a href="../authors/stark/">Eugene W. Stark
</a>
</li>
<li>
<a href="../authors/starosta/">Štěpán Starosta
</a>
</li>
<li>
<a href="../authors/steen/">Alexander Steen
</a>
</li>
<li>
<a href="../authors/steinberg/">Matías Steinberg
</a>
</li>
<li>
<a href="../authors/stephan/">Werner Stephan
</a>
</li>
<li>
<a href="../authors/sternagel/">Christian Sternagel
</a>
</li>
<li>
<a href="../authors/sternagelt/">Thomas Sternagel
</a>
</li>
<li>
<a href="../authors/stevens/">Lukas Stevens
</a>
</li>
<li>
<a href="../authors/stock/">Benedikt Stock
</a>
</li>
<li>
<a href="../authors/stoeckl/">Bernhard Stöckl
</a>
</li>
<li>
<a href="../authors/stricker/">Christian Stricker
</a>
</li>
<li>
<a href="../authors/strnisa/">Rok Strniša
</a>
</li>
<li>
<a href="../authors/struth/">Georg Struth
</a>
</li>
<li>
<a href="../authors/stueber/">Anke Stüber
</a>
</li>
<li>
<a href="../authors/stuewe/">Daniel Stüwe
</a>
</li>
<li>
<a href="../authors/sudbrock/">Henning Sudbrock
</a>
</li>
<li>
<a href="../authors/sudhof/">Henry Sudhof
</a>
</li>
<li>
<a href="../authors/sulejmani/">Ujkan Sulejmani
</a>
</li>
<li>
<a href="../authors/sutcliffe/">Geoff Sutcliffe
</a>
</li>
<li>
<a href="../authors/sylvestre/">Jeremy Sylvestre
</a>
</li>
<li>
<a href="../authors/szekely/">Gergely Szekely
</a>
</li>
<li>
<a href="../authors/taha/">Safouan Taha
</a>
</li>
<li>
<a href="../authors/tan/">Yong Kiam Tan
</a>
</li>
<li>
<a href="../authors/tanaka/">Miki Tanaka
</a>
</li>
<li>
<a href="../authors/tasch/">Markus Tasch
</a>
</li>
<li>
<a href="../authors/taylor/">Ramsay G. Taylor
</a>
</li>
<li>
<a href="../authors/terraf/">Pedro Sánchez Terraf
</a>
</li>
<li>
<a href="../authors/thiemann/">René Thiemann
</a>
</li>
<li>
<a href="../authors/thommes/">Joseph Thommes
</a>
</li>
<li>
<a href="../authors/thomson/">Fox Thomson
</a>
</li>
<li>
<a href="../authors/tiu/">Alwen Tiu
</a>
</li>
<li>
<a href="../authors/toth/">Balazs Toth
</a>
</li>
<li>
<a href="../authors/tourret/">Sophie Tourret
</a>
</li>
<li>
<a href="../authors/trachtenherz/">David Trachtenherz
</a>
</li>
<li>
<a href="../authors/traut/">Christoph Traut
</a>
</li>
<li>
<a href="../authors/traytel/">Dmitriy Traytel
</a>
</li>
<li>
<a href="../authors/trelat/">Vincent Trélat
</a>
</li>
<li>
<a href="../authors/tuong/">Frédéric Tuong
</a>
</li>
<li>
<a href="../authors/tuongj/">Joseph Tuong
</a>
</li>
<li>
<a href="../authors/tverdyshev/">Sergey Tverdyshev
</a>
</li>
<li>
<a href="../authors/ullrich/">Sebastian Ullrich
</a>
</li>
<li>
<a href="../authors/unruh/">Dominique Unruh
</a>
</li>
<li>
<a href="../authors/urban/">Christian Urban
</a>
</li>
<li>
<a href="../authors/van/">Hai Nguyen Van
</a>
</li>
<li>
<a href="../authors/velykis/">Andrius Velykis
</a>
</li>
<li>
<a href="../authors/verbeek/">Freek Verbeek
</a>
</li>
<li>
<a href="../authors/villadsen/">Jørgen Villadsen
</a>
</li>
<li>
<a href="../authors/voisin/">Frederic Voisin
</a>
</li>
<li>
<a href="../authors/vytiniotis/">Dimitrios Vytiniotis
</a>
</li>
<li>
<a href="../authors/wagner/">Max Wagner
</a>
</li>
<li>
<a href="../authors/waldmann/">Uwe Waldmann
</a>
</li>
<li>
<a href="../authors/wand/">Daniel Wand
</a>
</li>
<li>
<a href="../authors/wang/">Shuling Wang
</a>
</li>
<li>
<a href="../authors/wassell/">Mark Wassell
</a>
</li>
<li>
<a href="../authors/wasserrab/">Daniel Wasserrab
</a>
</li>
<li>
<a href="../authors/watt/">Conrad Watt
</a>
</li>
<li>
<a href="../authors/weber/">Tjark Weber
</a>
</li>
<li>
<a href="../authors/weerwag/">Timmy Weerwag
</a>
</li>
<li>
<a href="../authors/weidner/">Arno Wilhelm-Weidner
</a>
</li>
<li>
<a href="../authors/wenninger/">Elias Wenninger
</a>
</li>
<li>
<a href="../authors/wenzel/">Makarius Wenzel
</a>
</li>
<li>
<a href="../authors/whitley/">A Whitley
</a>
</li>
<li>
<a href="../authors/wickerson/">John Wickerson
</a>
</li>
<li>
<a href="../authors/willenbrink/">Sebastian Willenbrink
</a>
</li>
<li>
<a href="../authors/wimmer/">Simon Wimmer
</a>
</li>
<li>
<a href="../authors/wirt/">Kai Wirt
</a>
</li>
<li>
<a href="../authors/wolff/">Burkhart Wolff
</a>
</li>
<li>
<a href="../authors/wu/">Chunhan Wu
</a>
</li>
<li>
<a href="../authors/xu/">Jian Xu
</a>
</li>
<li>
<a href="../authors/yamada/">Akihisa Yamada
</a>
</li>
<li>
<a href="../authors/ye/">Lina Ye
</a>
</li>
<li>
<a href="../authors/yez/">Zhengkun Ye
</a>
</li>
<li>
<a href="../authors/ying/">Shenggang Ying
</a>
</li>
<li>
<a href="../authors/yingm/">Mingsheng Ying
</a>
</li>
<li>
<a href="../authors/yu/">Lei Yu
</a>
</li>
<li>
<a href="../authors/zankl/">Harald Zankl
</a>
</li>
<li>
<a href="../authors/zee/">Karen Zee
</a>
</li>
<li>
<a href="../authors/zeller/">Peter Zeller
</a>
</li>
<li>
<a href="../authors/zeyda/">Frank Zeyda
</a>
</li>
<li>
<a href="../authors/zhan/">Bohua Zhan
</a>
</li>
<li>
<a href="../authors/zhang/">Yu Zhang
</a>
</li>
<li>
<a href="../authors/zhangx/">Xingyuan Zhang
</a>
</li>
<li>
<a href="../authors/zhann/">Naijun Zhan
</a>
</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/index.json b/web/authors/index.json
--- a/web/authors/index.json
+++ b/web/authors/index.json
@@ -1,2332 +1,2337 @@
[
{
"id": 0,
"link": "/authors/abdulaziz/",
"name": "Mohammad Abdulaziz"
},
{
"id": 1,
"link": "/authors/adelsberger/",
"name": "Stephan Adelsberger"
},
{
"id": 2,
"link": "/authors/aehlig/",
"name": "Klaus Aehlig"
},
{
"id": 3,
"link": "/authors/aissat/",
"name": "Romain Aissat"
},
{
"id": 4,
"link": "/authors/amani/",
"name": "Sidney Amani"
},
{
"id": 5,
"link": "/authors/ammer/",
"name": "Thomas Ammer"
},
{
"id": 6,
"link": "/authors/andreka/",
"name": "Hajnal Andreka"
},
{
"id": 7,
"link": "/authors/andronick/",
"name": "June Andronick"
},
{
"id": 8,
"link": "/authors/aransay/",
"name": "Jesús Aransay"
},
{
"id": 9,
"link": "/authors/argyraki/",
"name": "Angeliki Koutsoukou-Argyraki"
},
{
"id": 10,
"link": "/authors/armstrong/",
"name": "Alasdair Armstrong"
},
{
"id": 11,
"link": "/authors/aspinall/",
"name": "David Aspinall"
},
{
"id": 12,
"link": "/authors/ausaf/",
"name": "Fahad Ausaf"
},
{
"id": 13,
"link": "/authors/avigad/",
"name": "Jeremy Avigad"
},
{
"id": 14,
"link": "/authors/back/",
"name": "Ralph-Johan Back"
},
{
"id": 15,
"link": "/authors/baksys/",
"name": "Mantas Bakšys"
},
{
"id": 16,
"link": "/authors/balbach/",
"name": "Frank J. Balbach"
},
{
"id": 17,
"link": "/authors/ballarin/",
"name": "Clemens Ballarin"
},
{
"id": 18,
"link": "/authors/barsotti/",
"name": "Damián Barsotti"
},
{
"id": 19,
"link": "/authors/bauer/",
"name": "Gertrud Bauer"
},
{
"id": 20,
"link": "/authors/bauereiss/",
"name": "Thomas Bauereiss"
},
{
"id": 21,
"link": "/authors/bayer/",
"name": "Jonas Bayer"
},
{
"id": 22,
"link": "/authors/becker/",
"name": "Heiko Becker"
},
{
"id": 23,
"link": "/authors/beeren/",
"name": "Joel Beeren"
},
{
"id": 24,
"link": "/authors/bella/",
"name": "Giampaolo Bella"
},
{
"id": 25,
"link": "/authors/bengtson/",
"name": "Jesper Bengtson"
},
{
"id": 26,
"link": "/authors/bentkamp/",
"name": "Alexander Bentkamp"
},
{
"id": 27,
"link": "/authors/benzmueller/",
"name": "Christoph Benzmüller"
},
{
"id": 28,
"link": "/authors/beresford/",
"name": "Alastair R. Beresford"
},
{
"id": 29,
"link": "/authors/berghofer/",
"name": "Stefan Berghofer"
},
{
"id": 30,
"link": "/authors/beringer/",
"name": "Lennart Beringer"
},
{
"id": 31,
"link": "/authors/bharadwaj/",
"name": "Abhijith Bharadwaj"
},
{
"id": 32,
"link": "/authors/bhatt/",
"name": "Bhargav Bhatt"
},
{
"id": 33,
"link": "/authors/biendarra/",
"name": "Julian Biendarra"
},
{
"id": 34,
"link": "/authors/bisping/",
"name": "Benjamin Bisping"
},
{
"id": 35,
"link": "/authors/blanchette/",
"name": "Jasmin Christian Blanchette"
},
{
"id": 36,
"link": "/authors/blasum/",
"name": "Holger Blasum"
},
{
"id": 37,
"link": "/authors/blumson/",
"name": "Ben Blumson"
},
{
"id": 38,
"link": "/authors/bockenek/",
"name": "Joshua Bockenek"
},
{
"id": 39,
"link": "/authors/boehme/",
"name": "Sascha Böhme"
},
{
"id": 40,
"link": "/authors/bohrer/",
"name": "Rose Bohrer"
},
{
"id": 41,
"link": "/authors/bordg/",
"name": "Anthony Bordg"
},
{
"id": 42,
"link": "/authors/borgstroem/",
"name": "Johannes Borgström"
},
{
"id": 43,
"link": "/authors/bortin/",
"name": "Maksym Bortin"
},
{
"id": 44,
"link": "/authors/bottesch/",
"name": "Ralph Bottesch"
},
{
"id": 45,
"link": "/authors/boulanger/",
"name": "Frédéric Boulanger"
},
{
"id": 46,
"link": "/authors/bourke/",
"name": "Timothy Bourke"
},
{
"id": 47,
"link": "/authors/boutry/",
"name": "Pierre Boutry"
},
{
"id": 48,
"link": "/authors/boyton/",
"name": "Andrew Boyton"
},
{
"id": 49,
"link": "/authors/bracevac/",
"name": "Oliver Bračevac"
},
{
"id": 50,
"link": "/authors/brandt/",
"name": "Felix Brandt"
},
{
"id": 51,
"link": "/authors/breitner/",
"name": "Joachim Breitner"
},
{
"id": 52,
"link": "/authors/brien/",
"name": "Nicolas Robinson-O'Brien"
},
{
"id": 53,
"link": "/authors/brinkop/",
"name": "Hauke Brinkop"
},
{
"id": 54,
"link": "/authors/brodmann/",
"name": "Paul-David Brodmann"
},
{
"id": 55,
"link": "/authors/brucker/",
"name": "Achim D. Brucker"
},
{
"id": 56,
"link": "/authors/bruegger/",
"name": "Lukas Brügger"
},
{
"id": 57,
"link": "/authors/brun/",
"name": "Matthias Brun"
},
{
"id": 58,
"link": "/authors/brunner/",
"name": "Julian Brunner"
},
{
"id": 59,
"link": "/authors/bulwahn/",
"name": "Lukas Bulwahn"
},
{
"id": 60,
"link": "/authors/butler/",
"name": "David Butler"
},
{
"id": 61,
"link": "/authors/buyse/",
"name": "Maxime Buyse"
},
{
"id": 62,
"link": "/authors/caballero/",
"name": "José Manuel Rodríguez Caballero"
},
{
"id": 63,
"link": "/authors/calk/",
"name": "Cameron Calk"
},
{
"id": 64,
"link": "/authors/caminati/",
"name": "Marco B. Caminati"
},
{
"id": 65,
"link": "/authors/campo/",
"name": "Alejandro del Campo"
},
{
"id": 66,
"link": "/authors/chapman/",
"name": "Peter Chapman"
},
{
"id": 67,
"link": "/authors/chen/",
"name": "L. Chen"
},
{
"id": 68,
"link": "/authors/chevalier/",
"name": "Loïc Chevalier"
},
{
"id": 69,
"link": "/authors/christfort/",
"name": "Axel Christfort"
},
{
"id": 70,
"link": "/authors/clouston/",
"name": "Ranald Clouston"
},
{
"id": 71,
"link": "/authors/cock/",
"name": "David Cock"
},
{
"id": 72,
"link": "/authors/coghetto/",
"name": "Roland Coghetto"
},
{
"id": 73,
"link": "/authors/coglio/",
"name": "Alessandro Coglio"
},
{
"id": 74,
"link": "/authors/cohen/",
"name": "Ernie Cohen"
},
{
"id": 75,
"link": "/authors/cordwell/",
"name": "Katherine Kosaian"
},
{
"id": 76,
"link": "/authors/cousin/",
"name": "Marie Cousin"
},
{
"id": 77,
"link": "/authors/cremer/",
"name": "Nils Cremer"
},
{
"id": 78,
"link": "/authors/crighton/",
"name": "Aaron Crighton"
},
{
"id": 79,
"link": "/authors/dalvit/",
"name": "Christian Dalvit"
},
{
"id": 80,
"link": "/authors/danilkin/",
"name": "Anton Danilkin"
},
{
"id": 81,
"link": "/authors/dardinier/",
"name": "Thibault Dardinier"
},
{
"id": 82,
"link": "/authors/david/",
"name": "Marco David"
},
{
"id": 83,
"link": "/authors/debois/",
"name": "Søren Debois"
},
{
"id": 84,
"link": "/authors/debrat/",
"name": "Henri Debrat"
},
{
"id": 85,
"link": "/authors/decova/",
"name": "Sára Decova"
},
{
"id": 86,
"link": "/authors/delemazure/",
"name": "Théo Delemazure"
},
{
"id": 87,
"link": "/authors/demeulemeester/",
"name": "Tom Demeulemeester"
},
{
"id": 88,
"link": "/authors/derrick/",
"name": "John Derrick"
},
{
"id": 89,
"link": "/authors/desharnais/",
"name": "Martin Desharnais"
},
{
"id": 90,
"link": "/authors/diaz/",
"name": "Javier Díaz"
},
{
"id": 91,
"link": "/authors/diekmann/",
"name": "Cornelius Diekmann"
},
{
"id": 92,
"link": "/authors/dirix/",
"name": "Stefan Dirix"
},
{
"id": 93,
"link": "/authors/dittmann/",
"name": "Christoph Dittmann"
},
{
"id": 94,
"link": "/authors/divason/",
"name": "Jose Divasón"
},
{
"id": 95,
"link": "/authors/doczkal/",
"name": "Christian Doczkal"
},
{
"id": 96,
"link": "/authors/dongol/",
"name": "Brijesh Dongol"
},
{
"id": 97,
"link": "/authors/doty/",
"name": "Matthew Doty"
},
{
"id": 98,
"link": "/authors/dubut/",
"name": "Jérémy Dubut"
},
{
"id": 99,
"link": "/authors/dunaev/",
"name": "Georgy Dunaev"
},
{
"id": 100,
"link": "/authors/dyckhoff/",
"name": "Roy Dyckhoff"
},
{
"id": 101,
"link": "/authors/eberl/",
"name": "Manuel Eberl"
},
{
"id": 102,
"link": "/authors/echenim/",
"name": "Mnacho Echenim"
},
{
"id": 103,
"link": "/authors/edmonds/",
"name": "Chelsea Edmonds"
},
{
"id": 104,
"link": "/authors/engelhardt/",
"name": "Kai Engelhardt"
},
{
"id": 105,
"link": "/authors/eriksson/",
"name": "Lars-Henrik Eriksson"
},
{
"id": 106,
"link": "/authors/esparza/",
"name": "Javier Esparza"
},
{
"id": 107,
"link": "/authors/essmann/",
"name": "Robin Eßmann"
},
{
"id": 108,
"link": "/authors/felgenhauer/",
"name": "Bertram Felgenhauer"
},
{
"id": 109,
"link": "/authors/feliachi/",
"name": "Abderrahmane Feliachi"
},
{
"id": 110,
"link": "/authors/fell/",
"name": "Julian Fell"
},
{
"id": 111,
"link": "/authors/fernandez/",
"name": "Matthew Fernandez"
},
{
"id": 112,
"link": "/authors/fiedler/",
"name": "Ben Fiedler"
},
{
"id": 113,
"link": "/authors/fleuriot/",
"name": "Jacques D. Fleuriot"
},
{
"id": 114,
"link": "/authors/fleury/",
"name": "Mathias Fleury"
},
{
"id": 115,
"link": "/authors/foster/",
"name": "Michael Foster"
},
{
"id": 116,
"link": "/authors/fosterj/",
"name": "J. Nathan Foster"
},
{
"id": 117,
"link": "/authors/fosters/",
"name": "Simon Foster"
},
{
"id": 118,
"link": "/authors/fouillard/",
"name": "Valentin Fouillard"
},
{
"id": 119,
"link": "/authors/friedrich/",
"name": "Stefan Friedrich"
},
{
"id": 120,
"link": "/authors/from/",
"name": "Asta Halkjær From"
},
{
"id": 121,
"link": "/authors/fuenmayor/",
"name": "David Fuenmayor"
},
{
"id": 122,
"link": "/authors/furusawa/",
"name": "Hitoshi Furusawa"
},
{
"id": 123,
"link": "/authors/gammie/",
"name": "Peter Gammie"
},
{
"id": 124,
"link": "/authors/gao/",
"name": "Xin Gao"
},
{
"id": 125,
"link": "/authors/gaudel/",
"name": "Marie-Claude Gaudel"
},
{
"id": 126,
"link": "/authors/gay/",
"name": "Richard Gay"
},
{
"id": 127,
"link": "/authors/georgescu/",
"name": "George Georgescu"
},
{
"id": 128,
"link": "/authors/gheri/",
"name": "Lorenzo Gheri"
},
{
"id": 129,
"link": "/authors/ghourabi/",
"name": "Fadoua Ghourabi"
},
{
"id": 130,
"link": "/authors/gioiosa/",
"name": "Gianpaolo Gioiosa"
},
{
"id": 131,
"link": "/authors/glabbeek/",
"name": "Rob van Glabbeek"
},
{
"id": 132,
"link": "/authors/gomes/",
"name": "Victor B. F. Gomes"
},
{
"id": 133,
"link": "/authors/gonzalez/",
"name": "Edgar Gonzàlez"
},
{
"id": 134,
"link": "/authors/gore/",
"name": "Rajeev Gore"
},
{
"id": 135,
"link": "/authors/gouezel/",
"name": "Sebastien Gouezel"
},
{
"id": 136,
"link": "/authors/grechuk/",
"name": "Bogdan Grechuk"
},
{
"id": 137,
"link": "/authors/grewe/",
"name": "Sylvia Grewe"
},
{
"id": 138,
"link": "/authors/griebel/",
"name": "Simon Griebel"
},
{
"id": 139,
"link": "/authors/grov/",
"name": "Gudmund Grov"
},
{
"id": 140,
"link": "/authors/guerraoui/",
"name": "Rachid Guerraoui"
},
{
"id": 141,
"link": "/authors/guiol/",
"name": "Hervé Guiol"
},
{
"id": 142,
"link": "/authors/gunther/",
"name": "Emmanuel Gunther"
},
{
"id": 143,
"link": "/authors/gutkovas/",
"name": "Ramunas Gutkovas"
},
{
"id": 144,
"link": "/authors/guttmann/",
"name": "Walter Guttmann"
},
{
"id": 145,
"link": "/authors/guzman/",
"name": "Laura P. Gamboa Guzman"
},
{
"id": 146,
"link": "/authors/haftmann/",
"name": "Florian Haftmann"
},
{
"id": 147,
"link": "/authors/haslbeck/",
"name": "Max W. Haslbeck"
},
{
"id": 148,
"link": "/authors/haslbeckm/",
"name": "Maximilian P. L. Haslbeck"
},
{
"id": 149,
"link": "/authors/havle/",
"name": "Oto Havle"
},
{
"id": 150,
"link": "/authors/hayes/",
"name": "Ian J. Hayes"
},
{
"id": 151,
"link": "/authors/he/",
"name": "Yijun He"
},
{
"id": 152,
"link": "/authors/heimes/",
"name": "Lukas Heimes"
},
{
"id": 153,
"link": "/authors/helke/",
"name": "Steffen Helke"
},
{
"id": 154,
"link": "/authors/hellauer/",
"name": "Fabian Hellauer"
},
{
"id": 155,
"link": "/authors/heller/",
"name": "Armin Heller"
},
{
"id": 156,
"link": "/authors/henrio/",
"name": "Ludovic Henrio"
},
{
"id": 157,
"link": "/authors/herzberg/",
"name": "Michael Herzberg"
},
{
"id": 158,
"link": "/authors/hess/",
"name": "Andreas V. Hess"
},
{
"id": 159,
"link": "/authors/hetzl/",
"name": "Stefan Hetzl"
},
{
"id": 160,
"link": "/authors/hibon/",
"name": "Quentin Hibon"
},
{
"id": 161,
"link": "/authors/higgins/",
"name": "Edward Higgins"
},
{
"id": 162,
"link": "/authors/hirata/",
"name": "Michikazu Hirata"
},
{
"id": 163,
"link": "/authors/hoefner/",
"name": "Peter Höfner"
},
{
"id": 164,
"link": "/authors/hoelzl/",
"name": "Johannes Hölzl"
},
{
"id": 165,
"link": "/authors/hofmann/",
"name": "Martin Hofmann"
},
{
"id": 166,
"link": "/authors/hofmeier/",
"name": "Paul Hofmeier"
},
{
"id": 167,
"link": "/authors/holub/",
"name": "Štěpán Holub"
},
{
"id": 168,
"link": "/authors/hosking/",
"name": "Tony Hosking"
},
{
"id": 169,
"link": "/authors/hou/",
"name": "Zhe Hou"
},
{
"id": 170,
"link": "/authors/hu/",
"name": "Shuwei Hu"
},
{
"id": 171,
"link": "/authors/huffman/",
"name": "Brian Huffman"
},
{
"id": 172,
"link": "/authors/hupel/",
"name": "Lars Hupel"
},
{
"id": 173,
"link": "/authors/ijbema/",
"name": "Mark Ijbema"
},
{
"id": 174,
"link": "/authors/immler/",
"name": "Fabian Immler"
},
{
"id": 175,
"link": "/authors/israel/",
"name": "Jonas Israel"
},
{
"id": 176,
"link": "/authors/ito/",
"name": "Yosuke Ito"
},
{
"id": 177,
"link": "/authors/iwama/",
"name": "Fumiya Iwama"
},
{
"id": 178,
"link": "/authors/jacobsen/",
"name": "Frederik Krogsdal Jacobsen"
},
{
"id": 179,
"link": "/authors/jaskelioff/",
"name": "Mauro Jaskelioff"
},
{
"id": 180,
"link": "/authors/jaskolka/",
"name": "Jason Jaskolka"
},
{
"id": 181,
"link": "/authors/jensen/",
"name": "Alexander Birch Jensen"
},
{
"id": 182,
"link": "/authors/jiang/",
"name": "Nan Jiang"
},
{
"id": 183,
"link": "/authors/jiangd/",
"name": "Dongchen Jiang"
},
{
"id": 184,
"link": "/authors/joosten/",
"name": "Sebastiaan J. C. Joosten"
},
{
"id": 185,
"link": "/authors/jungnickel/",
"name": "Tim Jungnickel"
},
{
"id": 186,
"link": "/authors/kadzioka/",
"name": "Maya Kądziołka"
},
{
"id": 187,
"link": "/authors/kaliszyk/",
"name": "Cezary Kaliszyk"
},
{
"id": 188,
"link": "/authors/kammueller/",
"name": "Florian Kammüller"
},
{
"id": 189,
"link": "/authors/kappelmann/",
"name": "Kevin Kappelmann"
},
{
"id": 190,
"link": "/authors/karayel/",
"name": "Emin Karayel"
},
{
"id": 191,
"link": "/authors/kastermans/",
"name": "Bart Kastermans"
},
{
"id": 192,
"link": "/authors/katovsky/",
"name": "Alexander Katovsky"
},
{
"id": 193,
"link": "/authors/kaufmann/",
"name": "Daniela Kaufmann"
},
{
"id": 194,
"link": "/authors/keefe/",
"name": "Greg O'Keefe"
},
{
"id": 195,
"link": "/authors/keinholz/",
"name": "Jonas Keinholz"
},
{
"id": 196,
"link": "/authors/kerber/",
"name": "Manfred Kerber"
},
{
"id": 197,
"link": "/authors/keskin/",
"name": "Ata Keskin"
},
{
"id": 198,
"link": "/authors/ketland/",
"name": "Jeffrey Ketland"
},
{
"id": 199,
"link": "/authors/kim/",
"name": "Sunpill Kim"
},
{
"id": 200,
"link": "/authors/kirchner/",
"name": "Daniel Kirchner"
},
{
"id": 201,
"link": "/authors/klein/",
"name": "Gerwin Klein"
},
{
"id": 202,
"link": "/authors/klenze/",
"name": "Tobias Klenze"
},
{
"id": 203,
"link": "/authors/kleppmann/",
"name": "Martin Kleppmann"
},
{
"id": 204,
"link": "/authors/kobayashi/",
"name": "Hidetsune Kobayashi"
},
{
"id": 205,
"link": "/authors/koerner/",
"name": "Stefan Körner"
},
{
"id": 206,
"link": "/authors/kolanski/",
"name": "Rafal Kolanski"
},
{
"id": 207,
"link": "/authors/koller/",
"name": "Lukas Koller"
},
{
"id": 208,
"link": "/authors/krauss/",
"name": "Alexander Krauss"
},
{
"id": 209,
"link": "/authors/kreuzer/",
"name": "Katharina Kreuzer"
},
{
"id": 210,
"link": "/authors/kuncak/",
"name": "Viktor Kuncak"
},
{
"id": 211,
"link": "/authors/kuncar/",
"name": "Ondřej Kunčar"
},
{
"id": 212,
"link": "/authors/kurz/",
"name": "Friedrich Kurz"
},
{
"id": 213,
"link": "/authors/lachnitt/",
"name": "Hanna Lachnitt"
},
{
"id": 214,
"link": "/authors/lallemand/",
"name": "Joseph Lallemand"
},
{
"id": 215,
"link": "/authors/lammich/",
"name": "Peter Lammich"
},
{
"id": 216,
"link": "/authors/lange/",
"name": "Christoph Lange"
},
{
"id": 217,
"link": "/authors/langenstein/",
"name": "Bruno Langenstein"
},
{
"id": 218,
"link": "/authors/lattuada/",
"name": "Andrea Lattuada"
},
{
"id": 219,
"link": "/authors/lauermann/",
"name": "Nils Lauermann"
},
{
"id": 220,
"link": "/authors/laursen/",
"name": "Christian Pardillo-Laursen"
},
{
"id": 221,
"link": "/authors/lederer/",
"name": "Patrick Lederer"
},
{
"id": 222,
"link": "/authors/lee/",
"name": "Holden Lee"
},
{
"id": 223,
"link": "/authors/leek/",
"name": "Kevin Lee"
},
{
"id": 224,
"link": "/authors/leustean/",
"name": "Laurentiu Leustean"
},
{
"id": 225,
"link": "/authors/lewis/",
"name": "Corey Lewis"
},
{
"id": 226,
"link": "/authors/li/",
"name": "Wenda Li"
},
{
"id": 227,
"link": "/authors/lim/",
"name": "Japheth Lim"
},
{
"id": 228,
"link": "/authors/lindenberg/",
"name": "Christina Lindenberg"
},
{
"id": 229,
"link": "/authors/linker/",
"name": "Sven Linker"
},
{
"id": 230,
"link": "/authors/liu/",
"name": "Junyi Liu"
},
{
"id": 231,
"link": "/authors/liut/",
"name": "Tao Liu"
},
{
"id": 232,
"link": "/authors/liuy/",
"name": "Yang Liu"
},
{
"id": 233,
"link": "/authors/liy/",
"name": "Yangjia Li"
},
{
"id": 234,
"link": "/authors/lochbihler/",
"name": "Andreas Lochbihler"
},
{
"id": 235,
"link": "/authors/lochmann/",
"name": "Alexander Lochmann"
},
{
"id": 236,
"link": "/authors/lohner/",
"name": "Denis Lohner"
},
{
"id": 237,
"link": "/authors/loibl/",
"name": "Matthias Loibl"
},
{
"id": 238,
"link": "/authors/londono/",
"name": "Alejandro Gómez-Londoño"
},
{
"id": 239,
"link": "/authors/losa/",
"name": "Giuliano Losa"
},
{
"id": 240,
"link": "/authors/lutz/",
"name": "Bianca Lutz"
},
{
"id": 241,
"link": "/authors/lux/",
"name": "Alexander Lux"
},
{
"id": 242,
"link": "/authors/madarasz/",
"name": "Judit Madarasz"
},
{
"id": 243,
"link": "/authors/makarios/",
"name": "T. J. M. Makarios"
},
{
"id": 244,
"link": "/authors/maletzky/",
"name": "Alexander Maletzky"
},
{
"id": 245,
"link": "/authors/mansky/",
"name": "Susannah Mansky"
},
{
"id": 246,
"link": "/authors/mantel/",
"name": "Heiko Mantel"
},
{
"id": 247,
"link": "/authors/margetson/",
"name": "James Margetson"
},
{
"id": 248,
"link": "/authors/maric/",
"name": "Ognjen Marić"
},
{
"id": 249,
"link": "/authors/maricf/",
"name": "Filip Marić"
},
{
"id": 250,
"link": "/authors/marmsoler/",
"name": "Diego Marmsoler"
},
{
"id": 251,
"link": "/authors/matache/",
"name": "Cristina Matache"
},
{
"id": 252,
"link": "/authors/mateo/",
"name": "Adrián Doña Mateo"
},
{
"id": 253,
"link": "/authors/matichuk/",
"name": "Daniel Matichuk"
},
{
"id": 254,
"link": "/authors/matiyasevich/",
"name": "Yuri Matiyasevich"
},
{
"id": 255,
"link": "/authors/maximova/",
"name": "Alexandra Maximova"
},
{
"id": 256,
"link": "/authors/meis/",
"name": "Rene Meis"
},
{
"id": 257,
"link": "/authors/merz/",
"name": "Stephan Merz"
},
{
"id": 258,
"link": "/authors/messner/",
"name": "Florian Messner"
},
{
"id": 259,
"link": "/authors/mhalla/",
"name": "Mehdi Mhalla"
},
{
"id": 260,
"link": "/authors/michaelis/",
"name": "Julius Michaelis"
},
{
"id": 261,
"link": "/authors/milehins/",
"name": "Mihails Milehins"
},
{
"id": 262,
"link": "/authors/minamide/",
"name": "Yasuhiko Minamide"
},
{
"id": 263,
"link": "/authors/mitchell/",
"name": "Neil Mitchell"
},
{
"id": 264,
"link": "/authors/mitsch/",
"name": "Stefan Mitsch"
},
{
"id": 265,
"link": "/authors/moedersheim/",
"name": "Sebastian Mödersheim"
},
{
"id": 266,
"link": "/authors/moeller/",
"name": "Bernhard Möller"
},
{
"id": 267,
- "link": "/authors/mori/",
- "name": "Coraline Mori"
+ "link": "/authors/montanari/",
+ "name": "Luisa Montanari"
},
{
"id": 268,
- "link": "/authors/muendler/",
- "name": "Niels Mündler"
+ "link": "/authors/mori/",
+ "name": "Coraline Mori"
},
{
"id": 269,
- "link": "/authors/mulligan/",
- "name": "Dominic P. Mulligan"
+ "link": "/authors/muendler/",
+ "name": "Niels Mündler"
},
{
"id": 270,
- "link": "/authors/munive/",
- "name": "Jonathan Julian Huerta y Munive"
+ "link": "/authors/mulligan/",
+ "name": "Dominic P. Mulligan"
},
{
"id": 271,
- "link": "/authors/murao/",
- "name": "H. Murao"
+ "link": "/authors/munive/",
+ "name": "Jonathan Julian Huerta y Munive"
},
{
"id": 272,
- "link": "/authors/murray/",
- "name": "Toby Murray"
+ "link": "/authors/murao/",
+ "name": "H. Murao"
},
{
"id": 273,
- "link": "/authors/myreen/",
- "name": "Magnus O. Myreen"
+ "link": "/authors/murray/",
+ "name": "Toby Murray"
},
{
"id": 274,
- "link": "/authors/nagashima/",
- "name": "Yutaka Nagashima"
+ "link": "/authors/myreen/",
+ "name": "Magnus O. Myreen"
},
{
"id": 275,
- "link": "/authors/nagele/",
- "name": "Julian Nagele"
+ "link": "/authors/nagashima/",
+ "name": "Yutaka Nagashima"
},
{
"id": 276,
- "link": "/authors/naraschewski/",
- "name": "Wolfgang Naraschewski"
+ "link": "/authors/nagele/",
+ "name": "Julian Nagele"
},
{
"id": 277,
- "link": "/authors/nedzelsky/",
- "name": "Michael Nedzelsky"
+ "link": "/authors/naraschewski/",
+ "name": "Wolfgang Naraschewski"
},
{
"id": 278,
- "link": "/authors/nemeti/",
- "name": "István Németi"
+ "link": "/authors/nedzelsky/",
+ "name": "Michael Nedzelsky"
},
{
"id": 279,
- "link": "/authors/nemouchi/",
- "name": "Yakoub Nemouchi"
+ "link": "/authors/nemeti/",
+ "name": "István Németi"
},
{
"id": 280,
- "link": "/authors/nestmann/",
- "name": "Uwe Nestmann"
+ "link": "/authors/nemouchi/",
+ "name": "Yakoub Nemouchi"
},
{
"id": 281,
- "link": "/authors/neumann/",
- "name": "René Neumann"
+ "link": "/authors/nestmann/",
+ "name": "Uwe Nestmann"
},
{
"id": 282,
- "link": "/authors/nielsen/",
- "name": "Finn Nielsen"
+ "link": "/authors/neumann/",
+ "name": "René Neumann"
},
{
"id": 283,
- "link": "/authors/nikiforov/",
- "name": "Denis Nikiforov"
+ "link": "/authors/nielsen/",
+ "name": "Finn Nielsen"
},
{
"id": 284,
- "link": "/authors/nipkow/",
- "name": "Tobias Nipkow"
+ "link": "/authors/nikiforov/",
+ "name": "Denis Nikiforov"
},
{
"id": 285,
- "link": "/authors/nishihara/",
- "name": "Toshiaki Nishihara"
+ "link": "/authors/nipkow/",
+ "name": "Tobias Nipkow"
},
{
"id": 286,
- "link": "/authors/noce/",
- "name": "Pasquale Noce"
+ "link": "/authors/nishihara/",
+ "name": "Toshiaki Nishihara"
},
{
"id": 287,
- "link": "/authors/nordhoff/",
- "name": "Benedikt Nordhoff"
+ "link": "/authors/noce/",
+ "name": "Pasquale Noce"
},
{
"id": 288,
- "link": "/authors/noschinski/",
- "name": "Lars Noschinski"
+ "link": "/authors/nordhoff/",
+ "name": "Benedikt Nordhoff"
},
{
"id": 289,
- "link": "/authors/obua/",
- "name": "Steven Obua"
+ "link": "/authors/noschinski/",
+ "name": "Lars Noschinski"
},
{
"id": 290,
- "link": "/authors/ogawa/",
- "name": "Mizuhito Ogawa"
+ "link": "/authors/obua/",
+ "name": "Steven Obua"
},
{
"id": 291,
- "link": "/authors/oldenburg/",
- "name": "Lennart Oldenburg"
+ "link": "/authors/ogawa/",
+ "name": "Mizuhito Ogawa"
},
{
"id": 292,
- "link": "/authors/olm/",
- "name": "Markus Müller-Olm"
+ "link": "/authors/oldenburg/",
+ "name": "Lennart Oldenburg"
},
{
"id": 293,
- "link": "/authors/oosterhuis/",
- "name": "Roelof Oosterhuis"
+ "link": "/authors/olm/",
+ "name": "Markus Müller-Olm"
},
{
"id": 294,
- "link": "/authors/oostrom/",
- "name": "Vincent van Oostrom"
+ "link": "/authors/oosterhuis/",
+ "name": "Roelof Oosterhuis"
},
{
"id": 295,
- "link": "/authors/ortner/",
- "name": "Veronika Ortner"
+ "link": "/authors/oostrom/",
+ "name": "Vincent van Oostrom"
},
{
"id": 296,
- "link": "/authors/overbeek/",
- "name": "Roy Overbeek"
+ "link": "/authors/ortner/",
+ "name": "Veronika Ortner"
},
{
"id": 297,
- "link": "/authors/pagano/",
- "name": "Miguel Pagano"
+ "link": "/authors/overbeek/",
+ "name": "Roy Overbeek"
},
{
"id": 298,
- "link": "/authors/pal/",
- "name": "Abhik Pal"
+ "link": "/authors/pagano/",
+ "name": "Miguel Pagano"
},
{
"id": 299,
- "link": "/authors/paleo/",
- "name": "Bruno Woltzenlogel Paleo"
+ "link": "/authors/pal/",
+ "name": "Abhik Pal"
},
{
"id": 300,
- "link": "/authors/palmer/",
- "name": "Jake Palmer"
+ "link": "/authors/paleo/",
+ "name": "Bruno Woltzenlogel Paleo"
},
{
"id": 301,
- "link": "/authors/park/",
- "name": "Seung Hoon Park"
+ "link": "/authors/palmer/",
+ "name": "Jake Palmer"
},
{
"id": 302,
- "link": "/authors/parkinson/",
- "name": "Matthew Parkinson"
+ "link": "/authors/park/",
+ "name": "Seung Hoon Park"
},
{
"id": 303,
- "link": "/authors/parrow/",
- "name": "Joachim Parrow"
+ "link": "/authors/parkinson/",
+ "name": "Matthew Parkinson"
},
{
"id": 304,
- "link": "/authors/parsert/",
- "name": "Julian Parsert"
+ "link": "/authors/parrow/",
+ "name": "Joachim Parrow"
},
{
"id": 305,
- "link": "/authors/paulson/",
- "name": "Lawrence C. Paulson"
+ "link": "/authors/parsert/",
+ "name": "Julian Parsert"
},
{
"id": 306,
- "link": "/authors/peltier/",
- "name": "Nicolas Peltier"
+ "link": "/authors/paulson/",
+ "name": "Lawrence C. Paulson"
},
{
"id": 307,
- "link": "/authors/peters/",
- "name": "Kirstin Peters"
+ "link": "/authors/peltier/",
+ "name": "Nicolas Peltier"
},
{
"id": 308,
- "link": "/authors/petrovic/",
- "name": "Danijela Petrovic"
+ "link": "/authors/peters/",
+ "name": "Kirstin Peters"
},
{
"id": 309,
- "link": "/authors/pierzchalski/",
- "name": "Edward Pierzchalski"
+ "link": "/authors/petrovic/",
+ "name": "Danijela Petrovic"
},
{
"id": 310,
- "link": "/authors/platzer/",
- "name": "André Platzer"
+ "link": "/authors/pierzchalski/",
+ "name": "Edward Pierzchalski"
},
{
"id": 311,
- "link": "/authors/pohjola/",
- "name": "Johannes Åman Pohjola"
+ "link": "/authors/platzer/",
+ "name": "André Platzer"
},
{
"id": 312,
- "link": "/authors/pollak/",
- "name": "Florian Pollak"
+ "link": "/authors/pohjola/",
+ "name": "Johannes Åman Pohjola"
},
{
"id": 313,
- "link": "/authors/popescu/",
- "name": "Andrei Popescu"
+ "link": "/authors/pollak/",
+ "name": "Florian Pollak"
},
{
"id": 314,
- "link": "/authors/porter/",
- "name": "Benjamin Porter"
+ "link": "/authors/popescu/",
+ "name": "Andrei Popescu"
},
{
"id": 315,
- "link": "/authors/prathamesh/",
- "name": "T.V.H. Prathamesh"
+ "link": "/authors/porter/",
+ "name": "Benjamin Porter"
},
{
"id": 316,
- "link": "/authors/preoteasa/",
- "name": "Viorel Preoteasa"
+ "link": "/authors/prathamesh/",
+ "name": "T.V.H. Prathamesh"
},
{
"id": 317,
- "link": "/authors/pusch/",
- "name": "Cornelia Pusch"
+ "link": "/authors/preoteasa/",
+ "name": "Viorel Preoteasa"
},
{
"id": 318,
- "link": "/authors/qiu/",
- "name": "Qi Qiu"
+ "link": "/authors/pusch/",
+ "name": "Cornelia Pusch"
},
{
"id": 319,
- "link": "/authors/rabe/",
- "name": "Markus N. Rabe"
+ "link": "/authors/qiu/",
+ "name": "Qi Qiu"
},
{
"id": 320,
- "link": "/authors/rabing/",
- "name": "Mathias Schack Rabing"
+ "link": "/authors/rabe/",
+ "name": "Markus N. Rabe"
},
{
"id": 321,
- "link": "/authors/raedle/",
- "name": "Jonas Rädle"
+ "link": "/authors/rabing/",
+ "name": "Mathias Schack Rabing"
},
{
"id": 322,
- "link": "/authors/raska/",
- "name": "Martin Raška"
+ "link": "/authors/raedle/",
+ "name": "Jonas Rädle"
},
{
"id": 323,
- "link": "/authors/raszyk/",
- "name": "Martin Raszyk"
+ "link": "/authors/raska/",
+ "name": "Martin Raška"
},
{
"id": 324,
- "link": "/authors/rau/",
- "name": "Martin Rau"
+ "link": "/authors/raszyk/",
+ "name": "Martin Raszyk"
},
{
"id": 325,
- "link": "/authors/rauch/",
- "name": "Nicole Rauch"
+ "link": "/authors/rau/",
+ "name": "Martin Rau"
},
{
"id": 326,
- "link": "/authors/raumer/",
- "name": "Jakob von Raumer"
+ "link": "/authors/rauch/",
+ "name": "Nicole Rauch"
},
{
"id": 327,
- "link": "/authors/ravindran/",
- "name": "Binoy Ravindran"
+ "link": "/authors/raumer/",
+ "name": "Jakob von Raumer"
},
{
"id": 328,
- "link": "/authors/rawson/",
- "name": "Michael Rawson"
+ "link": "/authors/ravindran/",
+ "name": "Binoy Ravindran"
},
{
"id": 329,
- "link": "/authors/raya/",
- "name": "Rodrigo Raya"
+ "link": "/authors/rawson/",
+ "name": "Michael Rawson"
},
{
"id": 330,
- "link": "/authors/regensburger/",
- "name": "Franz Regensburger"
+ "link": "/authors/raya/",
+ "name": "Rodrigo Raya"
},
{
"id": 331,
- "link": "/authors/reiche/",
- "name": "Sebastian Reiche"
+ "link": "/authors/regensburger/",
+ "name": "Franz Regensburger"
},
{
"id": 332,
- "link": "/authors/reiter/",
- "name": "Markus Reiter"
+ "link": "/authors/reiche/",
+ "name": "Sebastian Reiche"
},
{
"id": 333,
- "link": "/authors/reynaud/",
- "name": "Alban Reynaud"
+ "link": "/authors/reiter/",
+ "name": "Markus Reiter"
},
{
"id": 334,
- "link": "/authors/ribeiro/",
- "name": "Pedro Ribeiro"
+ "link": "/authors/reynaud/",
+ "name": "Alban Reynaud"
},
{
"id": 335,
- "link": "/authors/richter/",
- "name": "Stefan Richter"
+ "link": "/authors/ribeiro/",
+ "name": "Pedro Ribeiro"
},
{
"id": 336,
- "link": "/authors/rickmann/",
- "name": "Christina Rickmann"
+ "link": "/authors/richter/",
+ "name": "Stefan Richter"
},
{
"id": 337,
- "link": "/authors/ridge/",
- "name": "Tom Ridge"
+ "link": "/authors/rickmann/",
+ "name": "Christina Rickmann"
},
{
"id": 338,
- "link": "/authors/rizaldi/",
- "name": "Albert Rizaldi"
+ "link": "/authors/ridge/",
+ "name": "Tom Ridge"
},
{
"id": 339,
- "link": "/authors/rizkallah/",
- "name": "Christine Rizkallah"
+ "link": "/authors/rizaldi/",
+ "name": "Albert Rizaldi"
},
{
"id": 340,
- "link": "/authors/robillard/",
- "name": "Simon Robillard"
+ "link": "/authors/rizkallah/",
+ "name": "Christine Rizkallah"
},
{
"id": 341,
- "link": "/authors/roessle/",
- "name": "Ian Roessle"
+ "link": "/authors/robillard/",
+ "name": "Simon Robillard"
},
{
"id": 342,
- "link": "/authors/romanos/",
- "name": "Ralph Romanos"
+ "link": "/authors/roessle/",
+ "name": "Ian Roessle"
},
{
"id": 343,
- "link": "/authors/rosskopf/",
- "name": "Simon Roßkopf"
+ "link": "/authors/romanos/",
+ "name": "Ralph Romanos"
},
{
"id": 344,
- "link": "/authors/rowat/",
- "name": "Colin Rowat"
+ "link": "/authors/rosskopf/",
+ "name": "Simon Roßkopf"
},
{
"id": 345,
- "link": "/authors/sabouret/",
- "name": "Nicolas Sabouret"
+ "link": "/authors/rowat/",
+ "name": "Colin Rowat"
},
{
"id": 346,
- "link": "/authors/sachtleben/",
- "name": "Robert Sachtleben"
+ "link": "/authors/sabouret/",
+ "name": "Nicolas Sabouret"
},
{
"id": 347,
- "link": "/authors/saile/",
- "name": "Christian Saile"
+ "link": "/authors/sachtleben/",
+ "name": "Robert Sachtleben"
},
{
"id": 348,
- "link": "/authors/sanan/",
- "name": "David Sanan"
+ "link": "/authors/saile/",
+ "name": "Christian Saile"
},
{
"id": 349,
- "link": "/authors/sato/",
- "name": "Tetsuya Sato"
+ "link": "/authors/sanan/",
+ "name": "David Sanan"
},
{
"id": 350,
- "link": "/authors/sauer/",
- "name": "Jens Sauer"
+ "link": "/authors/sato/",
+ "name": "Tetsuya Sato"
},
{
"id": 351,
- "link": "/authors/schaeffeler/",
- "name": "Maximilian Schäffeler"
+ "link": "/authors/sauer/",
+ "name": "Jens Sauer"
},
{
"id": 352,
- "link": "/authors/scharager/",
- "name": "Matias Scharager"
+ "link": "/authors/schaeffeler/",
+ "name": "Maximilian Schäffeler"
},
{
"id": 353,
- "link": "/authors/schimpf/",
- "name": "Alexander Schimpf"
+ "link": "/authors/scharager/",
+ "name": "Matias Scharager"
},
{
"id": 354,
- "link": "/authors/schirmer/",
- "name": "Norbert Schirmer"
+ "link": "/authors/schimpf/",
+ "name": "Alexander Schimpf"
},
{
"id": 355,
- "link": "/authors/schleicher/",
- "name": "Dierk Schleicher"
+ "link": "/authors/schirmer/",
+ "name": "Norbert Schirmer"
},
{
"id": 356,
- "link": "/authors/schlichtkrull/",
- "name": "Anders Schlichtkrull"
+ "link": "/authors/schleicher/",
+ "name": "Dierk Schleicher"
},
{
"id": 357,
- "link": "/authors/schmaltz/",
- "name": "Julien Schmaltz"
+ "link": "/authors/schlichtkrull/",
+ "name": "Anders Schlichtkrull"
},
{
"id": 358,
- "link": "/authors/schmidinger/",
- "name": "Lukas Schmidinger"
+ "link": "/authors/schmaltz/",
+ "name": "Julien Schmaltz"
},
{
"id": 359,
- "link": "/authors/schmoetten/",
- "name": "Richard Schmoetten"
+ "link": "/authors/schmidinger/",
+ "name": "Lukas Schmidinger"
},
{
"id": 360,
- "link": "/authors/schneider/",
- "name": "Joshua Schneider"
+ "link": "/authors/schmoetten/",
+ "name": "Richard Schmoetten"
},
{
"id": 361,
- "link": "/authors/schoepe/",
- "name": "Daniel Schoepe"
+ "link": "/authors/schneider/",
+ "name": "Joshua Schneider"
},
{
"id": 362,
- "link": "/authors/schoepf/",
- "name": "Jonas Schöpf"
+ "link": "/authors/schoepe/",
+ "name": "Daniel Schoepe"
},
{
"id": 363,
- "link": "/authors/scott/",
- "name": "Dana Scott"
+ "link": "/authors/schoepf/",
+ "name": "Jonas Schöpf"
},
{
"id": 364,
- "link": "/authors/sefidgar/",
- "name": "S. Reza Sefidgar"
+ "link": "/authors/scott/",
+ "name": "Dana Scott"
},
{
"id": 365,
- "link": "/authors/seidl/",
- "name": "Benedikt Seidl"
+ "link": "/authors/sefidgar/",
+ "name": "S. Reza Sefidgar"
},
{
"id": 366,
- "link": "/authors/seidler/",
- "name": "Henning Seidler"
+ "link": "/authors/seidl/",
+ "name": "Benedikt Seidl"
},
{
"id": 367,
- "link": "/authors/sewell/",
- "name": "Thomas Sewell"
+ "link": "/authors/seidler/",
+ "name": "Henning Seidler"
},
{
"id": 368,
- "link": "/authors/sickert/",
- "name": "Salomon Sickert"
+ "link": "/authors/sewell/",
+ "name": "Thomas Sewell"
},
{
"id": 369,
- "link": "/authors/siek/",
- "name": "Jeremy Siek"
+ "link": "/authors/sickert/",
+ "name": "Salomon Sickert"
},
{
"id": 370,
- "link": "/authors/simic/",
- "name": "Danijela Simić"
+ "link": "/authors/siek/",
+ "name": "Jeremy Siek"
},
{
"id": 371,
- "link": "/authors/sison/",
- "name": "Robert Sison"
+ "link": "/authors/simic/",
+ "name": "Danijela Simić"
},
{
"id": 372,
- "link": "/authors/smaus/",
- "name": "Jan-Georg Smaus"
+ "link": "/authors/sison/",
+ "name": "Robert Sison"
},
{
"id": 373,
- "link": "/authors/smola/",
- "name": "Filip Smola"
+ "link": "/authors/smaus/",
+ "name": "Jan-Georg Smaus"
},
{
"id": 374,
- "link": "/authors/snelting/",
- "name": "Gregor Snelting"
+ "link": "/authors/smola/",
+ "name": "Filip Smola"
},
{
"id": 375,
- "link": "/authors/somaini/",
- "name": "Ivano Somaini"
+ "link": "/authors/snelting/",
+ "name": "Gregor Snelting"
},
{
"id": 376,
- "link": "/authors/somogyi/",
- "name": "Dániel Somogyi"
+ "link": "/authors/somaini/",
+ "name": "Ivano Somaini"
},
{
"id": 377,
- "link": "/authors/spasic/",
- "name": "Mirko Spasić"
+ "link": "/authors/somogyi/",
+ "name": "Dániel Somogyi"
},
{
"id": 378,
- "link": "/authors/spichkova/",
- "name": "Maria Spichkova"
+ "link": "/authors/spasic/",
+ "name": "Mirko Spasić"
},
{
"id": 379,
- "link": "/authors/spitz/",
- "name": "Maximilian Spitz"
+ "link": "/authors/spichkova/",
+ "name": "Maria Spichkova"
},
{
"id": 380,
- "link": "/authors/sprenger/",
- "name": "Christoph Sprenger"
+ "link": "/authors/spitz/",
+ "name": "Maximilian Spitz"
},
{
"id": 381,
- "link": "/authors/staats/",
- "name": "Charles Staats"
+ "link": "/authors/sprenger/",
+ "name": "Christoph Sprenger"
},
{
"id": 382,
- "link": "/authors/stannett/",
- "name": "Mike Stannett"
+ "link": "/authors/staats/",
+ "name": "Charles Staats"
},
{
"id": 383,
- "link": "/authors/stark/",
- "name": "Eugene W. Stark"
+ "link": "/authors/stannett/",
+ "name": "Mike Stannett"
},
{
"id": 384,
- "link": "/authors/starosta/",
- "name": "Štěpán Starosta"
+ "link": "/authors/stark/",
+ "name": "Eugene W. Stark"
},
{
"id": 385,
- "link": "/authors/steen/",
- "name": "Alexander Steen"
+ "link": "/authors/starosta/",
+ "name": "Štěpán Starosta"
},
{
"id": 386,
- "link": "/authors/steinberg/",
- "name": "Matías Steinberg"
+ "link": "/authors/steen/",
+ "name": "Alexander Steen"
},
{
"id": 387,
- "link": "/authors/stephan/",
- "name": "Werner Stephan"
+ "link": "/authors/steinberg/",
+ "name": "Matías Steinberg"
},
{
"id": 388,
- "link": "/authors/sternagel/",
- "name": "Christian Sternagel"
+ "link": "/authors/stephan/",
+ "name": "Werner Stephan"
},
{
"id": 389,
- "link": "/authors/sternagelt/",
- "name": "Thomas Sternagel"
+ "link": "/authors/sternagel/",
+ "name": "Christian Sternagel"
},
{
"id": 390,
- "link": "/authors/stevens/",
- "name": "Lukas Stevens"
+ "link": "/authors/sternagelt/",
+ "name": "Thomas Sternagel"
},
{
"id": 391,
- "link": "/authors/stock/",
- "name": "Benedikt Stock"
+ "link": "/authors/stevens/",
+ "name": "Lukas Stevens"
},
{
"id": 392,
- "link": "/authors/stoeckl/",
- "name": "Bernhard Stöckl"
+ "link": "/authors/stock/",
+ "name": "Benedikt Stock"
},
{
"id": 393,
- "link": "/authors/stricker/",
- "name": "Christian Stricker"
+ "link": "/authors/stoeckl/",
+ "name": "Bernhard Stöckl"
},
{
"id": 394,
- "link": "/authors/strnisa/",
- "name": "Rok Strniša"
+ "link": "/authors/stricker/",
+ "name": "Christian Stricker"
},
{
"id": 395,
- "link": "/authors/struth/",
- "name": "Georg Struth"
+ "link": "/authors/strnisa/",
+ "name": "Rok Strniša"
},
{
"id": 396,
- "link": "/authors/stueber/",
- "name": "Anke Stüber"
+ "link": "/authors/struth/",
+ "name": "Georg Struth"
},
{
"id": 397,
- "link": "/authors/stuewe/",
- "name": "Daniel Stüwe"
+ "link": "/authors/stueber/",
+ "name": "Anke Stüber"
},
{
"id": 398,
- "link": "/authors/sudbrock/",
- "name": "Henning Sudbrock"
+ "link": "/authors/stuewe/",
+ "name": "Daniel Stüwe"
},
{
"id": 399,
- "link": "/authors/sudhof/",
- "name": "Henry Sudhof"
+ "link": "/authors/sudbrock/",
+ "name": "Henning Sudbrock"
},
{
"id": 400,
- "link": "/authors/sulejmani/",
- "name": "Ujkan Sulejmani"
+ "link": "/authors/sudhof/",
+ "name": "Henry Sudhof"
},
{
"id": 401,
- "link": "/authors/sutcliffe/",
- "name": "Geoff Sutcliffe"
+ "link": "/authors/sulejmani/",
+ "name": "Ujkan Sulejmani"
},
{
"id": 402,
- "link": "/authors/sylvestre/",
- "name": "Jeremy Sylvestre"
+ "link": "/authors/sutcliffe/",
+ "name": "Geoff Sutcliffe"
},
{
"id": 403,
- "link": "/authors/szekely/",
- "name": "Gergely Szekely"
+ "link": "/authors/sylvestre/",
+ "name": "Jeremy Sylvestre"
},
{
"id": 404,
- "link": "/authors/taha/",
- "name": "Safouan Taha"
+ "link": "/authors/szekely/",
+ "name": "Gergely Szekely"
},
{
"id": 405,
- "link": "/authors/tan/",
- "name": "Yong Kiam Tan"
+ "link": "/authors/taha/",
+ "name": "Safouan Taha"
},
{
"id": 406,
- "link": "/authors/tanaka/",
- "name": "Miki Tanaka"
+ "link": "/authors/tan/",
+ "name": "Yong Kiam Tan"
},
{
"id": 407,
- "link": "/authors/tasch/",
- "name": "Markus Tasch"
+ "link": "/authors/tanaka/",
+ "name": "Miki Tanaka"
},
{
"id": 408,
- "link": "/authors/taylor/",
- "name": "Ramsay G. Taylor"
+ "link": "/authors/tasch/",
+ "name": "Markus Tasch"
},
{
"id": 409,
- "link": "/authors/terraf/",
- "name": "Pedro Sánchez Terraf"
+ "link": "/authors/taylor/",
+ "name": "Ramsay G. Taylor"
},
{
"id": 410,
- "link": "/authors/thiemann/",
- "name": "René Thiemann"
+ "link": "/authors/terraf/",
+ "name": "Pedro Sánchez Terraf"
},
{
"id": 411,
- "link": "/authors/thommes/",
- "name": "Joseph Thommes"
+ "link": "/authors/thiemann/",
+ "name": "René Thiemann"
},
{
"id": 412,
- "link": "/authors/thomson/",
- "name": "Fox Thomson"
+ "link": "/authors/thommes/",
+ "name": "Joseph Thommes"
},
{
"id": 413,
- "link": "/authors/tiu/",
- "name": "Alwen Tiu"
+ "link": "/authors/thomson/",
+ "name": "Fox Thomson"
},
{
"id": 414,
- "link": "/authors/toth/",
- "name": "Balazs Toth"
+ "link": "/authors/tiu/",
+ "name": "Alwen Tiu"
},
{
"id": 415,
- "link": "/authors/tourret/",
- "name": "Sophie Tourret"
+ "link": "/authors/toth/",
+ "name": "Balazs Toth"
},
{
"id": 416,
- "link": "/authors/trachtenherz/",
- "name": "David Trachtenherz"
+ "link": "/authors/tourret/",
+ "name": "Sophie Tourret"
},
{
"id": 417,
- "link": "/authors/traut/",
- "name": "Christoph Traut"
+ "link": "/authors/trachtenherz/",
+ "name": "David Trachtenherz"
},
{
"id": 418,
- "link": "/authors/traytel/",
- "name": "Dmitriy Traytel"
+ "link": "/authors/traut/",
+ "name": "Christoph Traut"
},
{
"id": 419,
- "link": "/authors/trelat/",
- "name": "Vincent Trélat"
+ "link": "/authors/traytel/",
+ "name": "Dmitriy Traytel"
},
{
"id": 420,
- "link": "/authors/tuong/",
- "name": "Frédéric Tuong"
+ "link": "/authors/trelat/",
+ "name": "Vincent Trélat"
},
{
"id": 421,
- "link": "/authors/tuongj/",
- "name": "Joseph Tuong"
+ "link": "/authors/tuong/",
+ "name": "Frédéric Tuong"
},
{
"id": 422,
- "link": "/authors/tverdyshev/",
- "name": "Sergey Tverdyshev"
+ "link": "/authors/tuongj/",
+ "name": "Joseph Tuong"
},
{
"id": 423,
- "link": "/authors/ullrich/",
- "name": "Sebastian Ullrich"
+ "link": "/authors/tverdyshev/",
+ "name": "Sergey Tverdyshev"
},
{
"id": 424,
- "link": "/authors/unruh/",
- "name": "Dominique Unruh"
+ "link": "/authors/ullrich/",
+ "name": "Sebastian Ullrich"
},
{
"id": 425,
- "link": "/authors/urban/",
- "name": "Christian Urban"
+ "link": "/authors/unruh/",
+ "name": "Dominique Unruh"
},
{
"id": 426,
- "link": "/authors/van/",
- "name": "Hai Nguyen Van"
+ "link": "/authors/urban/",
+ "name": "Christian Urban"
},
{
"id": 427,
- "link": "/authors/velykis/",
- "name": "Andrius Velykis"
+ "link": "/authors/van/",
+ "name": "Hai Nguyen Van"
},
{
"id": 428,
- "link": "/authors/verbeek/",
- "name": "Freek Verbeek"
+ "link": "/authors/velykis/",
+ "name": "Andrius Velykis"
},
{
"id": 429,
- "link": "/authors/villadsen/",
- "name": "Jørgen Villadsen"
+ "link": "/authors/verbeek/",
+ "name": "Freek Verbeek"
},
{
"id": 430,
- "link": "/authors/voisin/",
- "name": "Frederic Voisin"
+ "link": "/authors/villadsen/",
+ "name": "Jørgen Villadsen"
},
{
"id": 431,
- "link": "/authors/vytiniotis/",
- "name": "Dimitrios Vytiniotis"
+ "link": "/authors/voisin/",
+ "name": "Frederic Voisin"
},
{
"id": 432,
- "link": "/authors/wagner/",
- "name": "Max Wagner"
+ "link": "/authors/vytiniotis/",
+ "name": "Dimitrios Vytiniotis"
},
{
"id": 433,
- "link": "/authors/waldmann/",
- "name": "Uwe Waldmann"
+ "link": "/authors/wagner/",
+ "name": "Max Wagner"
},
{
"id": 434,
- "link": "/authors/wand/",
- "name": "Daniel Wand"
+ "link": "/authors/waldmann/",
+ "name": "Uwe Waldmann"
},
{
"id": 435,
- "link": "/authors/wang/",
- "name": "Shuling Wang"
+ "link": "/authors/wand/",
+ "name": "Daniel Wand"
},
{
"id": 436,
- "link": "/authors/wassell/",
- "name": "Mark Wassell"
+ "link": "/authors/wang/",
+ "name": "Shuling Wang"
},
{
"id": 437,
- "link": "/authors/wasserrab/",
- "name": "Daniel Wasserrab"
+ "link": "/authors/wassell/",
+ "name": "Mark Wassell"
},
{
"id": 438,
- "link": "/authors/watt/",
- "name": "Conrad Watt"
+ "link": "/authors/wasserrab/",
+ "name": "Daniel Wasserrab"
},
{
"id": 439,
- "link": "/authors/weber/",
- "name": "Tjark Weber"
+ "link": "/authors/watt/",
+ "name": "Conrad Watt"
},
{
"id": 440,
- "link": "/authors/weerwag/",
- "name": "Timmy Weerwag"
+ "link": "/authors/weber/",
+ "name": "Tjark Weber"
},
{
"id": 441,
- "link": "/authors/weidner/",
- "name": "Arno Wilhelm-Weidner"
+ "link": "/authors/weerwag/",
+ "name": "Timmy Weerwag"
},
{
"id": 442,
- "link": "/authors/wenninger/",
- "name": "Elias Wenninger"
+ "link": "/authors/weidner/",
+ "name": "Arno Wilhelm-Weidner"
},
{
"id": 443,
- "link": "/authors/wenzel/",
- "name": "Makarius Wenzel"
+ "link": "/authors/wenninger/",
+ "name": "Elias Wenninger"
},
{
"id": 444,
- "link": "/authors/whitley/",
- "name": "A Whitley"
+ "link": "/authors/wenzel/",
+ "name": "Makarius Wenzel"
},
{
"id": 445,
- "link": "/authors/wickerson/",
- "name": "John Wickerson"
+ "link": "/authors/whitley/",
+ "name": "A Whitley"
},
{
"id": 446,
- "link": "/authors/willenbrink/",
- "name": "Sebastian Willenbrink"
+ "link": "/authors/wickerson/",
+ "name": "John Wickerson"
},
{
"id": 447,
- "link": "/authors/wimmer/",
- "name": "Simon Wimmer"
+ "link": "/authors/willenbrink/",
+ "name": "Sebastian Willenbrink"
},
{
"id": 448,
- "link": "/authors/wirt/",
- "name": "Kai Wirt"
+ "link": "/authors/wimmer/",
+ "name": "Simon Wimmer"
},
{
"id": 449,
- "link": "/authors/wolff/",
- "name": "Burkhart Wolff"
+ "link": "/authors/wirt/",
+ "name": "Kai Wirt"
},
{
"id": 450,
- "link": "/authors/wu/",
- "name": "Chunhan Wu"
+ "link": "/authors/wolff/",
+ "name": "Burkhart Wolff"
},
{
"id": 451,
- "link": "/authors/xu/",
- "name": "Jian Xu"
+ "link": "/authors/wu/",
+ "name": "Chunhan Wu"
},
{
"id": 452,
- "link": "/authors/yamada/",
- "name": "Akihisa Yamada"
+ "link": "/authors/xu/",
+ "name": "Jian Xu"
},
{
"id": 453,
- "link": "/authors/ye/",
- "name": "Lina Ye"
+ "link": "/authors/yamada/",
+ "name": "Akihisa Yamada"
},
{
"id": 454,
- "link": "/authors/yez/",
- "name": "Zhengkun Ye"
+ "link": "/authors/ye/",
+ "name": "Lina Ye"
},
{
"id": 455,
- "link": "/authors/ying/",
- "name": "Shenggang Ying"
+ "link": "/authors/yez/",
+ "name": "Zhengkun Ye"
},
{
"id": 456,
- "link": "/authors/yingm/",
- "name": "Mingsheng Ying"
+ "link": "/authors/ying/",
+ "name": "Shenggang Ying"
},
{
"id": 457,
- "link": "/authors/yu/",
- "name": "Lei Yu"
+ "link": "/authors/yingm/",
+ "name": "Mingsheng Ying"
},
{
"id": 458,
- "link": "/authors/zankl/",
- "name": "Harald Zankl"
+ "link": "/authors/yu/",
+ "name": "Lei Yu"
},
{
"id": 459,
- "link": "/authors/zee/",
- "name": "Karen Zee"
+ "link": "/authors/zankl/",
+ "name": "Harald Zankl"
},
{
"id": 460,
- "link": "/authors/zeller/",
- "name": "Peter Zeller"
+ "link": "/authors/zee/",
+ "name": "Karen Zee"
},
{
"id": 461,
- "link": "/authors/zeyda/",
- "name": "Frank Zeyda"
+ "link": "/authors/zeller/",
+ "name": "Peter Zeller"
},
{
"id": 462,
- "link": "/authors/zhan/",
- "name": "Bohua Zhan"
+ "link": "/authors/zeyda/",
+ "name": "Frank Zeyda"
},
{
"id": 463,
- "link": "/authors/zhang/",
- "name": "Yu Zhang"
+ "link": "/authors/zhan/",
+ "name": "Bohua Zhan"
},
{
"id": 464,
- "link": "/authors/zhangx/",
- "name": "Xingyuan Zhang"
+ "link": "/authors/zhang/",
+ "name": "Yu Zhang"
},
{
"id": 465,
+ "link": "/authors/zhangx/",
+ "name": "Xingyuan Zhang"
+ },
+ {
+ "id": 466,
"link": "/authors/zhann/",
"name": "Naijun Zhan"
}
]
\ No newline at end of file
diff --git a/web/authors/jungnickel/index.html b/web/authors/jungnickel/index.html
--- a/web/authors/jungnickel/index.html
+++ b/web/authors/jungnickel/index.html
@@ -1,161 +1,161 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Tim Jungnickel - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/jungnickel/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="jungnickel" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/jungnickel/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="jungnickel"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>T</span>im <span class='first'>J</span>ungnickel
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">lekcingnuj</span>.<span class="rev">mit</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2017</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5>
<br>
by
<a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/oldenburg">Lennart Oldenburg</a> and <a href="../../authors/loibl">Matthias Loibl</a>
</div>
<span class="date">
Nov 09
</span>
</article>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/kappelmann/index.html b/web/authors/kappelmann/index.html
--- a/web/authors/kappelmann/index.html
+++ b/web/authors/kappelmann/index.html
@@ -1,165 +1,177 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Kevin Kappelmann - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/kappelmann/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="kappelmann" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/kappelmann/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="kappelmann"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>K</span>evin <span class='first'>K</span>appelmann
</h1>
<div>
</div>
</header>
<div>
<h2>Homepages 🌐</h2>
<ul>
<li><a href="https://www21.in.tum.de/team/kappelmk/">https://www21.in.tum.de/team/kappelmk/</a></li>
</ul>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsia2V2aW4iLCJrYXBwZWxtYW5uIl19">
<span class="rev">ed</span>.<span class="rev">mut</span>
@<span class="rev">nnamleppak</span>.<span class="rev">nivek</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2023</h3>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by
+ <a href="../../authors/kappelmann">Kevin Kappelmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsia2V2aW4iLCJrYXBwZWxtYW5uIl19">📧</a>
+
+ </div>
+ <span class="date">
+ Oct 11
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../entries/ML_Unification.html">Unification Utilities for Isabelle/ML</a></h5>
<br>
by
<a href="../../authors/kappelmann">Kevin Kappelmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsia2V2aW4iLCJrYXBwZWxtYW5uIl19">📧</a>
</div>
<span class="date">
Sep 19
</span>
</article>
<h3 class="head">2021</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5>
<br>
by
<a href="../../authors/kappelmann">Kevin Kappelmann</a> <a href="https://www21.in.tum.de/team/kappelmk/">🌐</a>, <a href="../../authors/bulwahn">Lukas Bulwahn</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsibHVrYXMiLCJidWx3YWhuIl19">📧</a> and <a href="../../authors/willenbrink">Sebastian Willenbrink</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsic2ViYXN0aWFuIiwid2lsbGVuYnJpbmsiXX0=">📧</a>
</div>
<span class="date">
Jul 01
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/kappelmann/index.xml b/web/authors/kappelmann/index.xml
--- a/web/authors/kappelmann/index.xml
+++ b/web/authors/kappelmann/index.xml
@@ -1,31 +1,38 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>kappelmann on Archive of Formal Proofs
</title>
<link>/authors/kappelmann/</link>
<description>
Recent content in kappelmann
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Tue, 19 Sep 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/authors/kappelmann/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Unification Utilities for Isabelle/ML</title>
<link>/entries/ML_Unification.html</link>
<pubDate>Tue, 19 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/ML_Unification.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/minamide/index.html b/web/authors/minamide/index.html
--- a/web/authors/minamide/index.html
+++ b/web/authors/minamide/index.html
@@ -1,156 +1,178 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Yasuhiko Minamide - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/minamide/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="minamide" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/minamide/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="minamide"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>Y</span>asuhiko <span class='first'>M</span>inamide
</h1>
<div>
</div>
</header>
<div>
<h2>Homepages 🌐</h2>
<ul>
<li><a href="https://sv.c.titech.ac.jp/minamide/index.en.html">https://sv.c.titech.ac.jp/minamide/index.en.html</a></li>
</ul>
+ <h2>E-Mails 📧</h2>
+ <ul>
+ <li>
+ <a class="obfuscated" data="eyJob3N0IjpbImlzIiwidGl0ZWNoIiwiYWMiLCJqcCJdLCJ1c2VyIjpbIm1pbmFtaWRlIl19">
+ <span class="rev">pj</span>.<span class="rev">ca</span>.<span class="rev">hcetit</span>.<span class="rev">si</span>
+@<span class="rev">edimanim</span>
+ </a>
+ </li>
+ </ul>
<h2>Entries</h2>
+ <h3 class="head">2023</h3>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by
+ <a href="../../authors/hirata">Michikazu Hirata</a> <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">📧</a> and <a href="../../authors/minamide">Yasuhiko Minamide</a> <a class="obfuscated" data="eyJob3N0IjpbImlzIiwidGl0ZWNoIiwiYWMiLCJqcCJdLCJ1c2VyIjpbIm1pbmFtaWRlIl19">📧</a>
+
+ </div>
+ <span class="date">
+ Aug 08
+ </span>
+ </article>
<h3 class="head">2022</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by
<a href="../../authors/hirata">Michikazu Hirata</a>, <a href="../../authors/minamide">Yasuhiko Minamide</a> <a href="https://sv.c.titech.ac.jp/minamide/index.en.html">🌐</a> and <a href="../../authors/sato">Tetsuya Sato</a> <a href="https://sites.google.com/view/tetsuyasato/">🌐</a>
</div>
<span class="date">
Feb 03
</span>
</article>
<h3 class="head">2004</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Depth-First-Search.html">Depth First Search</a></h5>
<br>
by
<a href="../../authors/nishihara">Toshiaki Nishihara</a> and <a href="../../authors/minamide">Yasuhiko Minamide</a>
</div>
<span class="date">
Jun 24
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/minamide/index.xml b/web/authors/minamide/index.xml
--- a/web/authors/minamide/index.xml
+++ b/web/authors/minamide/index.xml
@@ -1,31 +1,38 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>minamide on Archive of Formal Proofs
</title>
<link>/authors/minamide/</link>
<description>
Recent content in minamide
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 03 Feb 2022 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Tue, 08 Aug 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/authors/minamide/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/montanari/index.html b/web/authors/montanari/index.html
new file mode 100644
--- /dev/null
+++ b/web/authors/montanari/index.html
@@ -0,0 +1,144 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Luisa Montanari - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+ <link rel="alternate" type="application/rss+xml" href="../../authors/montanari/index.xml" title="Archive of Formal Proofs" />
+
+ <meta property="og:title" content="montanari" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/authors/montanari/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="montanari"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class="logo-link">
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>L</span>uisa <span class='first'>M</span>ontanari
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <a href="https://orcid.org/0000-0002-5270-0290">
+ <img alt="ORCID logo" src="https://info.orcid.org/wp-content/uploads/2019/11/orcid_16x16.png"
+ width="16" height="16" />
+ 0000-0002-5270-0290
+ </a>
+
+ <h2>Entries</h2>
+ <h3 class="head">2023</h3>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a href="https://bbisping.de">🌐</a> and <a href="../../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">
+ Aug 18
+ </span>
+ </article>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/authors/montanari/index.xml b/web/authors/montanari/index.xml
new file mode 100644
--- /dev/null
+++ b/web/authors/montanari/index.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>montanari on Archive of Formal Proofs
+ </title>
+ <link>/authors/montanari/</link>
+ <description>
+ Recent content in montanari
+ on Archive of Formal Proofs
+ </description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+
+ <lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
+ <atom:link href="/authors/montanari/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ </channel>
+</rss>
diff --git a/web/authors/nestmann/index.html b/web/authors/nestmann/index.html
--- a/web/authors/nestmann/index.html
+++ b/web/authors/nestmann/index.html
@@ -1,143 +1,143 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Uwe Nestmann - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/nestmann/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="nestmann" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/nestmann/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="nestmann"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>U</span>we <span class='first'>N</span>estmann
</h1>
<div>
</div>
</header>
<div>
<h2>Homepages 🌐</h2>
<ul>
<li><a href="https://www.mtv.tu-berlin.de/nestmann/">https://www.mtv.tu-berlin.de/nestmann/</a></li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/peters/index.html b/web/authors/peters/index.html
--- a/web/authors/peters/index.html
+++ b/web/authors/peters/index.html
@@ -1,161 +1,161 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Kirstin Peters - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/peters/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="peters" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/peters/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="peters"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>K</span>irstin <span class='first'>P</span>eters
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">sretep</span>.<span class="rev">nitsrik</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
<h3 class="head">2015</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5>
<br>
by
<a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/glabbeek">Rob van Glabbeek</a> <a href="http://theory.stanford.edu/~rvg/">🌐</a>
</div>
<span class="date">
Aug 10
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/rickmann/index.html b/web/authors/rickmann/index.html
--- a/web/authors/rickmann/index.html
+++ b/web/authors/rickmann/index.html
@@ -1,148 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Christina Rickmann - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/rickmann/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="rickmann" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/rickmann/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="rickmann"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>hristina <span class='first'>R</span>ickmann
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">nnamkcir</span>.<span class="rev">c</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/sachtleben/index.html b/web/authors/sachtleben/index.html
--- a/web/authors/sachtleben/index.html
+++ b/web/authors/sachtleben/index.html
@@ -1,161 +1,174 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Robert Sachtleben - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/sachtleben/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="sachtleben" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/sachtleben/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="sachtleben"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>R</span>obert <span class='first'>S</span>achtleben
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInVuaS1icmVtZW4iLCJkZSJdLCJ1c2VyIjpbInJvYl9zYWMiXX0=">
<span class="rev">ed</span>.<span class="rev">nemerb-inu</span>
@<span class="rev">cas_bor</span>
</a>
</li>
</ul>
<h2>Entries</h2>
+ <h3 class="head">2023</h3>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/IO_Language_Conformance.html">Conformance Relations between Input/Output Languages</a></h5>
+ <br>
+ by
+ <a href="../../authors/sachtleben">Robert Sachtleben</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1icmVtZW4iLCJkZSJdLCJ1c2VyIjpbInJvYl9zYWMiXX0=">📧</a>
+
+ </div>
+ <span class="date">
+ Sep 01
+ </span>
+ </article>
<h3 class="head">2022</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5>
<br>
by
<a href="../../authors/sachtleben">Robert Sachtleben</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1icmVtZW4iLCJkZSJdLCJ1c2VyIjpbInJvYl9zYWMiXX0=">📧</a>
</div>
<span class="date">
Aug 09
</span>
</article>
<h3 class="head">2019</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5>
<br>
by
<a href="../../authors/sachtleben">Robert Sachtleben</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1icmVtZW4iLCJkZSJdLCJ1c2VyIjpbInJvYl9zYWMiXX0=">📧</a>
</div>
<span class="date">
Aug 16
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/sachtleben/index.xml b/web/authors/sachtleben/index.xml
--- a/web/authors/sachtleben/index.xml
+++ b/web/authors/sachtleben/index.xml
@@ -1,31 +1,38 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>sachtleben on Archive of Formal Proofs
</title>
<link>/authors/sachtleben/</link>
<description>
Recent content in sachtleben
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Tue, 09 Aug 2022 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Fri, 01 Sep 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/authors/sachtleben/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Conformance Relations between Input/Output Languages</title>
+ <link>/entries/IO_Language_Conformance.html</link>
+ <pubDate>Fri, 01 Sep 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/IO_Language_Conformance.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/seidler/index.html b/web/authors/seidler/index.html
--- a/web/authors/seidler/index.html
+++ b/web/authors/seidler/index.html
@@ -1,148 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Henning Seidler - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/seidler/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="seidler" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/seidler/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="seidler"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>H</span>enning <span class='first'>S</span>eidler
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>.<span class="rev">xobliam</span>
@<span class="rev">reldies</span>.<span class="rev">gninneh</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/stueber/index.html b/web/authors/stueber/index.html
--- a/web/authors/stueber/index.html
+++ b/web/authors/stueber/index.html
@@ -1,148 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Anke Stüber - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/stueber/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="stueber" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/stueber/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="stueber"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>A</span>nke <span class='first'>S</span>tüber
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>.<span class="rev">supmac</span>
@<span class="rev">rebeuts</span>.<span class="rev">ekna</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/weidner/index.html b/web/authors/weidner/index.html
--- a/web/authors/weidner/index.html
+++ b/web/authors/weidner/index.html
@@ -1,148 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Arno Wilhelm-Weidner - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../authors/weidner/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="weidner" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/weidner/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="weidner"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon">
<script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script>
<script src="../../js/header-search.js"></script>
<script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class="logo-link">
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../">
<li >
Home
</li>
</a>
<a href="../../topics/">
<li >
Topics
</li>
</a>
<a href="../../download/">
<li >
Download
</li>
</a>
<a href="../../help/">
<li >
Help
</li>
</a>
<a href="../../submission/">
<li >
Submission
</li>
</a>
<a href="../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>A</span>rno <span class='first'>W</span>ilhelm-<span class='first'>W</span>eidner
</h1>
<div>
</div>
</header>
<div>
<h2>E-Mails 📧</h2>
<ul>
<li>
<a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">
<span class="rev">ed</span>.<span class="rev">nilreb-ut</span>
@<span class="rev">rendiew-mlehliw</span>.<span class="rev">onra</span>
</a>
</li>
</ul>
<h2>Entries</h2>
<h3 class="head">2016</h3>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by
- <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/data/keywords.json b/web/data/keywords.json
--- a/web/data/keywords.json
+++ b/web/data/keywords.json
@@ -1,6245 +1,6275 @@
[{"keyword": "-dimensional cube"},
{"keyword": "-free higher-order terms"},
{"keyword": "0-1-2-principle"},
{"keyword": "1 delta cdots delta"},
{"keyword": "1 infty"},
{"keyword": "1 infty left"},
{"keyword": "1 involving"},
{"keyword": "1 javier esparza"},
{"keyword": "1 n-1 frac b_"},
{"keyword": "1 polygonal numbers"},
{"keyword": "1007 978-3-030-90138-7_2"},
{"keyword": "1093 logcom exad013"},
{"keyword": "10th problem"},
{"keyword": "128bit words"},
{"keyword": "13 binary relations"},
{"keyword": "16th international symposium"},
{"keyword": "18th century"},
{"keyword": "19th century number theory"},
{"keyword": "2 rsa laboratories"},
{"keyword": "2 scalar product"},
{"keyword": "2022 lecture notes"},
{"keyword": "253--269 cpp-2016 peter lammich"},
{"keyword": "2nd international workshop"},
{"keyword": "3-term arithmetic progressions"},
{"keyword": "32-bit signed word"},
{"keyword": "32bit machine words"},
{"keyword": "34th ifip international conference"},
{"keyword": "3rd edition"},
{"keyword": "45th theorem"},
{"keyword": "55th theorem"},
{"keyword": "5th postulate"},
{"keyword": "64-bit bases"},
{"keyword": "8th event"},
{"keyword": "9th international joint conference"},
{"keyword": "a-priori bound"},
{"keyword": "a-priori detect"},
{"keyword": "a_1 ldots a_n"},
{"keyword": "a_n leq tfrac 1"},
{"keyword": "ab leq int_0"},
{"keyword": "abc"},
{"keyword": "abductive reasoning"},
{"keyword": "abelian group"},
{"keyword": "abortable linearizable module automaton"},
{"keyword": "abrupt termination"},
{"keyword": "absolute positiveness"},
{"keyword": "abstract academic models"},
{"keyword": "abstract algebra"},
{"keyword": "abstract algebraic structure satisfying"},
{"keyword": "abstract algorithm working"},
{"keyword": "abstract algorithms closely"},
{"keyword": "abstract automata types"},
{"keyword": "abstract bnfccs similar"},
{"keyword": "abstract cfg"},
{"keyword": "abstract characterization"},
{"keyword": "abstract compiler working"},
{"keyword": "abstract completeness theories"},
{"keyword": "abstract convergence theorem"},
{"keyword": "abstract cryptography"},
{"keyword": "abstract data structures"},
{"keyword": "abstract data type"},
{"keyword": "abstract datatypes"},
{"keyword": "abstract execution model"},
{"keyword": "abstract file represented"},
{"keyword": "abstract first-order prover"},
{"keyword": "abstract formalization"},
{"keyword": "abstract functions modelled directly"},
{"keyword": "abstract hilbert-style"},
{"keyword": "abstract interface"},
{"keyword": "abstract interpreter operate"},
{"keyword": "abstract ledger supporting"},
{"keyword": "abstract level"},
{"keyword": "abstract objects"},
{"keyword": "abstract objects theory"},
{"keyword": "abstract perspective enables"},
{"keyword": "abstract program"},
{"keyword": "abstract proof"},
{"keyword": "abstract property"},
{"keyword": "abstract reasoning"},
{"keyword": "abstract reference specification"},
{"keyword": "abstract representation"},
{"keyword": "abstract results"},
{"keyword": "abstract rewrite system"},
{"keyword": "abstract rewriting"},
{"keyword": "abstract separation algebra"},
{"keyword": "abstract separation logic"},
{"keyword": "abstract simplicial complexes"},
{"keyword": "abstract soundness"},
{"keyword": "abstract space"},
{"keyword": "abstract specification"},
{"keyword": "abstract structures"},
{"keyword": "abstract syntax"},
{"keyword": "abstract syntax tree generated"},
{"keyword": "abstract theory"},
{"keyword": "abstract time domain"},
{"keyword": "abstract transition system context"},
{"keyword": "abstract type"},
{"keyword": "abstract version"},
{"keyword": "academic partners"},
{"keyword": "academic press"},
{"keyword": "acceptance rejection decisions"},
{"keyword": "accepted languages coincide"},
{"keyword": "access windows"},
{"keyword": "accessed independently"},
{"keyword": "accesses memory locations"},
{"keyword": "accessibility decisions affecting"},
{"keyword": "accommodates partial functions"},
{"keyword": "accommodating arbitrary nominal datatypes"},
{"keyword": "accompanying algebraic laws"},
+{"keyword": "accompanying formalisation"},
{"keyword": "accompanying induction invariant rules"},
{"keyword": "accompanying paper"},
{"keyword": "accompanying paper 2"},
{"keyword": "achieve bottom-"},
{"keyword": "achieve compositionality"},
{"keyword": "achieve consensus"},
{"keyword": "achieve high expressiveness"},
{"keyword": "active domain"},
{"keyword": "active research topic"},
{"keyword": "actual executions"},
{"keyword": "actual sets"},
{"keyword": "actuarial mathematics"},
{"keyword": "ad-hoc approaches"},
{"keyword": "adam betts"},
{"keyword": "adam smith"},
{"keyword": "adapt ctl"},
{"keyword": "adapted versions"},
{"keyword": "adapting larry paulson"},
{"keyword": "adaptive state counting"},
{"keyword": "adaptive state counting algorithm"},
{"keyword": "adaptive test cases"},
{"keyword": "added formalisations"},
{"keyword": "adding definitions"},
{"keyword": "adding knuth"},
{"keyword": "adding observation instants"},
{"keyword": "addition theorem"},
{"keyword": "additional assumptions needed"},
{"keyword": "additional control flow analysis"},
{"keyword": "additional convenience"},
{"keyword": "additional domain elements"},
{"keyword": "additional effort"},
{"keyword": "additional extensions"},
{"keyword": "additional indeterminate"},
{"keyword": "additional iteration laws"},
{"keyword": "additional non-deterministic choice command"},
{"keyword": "additional notions"},
{"keyword": "additional operations"},
{"keyword": "additional operations subject"},
{"keyword": "additional password"},
{"keyword": "additional properties related"},
{"keyword": "additional relations"},
{"keyword": "additional results"},
{"keyword": "additional theorems"},
{"keyword": "additional theory"},
{"keyword": "additive combinatorics"},
{"keyword": "additive combinatorics due"},
{"keyword": "additive secret sharing scheme"},
{"keyword": "additive subgroup"},
{"keyword": "additively idempotent semirings"},
{"keyword": "adequacy proof"},
{"keyword": "adjoint functors"},
{"keyword": "adjoint functors preserve limits"},
{"keyword": "adjunctions"},
{"keyword": "advanced algorithms"},
{"keyword": "advanced binding constructs"},
{"keyword": "advanced replacement"},
{"keyword": "advanced set-theoretic concepts"},
{"keyword": "affect execution time"},
{"keyword": "affine arithmetic"},
{"keyword": "affine scheme"},
{"keyword": "affine systems"},
{"keyword": "aforementioned consensus problem"},
{"keyword": "aforementioned mathematical structures"},
{"keyword": "aforesaid task"},
{"keyword": "afp"},
{"keyword": "afp article amortized complexity"},
{"keyword": "afp article monadification"},
{"keyword": "afp entries"},
{"keyword": "afp entries goedel_hfset_semantic"},
{"keyword": "afp entry"},
{"keyword": "afp entry abstract completeness"},
{"keyword": "afp entry accessible"},
{"keyword": "afp entry amortized complexity"},
{"keyword": "afp entry bnf operations"},
{"keyword": "afp entry category theory"},
{"keyword": "afp entry complex geometry"},
{"keyword": "afp entry core dom"},
{"keyword": "afp entry discrete summation"},
{"keyword": "afp entry dom_components"},
{"keyword": "afp entry dynamic architectures"},
{"keyword": "afp entry eval_fo"},
{"keyword": "afp entry focusstreamscasestudies-afp"},
{"keyword": "afp entry implements"},
{"keyword": "afp entry ordered_resultion_prover"},
{"keyword": "afp entry robinson_arithmetic"},
{"keyword": "afp entry saturation_framework"},
{"keyword": "afp entry simple_firewall"},
{"keyword": "afp package"},
{"keyword": "afp representation"},
{"keyword": "agm operators"},
{"keyword": "aircraft cabin data network"},
{"keyword": "akra-bazzi method based"},
{"keyword": "akra-bazzi theorem"},
{"keyword": "alain aspect"},
{"keyword": "albeit translated"},
{"keyword": "alexander birch jensen"},
{"keyword": "algebraic"},
{"keyword": "algebraic approach"},
{"keyword": "algebraic closure"},
{"keyword": "algebraic formalization end"},
{"keyword": "algebraic framework"},
{"keyword": "algebraic geometry"},
{"keyword": "algebraic geometry culminating"},
{"keyword": "algebraic hierarchy"},
{"keyword": "algebraic laws"},
{"keyword": "algebraic manipulations"},
{"keyword": "algebraic number executable"},
{"keyword": "algebraic number implementation"},
{"keyword": "algebraic numbers"},
{"keyword": "algebraic numbers beta_1"},
{"keyword": "algebraic point"},
{"keyword": "algebraic proof"},
{"keyword": "algebraic semantics"},
{"keyword": "algebraic setting"},
{"keyword": "algebraic structure"},
{"keyword": "algebraic structures based"},
{"keyword": "algebraically closed"},
{"keyword": "algebraically closed field"},
{"keyword": "algebraically independent"},
{"keyword": "algebras based"},
{"keyword": "algorithm"},
{"keyword": "algorithm aims"},
{"keyword": "algorithm decodes correctly"},
{"keyword": "algorithm enumerates rooted"},
{"keyword": "algorithm enumerating"},
{"keyword": "algorithm factors polynomials"},
{"keyword": "algorithm generates posix"},
{"keyword": "algorithm meets schneider"},
{"keyword": "algorithm multiple times independently"},
{"keyword": "algorithm proceeds"},
{"keyword": "algorithm tolerates"},
{"keyword": "algorithm top-"},
+{"keyword": "algorithms computing"},
{"keyword": "all-pairs shortest path problem"},
{"keyword": "all-pairs shortest paths problem"},
{"keyword": "allocation function allocates goods"},
{"keyword": "allowed accesses"},
{"keyword": "allowed nominals"},
{"keyword": "allowing formal reasoning"},
{"keyword": "alpern"},
{"keyword": "alpha"},
{"keyword": "alpha-equivalence classes"},
{"keyword": "alpha_1 ldots beta_n"},
{"keyword": "alphabet letters"},
{"keyword": "alphabetised relational calculus"},
{"keyword": "alternate binomial theorem statement"},
{"keyword": "alternating structure"},
{"keyword": "alternative definition"},
{"keyword": "alternative interface"},
{"keyword": "alternative interpretation"},
{"keyword": "alternative proof"},
{"keyword": "alternative version"},
{"keyword": "alternatives"},
{"keyword": "alwen tiu"},
{"keyword": "amicable numbers"},
{"keyword": "amir hossein parvardi"},
{"keyword": "amortized complexity"},
{"keyword": "amortized logarithmic complexity"},
{"keyword": "amortized time complexity"},
{"keyword": "ample set condition"},
{"keyword": "analogous languages"},
{"keyword": "analogous problem arises"},
{"keyword": "analyse system structure oriented"},
{"keyword": "analysing replication algorithms"},
{"keyword": "analytic combinatorics"},
{"keyword": "analytic completeness proof covers"},
{"keyword": "analytic continuation"},
{"keyword": "analytic dirichlet series"},
{"keyword": "analytic function"},
{"keyword": "analytic number theory"},
{"keyword": "analytic number theory rdquo"},
{"keyword": "analytic proof"},
{"keyword": "analytical arguments"},
{"keyword": "analyze similar algorithms"},
{"keyword": "analyze sufficient conditions"},
{"keyword": "analyzed firewall mdash"},
{"keyword": "anders schlichtkrull"},
{"keyword": "andr platzer"},
{"keyword": "andrei popescu"},
{"keyword": "andrei popescu propose"},
{"keyword": "angelic nondeterministic choices"},
{"keyword": "angles requires solving"},
{"keyword": "annotated commands"},
{"keyword": "anonymous social choice function"},
{"keyword": "appearing numbers"},
{"keyword": "application"},
{"keyword": "application areas"},
{"keyword": "application consumes potential"},
{"keyword": "application programming interface"},
{"keyword": "application scenarios"},
{"keyword": "applications ranging"},
{"keyword": "applications refer"},
{"keyword": "applicative expressions"},
{"keyword": "applicative functor"},
{"keyword": "applicative functors augment computations"},
{"keyword": "applied call-by-"},
{"keyword": "applied non-classical logics 2005"},
{"keyword": "applied relativization"},
{"keyword": "applies induction"},
{"keyword": "apply andy pitts"},
{"keyword": "apply data refinement"},
{"keyword": "apply expander graphs"},
{"keyword": "applying sturm"},
{"keyword": "approach"},
{"keyword": "approach decomposes ltl formulas"},
{"keyword": "approach demonstrates"},
{"keyword": "approach enables easy links"},
{"keyword": "approach preservers"},
{"keyword": "approach produced"},
{"keyword": "approach supports reachability goals"},
{"keyword": "approval ballots"},
{"keyword": "approve multiple parties"},
{"keyword": "approximating real roots"},
{"keyword": "approximation algorithm"},
{"keyword": "approximation error"},
{"keyword": "approximation polynomial based"},
{"keyword": "approximation quality solely depends"},
{"keyword": "approximation ratio"},
{"keyword": "approximative version"},
{"keyword": "arbitrarily large girth"},
{"keyword": "arbitrary banach space"},
{"keyword": "arbitrary classes"},
{"keyword": "arbitrary data"},
{"keyword": "arbitrary dimension"},
{"keyword": "arbitrary fields"},
{"keyword": "arbitrary higher-order contexts"},
{"keyword": "arbitrary infinite proofs"},
{"keyword": "arbitrary intervals"},
{"keyword": "arbitrary length"},
{"keyword": "arbitrary linear order"},
{"keyword": "arbitrary linearly-ordered integrity domains"},
{"keyword": "arbitrary natural sets"},
{"keyword": "arbitrary network topologies"},
{"keyword": "arbitrary nominal sets"},
{"keyword": "arbitrary number"},
{"keyword": "arbitrary rc query"},
{"keyword": "arbitrary ring"},
{"keyword": "arbitrary security lattices"},
{"keyword": "arbitrary sets"},
{"keyword": "arbitrary size"},
{"keyword": "arbitrary transition systems"},
{"keyword": "arbitrary uniform distributions"},
{"keyword": "arbitrary univariate polynomials"},
{"keyword": "arbitrary user"},
{"keyword": "arbitrary user-"},
{"keyword": "architectural design patterns"},
{"keyword": "arctic interpretations"},
{"keyword": "arctic semirings satisfy"},
{"keyword": "argument"},
{"keyword": "argument functions"},
{"keyword": "arithmetic logical operations"},
{"keyword": "arithmetic progression"},
{"keyword": "arithmetic type class hierarchy"},
{"keyword": "arithmetize register machines"},
{"keyword": "array operations seamlessly integrate"},
{"keyword": "array shuffling protocol"},
{"keyword": "arrow composition --"},
{"keyword": "arrow-debreu model"},
{"keyword": "art formal verification methods"},
{"keyword": "article"},
{"keyword": "article added additional material"},
{"keyword": "article added material"},
{"keyword": "article attempts"},
{"keyword": "article barbin-le rest"},
{"keyword": "article builds"},
{"keyword": "article collects formalisations"},
{"keyword": "article knight"},
{"keyword": "article set-theoretical foundations"},
{"keyword": "article titled"},
{"keyword": "articles ai-communications aic764"},
{"keyword": "artificial general intelligence"},
{"keyword": "artificial intelligence"},
{"keyword": "ascending priority"},
{"keyword": "aspect obtained experimentally"},
{"keyword": "assembly-to-machine step"},
{"keyword": "assertion failure"},
{"keyword": "assertion semantics unifies semantic"},
{"keyword": "assertoric syllogistic"},
{"keyword": "assigned multiple seats"},
{"keyword": "association lists"},
{"keyword": "associative lists"},
{"keyword": "assorted fixed-point theorems"},
{"keyword": "assuming soundness"},
{"keyword": "astronomically huge"},
{"keyword": "asymptotic approximation"},
{"keyword": "asymptotic bounds"},
{"keyword": "asymptotic expansions"},
{"keyword": "asymptotic growth approximation"},
{"keyword": "asymptotic relation"},
{"keyword": "asymptotically equivalent"},
{"keyword": "asymptotically matches"},
{"keyword": "asymptotically optimal space usage"},
{"keyword": "asynchronously communicating nodes"},
{"keyword": "atkinson lemma"},
{"keyword": "atomic elements"},
{"keyword": "atomic formulas"},
{"keyword": "atomic operations race"},
{"keyword": "atomic predicates"},
{"keyword": "attack tree validity"},
{"keyword": "augustin louis cauchy"},
{"keyword": "austrian science fund"},
{"keyword": "authenticated data structures"},
{"keyword": "authentication mechanisms employed call"},
{"keyword": "author merz 1998"},
{"keyword": "author x27"},
{"keyword": "authorized path"},
{"keyword": "authors upcoming dissertation"},
{"keyword": "autocorres tool"},
{"keyword": "automata classes"},
{"keyword": "automata library"},
{"keyword": "automate canonical tasks"},
+{"keyword": "automate transports"},
{"keyword": "automated circuit verification"},
{"keyword": "automated proof tactics"},
{"keyword": "automated proof techniques"},
{"keyword": "automated reasoning"},
{"keyword": "automated reasoning 52"},
{"keyword": "automated reasoning 66"},
{"keyword": "automated reasoning framework"},
{"keyword": "automated reasoning sch18"},
{"keyword": "automated reasoning tools"},
{"keyword": "automated tactic support"},
{"keyword": "automated theorem prover"},
{"keyword": "automated theorem proving"},
{"keyword": "automated-theorem-proving assistant"},
{"keyword": "automatic data refinement"},
{"keyword": "automatic differentiation"},
{"keyword": "automatic instantiation"},
{"keyword": "automatic methods"},
{"keyword": "automatic refinement framework"},
{"keyword": "automatic search"},
{"keyword": "automatic tactics"},
{"keyword": "automatic theorem prover"},
{"keyword": "automatically calculated"},
{"keyword": "automatically derive"},
{"keyword": "automatically derive restrictions"},
{"keyword": "automatically deriving instances"},
{"keyword": "automatically executed programs"},
{"keyword": "automatically extracted scala code"},
{"keyword": "automatically generate proofs"},
{"keyword": "automatically refines algorithms"},
{"keyword": "automatically transferable"},
{"keyword": "automation mechanisms"},
{"keyword": "automatize canonical tasks"},
{"keyword": "automotive-gateway system"},
{"keyword": "autonomous systems"},
{"keyword": "autonomous vehicle"},
{"keyword": "autonomous vehicle liable"},
{"keyword": "autonomous vehicle manufacturers"},
{"keyword": "autoref tool"},
{"keyword": "auxiliary labels"},
{"keyword": "auxiliary triangle inequality"},
{"keyword": "auxiliary type"},
{"keyword": "average case"},
{"keyword": "average number"},
{"keyword": "average-case cost"},
{"keyword": "avl trees"},
{"keyword": "avoid carrying"},
{"keyword": "avoid cascading linking"},
{"keyword": "avoid circular reasoning"},
{"keyword": "avoid correctness issues"},
{"keyword": "avoiding quantification"},
{"keyword": "awn models comprise"},
{"keyword": "axiom"},
{"keyword": "axiom class"},
{"keyword": "axiom system"},
{"keyword": "axiomatic characterization"},
{"keyword": "axiomatic constructor classes"},
{"keyword": "axiomatic definition"},
{"keyword": "axiomatic framework"},
{"keyword": "axiomatic network model"},
{"keyword": "axiomatic system"},
{"keyword": "axiomatic theory"},
{"keyword": "axiomatic type classes"},
{"keyword": "axiomatize term-for-variable substitution"},
{"keyword": "axioms constructed"},
{"keyword": "axioms proposed"},
{"keyword": "axioms set proposed"},
{"keyword": "axioms set suggested"},
{"keyword": "axioms systems"},
{"keyword": "b_n"},
{"keyword": "ba12 mordechai ben-ari"},
{"keyword": "babylonian method"},
{"keyword": "background theory"},
{"keyword": "background theory forall"},
{"keyword": "backward compatibility"},
{"keyword": "backward compatible"},
{"keyword": "backward simulations"},
{"keyword": "bad sequences"},
{"keyword": "balanced incomplete block designs"},
{"keyword": "balanced nature"},
{"keyword": "balog szemeredi gowers theorem"},
{"keyword": "banach space"},
{"keyword": "base set"},
{"keyword": "base vectors"},
{"keyword": "basic algebra leading"},
{"keyword": "basic algebraic properties"},
{"keyword": "basic axioms"},
{"keyword": "basic blocks"},
{"keyword": "basic category theory set"},
{"keyword": "basic classical properties"},
{"keyword": "basic concepts"},
{"keyword": "basic concepts cartesian products"},
{"keyword": "basic definitions"},
{"keyword": "basic elements"},
{"keyword": "basic facts"},
{"keyword": "basic features"},
{"keyword": "basic file operations"},
{"keyword": "basic formal framework"},
{"keyword": "basic forward analysis operations"},
{"keyword": "basic framework"},
{"keyword": "basic geometric facts"},
{"keyword": "basic geometric properties"},
{"keyword": "basic graph algorithms"},
{"keyword": "basic graph theory definitions"},
{"keyword": "basic hypergraph hierarchy"},
{"keyword": "basic identities"},
{"keyword": "basic laws"},
{"keyword": "basic linear algebra"},
{"keyword": "basic material"},
{"keyword": "basic modal logics"},
{"keyword": "basic model"},
{"keyword": "basic notions"},
{"keyword": "basic number-theoretic functions related"},
{"keyword": "basic part"},
{"keyword": "basic path manipulation rules"},
{"keyword": "basic properties"},
{"keyword": "basic properties ndash"},
{"keyword": "basic randomised social choice"},
{"keyword": "basic result"},
{"keyword": "basic setting"},
{"keyword": "basic superposition calculus"},
{"keyword": "basic theory"},
{"keyword": "basic toolbox"},
{"keyword": "basic topological facts"},
{"keyword": "basic ugraph definition"},
{"keyword": "basis executable code"},
{"keyword": "basis reduction"},
{"keyword": "basis reduction algorithm"},
{"keyword": "bayes theorem"},
{"keyword": "bayesian regression presented"},
{"keyword": "beautiful result"},
{"keyword": "behavior trace assertions"},
{"keyword": "behavior traces"},
{"keyword": "behavioral aspects"},
{"keyword": "behaviorally correct learning"},
{"keyword": "behaviour structure"},
{"keyword": "behaviours"},
{"keyword": "belief change"},
{"keyword": "bell numbers"},
{"keyword": "bell state"},
{"keyword": "ben-ari ba12"},
{"keyword": "benchmark problems"},
{"keyword": "benchmark scripts"},
{"keyword": "bendix orders"},
{"keyword": "berlekamp-zassenhaus algorithm"},
{"keyword": "bernays-tarski axiom system"},
{"keyword": "bernoulli numbers"},
{"keyword": "beta"},
{"keyword": "beta_0 beta"},
{"keyword": "beta_1"},
{"keyword": "beta_n"},
{"keyword": "beth hintikka style"},
{"keyword": "beth hintikka-style completeness proofs"},
{"keyword": "beukers"},
{"keyword": "bicolano operational semantics"},
{"keyword": "big step semantics"},
{"keyword": "biggest part"},
{"keyword": "bigvee phi"},
{"keyword": "bilinear dominance"},
{"keyword": "binary case"},
{"keyword": "binary code"},
{"keyword": "binary decision diagram"},
{"keyword": "binary decision trees"},
{"keyword": "binary masking"},
{"keyword": "binary multirelations associate elements"},
{"keyword": "binary multirelations form"},
{"keyword": "binary numeral system"},
{"keyword": "binary orthogonality"},
{"keyword": "binary relations"},
{"keyword": "binary search tree operations"},
{"keyword": "binary search trees"},
{"keyword": "binary temporal operators"},
{"keyword": "binary tree"},
{"keyword": "binary trees fredman"},
{"keyword": "binding sequences"},
{"keyword": "binding signature"},
{"keyword": "binding structure"},
{"keyword": "bindings-aware induction"},
{"keyword": "binomial heaps"},
{"keyword": "bipartite graph"},
{"keyword": "bird tree"},
{"keyword": "birkhoff theorem"},
{"keyword": "bisection square root"},
{"keyword": "bisimilarity coincides"},
{"keyword": "bisimulation equivalence"},
{"keyword": "bisimulation variants"},
{"keyword": "bit ibn qurra"},
{"keyword": "bit manipulations"},
{"keyword": "bit simpler"},
{"keyword": "bius transformations"},
{"keyword": "bkr algorithm"},
{"keyword": "black-box traces"},
{"keyword": "blackboard pattern"},
{"keyword": "blockchain pattern"},
{"keyword": "bner bases"},
{"keyword": "bnf case"},
{"keyword": "bnf support"},
{"keyword": "bnf-based datatype package"},
{"keyword": "bnfcc structure"},
{"keyword": "bnfcc theory"},
{"keyword": "bnfccs preserve quotients"},
{"keyword": "bohua zhan"},
{"keyword": "book"},
{"keyword": "book additive number theory"},
{"keyword": "book concrete semantics"},
{"keyword": "book consistency"},
{"keyword": "book dense sphere packings"},
{"keyword": "book first-order logic"},
{"keyword": "book graph theory"},
{"keyword": "book linear algebra"},
{"keyword": "book markov decision processes"},
{"keyword": "book proof theory"},
{"keyword": "boolean algebra"},
{"keyword": "boolean algebra type"},
{"keyword": "boolean algebras extended"},
{"keyword": "boolean algebras generalise"},
{"keyword": "boolean connectives"},
{"keyword": "boolean expressions"},
{"keyword": "boolean functions"},
{"keyword": "boolean matrices"},
{"keyword": "boolos curious inference"},
{"keyword": "boolos gave"},
{"keyword": "bor vka"},
{"keyword": "borel-measurable random variables"},
{"keyword": "borrow terminology"},
{"keyword": "bound dependent"},
{"keyword": "bound depends"},
{"keyword": "bound occurrences"},
{"keyword": "bound variables"},
{"keyword": "bounded basic pseudo-hoops"},
{"keyword": "bounded linear functions"},
{"keyword": "bounded model checking"},
{"keyword": "bounded natural functors"},
{"keyword": "bounded number"},
{"keyword": "bounded operators"},
{"keyword": "bounded wajsberg pseudo-hoops"},
{"keyword": "bounded-deducibility security"},
{"keyword": "bounded-length strings"},
{"keyword": "bounds due"},
{"keyword": "bracket polynomial"},
{"keyword": "branches guarded"},
{"keyword": "braun trees"},
{"keyword": "breeders"},
{"keyword": "brian huffman"},
{"keyword": "british imperial system"},
{"keyword": "bst"},
{"keyword": "budan fourier theorem"},
{"keyword": "building"},
{"keyword": "building correct programs working"},
{"keyword": "building high-performance multiprocessor software"},
{"keyword": "butterfly scheme"},
{"keyword": "byte code"},
{"keyword": "byte-level little-endian memory model"},
{"keyword": "bytecode logic"},
{"keyword": "byzantine clock synchronization"},
{"keyword": "byzantine fault-tolerant clock synchronization"},
{"keyword": "c11 syntax deeply integrated"},
{"keyword": "cade 28 paper"},
{"keyword": "cade-27 paper"},
{"keyword": "cakeml abstract syntax trees"},
{"keyword": "calculate sign variations"},
{"keyword": "calculating cauchy indices"},
{"keyword": "calculating operators"},
{"keyword": "calculus exhaustively"},
{"keyword": "calculus immediately implies"},
{"keyword": "calculus ls_ pasl"},
{"keyword": "call arity"},
{"keyword": "call arity analysis"},
{"keyword": "call merkle functors"},
{"keyword": "call path authorization"},
{"keyword": "call return"},
{"keyword": "call risk-free loans"},
{"keyword": "call root-balanced trees"},
{"keyword": "call- return behavior"},
{"keyword": "call-by-"},
{"keyword": "called check monad"},
{"keyword": "called complete sets"},
{"keyword": "called concurrent transition systems"},
{"keyword": "called galois fields"},
{"keyword": "called hol-csp 1"},
{"keyword": "called learnable"},
{"keyword": "called llist_topology"},
{"keyword": "called multi-level syllogistic"},
{"keyword": "called object constraint language"},
{"keyword": "called residuation"},
{"keyword": "called se_step"},
{"keyword": "called separating implication"},
{"keyword": "called substitutive sets"},
{"keyword": "cambridge lecture notes topics"},
{"keyword": "cambridge university press"},
{"keyword": "cambridge university press 2001"},
{"keyword": "cancellative separation algebra"},
{"keyword": "canonical isomorphism"},
{"keyword": "canonical matrix analogue"},
{"keyword": "canonical matrix form"},
{"keyword": "canonical set-theoretic constructions internalized"},
{"keyword": "canonical unification instances"},
{"keyword": "canton protocol"},
{"keyword": "cantor normal form"},
{"keyword": "cantor pairing function"},
{"keyword": "capture laws"},
{"keyword": "carath odory"},
{"keyword": "cardinal library"},
{"keyword": "cardinality"},
{"keyword": "cardinality facts relevant"},
{"keyword": "cardinality formula assuming"},
{"keyword": "cardinality formulae"},
{"keyword": "cardinality operation counts"},
{"keyword": "cardinality proofs"},
{"keyword": "careful presentation"},
{"keyword": "carefully crafted"},
{"keyword": "carmichael numbers"},
{"keyword": "carrier set"},
{"keyword": "cartesian categories"},
{"keyword": "cartesian category"},
{"keyword": "cartesian closed"},
{"keyword": "cartesian closed categories"},
{"keyword": "cartesian monoidal categories"},
{"keyword": "cartesian monoidal category"},
{"keyword": "cartesian powers"},
{"keyword": "cartesian product"},
{"keyword": "case"},
{"keyword": "case combinators"},
{"keyword": "case distinction"},
{"keyword": "case statements"},
{"keyword": "case studies"},
{"keyword": "case study"},
{"keyword": "case study revealed"},
{"keyword": "catalan numbers"},
{"keyword": "categorical predicate transformers implement"},
{"keyword": "categories based"},
{"keyword": "category"},
{"keyword": "category equipped"},
{"keyword": "category theory"},
{"keyword": "category theory written"},
{"keyword": "cauchy completion"},
{"keyword": "cauchy davenport theorem"},
{"keyword": "cauchy index"},
{"keyword": "cauchy sequence"},
{"keyword": "cava automata library"},
{"keyword": "cava model checker"},
{"keyword": "cayley-hamilton afp entries"},
{"keyword": "cayley-hamilton theorem based"},
{"keyword": "cc studies system classes"},
{"keyword": "celebrated theorem"},
{"keyword": "central meta theorem"},
{"keyword": "central requirements"},
{"keyword": "central result"},
{"keyword": "central security property"},
{"keyword": "certificate language"},
{"keyword": "certified complex root isolation"},
{"keyword": "certified declarative first-order prover"},
{"keyword": "certified dictionary translation"},
{"keyword": "certified factorization algorithm"},
{"keyword": "certified programs"},
{"keyword": "certify size-change termination proofs"},
{"keyword": "certify termination proofs"},
{"keyword": "certifying primes"},
{"keyword": "ceta system"},
{"keyword": "ch research verifythis"},
{"keyword": "chagu rand"},
{"keyword": "chamber complexes"},
{"keyword": "chandy--lamport algorithm"},
{"keyword": "change history"},
{"keyword": "channel protocols"},
{"keyword": "channel protocols communicating"},
{"keyword": "chapman formula"},
{"keyword": "chapters 7-9"},
{"keyword": "characteristic polynomials"},
{"keyword": "characterization theorem"},
{"keyword": "charly gries"},
{"keyword": "check"},
{"keyword": "check high-level security goals"},
{"keyword": "checkers operate"},
{"keyword": "checking c1-information"},
{"keyword": "checks strong security"},
{"keyword": "chelsea edmonds"},
{"keyword": "cheri hardware"},
{"keyword": "chi automata"},
{"keyword": "chinese remainder theorem"},
{"keyword": "chip authentication mapping"},
{"keyword": "choices"},
{"keyword": "chomsky normal form"},
{"keyword": "chords intersect"},
{"keyword": "chosen abstractions"},
{"keyword": "chosen memory model"},
{"keyword": "chosen plaintext"},
{"keyword": "chosen uniformly"},
{"keyword": "christian urban"},
{"keyword": "christoph benzm uuml"},
{"keyword": "chromatic number exist"},
{"keyword": "chsh inequality"},
{"keyword": "church-encoded representation"},
{"keyword": "church-style simply-typed"},
{"keyword": "cidr notation"},
{"keyword": "ciphertext attacks"},
{"keyword": "circus environment supports"},
{"keyword": "circus language"},
{"keyword": "circus processes"},
{"keyword": "cite swan"},
{"keyword": "cl73 chin-liang chang"},
{"keyword": "class hierarchies"},
{"keyword": "class models"},
{"keyword": "class type constructors"},
{"keyword": "class-collection-based rts algorithms run"},
{"keyword": "class-free constants"},
{"keyword": "class-preserving learning"},
{"keyword": "classes simply"},
{"keyword": "classic dynamic programming algorithm"},
{"keyword": "classic non-randomised quicksort"},
{"keyword": "classic notion"},
{"keyword": "classic proof"},
{"keyword": "classic quantifier elimination"},
{"keyword": "classic unsolved problems"},
{"keyword": "classical ai planning"},
{"keyword": "classical algorithms"},
{"keyword": "classical bases"},
{"keyword": "classical church-rosser theorem"},
{"keyword": "classical definition"},
{"keyword": "classical dpll procedure"},
{"keyword": "classical extensional mereology"},
{"keyword": "classical geometric definitions"},
{"keyword": "classical higher-order logic"},
{"keyword": "classical hoare"},
{"keyword": "classical implicational logic"},
{"keyword": "classical logic"},
{"keyword": "classical noninterference security"},
{"keyword": "classical propositional logic"},
{"keyword": "classical registers"},
{"keyword": "classical statements"},
{"keyword": "classical theorem"},
{"keyword": "classical theorem stating"},
{"keyword": "classical two-sided matching scenarios"},
{"keyword": "classifies topological spaces"},
{"keyword": "clausal consequences"},
{"keyword": "clausal form"},
{"keyword": "clause loop"},
{"keyword": "clause procedures"},
{"keyword": "clause procedures gc"},
{"keyword": "clause sets"},
{"keyword": "clean development"},
{"keyword": "clean offers conditionals"},
{"keyword": "clear formalisation"},
{"keyword": "client-side javascript programs"},
{"keyword": "client-side web applications"},
{"keyword": "clock synchronization"},
{"keyword": "clock synchronization algorithm"},
{"keyword": "close connection"},
{"keyword": "closed finite games"},
{"keyword": "closed formulas"},
{"keyword": "closed set"},
{"keyword": "closed starting"},
{"keyword": "closed-form formulae"},
{"keyword": "closely follow"},
{"keyword": "closely related"},
{"keyword": "closest vector problem"},
{"keyword": "closure properties"},
{"keyword": "closure property"},
{"keyword": "cnf based sat algorithms"},
{"keyword": "cnf formulae"},
{"keyword": "co-closure operators"},
{"keyword": "co-inductive lists"},
{"keyword": "coalgebraic decision procedure"},
{"keyword": "coalgebraic literature"},
{"keyword": "coarse-grained concurrency"},
{"keyword": "coarse-grained semantics"},
{"keyword": "code"},
{"keyword": "code accessing"},
{"keyword": "code based extractors"},
{"keyword": "code compilation"},
{"keyword": "code equation"},
{"keyword": "code generation"},
{"keyword": "code generation facility"},
{"keyword": "code generation feature"},
{"keyword": "code generation setup"},
{"keyword": "code generation support"},
{"keyword": "code generator"},
{"keyword": "code generator maps"},
{"keyword": "code generator performs"},
{"keyword": "code generator setup"},
{"keyword": "code output level"},
{"keyword": "code rate"},
{"keyword": "codomain nat option"},
{"keyword": "coefficient functions"},
{"keyword": "coefficients modulo"},
{"keyword": "coercion ord_of_nat"},
{"keyword": "cofinitary group"},
{"keyword": "cohen posets"},
{"keyword": "coherence theorem"},
{"keyword": "coinductive entry"},
{"keyword": "coinductive formalisations"},
{"keyword": "coinductive lists"},
{"keyword": "coinductive natural numbers"},
{"keyword": "coinductive terminated lists"},
{"keyword": "collaborative text editing"},
{"keyword": "collapse theorems"},
{"keyword": "collect information"},
{"keyword": "collecting semantics"},
{"keyword": "collection datastructures"},
{"keyword": "collection framework"},
{"keyword": "collection offer functionality"},
{"keyword": "collection semantics"},
{"keyword": "collections framework"},
{"keyword": "collectively referred"},
{"keyword": "colon-separated notation"},
{"keyword": "column space"},
{"keyword": "combinable iff"},
{"keyword": "combinable wand"},
{"keyword": "combinatorial argument"},
{"keyword": "combinatorial auction"},
{"keyword": "combinatorial design theory"},
{"keyword": "combinatorial design theory library"},
{"keyword": "combinatorial map"},
{"keyword": "combinatorial objects"},
{"keyword": "combinatorial optimisation"},
{"keyword": "combinatorial proof"},
{"keyword": "combinatorial proof requires construction"},
{"keyword": "combinatorial structures"},
{"keyword": "combinatorics"},
{"keyword": "combinatory logic"},
{"keyword": "combine classical reasoning"},
{"keyword": "combine multiple methods"},
{"keyword": "combine stepwise refinement"},
{"keyword": "combined factorization algorithm"},
{"keyword": "combined result"},
{"keyword": "command"},
{"keyword": "command mk_ide"},
{"keyword": "command mk_ide enables"},
{"keyword": "commitment schemes"},
{"keyword": "committee members"},
{"keyword": "common automata library"},
{"keyword": "common base clock"},
{"keyword": "common combinatorial objects"},
{"keyword": "common criteria full abstraction"},
{"keyword": "common factors"},
{"keyword": "common format"},
{"keyword": "common ground"},
{"keyword": "common identities"},
{"keyword": "common language features"},
{"keyword": "common set"},
{"keyword": "common special case"},
{"keyword": "common theme"},
{"keyword": "common-sense theory"},
{"keyword": "communicating concurrent kleene algebra"},
{"keyword": "communicating products"},
{"keyword": "communicating sequential processes"},
{"keyword": "communicating sequential processes requires"},
{"keyword": "communication channels"},
{"keyword": "commutative replicated data types"},
{"keyword": "commutative ring"},
{"keyword": "commuting conversion rule"},
{"keyword": "commuting observables"},
{"keyword": "compact intervals"},
{"keyword": "companion paper"},
{"keyword": "comparatively small subset"},
{"keyword": "compare complements"},
{"keyword": "compare encodability criteria"},
{"keyword": "compare process calculi"},
{"keyword": "comparing encodability criteria"},
{"keyword": "comparing relations"},
{"keyword": "comparison oracle"},
{"keyword": "comparison-based sorting algorithm"},
{"keyword": "comparisons performed"},
{"keyword": "compatible formalization"},
{"keyword": "compcertssa project"},
{"keyword": "competitive analysis"},
{"keyword": "compilation function"},
{"keyword": "compilation target"},
{"keyword": "compiled code"},
{"keyword": "compiled code execution"},
{"keyword": "compiled tactic code"},
{"keyword": "compiler composition"},
{"keyword": "compiler correctness"},
{"keyword": "compiler correctness proof"},
{"keyword": "compiler correctness proof shorter"},
{"keyword": "compiler optimization"},
{"keyword": "compiler rewrite rules"},
{"keyword": "compiler technology"},
{"keyword": "complement automaton"},
{"keyword": "complementary error function erfc"},
{"keyword": "complementary semigroups"},
{"keyword": "complementing previous encodings"},
{"keyword": "complete"},
{"keyword": "complete basis"},
{"keyword": "complete formal development"},
{"keyword": "complete formalisation"},
{"keyword": "complete formalization"},
{"keyword": "complete graphs"},
{"keyword": "complete independence bounds"},
{"keyword": "complete ipv4"},
{"keyword": "complete lattices"},
{"keyword": "complete multiple-conclusion calculus"},
{"keyword": "complete multivariate qe algorithm"},
{"keyword": "complete networks"},
{"keyword": "complete parse forest"},
{"keyword": "complete proof method"},
{"keyword": "complete semantic tableau calculus"},
{"keyword": "complete semantics"},
{"keyword": "complete tableau calculus"},
{"keyword": "complete test generation algorithms"},
{"keyword": "completed versions"},
{"keyword": "completely factorize real"},
{"keyword": "completely remove tedious proofs"},
{"keyword": "completely subsumes"},
{"keyword": "completely verified"},
{"keyword": "completely verified model checker"},
{"keyword": "completeness"},
{"keyword": "completeness conditions"},
{"keyword": "completeness proof"},
{"keyword": "completeness proof builds"},
{"keyword": "completeness proofs naturally suggest"},
{"keyword": "completeness result"},
{"keyword": "completeness theorems"},
{"keyword": "completeness threshold"},
{"keyword": "complex"},
{"keyword": "complex algebraic numbers"},
{"keyword": "complex analysis"},
{"keyword": "complex arguments"},
{"keyword": "complex case"},
{"keyword": "complex construction"},
{"keyword": "complex data structure"},
{"keyword": "complex library"},
{"keyword": "complex mathematical reasoning"},
{"keyword": "complex numbers"},
{"keyword": "complex plane"},
{"keyword": "complex plane extended"},
{"keyword": "complex polynomials"},
{"keyword": "complex predicates"},
{"keyword": "complex random system"},
{"keyword": "complex roots"},
{"keyword": "complex systems involves"},
{"keyword": "complex unknowns x1"},
{"keyword": "complex vector spaces"},
{"keyword": "complexity analysis"},
{"keyword": "complexity classes mathcal"},
{"keyword": "complexity low"},
{"keyword": "complexity proof certificates"},
{"keyword": "complicated derivatives"},
{"keyword": "complicated proofs"},
{"keyword": "complicated solution"},
{"keyword": "complicated translation layer"},
{"keyword": "complx language"},
{"keyword": "component behavior"},
{"keyword": "component-based development approach"},
{"keyword": "composable security statements"},
{"keyword": "composed protocol"},
{"keyword": "composite assertions"},
{"keyword": "composite objects"},
{"keyword": "composition properties wrt"},
{"keyword": "composition series"},
{"keyword": "compositional algorithm"},
{"keyword": "compositional algorithm exploits acyclicity"},
{"keyword": "compositional analysis"},
{"keyword": "compositional analysis methods"},
{"keyword": "compositional approach"},
{"keyword": "compositional invariant proofs"},
{"keyword": "compositional noninterference"},
{"keyword": "compositional statement"},
{"keyword": "compositional theory"},
{"keyword": "compositionality proofs"},
{"keyword": "compositionality results"},
{"keyword": "compositionally reasoning"},
{"keyword": "comprehension principle"},
{"keyword": "comprehensive framework"},
{"keyword": "computably enumerable sets"},
{"keyword": "computation based"},
{"keyword": "computation models"},
{"keyword": "computation traces"},
{"keyword": "computational geometry"},
{"keyword": "computational metaphysics"},
{"keyword": "computational methods"},
{"keyword": "computational modeling"},
{"keyword": "computational models complicates comparisons"},
{"keyword": "compute arbitrary primitive recursive"},
{"keyword": "compute asymptotic expansions"},
{"keyword": "compute fair prices"},
{"keyword": "compute roots"},
{"keyword": "compute short vectors"},
{"keyword": "computer algebra system maple"},
{"keyword": "computer programs"},
{"keyword": "computer science"},
{"keyword": "computer-assisted interpretive method"},
{"keyword": "computerized implementation"},
{"keyword": "computes density functions"},
{"keyword": "computing bernoulli numbers"},
{"keyword": "computing dominators"},
{"keyword": "computing dominators due"},
{"keyword": "computing enclosures"},
{"keyword": "computing gr bner bases"},
{"keyword": "computing optimal stable matches"},
{"keyword": "computing saturated sets"},
+{"keyword": "computing weak similarity"},
{"keyword": "comte de buffon posed"},
{"keyword": "concepts due"},
{"keyword": "concern geometry"},
{"keyword": "concerns infinite sets"},
{"keyword": "concise proof"},
{"keyword": "conclude wrong results"},
{"keyword": "concrete algorithms implementations"},
{"keyword": "concrete applicative functor"},
{"keyword": "concrete data structures"},
{"keyword": "concrete file represented"},
{"keyword": "concrete function"},
{"keyword": "concrete functors"},
{"keyword": "concrete input"},
{"keyword": "concrete laplace transforms"},
{"keyword": "concrete logics satisfying"},
{"keyword": "concrete lower bound"},
{"keyword": "concrete manifolds"},
{"keyword": "concrete mathematics"},
{"keyword": "concrete monad"},
{"keyword": "concrete program satisfies"},
{"keyword": "concrete programming language"},
{"keyword": "concrete protocols variants"},
{"keyword": "concrete prototypes"},
{"keyword": "concrete reachable states"},
{"keyword": "concrete representation"},
{"keyword": "concrete result"},
{"keyword": "concrete sigma-protocols"},
{"keyword": "concrete syntax"},
{"keyword": "concrete system"},
{"keyword": "concrete version"},
{"keyword": "concurrency control model"},
{"keyword": "concurrency primitives"},
{"keyword": "concurrency reasoning framework"},
{"keyword": "concurrent behaviour"},
{"keyword": "concurrent choice"},
{"keyword": "concurrent composition"},
{"keyword": "concurrent constraint pi-calculus"},
{"keyword": "concurrent dynamic logics"},
{"keyword": "concurrent kleene algebra"},
{"keyword": "concurrent operations"},
{"keyword": "concurrent programming"},
{"keyword": "concurrent programs"},
{"keyword": "concurrent programs attempt"},
{"keyword": "concurrent reads"},
{"keyword": "concurrent refinement algebra"},
{"keyword": "concurrent revisions"},
{"keyword": "concurrent revisions model"},
{"keyword": "concurrent sub-models"},
{"keyword": "concurrent systems"},
{"keyword": "concurrent value-dependent noninterference"},
{"keyword": "conditional equality operators"},
{"keyword": "conditional expectation"},
{"keyword": "conditional expressions"},
{"keyword": "conditional probability"},
{"keyword": "conditional transfer rules"},
{"keyword": "conditions"},
{"keyword": "conduct machine checkable proofs"},
{"keyword": "conducting completely formal proofs"},
{"keyword": "cone text arg"},
{"keyword": "conference certified programs"},
{"keyword": "conference interactive theorem proving"},
{"keyword": "confidential events"},
{"keyword": "confidentiality guarantees"},
{"keyword": "confidentiality properties"},
{"keyword": "confidentiality properties refer"},
{"keyword": "confidentiality verification"},
{"keyword": "configuration trace"},
{"keyword": "conflict-free replicated data types"},
{"keyword": "conflict-free replicated datatype"},
+{"keyword": "conformance relations"},
+{"keyword": "conformance testing"},
{"keyword": "congruence theorems"},
{"keyword": "conjectured relation"},
{"keyword": "conjunctive normal form"},
{"keyword": "connected open set"},
{"keyword": "connecting algebraic varieties"},
{"keyword": "cons"},
{"keyword": "consensus algorithms"},
{"keyword": "consensus problem"},
{"keyword": "considerably shorter"},
{"keyword": "consideration admits"},
{"keyword": "consistency problem"},
{"keyword": "consistent fol theories extending"},
{"keyword": "consistent learning"},
{"keyword": "consistent set"},
{"keyword": "consistent sign assignments"},
{"keyword": "consistently derivable"},
{"keyword": "constant functions"},
{"keyword": "constant intersect designs"},
{"keyword": "constant predicates stated"},
{"keyword": "constant time"},
{"keyword": "constant time findmin"},
{"keyword": "constant time queue"},
{"keyword": "constant upper bound"},
{"keyword": "constant-time findmin"},
{"keyword": "constraint-system-based program analysis"},
{"keyword": "construct complicated trees"},
{"keyword": "construct proper generic extensions"},
{"keyword": "construct real exponents"},
{"keyword": "constructing correct programs"},
{"keyword": "constructing sturm sequences efficiently"},
{"keyword": "construction theorem"},
{"keyword": "constructions based"},
{"keyword": "constructive cryptography"},
{"keyword": "constructive cryptography proofs"},
{"keyword": "constructive points"},
{"keyword": "constructive proof"},
{"keyword": "constructor applications"},
{"keyword": "constructor calls occuring"},
{"keyword": "contact gerwin"},
{"keyword": "container framework"},
{"keyword": "context relation"},
{"keyword": "context-free grammar"},
{"keyword": "context-free languages"},
{"keyword": "contextual equivalence"},
{"keyword": "contiguous segments"},
{"keyword": "continuation semantics"},
{"keyword": "continued fraction expansions"},
{"keyword": "continuous functions"},
{"keyword": "continuous lattices"},
{"keyword": "continuous linear operators"},
{"keyword": "continuum hypothesis"},
{"keyword": "contraction factors"},
{"keyword": "contradicts consensus"},
{"keyword": "contradicts validity"},
{"keyword": "contribution presents"},
{"keyword": "contribution reuses"},
{"keyword": "control dependencies"},
{"keyword": "control flow"},
{"keyword": "control flow graph"},
{"keyword": "control operators"},
{"keyword": "control-flow graphs"},
{"keyword": "control-flow operators"},
{"keyword": "controlled manner"},
{"keyword": "controller constraints"},
{"keyword": "convenient commands"},
{"keyword": "conventional definitions"},
{"keyword": "conventional single-clocking semantics"},
{"keyword": "convergence function"},
{"keyword": "convergence function applied"},
{"keyword": "convergence rate"},
{"keyword": "conversion functions"},
{"keyword": "conversion version"},
{"keyword": "convert ltl formulas"},
{"keyword": "convert natural number"},
{"keyword": "convert regular expressions"},
{"keyword": "convex polyhedron satisfied"},
{"keyword": "convex polytopes"},
{"keyword": "convolution theorem thereon"},
{"keyword": "conway semirings extended"},
{"keyword": "cook-levin theorem states"},
{"keyword": "coordination"},
{"keyword": "coprime polynomials"},
{"keyword": "coq proof assistant"},
{"keyword": "core dom"},
{"keyword": "core notion"},
{"keyword": "core operations"},
{"keyword": "core part"},
{"keyword": "core theorems"},
{"keyword": "coreutils sha256 implementation"},
{"keyword": "correct 2-3 finger trees"},
{"keyword": "correct binomial heaps"},
{"keyword": "correct construction"},
{"keyword": "correct optimized versions"},
{"keyword": "correct verification tools"},
{"keyword": "correctness"},
{"keyword": "correctness claims"},
{"keyword": "correctness proof"},
{"keyword": "correctness properties"},
{"keyword": "correctness property"},
{"keyword": "correctness theorems"},
{"keyword": "correspondence theorem"},
{"keyword": "cosmed social media platform"},
{"keyword": "cotangent spaces"},
{"keyword": "counit natural transformations"},
{"keyword": "count distinct real roots"},
{"keyword": "count real roots"},
{"keyword": "countable chain condition"},
+{"keyword": "countable discrete space"},
{"keyword": "countable networks"},
{"keyword": "countable ordinals"},
{"keyword": "countable transitive model"},
{"keyword": "countably infinite number"},
{"keyword": "counter-free automata"},
{"keyword": "counting functions"},
{"keyword": "counting partial equivalence relations"},
{"keyword": "counting sort"},
{"keyword": "counting sort making"},
{"keyword": "counts distinct real roots"},
{"keyword": "counts roots"},
{"keyword": "couple small"},
+{"keyword": "coupled delay simulations"},
+{"keyword": "coupled similarity"},
+{"keyword": "coupled simulation"},
+{"keyword": "coupled simulation preorder"},
{"keyword": "coupled simulation versus bisimulation"},
{"keyword": "cover monotonic security invariants"},
{"keyword": "cover quantitative"},
{"keyword": "cover records"},
{"keyword": "covering directed"},
{"keyword": "covers algebraic reasoning"},
{"keyword": "cpp-2015 paper"},
{"keyword": "cpp-2015 peter lammich"},
{"keyword": "create executable scala code"},
{"keyword": "creating custom induction"},
{"keyword": "crowds protocol"},
{"keyword": "crowning achievements"},
{"keyword": "crucial ingredient"},
{"keyword": "crypthol library crypthol"},
{"keyword": "cryptographic constructions"},
{"keyword": "cryptographic hash-function ripemd-160"},
{"keyword": "cryptographic operators"},
{"keyword": "cryptographic scheme crystals-kyber"},
{"keyword": "cryptographic validation fields"},
{"keyword": "cryptographically secure proof"},
{"keyword": "cryptography proof formalizations"},
{"keyword": "crytographic standards"},
{"keyword": "csp noninterference security"},
{"keyword": "csp noninterference security stated"},
{"keyword": "cubic equations"},
{"keyword": "cubic space"},
{"keyword": "current compression formats"},
{"keyword": "current element"},
{"keyword": "current formalization"},
{"keyword": "current monolithic protocols"},
{"keyword": "current state"},
{"keyword": "current symbolic state"},
{"keyword": "current version"},
{"keyword": "curve operations"},
{"keyword": "curves fips 198-1 nist"},
{"keyword": "custom hintikka sets based"},
{"keyword": "custom induction rules"},
{"keyword": "custom theorem proving environment"},
{"keyword": "custom-written ml code"},
{"keyword": "cut admissibility"},
{"keyword": "cute puzzles"},
{"keyword": "cutting truncating sets"},
{"keyword": "cycle matroid"},
{"keyword": "cyclic groups"},
{"keyword": "cyk decides"},
{"keyword": "dana scott"},
{"keyword": "daniel schoepe"},
{"keyword": "data complexity"},
{"keyword": "data dependencies"},
{"keyword": "data flow analyser"},
{"keyword": "data plane"},
{"keyword": "data plane protocols"},
{"keyword": "data refinement"},
{"keyword": "data refinement framework"},
{"keyword": "data refinement relations"},
{"keyword": "data refinement techniques"},
{"keyword": "data secrecy"},
{"keyword": "data spaces"},
{"keyword": "data state manipulations"},
{"keyword": "data stream"},
{"keyword": "data structure"},
{"keyword": "data structures depending"},
{"keyword": "data structures required"},
{"keyword": "data transmission"},
{"keyword": "data type"},
{"keyword": "data-dependent execution time"},
{"keyword": "data-refinement techniques"},
{"keyword": "data-type declarations"},
{"keyword": "database community"},
{"keyword": "dataflow paradigm"},
{"keyword": "datatype package"},
{"keyword": "datatypes generated"},
{"keyword": "datatypes similar"},
{"keyword": "dbm-based forward analysis"},
{"keyword": "de bruijn index-based syntax"},
{"keyword": "de bruijn indices"},
{"keyword": "de-bruijn terms"},
{"keyword": "debited loans cancel"},
{"keyword": "debugging purposes"},
{"keyword": "decidability result"},
{"keyword": "decides language emptiness"},
+{"keyword": "deciding coupled similarity"},
{"keyword": "deciding relative safety"},
{"keyword": "decision"},
{"keyword": "decision problem"},
{"keyword": "decision problem clique"},
{"keyword": "decision problem mathtt sat"},
{"keyword": "decision procedure"},
{"keyword": "decision procedure due"},
{"keyword": "decision procedure toolkit"},
{"keyword": "decision type"},
{"keyword": "declarative database query language"},
{"keyword": "declarative first-order prover"},
{"keyword": "declaring nominal datatypes"},
{"keyword": "declassification bounds"},
{"keyword": "decrease efficiency"},
{"keyword": "decreasing diagrams"},
{"keyword": "decreasing diagrams showing"},
{"keyword": "dedekind cuts"},
{"keyword": "dedekind quantale"},
{"keyword": "dedekind-peano postulates"},
{"keyword": "dedicated encoding"},
{"keyword": "dedicated vertices"},
{"keyword": "deductive program verification"},
{"keyword": "deductive system"},
{"keyword": "deductive tools"},
{"keyword": "deep embedding approach"},
{"keyword": "deep learning"},
{"keyword": "deeply embedded target programs"},
{"keyword": "deeply integrated"},
{"keyword": "default instantiation"},
{"keyword": "default setup"},
{"keyword": "defensive jinja virtual machine"},
{"keyword": "defensive strategies"},
{"keyword": "defensive strategies exist"},
{"keyword": "definedness condition"},
{"keyword": "defining execution equivalent markings"},
{"keyword": "defining functions"},
{"keyword": "defining functors"},
{"keyword": "defining variants"},
{"keyword": "defining web components"},
{"keyword": "definite descriptions"},
{"keyword": "definite initialisation analysis"},
{"keyword": "definition remarkably simple"},
{"keyword": "definitional embedding"},
{"keyword": "deg"},
{"keyword": "degenerate deterministic case"},
{"keyword": "degree bounds"},
{"keyword": "del"},
{"keyword": "del numbers"},
{"keyword": "deletion condition"},
{"keyword": "deletion preserve weight-balance"},
{"keyword": "deliberately formulated"},
{"keyword": "deliberately restrict"},
{"keyword": "deliverable d31"},
{"keyword": "delta gamma holds"},
{"keyword": "delta phi"},
{"keyword": "delta system lemma sessions"},
{"keyword": "demonic refinement algebra"},
{"keyword": "demonstrator semantic backend"},
{"keyword": "denies access"},
{"keyword": "denotational semantics"},
{"keyword": "dense linear orders"},
{"keyword": "density matrices"},
{"keyword": "density matrix"},
{"keyword": "dependency graph approximations"},
{"keyword": "dependency graphs"},
{"keyword": "dependent choices"},
{"keyword": "dependent security type system"},
{"keyword": "dependent types"},
{"keyword": "deque implementation"},
{"keyword": "derangements formula describes"},
{"keyword": "derive"},
{"keyword": "derive class instances"},
{"keyword": "derive comparators"},
{"keyword": "derive mertens"},
{"keyword": "derive notions"},
{"keyword": "derive powerful induction rules"},
{"keyword": "derive proof rules"},
{"keyword": "derive proofs"},
{"keyword": "derived proof rules"},
{"keyword": "derives equality theorems"},
{"keyword": "derives main theorems"},
{"keyword": "deriving approximative safety properties"},
{"keyword": "deriving asymptotic estimates"},
{"keyword": "descartes rule"},
{"keyword": "descartes test based"},
{"keyword": "descartes test returns 0"},
{"keyword": "describe formalization"},
{"keyword": "design choices underlying"},
{"keyword": "design existence"},
{"keyword": "design isomorphisms"},
{"keyword": "design pattern"},
{"keyword": "designated root vertex"},
{"keyword": "designs"},
{"keyword": "desired interval"},
{"keyword": "desired precision"},
{"keyword": "desired subgraph"},
{"keyword": "destination ip space"},
{"keyword": "detailed apply scripts"},
{"keyword": "detailed calculations"},
{"keyword": "detailed description"},
{"keyword": "detailed presentation"},
{"keyword": "detailed proof steps"},
{"keyword": "detailed systematic study"},
{"keyword": "detecting rectangle intersection"},
{"keyword": "detects unsatisfiability"},
{"keyword": "deterministic list update algorithms"},
{"keyword": "deterministic minsky machine"},
{"keyword": "deterministic monad"},
{"keyword": "deterministic multi-tape turing machines"},
{"keyword": "deterministic processes"},
{"keyword": "deterministic state machine"},
{"keyword": "determinization procedure"},
{"keyword": "deutsch-schorr-waite graph marking algorithm"},
{"keyword": "developing aspects"},
{"keyword": "developing methods"},
{"keyword": "developing security protocols"},
{"keyword": "development accompanies"},
{"keyword": "development concludes"},
{"keyword": "development employs"},
{"keyword": "development establishes"},
{"keyword": "development forms"},
{"keyword": "development longer"},
{"keyword": "development relies"},
{"keyword": "devise notions"},
{"keyword": "devising correct speculative algorithms"},
{"keyword": "dfs algorithm"},
{"keyword": "dfs-based algorithms"},
{"keyword": "diagonal functors"},
{"keyword": "diagonal-free timed automata"},
{"keyword": "diagrammatic modeling language"},
{"keyword": "diagrammatic proof system"},
{"keyword": "diatonic sequence"},
{"keyword": "dictionary translation"},
{"keyword": "difference bound matrices"},
{"keyword": "difference sets"},
{"keyword": "difference vector"},
{"keyword": "differentiability"},
{"keyword": "differential dynamic logic"},
{"keyword": "differential dynamics logic"},
{"keyword": "differential game logic"},
{"keyword": "differential_dynamic_logic article"},
{"keyword": "differs slightly"},
{"keyword": "difficult"},
{"keyword": "difficulty arises"},
{"keyword": "diffie-hellman password-based authentication protocol"},
{"keyword": "digit expansions"},
{"keyword": "digit expansions builds"},
{"keyword": "digit shifts"},
{"keyword": "dijkstra"},
{"keyword": "dining philosopher problem"},
{"keyword": "diophantine approximations"},
{"keyword": "diophantine sets"},
{"keyword": "direct adaptation"},
{"keyword": "direct adequacy proof"},
{"keyword": "direct application"},
{"keyword": "direct arguments"},
{"keyword": "direct consequence"},
{"keyword": "direct corollaries"},
{"keyword": "direct execution"},
{"keyword": "direct formalisation"},
{"keyword": "direct mathematical model"},
{"keyword": "direct product"},
{"keyword": "direct recursion"},
{"keyword": "direct semantics"},
{"keyword": "direct subsumption"},
{"keyword": "direct subsumption relation"},
{"keyword": "directed graph"},
{"keyword": "directed graph library"},
{"keyword": "directed security policies"},
{"keyword": "directed set"},
{"keyword": "directly derive executable"},
{"keyword": "directly executable program"},
{"keyword": "directly follow"},
{"keyword": "directly implementable"},
{"keyword": "directly implies"},
{"keyword": "directly inspired"},
{"keyword": "directly relating agents"},
{"keyword": "dirichlet"},
{"keyword": "dirichlet characters"},
{"keyword": "dirichlet l-functions"},
{"keyword": "dirichlet products"},
{"keyword": "dirichlet series"},
{"keyword": "dirk pfl ger"},
{"keyword": "disconnected graph"},
{"keyword": "discounted infinite horizon mdps"},
{"keyword": "discrete"},
{"keyword": "discrete category"},
{"keyword": "discrete financial models"},
{"keyword": "discrete fourier transform"},
{"keyword": "discrete instants"},
{"keyword": "discrete probability distributions"},
{"keyword": "discrete stochastic dynamic programming"},
{"keyword": "discrete summation"},
{"keyword": "discrete-time markov chains"},
{"keyword": "discuss generalizations"},
{"keyword": "discussion logs"},
{"keyword": "disjoint sums"},
{"keyword": "display algebraic numbers"},
{"keyword": "disprove program properties"},
{"keyword": "disproving program"},
{"keyword": "disregard unrealizable behavior"},
{"keyword": "distinct algebraic numbers alpha_i"},
{"keyword": "distinct layers"},
{"keyword": "distinct network nodes"},
{"keyword": "distinct operators"},
{"keyword": "distinct prime factors"},
{"keyword": "distinctive feature"},
{"keyword": "distinguishing feature"},
{"keyword": "distribute sequential composition"},
{"keyword": "distributed computing"},
{"keyword": "distributed consensus"},
{"keyword": "distributed environment"},
{"keyword": "distributed ledgers"},
{"keyword": "distributed system"},
{"keyword": "distributed systems specification"},
{"keyword": "distributing interest"},
{"keyword": "divergence kleene algebras"},
{"keyword": "divergence reflection"},
{"keyword": "diverse fields"},
{"keyword": "divide conquer algorithms"},
{"keyword": "divide-and-conquer algorithm"},
{"keyword": "divided differences"},
{"keyword": "division algorithms"},
{"keyword": "division modulo"},
{"keyword": "divisor function"},
{"keyword": "divisor function sigma"},
{"keyword": "dk andschl thesis"},
{"keyword": "dnf-based non-elementary algorithm"},
{"keyword": "doctoral thesis"},
{"keyword": "document class"},
{"keyword": "document corresponds"},
{"keyword": "document describes"},
{"keyword": "document object model"},
{"keyword": "document presents"},
{"keyword": "document root"},
{"keyword": "documents managed"},
{"keyword": "dogged previous mechanised proofs"},
{"keyword": "dom api"},
{"keyword": "dom respect component boundaries"},
{"keyword": "dom revealed numerous invariants"},
{"keyword": "dom standard"},
{"keyword": "domain elements"},
{"keyword": "domain operation"},
{"keyword": "domain theory"},
{"keyword": "domain-relation map satisfying"},
{"keyword": "domain-specific languages"},
{"keyword": "domain-theoretic fixpoint operator"},
{"keyword": "domain-theoretic semantics"},
{"keyword": "domain-theoretical aspects"},
{"keyword": "dominated terms"},
{"keyword": "dot-decimal notation"},
{"keyword": "dprm theorem"},
{"keyword": "dra targets similar applications"},
{"keyword": "draft paper"},
{"keyword": "drf guarantee"},
{"keyword": "drinks machine"},
{"keyword": "driving application"},
{"keyword": "drup proof output"},
{"keyword": "dual assertion"},
{"keyword": "dual incidence systems"},
{"keyword": "dual problem"},
{"keyword": "dual system relationships"},
{"keyword": "duggan-schwartz theorems"},
{"keyword": "dynamic architectures"},
{"keyword": "dynamic class initialization"},
{"keyword": "dynamic condition response"},
{"keyword": "dynamic context"},
{"keyword": "dynamic declassification triggers"},
{"keyword": "dynamic languages"},
{"keyword": "dynamic logics"},
{"keyword": "dynamic method invocation"},
{"keyword": "dynamic negation"},
{"keyword": "dynamic programming"},
{"keyword": "dynamic refutational completeness"},
{"keyword": "dynamic slicing"},
{"keyword": "dynamic tables parameterized"},
{"keyword": "dynamic thread creation"},
{"keyword": "dynamical systems"},
{"keyword": "dynamically typed programming languages"},
{"keyword": "earlier afp entry"},
{"keyword": "earlier joint work"},
{"keyword": "earlier paper"},
{"keyword": "earlier result"},
{"keyword": "earlier version"},
{"keyword": "early failure detection"},
{"keyword": "early result"},
{"keyword": "early stage"},
{"keyword": "earmark propositions"},
{"keyword": "easily adapt existing proofs"},
{"keyword": "easily adapted"},
{"keyword": "easily derive"},
{"keyword": "easily expandable"},
{"keyword": "easily generate elements"},
{"keyword": "easily justified"},
{"keyword": "easily obtained"},
{"keyword": "easily transfer theorems"},
{"keyword": "easily work"},
{"keyword": "easy reuse"},
{"keyword": "echelon form afp entry"},
{"keyword": "economic behavior"},
{"keyword": "edge labels"},
{"keyword": "edge weights"},
{"keyword": "edmonds theorem"},
{"keyword": "edmonds-karp algorithm"},
{"keyword": "educational setting due"},
{"keyword": "edward zalta"},
{"keyword": "edwards elliptic curves"},
{"keyword": "effect polymorphism"},
{"keyword": "effect specifications"},
{"keyword": "effectful computations"},
{"keyword": "effective mutual authentication service"},
{"keyword": "effective procedure"},
{"keyword": "effectively decide ideal membership"},
{"keyword": "effectively executable"},
{"keyword": "effectively executable algorithm"},
{"keyword": "efficient allocation"},
{"keyword": "efficient arrays"},
{"keyword": "efficient binary search"},
{"keyword": "efficient checking"},
{"keyword": "efficient computation"},
{"keyword": "efficient data structure combining"},
{"keyword": "efficient data structures"},
{"keyword": "efficient deterministic parsing"},
{"keyword": "efficient enumeration"},
{"keyword": "efficient executable algorithm"},
{"keyword": "efficient executable code"},
{"keyword": "efficient factorization algorithm"},
{"keyword": "efficient functional programs"},
{"keyword": "efficient imperative implementations"},
{"keyword": "efficient imperative version"},
{"keyword": "efficient implementation"},
{"keyword": "efficient monpoly monitoring tool"},
{"keyword": "efficient priority search trees"},
{"keyword": "efficient proof checking"},
{"keyword": "efficient root isolation"},
{"keyword": "efficient structures"},
{"keyword": "efficient union-find data structure"},
{"keyword": "efficient variable-length codes"},
{"keyword": "efficient verified implementation"},
{"keyword": "efficient version"},
{"keyword": "efficiently compute"},
{"keyword": "efficiently computed"},
{"keyword": "efficiently executable"},
{"keyword": "efficiently executable code"},
{"keyword": "efsm level"},
{"keyword": "efsms execute traces"},
{"keyword": "electronic proceedings"},
{"keyword": "elegant encoding"},
{"keyword": "elegant proof"},
{"keyword": "element codes"},
{"keyword": "element set"},
{"keyword": "elementary computational proof"},
{"keyword": "elementary divisor rings"},
{"keyword": "elementary facts"},
{"keyword": "elementary infrastructure"},
{"keyword": "elementary measure theory"},
{"keyword": "elementary methods"},
{"keyword": "elementary number theory"},
{"keyword": "elementary proof"},
{"keyword": "elementary proof exist"},
{"keyword": "elementary properties"},
{"keyword": "elementary results"},
{"keyword": "elementary row operations"},
{"keyword": "elementary symmetric polynomials"},
{"keyword": "elementary symmetric polynomials e1"},
{"keyword": "elementary symmetric polynomials sk"},
{"keyword": "elementary theory"},
{"keyword": "elements belong"},
{"keyword": "eliminates duplicate prime factors"},
{"keyword": "elimination contexts"},
{"keyword": "elliott mendelson"},
{"keyword": "elliptic curve"},
{"keyword": "elliptic curve cryptography"},
{"keyword": "embedded logic"},
{"keyword": "embedding path order"},
{"keyword": "emphasising local spatial properties"},
{"keyword": "empirical evaluation"},
{"keyword": "employ code equations"},
{"keyword": "employ messageless guard protocols"},
{"keyword": "employs formal models"},
{"keyword": "employs herbrand"},
{"keyword": "employs reasoning"},
{"keyword": "emptiness check"},
{"keyword": "empty bst"},
{"keyword": "empty rows"},
{"keyword": "enable easy integration"},
{"keyword": "enabled transitions"},
{"keyword": "enables users"},
{"keyword": "enabling concrete execution"},
{"keyword": "encoding"},
{"keyword": "encoding based"},
{"keyword": "encoding function"},
{"keyword": "encryption schemes"},
{"keyword": "enforcing exclusive writes"},
{"keyword": "engineering safety"},
{"keyword": "enhanced confidence"},
{"keyword": "enhanced interleaves predicate turns"},
{"keyword": "ensuing instruction"},
{"keyword": "entailment- minimal"},
{"keyword": "entire cosmedis network"},
{"keyword": "entire development"},
{"keyword": "entire input sequence"},
{"keyword": "entire polynomial ring"},
{"keyword": "entire prover"},
{"keyword": "entry"},
{"keyword": "entry adapts stream fusion"},
{"keyword": "entry adds quickcheck setup"},
{"keyword": "entry builds"},
{"keyword": "entry establishes syntax"},
{"keyword": "entry formally"},
{"keyword": "entry genclock"},
{"keyword": "entry lies"},
{"keyword": "entry strong security"},
{"keyword": "entry vcg auctions"},
{"keyword": "entry works"},
{"keyword": "enumeration functions"},
{"keyword": "enumerative combinatorics"},
{"keyword": "epistemic logic"},
{"keyword": "epistemic logic theory"},
{"keyword": "eponym ijcar 2020 paper"},
{"keyword": "eponymous itp 2012 paper"},
{"keyword": "epsilon free top-"},
{"keyword": "equality holds"},
{"keyword": "equational axiomatisation"},
{"keyword": "equational axioms"},
{"keyword": "equational reasoning"},
{"keyword": "equiv 3 pmod 8"},
{"keyword": "equivalence checker"},
{"keyword": "equivalence classes"},
{"keyword": "equivalence kernels"},
{"keyword": "equivalence proofs"},
{"keyword": "equivalence relation"},
{"keyword": "equivalent characterisations"},
{"keyword": "equivalent design theory concepts"},
{"keyword": "equivalent forms"},
{"keyword": "equivalent versions"},
{"keyword": "erd odblac"},
{"keyword": "ergodic theory"},
{"keyword": "error message"},
{"keyword": "esop 2016 paper"},
{"keyword": "essential parts"},
{"keyword": "essentially follow"},
{"keyword": "establish existence"},
{"keyword": "establish sound type-system-"},
+{"keyword": "establishing set-based metric spaces"},
{"keyword": "establishing strong eventual consistency"},
{"keyword": "euclidean axiom"},
{"keyword": "euclidean domains"},
{"keyword": "euclidean space indexed"},
{"keyword": "euler ndash"},
{"keyword": "euler stated"},
{"keyword": "euler trails"},
{"keyword": "euler-maclaurin formula relates"},
{"keyword": "eulerian trails"},
{"keyword": "euro-mils project http"},
{"keyword": "evaluating cauchy indices"},
{"keyword": "evaluation homomorphisms"},
{"keyword": "event lists varying"},
{"keyword": "event shared"},
{"keyword": "events"},
{"keyword": "eventual consistency"},
{"keyword": "eventual consistency property"},
{"keyword": "eventually achieve"},
{"keyword": "exact nature"},
{"keyword": "exceeds aleph_1"},
{"keyword": "exception compilation scheme"},
{"keyword": "exchanging data"},
{"keyword": "exchanging data sets"},
{"keyword": "excluding cubic axioms"},
{"keyword": "excluding point sequences"},
{"keyword": "executable algorithms"},
{"keyword": "executable algorithms based"},
{"keyword": "executable automata"},
{"keyword": "executable characterisation"},
{"keyword": "executable code"},
{"keyword": "executable data structures"},
{"keyword": "executable decision procedure"},
{"keyword": "executable denotational semantics"},
{"keyword": "executable density compiler"},
{"keyword": "executable earley parser"},
{"keyword": "executable emulator"},
{"keyword": "executable equivalence checker"},
{"keyword": "executable formalisation"},
{"keyword": "executable framework"},
{"keyword": "executable function eval"},
{"keyword": "executable functional implementation"},
{"keyword": "executable functions"},
{"keyword": "executable implementation"},
{"keyword": "executable instantiations"},
{"keyword": "executable ml code"},
{"keyword": "executable monitor"},
{"keyword": "executable program"},
{"keyword": "executable proof checker"},
{"keyword": "executable query translation"},
{"keyword": "executable sequent calculus prover"},
{"keyword": "executable simplifier"},
{"keyword": "executable specification"},
{"keyword": "executable tool translating ltl"},
{"keyword": "executable type inference algorithm"},
{"keyword": "executable variant"},
{"keyword": "executable version"},
{"keyword": "execute programs"},
{"keyword": "execution equivalent markings"},
{"keyword": "execution involving integer matrices"},
{"keyword": "execution platform"},
{"keyword": "execution time"},
{"keyword": "execution time compares"},
{"keyword": "executions produce sequences"},
{"keyword": "exhibit awkward interleaving"},
{"keyword": "exhibit core features"},
{"keyword": "existence lemmas"},
{"keyword": "existing afp-entry"},
{"keyword": "existing approaches"},
{"keyword": "existing arguments"},
{"keyword": "existing cc results"},
{"keyword": "existing concepts"},
{"keyword": "existing formal developments"},
{"keyword": "existing formal power series"},
{"keyword": "existing formalization"},
{"keyword": "existing hoare logic"},
{"keyword": "existing implementation"},
{"keyword": "existing integration theory"},
{"keyword": "existing libraries"},
{"keyword": "existing multivariate polynomial libraries"},
{"keyword": "existing package algorithms"},
{"keyword": "existing pen-and-paper proof"},
{"keyword": "existing probability libraries"},
{"keyword": "existing proof"},
{"keyword": "existing proof format"},
{"keyword": "existing replication algorithm satisfies"},
{"keyword": "existing secav system"},
{"keyword": "existing solutions"},
{"keyword": "existing theories"},
{"keyword": "existing tools"},
{"keyword": "existing verification techniques"},
{"keyword": "exotic terms"},
{"keyword": "expand stone relation algebras"},
{"keyword": "expanding contracting intervals"},
{"keyword": "expansive formalisations"},
{"keyword": "expected accuracy"},
{"keyword": "expected height"},
{"keyword": "expected internal path length"},
{"keyword": "expected length"},
{"keyword": "expected number"},
{"keyword": "expected properties"},
{"keyword": "expected utility function"},
{"keyword": "expected utility theory"},
{"keyword": "experiment consisting"},
{"keyword": "experiment performs measures"},
{"keyword": "experimental data suggests"},
{"keyword": "experimental general-purpose proof methods"},
{"keyword": "experimental utilities"},
{"keyword": "experimentally tested"},
{"keyword": "explicit bottom element"},
{"keyword": "explicit construction"},
{"keyword": "explicit expression"},
{"keyword": "explicit formula"},
{"keyword": "explicit metric"},
{"keyword": "explicit syntactic form"},
{"keyword": "explicitly represented"},
{"keyword": "exploiting type classes"},
{"keyword": "exponential functions"},
{"keyword": "exponential generating function"},
{"keyword": "exponential golomb codes"},
{"keyword": "exponential nnf-based algorithms"},
{"keyword": "exponential reconstruction phase"},
{"keyword": "exponential runtime"},
{"keyword": "exponential series"},
{"keyword": "export code"},
{"keyword": "express arbitrary trace-"},
{"keyword": "express hyperproperties"},
{"keyword": "express nuances"},
{"keyword": "express well-"},
{"keyword": "expressing security properties"},
{"keyword": "expressing smart contracts"},
{"keyword": "expression typing rules"},
{"keyword": "expressions involving"},
{"keyword": "expressive extension"},
{"keyword": "expressive logic"},
{"keyword": "expressive power"},
{"keyword": "extended complex plane"},
{"keyword": "extended finite state machines"},
{"keyword": "extended language"},
{"keyword": "extended previous"},
{"keyword": "extended real line"},
{"keyword": "extended real numbers"},
{"keyword": "extended real numbers form"},
{"keyword": "extended regular expressions"},
{"keyword": "extended version"},
{"keyword": "extending previous results applying"},
{"keyword": "extensible design permits"},
{"keyword": "extensible library"},
{"keyword": "extensible minimal imperative fragment"},
{"keyword": "extensible record package"},
{"keyword": "extension formally represents"},
{"keyword": "extension theorem employing terminology"},
{"keyword": "extensions written"},
{"keyword": "extensive paper proof"},
{"keyword": "extensively discussed"},
{"keyword": "extent differs"},
{"keyword": "extent required"},
{"keyword": "external communication clocking"},
{"keyword": "external source"},
{"keyword": "external tools"},
{"keyword": "extra assumptions"},
{"keyword": "extra background theory"},
{"keyword": "extra setup"},
{"keyword": "extra-history change history"},
{"keyword": "extract efficient code"},
{"keyword": "extract ocaml code"},
{"keyword": "extremal graph theory"},
{"keyword": "extremal set theory"},
{"keyword": "extreme simplicity"},
{"keyword": "eye color"},
{"keyword": "fabian immler"},
{"keyword": "facilitate integrating future optimizations"},
{"keyword": "facilitating developments"},
{"keyword": "factor polynomials"},
{"keyword": "factor ring"},
{"keyword": "factor square-free integer polynomials"},
{"keyword": "factored representation"},
{"keyword": "factoring algorithm"},
{"keyword": "factoring polynomials"},
{"keyword": "factoring square-free integer polynomials"},
{"keyword": "factorisation algorithm"},
{"keyword": "factorization algorithms"},
{"keyword": "facts involving algebraic laws"},
{"keyword": "failed proof"},
{"keyword": "failing test case"},
{"keyword": "failure assumptions"},
{"keyword": "failure divergence model"},
{"keyword": "failure-prone environments"},
{"keyword": "failures model"},
{"keyword": "failures-divergences pair"},
{"keyword": "fair coin flips"},
{"keyword": "fair prices"},
{"keyword": "fairly extensive set"},
{"keyword": "fairly nice"},
{"keyword": "fairly obvious properties"},
{"keyword": "fairly rudimentary"},
{"keyword": "faithful embedding"},
{"keyword": "faithful formalization"},
{"keyword": "fall back"},
{"keyword": "false alarms"},
{"keyword": "falsely claims"},
{"keyword": "familiar first-order logic"},
{"keyword": "familiar real-"},
{"keyword": "famous abc conjecture"},
{"keyword": "famous invisible hand"},
{"keyword": "famous result"},
{"keyword": "far-reaching impossibility theorem"},
{"keyword": "fast iterative algorithm"},
{"keyword": "fast number theoretic transform"},
{"keyword": "fast sat solver"},
{"keyword": "faug egrave"},
{"keyword": "fault-tolerant midpoint algorithm"},
{"keyword": "faulty process"},
{"keyword": "feasible paths"},
{"keyword": "featherweight ocl"},
{"keyword": "featherweight ocl project"},
{"keyword": "feature dependent types"},
{"keyword": "feature nice mathematical properties"},
{"keyword": "features dynamic thread creation"},
{"keyword": "features exceptions"},
{"keyword": "features monadic types"},
{"keyword": "featuring program-level requirements"},
{"keyword": "fft algorithm"},
{"keyword": "fibonacci number"},
{"keyword": "field accesses"},
{"keyword": "field extensions"},
{"keyword": "field-theoretic nullstellensatz"},
{"keyword": "file read"},
{"keyword": "file write"},
{"keyword": "files"},
{"keyword": "files chap02"},
{"keyword": "filled rows"},
{"keyword": "filtered sets"},
{"keyword": "filtering behavior"},
{"keyword": "fin"},
{"keyword": "final implementation"},
{"keyword": "final states"},
{"keyword": "final theorem statement"},
{"keyword": "finality predicate"},
{"keyword": "finally wondering"},
{"keyword": "financial market"},
{"keyword": "financial products"},
{"keyword": "find definitions"},
{"keyword": "find operation"},
{"keyword": "finding proofs"},
{"keyword": "fine-grained concurrency"},
{"keyword": "finger tree"},
{"keyword": "finite automata"},
{"keyword": "finite boolean algebra"},
{"keyword": "finite carrier set"},
{"keyword": "finite closed semantic tree"},
{"keyword": "finite collection"},
{"keyword": "finite consistent extensions"},
{"keyword": "finite developments theorem"},
{"keyword": "finite dimensional setting"},
{"keyword": "finite dimensional vector space"},
{"keyword": "finite distributive lattice"},
{"keyword": "finite domain consisting"},
{"keyword": "finite field"},
{"keyword": "finite fourier series"},
{"keyword": "finite functions"},
{"keyword": "finite games"},
{"keyword": "finite group"},
{"keyword": "finite infinite lists"},
{"keyword": "finite iteration"},
{"keyword": "finite learning"},
{"keyword": "finite length"},
{"keyword": "finite limits"},
{"keyword": "finite lists"},
{"keyword": "finite maps"},
{"keyword": "finite measure preserving systems"},
{"keyword": "finite partitioning"},
{"keyword": "finite relations"},
{"keyword": "finite search space"},
{"keyword": "finite set"},
{"keyword": "finite sound extensions"},
{"keyword": "finite state machines"},
{"keyword": "finite state markov chains"},
{"keyword": "finite stuttering"},
{"keyword": "finite support"},
{"keyword": "finite symbolic execution graph"},
{"keyword": "finite trees"},
{"keyword": "finite types"},
{"keyword": "finite-dimensional vector spaces"},
{"keyword": "finitely additive probability inequalities"},
{"keyword": "finitely additive probability logic"},
{"keyword": "finitely generated polynomial ideals"},
{"keyword": "finitely supported"},
{"keyword": "finiteness assumptions"},
{"keyword": "fips 180-4 nist"},
{"keyword": "fips 186-4"},
{"keyword": "first-order clauses"},
{"keyword": "first-order functional language"},
{"keyword": "first-order logic"},
{"keyword": "first-order logic completeness theorem"},
{"keyword": "first-order logic metatheory"},
{"keyword": "first-order parameters"},
{"keyword": "first-order prover"},
{"keyword": "first-order quantification"},
{"keyword": "first-order query evaluation"},
{"keyword": "first-order real arithmetic"},
{"keyword": "first-order terms"},
{"keyword": "first-order theory"},
{"keyword": "first-order unification algorithm"},
{"keyword": "fisher yates algorithm"},
{"keyword": "fitting theory"},
{"keyword": "fixed access frequencies"},
{"keyword": "fixed arbitrary length"},
{"keyword": "fixed arguments"},
{"keyword": "fixed bound"},
{"keyword": "fixed choice"},
{"keyword": "fixed database"},
{"keyword": "fixed finite instance"},
{"keyword": "fixed finite set"},
{"keyword": "fixed fraction"},
{"keyword": "fixed lexicographical order"},
{"keyword": "fixed natural number"},
{"keyword": "fixed number"},
{"keyword": "fixed points"},
{"keyword": "fixed prime"},
{"keyword": "fixed probability"},
{"keyword": "fixed service"},
{"keyword": "fixed set"},
{"keyword": "fixed time-unit"},
{"keyword": "fixed upper bound"},
{"keyword": "fixed-point theorem"},
{"keyword": "fixed-width machine words"},
{"keyword": "fixpoint operations lfp"},
{"keyword": "fixpoint theorem"},
{"keyword": "flexible extension"},
{"keyword": "flexible set-based theorems"},
{"keyword": "flexray communication protocol"},
{"keyword": "floating-point arithmetic"},
{"keyword": "floating-point computation"},
{"keyword": "floating-point modulo function"},
{"keyword": "floating-point numbers"},
{"keyword": "floating-point operations"},
{"keyword": "floor divided"},
{"keyword": "floor randomly"},
{"keyword": "florian kammueller"},
{"keyword": "flow saturates"},
{"keyword": "flow-sensitive type system"},
{"keyword": "flowgraph-based program model"},
{"keyword": "flows model"},
{"keyword": "floyd-warshall algorithm"},
{"keyword": "floyd-warshall algorithm flo62"},
{"keyword": "flyspeck project"},
{"keyword": "fntt running time"},
{"keyword": "fol theories extending"},
{"keyword": "fold build rule"},
{"keyword": "folder commonset"},
{"keyword": "folder listinf"},
{"keyword": "folklore results related"},
{"keyword": "foreach combinators"},
{"keyword": "form bigwedge_"},
{"keyword": "form construction algorithm"},
{"keyword": "formal analysis"},
{"keyword": "formal correctness proofs"},
{"keyword": "formal cryptographic protocol verification"},
{"keyword": "formal definitions"},
{"keyword": "formal development"},
{"keyword": "formal differentiation"},
{"keyword": "formal framework"},
{"keyword": "formal guarantees"},
{"keyword": "formal implementation"},
{"keyword": "formal language"},
{"keyword": "formal laurent series"},
{"keyword": "formal linear algebraic techniques"},
{"keyword": "formal memory model"},
{"keyword": "formal methods"},
{"keyword": "formal model"},
{"keyword": "formal power series"},
{"keyword": "formal programming language semantics"},
{"keyword": "formal proof"},
{"keyword": "formal proof assistant"},
{"keyword": "formal proof closely"},
{"keyword": "formal proof technology"},
{"keyword": "formal protocol verification"},
{"keyword": "formal puiseux series"},
{"keyword": "formal reasoning"},
{"keyword": "formal refutational completeness proofs"},
{"keyword": "formal representations"},
{"keyword": "formal semantics"},
{"keyword": "formal semantics builds"},
{"keyword": "formal semantics complies"},
{"keyword": "formal semantics designed"},
{"keyword": "formal summation"},
{"keyword": "formal text lines"},
{"keyword": "formal verification"},
{"keyword": "formal version"},
{"keyword": "formal words"},
{"keyword": "formalisation"},
{"keyword": "formalisation accompanies"},
{"keyword": "formalisation continues"},
{"keyword": "formalisation hold"},
{"keyword": "formalisation presents"},
{"keyword": "formalisation underlying"},
{"keyword": "formalising baker"},
{"keyword": "formalising cryptographic arguments"},
{"keyword": "formalising single binder calculi"},
{"keyword": "formalising t-designs"},
{"keyword": "formalization"},
{"keyword": "formalization builds"},
{"keyword": "formalization consists"},
{"keyword": "formalization effort necessitated"},
{"keyword": "formalization reveals"},
{"keyword": "formalization techniques presented"},
{"keyword": "formalization uncovered"},
{"keyword": "formalizations differ mathematically"},
{"keyword": "formalizing compiler transformations"},
{"keyword": "formalizing game-based proofs"},
{"keyword": "formally connect"},
{"keyword": "formally establish properties"},
{"keyword": "formally reason"},
{"keyword": "formally verified"},
{"keyword": "formally verified abstract account"},
{"keyword": "formally verified checkers"},
{"keyword": "formally verified clrs algorithms"},
{"keyword": "formally verified implementation"},
{"keyword": "formally verified model"},
{"keyword": "formally verified quantifier elimination"},
{"keyword": "formally verified solver"},
{"keyword": "formally verify gauss-seidel"},
{"keyword": "formula mdp ta pta"},
{"keyword": "formula represent propositional formulas"},
{"keyword": "formulas"},
{"keyword": "formulas assuming"},
{"keyword": "formulas obtained"},
{"keyword": "formulate classical propositional logic"},
{"keyword": "forthcoming paper"},
{"keyword": "forward algorithm"},
{"keyword": "forward data packets"},
{"keyword": "forward differentiation"},
{"keyword": "forward packets"},
{"keyword": "found cryptic"},
{"keyword": "foundation presented"},
{"keyword": "foundational assumptions"},
{"keyword": "foundational metaphysical theory"},
{"keyword": "foundational shared-variable concurrency method"},
{"keyword": "foundational structures"},
{"keyword": "foundations established"},
{"keyword": "fourier sequences"},
{"keyword": "fourier series"},
{"keyword": "fourteen lemmas"},
{"keyword": "fourth sylow theorems"},
{"keyword": "frac 1 p-1"},
{"keyword": "fractional assertions"},
{"keyword": "fractional permissions"},
{"keyword": "frame rule"},
{"keyword": "framed links"},
{"keyword": "framed links closely linked"},
{"keyword": "framework features"},
{"keyword": "framework supports semantic annotations"},
{"keyword": "framing conditions"},
{"keyword": "frank gray"},
{"keyword": "fredkin cacm 1960"},
{"keyword": "free"},
{"keyword": "free basis"},
{"keyword": "free boolean algebra"},
{"keyword": "free category"},
{"keyword": "free groups"},
{"keyword": "free logic"},
{"keyword": "free monoid"},
{"keyword": "free monoidal category"},
{"keyword": "free theorems"},
{"keyword": "free variables"},
{"keyword": "frequency moment"},
{"keyword": "friendship theorem"},
{"keyword": "frobenius endomorphism"},
{"keyword": "frobenius reciprocity"},
{"keyword": "frobenius theorem"},
{"keyword": "frobenius theorem based"},
{"keyword": "fulfilling van der waerden"},
{"keyword": "full asymptotic expansion"},
{"keyword": "full automation"},
{"keyword": "full bridge rule"},
{"keyword": "full characterization"},
{"keyword": "full classical propositional logic"},
{"keyword": "full classification"},
{"keyword": "full details"},
{"keyword": "full extent"},
{"keyword": "full machinery"},
{"keyword": "full parametric solution"},
{"keyword": "full permission"},
{"keyword": "full proof"},
{"keyword": "full range"},
{"keyword": "full sequential fragment"},
{"keyword": "fully"},
{"keyword": "fully abstract"},
{"keyword": "fully automated"},
{"keyword": "fully automated methods"},
{"keyword": "fully automated translation"},
{"keyword": "fully automatic tools"},
{"keyword": "fully canceled words"},
{"keyword": "fully connected subgraph"},
{"keyword": "fully corrupted"},
{"keyword": "fully executable functional implementation"},
{"keyword": "fully executable solver"},
{"keyword": "fully formal"},
{"keyword": "fully formally verified"},
{"keyword": "fully json compliant"},
{"keyword": "fully structured"},
{"keyword": "fully verified"},
{"keyword": "fully-automated approach"},
{"keyword": "fully-featured compositional framework"},
{"keyword": "function"},
{"keyword": "function calls"},
{"keyword": "function checking"},
{"keyword": "function definitions"},
{"keyword": "function elts"},
{"keyword": "function eval"},
{"keyword": "function eval checking"},
{"keyword": "function eval solves capturability"},
{"keyword": "function satisfies"},
{"keyword": "function spaces"},
{"keyword": "function zeta"},
{"keyword": "functional algorithm"},
{"keyword": "functional arrays"},
{"keyword": "functional automata"},
{"keyword": "functional correctness"},
{"keyword": "functional data structures"},
{"keyword": "functional implementation"},
{"keyword": "functional implementation based"},
{"keyword": "functional languages"},
{"keyword": "functional logic"},
{"keyword": "functional modeling language hol"},
{"keyword": "functional program"},
{"keyword": "functional programming language"},
{"keyword": "functional recognizer modeling earley"},
{"keyword": "functional representation"},
{"keyword": "functional type theory"},
{"keyword": "functions approximating"},
{"keyword": "functions learnable"},
{"keyword": "functions thetasym"},
{"keyword": "functor category"},
{"keyword": "functor composition"},
{"keyword": "functorial operations"},
{"keyword": "fundamental banach spaces"},
{"keyword": "fundamental binary operations allowing"},
{"keyword": "fundamental building block"},
{"keyword": "fundamental closest pair"},
{"keyword": "fundamental interest"},
{"keyword": "fundamental metaphysical theory"},
{"keyword": "fundamental objects"},
{"keyword": "fundamental problems"},
{"keyword": "fundamental properties"},
{"keyword": "fundamental result"},
{"keyword": "fundamental solution"},
{"keyword": "fundamental subspaces"},
{"keyword": "fundamental theorem"},
{"keyword": "fusc function"},
{"keyword": "fusible list functions"},
{"keyword": "future articles"},
{"keyword": "future combinations"},
{"keyword": "future development"},
{"keyword": "future related mechanisation efforts"},
{"keyword": "future separation logic developments"},
{"keyword": "fwf"},
{"keyword": "gained experience"},
{"keyword": "gale stewart theorem"},
{"keyword": "gale-shapley stable matching"},
{"keyword": "galois connections"},
{"keyword": "galois theory"},
{"keyword": "game theoretic issues"},
{"keyword": "game theory"},
{"keyword": "game-based cryptographic security notions"},
{"keyword": "game-based definitions"},
{"keyword": "game-based proofs"},
{"keyword": "game-hopping style advocated"},
{"keyword": "gamma"},
{"keyword": "gamma finally"},
{"keyword": "gamma function"},
{"keyword": "gamma holds"},
{"keyword": "gamma quad text"},
{"keyword": "gauss-jordan algorithm"},
{"keyword": "gauss-jordan algorithm states"},
{"keyword": "gaussian integer formalisation"},
{"keyword": "gaussian integers"},
{"keyword": "gdpr compliance verification"},
{"keyword": "general attacker"},
{"keyword": "general balanced trees"},
{"keyword": "general case"},
{"keyword": "general cost functions"},
{"keyword": "general definition"},
{"keyword": "general directed graph library"},
{"keyword": "general form"},
{"keyword": "general formal proof techniques"},
{"keyword": "general formulation"},
{"keyword": "general framework"},
{"keyword": "general geometric facts"},
{"keyword": "general halting problem"},
{"keyword": "general infinite processes"},
{"keyword": "general lemma"},
{"keyword": "general library"},
{"keyword": "general notion"},
{"keyword": "general possibility theorem"},
{"keyword": "general predication"},
{"keyword": "general problem"},
{"keyword": "general properties"},
{"keyword": "general purpose data structure"},
{"keyword": "general recursion"},
{"keyword": "general relativity"},
{"keyword": "general result"},
{"keyword": "general scheme"},
{"keyword": "general sets"},
{"keyword": "general setting"},
{"keyword": "general simplex algorithm"},
{"keyword": "general solver"},
{"keyword": "general techniques"},
{"keyword": "general theorem"},
{"keyword": "general theory"},
{"keyword": "general triangle"},
{"keyword": "general version"},
{"keyword": "general-purpose coinductive data types"},
{"keyword": "generalisation bnfcc"},
{"keyword": "generalise relation algebras"},
{"keyword": "generalised binary modalities"},
{"keyword": "generalised binomial coefficients"},
{"keyword": "generalised form"},
{"keyword": "generalised rewriting"},
{"keyword": "generalising tla action formulas"},
{"keyword": "generalized intervals"},
{"keyword": "generalized multiset ordering"},
{"keyword": "generalized noninterference security"},
{"keyword": "generalized recurrence"},
{"keyword": "generalized recurrence relation"},
{"keyword": "generalized sylvester matrices"},
{"keyword": "generalizes sutherland"},
{"keyword": "generally detectable"},
{"keyword": "generate"},
{"keyword": "generate code"},
{"keyword": "generate duplicates"},
{"keyword": "generate efficient code"},
{"keyword": "generate executable code"},
{"keyword": "generate executable imperative programs"},
{"keyword": "generate human-readable secav proofs"},
{"keyword": "generate reverse-symmetric claims"},
{"keyword": "generate theorem prover code"},
{"keyword": "generated code"},
{"keyword": "generated code implements"},
{"keyword": "generated document"},
{"keyword": "generated inputs"},
{"keyword": "generated test suite"},
{"keyword": "generating function equivalence proof"},
{"keyword": "generating function proof"},
{"keyword": "generating test cases"},
{"keyword": "generative probabilistic"},
{"keyword": "generic abstract interpreter"},
{"keyword": "generic algebraic middle-layer"},
{"keyword": "generic algorithm"},
{"keyword": "generic consistency ---"},
{"keyword": "generic construction"},
{"keyword": "generic dfs algorithm framework"},
{"keyword": "generic diamond lemma reduction"},
{"keyword": "generic fixed-width words"},
{"keyword": "generic framework"},
{"keyword": "generic framework semantics"},
{"keyword": "generic imperative algorithms"},
{"keyword": "generic imperative language embedded"},
{"keyword": "generic instantiation based"},
{"keyword": "generic join algorithm"},
{"keyword": "generic kind"},
{"keyword": "generic object model independent"},
{"keyword": "generic operations"},
{"keyword": "generic properties"},
{"keyword": "generic push-relabel algorithm"},
{"keyword": "generic results"},
{"keyword": "generic rules resulting"},
{"keyword": "generic tactics"},
{"keyword": "generic theory"},
{"keyword": "generic type class implementation"},
{"keyword": "generic type classes"},
{"keyword": "generic types"},
{"keyword": "generic unwinding theorem"},
{"keyword": "generic work-list algorithm"},
{"keyword": "generic worklist algorithm"},
{"keyword": "generic-deriving package"},
{"keyword": "geocoq library"},
{"keyword": "geodesic gromov-hyperbolic space"},
{"keyword": "geodesic metric space"},
{"keyword": "geodesic spaces"},
{"keyword": "geodesic triangles"},
{"keyword": "geometric folklore proof rigorous"},
{"keyword": "geometric interpretation"},
{"keyword": "geometric probability"},
{"keyword": "geometric proof"},
{"keyword": "geometric sketches"},
{"keyword": "geometric theorems"},
{"keyword": "georg kreisel"},
{"keyword": "george boolos gave"},
{"keyword": "georges-louis leclerc"},
{"keyword": "georgia notes"},
{"keyword": "geq 1"},
{"keyword": "geq 108m"},
{"keyword": "geq 28m 3"},
{"keyword": "geq 3"},
{"keyword": "geq 324"},
{"keyword": "gewirth"},
{"keyword": "ghost operations"},
{"keyword": "gibbard-satterthwaite theorem"},
{"keyword": "girard newton theorem"},
{"keyword": "girard-tait style logical relation"},
{"keyword": "girth chromatic entry"},
{"keyword": "girth-chromatic number theorem"},
{"keyword": "glibc strlen function"},
{"keyword": "global context"},
{"keyword": "global context transformations"},
{"keyword": "global model"},
{"keyword": "global security guarantee"},
{"keyword": "global variables"},
{"keyword": "gmw protocol"},
{"keyword": "golden ratio"},
{"keyword": "good class"},
{"keyword": "good closure properties"},
{"keyword": "good lower bound"},
{"keyword": "goto rule"},
{"keyword": "gou zel"},
{"keyword": "gps receiver"},
{"keyword": "gps satellite"},
{"keyword": "gr bner bases"},
{"keyword": "gr bner basis"},
{"keyword": "graham jameson"},
{"keyword": "gram-schmidt process"},
{"keyword": "grammar based fuzzing"},
{"keyword": "graph isomorphism"},
{"keyword": "graph lemma quantifies"},
{"keyword": "graph node"},
{"keyword": "graph operations"},
{"keyword": "graph properties expressed"},
{"keyword": "graph regularity"},
{"keyword": "graph representation"},
{"keyword": "graph saturation"},
{"keyword": "graph theorem states"},
{"keyword": "graph theoretic results"},
{"keyword": "graph theory"},
{"keyword": "graph- transformation based method"},
{"keyword": "graph-theoretic aspects"},
{"keyword": "grat format"},
{"keyword": "great body"},
{"keyword": "great mathematical interest"},
{"keyword": "greater computational cost"},
{"keyword": "greater detail"},
{"keyword": "greatest common divisor"},
{"keyword": "greatest fixed points"},
{"keyword": "greatest fixpoints"},
{"keyword": "greatly reducing"},
{"keyword": "greedy algorithms"},
{"keyword": "greibach normal form"},
{"keyword": "griffin observed"},
{"keyword": "gromov boundary"},
{"keyword": "gromov hyperbolic"},
{"keyword": "gromov hyperbolic spaces"},
{"keyword": "ground resolution"},
{"keyword": "ground terms induced"},
{"keyword": "ground totality"},
{"keyword": "ground tree transducers"},
{"keyword": "grounding sets"},
{"keyword": "group"},
{"keyword": "group action"},
{"keyword": "group divisible designs"},
{"keyword": "group generated"},
{"keyword": "group representation"},
{"keyword": "group ring"},
{"keyword": "group theory results"},
{"keyword": "group_add class"},
{"keyword": "growth rates"},
{"keyword": "guarantee condition"},
{"keyword": "guarantee information flow noninterference"},
{"keyword": "guarantee minimality"},
{"keyword": "guarantee safety"},
{"keyword": "guard protocols"},
{"keyword": "guarded recursive equations"},
{"keyword": "guided tour"},
{"keyword": "guiding proof search"},
{"keyword": "hadjicostas ndash"},
{"keyword": "hahn decomposition theorem"},
{"keyword": "hales jewett theorem"},
{"keyword": "hales jewett theorem presented"},
{"keyword": "halting problem"},
{"keyword": "hamiltonian path problem"},
{"keyword": "hancl asserting"},
{"keyword": "hand canonical notions"},
{"keyword": "hand waving"},
{"keyword": "hand-written theory files"},
{"keyword": "handle binding"},
{"keyword": "handle changing beliefs"},
{"keyword": "handle equality tests"},
{"keyword": "handle incidence relations"},
{"keyword": "handling inconsistency"},
{"keyword": "handling padding"},
{"keyword": "handling variable binding"},
{"keyword": "handwritten reference implementations"},
{"keyword": "hare cycle-finding algorithm ascribed"},
{"keyword": "harm security"},
{"keyword": "harmonic numbers"},
{"keyword": "hash families"},
{"keyword": "hash functions"},
{"keyword": "haskell"},
{"keyword": "haskell library"},
{"keyword": "haskell tool called fffuu"},
{"keyword": "healthcare iot system"},
{"keyword": "heap location"},
{"keyword": "heap operations"},
{"keyword": "heap property"},
{"keyword": "heap sort"},
{"keyword": "heavily depend"},
{"keyword": "hellip"},
{"keyword": "helper lemmas"},
{"keyword": "henkin style"},
{"keyword": "henkin witnesses"},
{"keyword": "herbrand universe"},
{"keyword": "hereditarily finite"},
{"keyword": "hereditarily finite set theory"},
{"keyword": "hereditarily finite sets"},
{"keyword": "hereditary base 2"},
{"keyword": "hereditary multisets"},
{"keyword": "herglotz"},
{"keyword": "hermite normal form"},
{"keyword": "hermite--lindemann--weierstra transcendence theorem"},
{"keyword": "hermite-lindemann-weierstra theorem"},
{"keyword": "hermitian matrix"},
{"keyword": "heterogeneous subsystems"},
{"keyword": "heuristics automatically pick"},
{"keyword": "hf set theory"},
{"keyword": "hidden markov models"},
{"keyword": "hierarchical automaton"},
{"keyword": "hierarchical logger"},
{"keyword": "hierarchical transactions"},
{"keyword": "high annotation overhead"},
{"keyword": "high edge probability"},
{"keyword": "high efficiency"},
{"keyword": "high level attacks"},
{"keyword": "high school"},
{"keyword": "high-level algorithm"},
{"keyword": "high-level proofs"},
{"keyword": "high-level security goals"},
{"keyword": "high-level specification language jml"},
{"keyword": "high-level style"},
{"keyword": "high-level type systems"},
{"keyword": "high-level view"},
{"keyword": "high-school student"},
{"keyword": "higher edge probability"},
{"keyword": "higher entity"},
{"keyword": "higher order logic"},
{"keyword": "higher rewriting"},
{"keyword": "higher-order frequency moments"},
{"keyword": "higher-order functions"},
{"keyword": "higher-order logic"},
{"keyword": "higher-order pattern e-unification"},
{"keyword": "higher-order pattern unification"},
{"keyword": "higher-order permutative rewrite rule"},
{"keyword": "higher-order probabilistic programming languages"},
{"keyword": "higher-order probabilistic programs"},
{"keyword": "higher-order superposition calculus"},
{"keyword": "higher-order term algebra"},
{"keyword": "higher-order terms"},
{"keyword": "highly informal"},
{"keyword": "highly modular"},
{"keyword": "highly non-elementary mathematical tools"},
{"keyword": "highly probable assumption"},
{"keyword": "hilbert systems"},
{"keyword": "hilbert-style proof system"},
{"keyword": "hintikka set"},
{"keyword": "historical perspective"},
{"keyword": "hmac standard"},
{"keyword": "hoare logic"},
{"keyword": "hoare logic based"},
{"keyword": "hoare triples"},
{"keyword": "hoc fashion"},
{"keyword": "hoc network"},
{"keyword": "hoc on-demand distance vector"},
{"keyword": "hol"},
{"keyword": "hol code generation facilities"},
{"keyword": "hol code generator"},
{"keyword": "hol definitions"},
{"keyword": "hol experts"},
{"keyword": "hol formalization"},
{"keyword": "hol formalization builds"},
{"keyword": "hol formalization covers"},
{"keyword": "hol formalization refines"},
{"keyword": "hol function"},
{"keyword": "hol function definition"},
{"keyword": "hol library"},
{"keyword": "hol light"},
{"keyword": "hol light development"},
{"keyword": "hol light formalisation"},
{"keyword": "hol light formalization"},
{"keyword": "hol light version"},
{"keyword": "hol logic system"},
{"keyword": "hol multivariate analysis"},
{"keyword": "hol nominal"},
{"keyword": "hol overhead"},
{"keyword": "hol proof assistant"},
{"keyword": "hol set"},
{"keyword": "hol sources underlying"},
{"keyword": "hol standard library"},
{"keyword": "hol theorem"},
{"keyword": "hol theory listextras"},
{"keyword": "hol type system"},
{"keyword": "hol types"},
{"keyword": "hol users"},
{"keyword": "hol-algebra library"},
{"keyword": "hol-based afp entry"},
{"keyword": "hol-multivariate analysis library"},
{"keyword": "hol-multivariate-analysis session"},
{"keyword": "hol4 formalization"},
{"keyword": "holcf extension"},
{"keyword": "holcf package"},
{"keyword": "holomorphic automorphisms"},
{"keyword": "holzf theory"},
{"keyword": "hom embedding"},
{"keyword": "homogeneous linear diophantine equations"},
{"keyword": "homological argument"},
{"keyword": "homomorphic functions"},
{"keyword": "horn- renamable"},
{"keyword": "html documents"},
{"keyword": "human mortality"},
{"keyword": "human readable style"},
{"keyword": "human-readable fast-to-replay proof scripts"},
{"keyword": "hybrid game"},
{"keyword": "hybrid logic"},
{"keyword": "hybrid mixture"},
{"keyword": "hybrid programs"},
{"keyword": "hyper hoare logic"},
{"keyword": "hyper hoare logic subsumes"},
{"keyword": "hyperbolic geometry"},
{"keyword": "hyperdual extensions"},
{"keyword": "hyperdual numbers"},
{"keyword": "hypergraph decompositions"},
{"keyword": "hypergraph language"},
{"keyword": "hypergraph theory"},
{"keyword": "hypothesis stating"},
{"keyword": "ideal real simulation paradigm"},
{"keyword": "ideal showcase"},
{"keyword": "ideas borrowed"},
{"keyword": "identical sequence elements"},
{"keyword": "identified inconsistencies"},
{"keyword": "identifies posix"},
{"keyword": "identify bugs"},
{"keyword": "identify undesired information leaks"},
{"keyword": "identifying finite-dimensional operators"},
{"keyword": "ieee-754 floating-point arithmetic"},
{"keyword": "ifip networking 2016"},
{"keyword": "ijcar 2006 paper"},
{"keyword": "ijcar 2014 publication"},
{"keyword": "ijcar 2022 paper rensets"},
{"keyword": "ikkbz produces"},
{"keyword": "imaginary part"},
{"keyword": "immediately offer"},
{"keyword": "immensely helpful"},
{"keyword": "immutable arrays"},
{"keyword": "imp commands"},
{"keyword": "imp language"},
{"keyword": "impact"},
{"keyword": "imperative data structures"},
{"keyword": "imperative executable code"},
{"keyword": "imperative hol"},
{"keyword": "imperative hol heap monad"},
{"keyword": "imperative hol programs"},
{"keyword": "imperative implementation"},
{"keyword": "imperative language constructs"},
{"keyword": "imperative language imp"},
{"keyword": "imperative loop constructs"},
{"keyword": "imperative programming languages"},
{"keyword": "imperative programs"},
{"keyword": "imperative refinement framework"},
{"keyword": "imperative target language"},
{"keyword": "implement probabilistic algorithms"},
{"keyword": "implement saturation calculi"},
{"keyword": "implement translation functions"},
{"keyword": "implementation"},
{"keyword": "implementation details"},
{"keyword": "implementation matches"},
{"keyword": "implementation mixes"},
{"keyword": "implementation relates pointer-based computation"},
{"keyword": "implementation runs"},
{"keyword": "implementation supports set membership"},
{"keyword": "implemented multi-"},
{"keyword": "implemented tactics"},
{"keyword": "implemented tail recursively"},
{"keyword": "implicit flows"},
{"keyword": "implicit reasoning steps"},
{"keyword": "implies confluence"},
{"keyword": "import-expert format"},
{"keyword": "important classes"},
{"keyword": "important concepts"},
{"keyword": "important consequences"},
{"keyword": "important correctness property"},
{"keyword": "important data structure"},
{"keyword": "important functions"},
{"keyword": "important introductory theorems"},
{"keyword": "important meta-theoretic results"},
{"keyword": "important models"},
{"keyword": "important problem"},
{"keyword": "important properties"},
{"keyword": "important result"},
{"keyword": "important role"},
{"keyword": "important specializations"},
{"keyword": "important theorem"},
{"keyword": "impossibility theorem due"},
{"keyword": "improvements compared"},
{"keyword": "imre lakatos"},
{"keyword": "in-place heapsort"},
{"keyword": "incidence matrix representation"},
{"keyword": "incidence set systems"},
{"keyword": "incidence system isomorphisms"},
{"keyword": "incidence system properties"},
{"keyword": "incidence systems"},
{"keyword": "incoming edges"},
{"keyword": "incoming edges equals"},
{"keyword": "incomparable results"},
{"keyword": "incompleteness theorem"},
{"keyword": "inconsistent bounds"},
{"keyword": "inconsistent theory"},
{"keyword": "incorporate smoothly"},
{"keyword": "incorrectly initialized contract"},
{"keyword": "incorrectness logic 8"},
{"keyword": "incorrectness logics"},
{"keyword": "increased demand"},
{"keyword": "increasing rational sequence r_n"},
{"keyword": "increasingly important"},
{"keyword": "incredible proof machine"},
{"keyword": "incremental verification"},
{"keyword": "incrementally check"},
{"keyword": "indefinitely large set"},
{"keyword": "indefinitely long sequence"},
{"keyword": "independent authors"},
{"keyword": "independent axioms"},
{"keyword": "independent events"},
{"keyword": "independent families"},
{"keyword": "independent interest"},
{"keyword": "independent modules"},
{"keyword": "independent publication"},
{"keyword": "independent random variables"},
{"keyword": "independent runs"},
{"keyword": "indistinguishable security"},
{"keyword": "individual accepted"},
{"keyword": "individual components"},
{"keyword": "individual computing nodes"},
{"keyword": "individual program behaviours"},
{"keyword": "individual program executions"},
{"keyword": "induced maps"},
{"keyword": "induction"},
{"keyword": "induction hypothesis"},
{"keyword": "induction principle"},
{"keyword": "induction rule"},
{"keyword": "inductive definition"},
{"keyword": "inductive invariant proofs"},
{"keyword": "inductive method"},
{"keyword": "inductive predicates"},
{"keyword": "inductive sets"},
{"keyword": "inductive unwinding theorem"},
{"keyword": "industrial separation kernel"},
{"keyword": "industrial systems"},
{"keyword": "inefficient variant"},
{"keyword": "inequality involving expectations"},
{"keyword": "inequality states"},
{"keyword": "inertial observers"},
{"keyword": "inf-preserving predicate transformers"},
{"keyword": "inf-preserving transformers"},
{"keyword": "infer interleaves statements"},
{"keyword": "inference rules"},
{"keyword": "inference step"},
{"keyword": "inference system presented"},
{"keyword": "infinitary nominal data type"},
{"keyword": "infinitary version"},
{"keyword": "infinite"},
{"keyword": "infinite behavior traces"},
{"keyword": "infinite conjunctions"},
{"keyword": "infinite derivation trees"},
{"keyword": "infinite domain"},
{"keyword": "infinite element"},
{"keyword": "infinite execution"},
{"keyword": "infinite form"},
{"keyword": "infinite games"},
{"keyword": "infinite graphs"},
{"keyword": "infinite horizon mdps"},
{"keyword": "infinite iteration"},
{"keyword": "infinite key range"},
{"keyword": "infinite length"},
{"keyword": "infinite measure"},
{"keyword": "infinite message streams represented"},
{"keyword": "infinite paths"},
{"keyword": "infinite polynomial"},
{"keyword": "infinite ramsey theorem"},
{"keyword": "infinite sequence"},
{"keyword": "infinite series"},
{"keyword": "infinite series built"},
{"keyword": "infinite set"},
{"keyword": "infinite subset"},
{"keyword": "infinite trees branching"},
{"keyword": "infinite type"},
{"keyword": "infinite-dimensional vector spaces"},
{"keyword": "infinitely generated"},
{"keyword": "infinitesimal components"},
{"keyword": "influential works"},
{"keyword": "info research codegen"},
{"keyword": "informal description"},
{"keyword": "informal presentation"},
{"keyword": "informal proof"},
{"keyword": "information flow security"},
{"keyword": "information managed"},
{"keyword": "information observed"},
{"keyword": "information processing letters 29"},
{"keyword": "information required"},
{"keyword": "information whatsoever flows"},
{"keyword": "information-flow security aims"},
{"keyword": "information-flow security applicable"},
{"keyword": "infrastructure previously"},
{"keyword": "inherently based"},
{"keyword": "initial conversion"},
{"keyword": "initial nonterminal"},
{"keyword": "initial proof"},
{"keyword": "initial segment"},
{"keyword": "initial segment condition"},
{"keyword": "initial specification"},
{"keyword": "initial states"},
{"keyword": "inline caching optimization"},
{"keyword": "inlines function application"},
{"keyword": "input generators"},
{"keyword": "input infinite sequences"},
{"keyword": "input lists"},
+{"keyword": "input output pairs"},
{"keyword": "input parameter"},
{"keyword": "input processes"},
{"keyword": "input programs"},
{"keyword": "input simultaneously"},
{"keyword": "insecure channel controlled"},
{"keyword": "insertion sort"},
{"keyword": "insertion sort algorithm"},
{"keyword": "instance---many-sorted fol"},
{"keyword": "instantiation boils"},
{"keyword": "instantiation draws heavily"},
{"keyword": "instantiation reuses"},
{"keyword": "instruction set architecture"},
{"keyword": "int_0 1"},
{"keyword": "int_0 infty b_n"},
{"keyword": "integer coefficients"},
{"keyword": "integer components"},
{"keyword": "integer hull"},
{"keyword": "integer keys"},
{"keyword": "integer lattice 8484"},
{"keyword": "integer polynomial belongs"},
{"keyword": "integer polynomials"},
{"keyword": "integer ring modulo"},
{"keyword": "integer variables"},
{"keyword": "integer-indexed maps"},
{"keyword": "integers"},
{"keyword": "integers based"},
{"keyword": "integers hurwitz"},
{"keyword": "integers modulo"},
{"keyword": "integral domains"},
{"keyword": "integrated memory models"},
{"keyword": "integrated pide document model"},
{"keyword": "integration technique employs lex"},
{"keyword": "intensional higher-order modal logic"},
{"keyword": "interactive automated relativization"},
{"keyword": "interactive convergence algorithm"},
{"keyword": "interactive program verification environment"},
{"keyword": "interactive proof assistant"},
{"keyword": "interactive theorem prover"},
{"keyword": "interactive theorem proving"},
{"keyword": "interactive theorem proving sch16"},
{"keyword": "interactive visual theorem prover"},
{"keyword": "interactively find"},
{"keyword": "interdisciplinary project"},
{"keyword": "interest accrued"},
{"keyword": "interest distributed"},
{"keyword": "interest rate"},
{"keyword": "interesting case study"},
{"keyword": "interesting data structure"},
{"keyword": "interesting formalization exercise"},
{"keyword": "interesting format"},
{"keyword": "interesting proofs"},
{"keyword": "interesting property"},
{"keyword": "interesting syntactic subclass"},
{"keyword": "interleaves"},
{"keyword": "intermediate encoding"},
{"keyword": "intermediate relations"},
{"keyword": "intermediate results"},
{"keyword": "intermediate step"},
{"keyword": "internal direct product"},
{"keyword": "internal equivalences"},
{"keyword": "internal execution clocking"},
{"keyword": "internal path length"},
{"keyword": "internal path length relates"},
{"keyword": "internal representation"},
{"keyword": "internal timing channels"},
{"keyword": "internally vertex-disjoint paths"},
{"keyword": "international conference"},
{"keyword": "international mathematical olympiad 2019"},
{"keyword": "international system"},
{"keyword": "interpreting intensional type systems"},
{"keyword": "intersecting chords theorem"},
{"keyword": "intersection numbers"},
{"keyword": "intersection type systems"},
{"keyword": "interval arithmetic"},
{"keyword": "interval calculus"},
{"keyword": "interval logics"},
{"keyword": "interval temporal logics"},
{"keyword": "interval traversing results"},
{"keyword": "interval trees"},
{"keyword": "intervals"},
{"keyword": "intransitive noninterference policy"},
{"keyword": "intransitive policy"},
{"keyword": "intransitive purge function"},
{"keyword": "intraprocedural proof"},
{"keyword": "intricate cyclic program"},
{"keyword": "intricate distributed protocol"},
{"keyword": "intricate part"},
{"keyword": "intrinsic properties"},
{"keyword": "introducing constructor functions"},
{"keyword": "introductory sections"},
{"keyword": "intuitionistic logic"},
{"keyword": "intuitive arguments found"},
{"keyword": "intuitive combinatorial proof"},
{"keyword": "intuitive desired security policy"},
{"keyword": "intuitively secure programs"},
{"keyword": "invariance"},
{"keyword": "invariant based programming"},
{"keyword": "invariant based programs"},
{"keyword": "invariant factor decomposition"},
{"keyword": "invariant generation"},
{"keyword": "inventors vickrey"},
{"keyword": "inventory management"},
{"keyword": "inverse function"},
{"keyword": "inverse limit"},
{"keyword": "inverse operations"},
{"keyword": "inverse squares"},
{"keyword": "inverse transform ifntt"},
{"keyword": "inverse transform intt"},
{"keyword": "inversion rules"},
{"keyword": "inversions"},
{"keyword": "investigate mathematical structures"},
{"keyword": "involve polynomial interpretations"},
{"keyword": "involve regular expressions"},
{"keyword": "involved path"},
{"keyword": "involves extensive reasoning"},
{"keyword": "io monad"},
{"keyword": "ip address ranges"},
{"keyword": "ip-route command"},
{"keyword": "iptables match condition"},
{"keyword": "ipurge unwinding theorem"},
{"keyword": "ipv4 address allocation"},
{"keyword": "ipv4 addresses"},
{"keyword": "ipv6 address space"},
{"keyword": "ipv6 addresses"},
{"keyword": "irrationality criteria"},
{"keyword": "irreducible cfgs"},
{"keyword": "irreducible representation"},
{"keyword": "isafol isafol authors"},
{"keyword": "isafol project isafol"},
{"keyword": "isafor ceta project"},
{"keyword": "isafor ceta-system"},
{"keyword": "isar conversion"},
{"keyword": "isar proof"},
{"keyword": "isomorphism classes"},
{"keyword": "isomorphism preserves order"},
{"keyword": "isomorphism theorem"},
{"keyword": "isomorphisms results"},
{"keyword": "isoscele triangles"},
{"keyword": "isosceles triangle theorem"},
{"keyword": "iteration operators"},
{"keyword": "iterative interpretive process"},
{"keyword": "iterative versions"},
{"keyword": "iteratively solve finite mdps"},
{"keyword": "itp 2011 paper"},
{"keyword": "itp 2015 publication"},
{"keyword": "itp 2017 paper"},
{"keyword": "itp-2015 peter lammich"},
{"keyword": "itp-2016 paper"},
{"keyword": "ivana vukotic"},
{"keyword": "j3202"},
{"keyword": "jacobi symbol"},
{"keyword": "james margetson"},
{"keyword": "jan kret nsk"},
{"keyword": "jan kretinsky proposed"},
{"keyword": "jasmin blanchette"},
{"keyword": "java interactive verification environment"},
{"keyword": "java language architecture"},
{"keyword": "java se 8 specification"},
{"keyword": "javascript object notation"},
{"keyword": "javascript world"},
{"keyword": "javier esparza"},
{"keyword": "jeroen ketema"},
{"keyword": "jinja source"},
{"keyword": "jinja source code semantics"},
{"keyword": "joachim breitner"},
{"keyword": "johann bernoulli"},
{"keyword": "john bruntse larsen"},
{"keyword": "john harrison"},
{"keyword": "john wickerson"},
{"keyword": "join ordering algorithm ikkbz"},
{"keyword": "join trees"},
{"keyword": "join-irreducible elements"},
{"keyword": "jones polynomial"},
{"keyword": "jordan curve theorem"},
{"keyword": "jordan decomposition theorem"},
{"keyword": "jordan normal form"},
{"keyword": "jordan_normal_form afp entry"},
{"keyword": "json encoded data"},
{"keyword": "json objects"},
{"keyword": "json-encoded data"},
{"keyword": "julien narboux"},
{"keyword": "k-universal hash family"},
{"keyword": "kan extensions"},
{"keyword": "karel hrbacek"},
{"keyword": "keeping track"},
{"keyword": "keith conrad"},
{"keyword": "kepler conjecture"},
{"keyword": "key agreement protocols"},
{"keyword": "key aspect"},
{"keyword": "key cards"},
{"keyword": "key component"},
{"keyword": "key composition property"},
{"keyword": "key concepts"},
{"keyword": "key confirmation"},
{"keyword": "key construction"},
{"keyword": "key contribution"},
{"keyword": "key encapsulation mechanism"},
{"keyword": "key establishment protocols"},
{"keyword": "key proofs"},
{"keyword": "key properties"},
{"keyword": "key range"},
{"keyword": "key resource assertions"},
{"keyword": "key result"},
{"keyword": "key undecidability result present"},
{"keyword": "key value-pairs"},
{"keyword": "keyed-hash message authentication code"},
{"keyword": "kind"},
{"keyword": "kind mapped"},
{"keyword": "kleene algebra"},
{"keyword": "kleene algebra hierarchy"},
{"keyword": "kleene algebras endowed"},
{"keyword": "kleene algebras remain"},
{"keyword": "kleene normal form"},
{"keyword": "kleene relation algebras"},
{"keyword": "kleene star"},
{"keyword": "kleene star arise"},
{"keyword": "kleene star operation"},
{"keyword": "klein nicta"},
{"keyword": "klein-beltrami model"},
{"keyword": "kleisli category"},
{"keyword": "knaster tarski theorem"},
{"keyword": "knight"},
{"keyword": "knight visits"},
{"keyword": "knot theory"},
{"keyword": "knowledge"},
{"keyword": "knowledge compilation"},
{"keyword": "knuth bendix orders"},
{"keyword": "knuth ndash"},
{"keyword": "knuth-morris-pratt algorithm"},
{"keyword": "kronecker tensor product"},
{"keyword": "kuratowski subgraphs"},
{"keyword": "l-shaped tiles"},
{"keyword": "labeled trees"},
{"keyword": "labelled directed graphs"},
{"keyword": "labelled natural deduction system"},
{"keyword": "labour cost"},
{"keyword": "labour intensive"},
{"keyword": "lagrange interpolation"},
{"keyword": "lambda -calculus"},
{"keyword": "lambda calculus"},
{"keyword": "lambda-calculus"},
{"keyword": "lambda-free recursive path orders"},
{"keyword": "landau expressions"},
{"keyword": "landau symbol"},
{"keyword": "landmark information flow property"},
{"keyword": "landmark theorem due"},
{"keyword": "landmark work collective choice"},
{"keyword": "language determinism"},
{"keyword": "language emptiness problem"},
{"keyword": "language features"},
{"keyword": "language features monadic sequencing"},
+{"keyword": "language inclusion"},
{"keyword": "language primitives"},
{"keyword": "language processing"},
{"keyword": "language theory"},
{"keyword": "language-based non-interference property"},
{"keyword": "languages generated"},
{"keyword": "laplace transform"},
{"keyword": "large class"},
{"keyword": "large collection"},
{"keyword": "large computations"},
{"keyword": "large financial losses"},
{"keyword": "large formalization efforts"},
{"keyword": "large fragment"},
{"keyword": "large graphs"},
{"keyword": "large library"},
{"keyword": "large number"},
{"keyword": "large numbers states"},
{"keyword": "large part"},
{"keyword": "large real-world firewall"},
{"keyword": "large transitive closures"},
{"keyword": "large tree automata"},
{"keyword": "large-scale shared mutable content"},
{"keyword": "large-scale stream processing systems"},
{"keyword": "larger arrangements due"},
{"keyword": "larger cardinality"},
{"keyword": "larger memory"},
{"keyword": "larger rings"},
{"keyword": "largest power"},
{"keyword": "larry paulson"},
{"keyword": "latest version"},
{"keyword": "latin rectangle"},
{"keyword": "latin square"},
{"keyword": "lattice ordered groups"},
{"keyword": "lattice point"},
{"keyword": "lattice supremum providing"},
{"keyword": "lattice theory"},
{"keyword": "lattice vector"},
{"keyword": "lattice-based cryptography"},
{"keyword": "lattice-based post-quantum cryptography"},
{"keyword": "lattice-theoretic concepts"},
{"keyword": "laurent expansion"},
{"keyword": "law"},
{"keyword": "lawrence paulson"},
{"keyword": "lazy list"},
{"keyword": "lazy sequences"},
{"keyword": "leading coefficient"},
{"keyword": "leading power-product"},
{"keyword": "learned clauses"},
{"keyword": "lebesgue measure"},
{"keyword": "lebesgue-style integration plays"},
{"keyword": "lee cl73"},
{"keyword": "left part"},
{"keyword": "leftmost reduction"},
{"keyword": "leftmost reduction theorem"},
{"keyword": "lehmer"},
{"keyword": "lehmer presented criterions"},
{"keyword": "lehmer test"},
{"keyword": "lei97 alexander leitsch"},
{"keyword": "leitsch lei97"},
{"keyword": "lemma"},
{"keyword": "lemma based"},
{"keyword": "lemma statements"},
{"keyword": "lemmas required"},
{"keyword": "lend money"},
{"keyword": "lending funds"},
{"keyword": "length constraints"},
{"keyword": "lens algebra"},
{"keyword": "lens class"},
{"keyword": "lens classes"},
{"keyword": "lens laws"},
{"keyword": "leq alpha"},
{"keyword": "leq mathtt length"},
{"keyword": "level sequences"},
{"keyword": "levi identities"},
{"keyword": "lexicographic algorithm incorporating"},
{"keyword": "lexicographic extensions"},
{"keyword": "liberal paradox"},
{"keyword": "library base"},
{"keyword": "lies strictly"},
{"keyword": "life table"},
{"keyword": "lift larger classes"},
{"keyword": "lift universally quantified equations"},
{"keyword": "lift_definition command"},
{"keyword": "lifting"},
{"keyword": "lifting algebraic laws point-wise"},
{"keyword": "lifting function application"},
{"keyword": "lifting invariants"},
{"keyword": "lifting operation"},
+{"keyword": "lifting package"},
{"keyword": "lifting step"},
{"keyword": "lifts resolution derivation steps"},
{"keyword": "light-weight type system"},
{"keyword": "lim"},
{"keyword": "limiting parallels axiom"},
{"keyword": "limits"},
{"keyword": "limits exist"},
{"keyword": "linear"},
{"keyword": "linear algebra"},
{"keyword": "linear algebra libraries"},
{"keyword": "linear algebraic techniques"},
{"keyword": "linear bound argument"},
{"keyword": "linear combination"},
{"keyword": "linear constraints"},
{"keyword": "linear equations"},
{"keyword": "linear independence"},
{"keyword": "linear inequalities"},
{"keyword": "linear inqualities"},
{"keyword": "linear integer polynomial"},
{"keyword": "linear logics"},
{"keyword": "linear map"},
{"keyword": "linear order"},
{"keyword": "linear ordered fields"},
{"keyword": "linear pass homomorphic application"},
{"keyword": "linear programs"},
{"keyword": "linear real arithmetic"},
{"keyword": "linear size"},
{"keyword": "linear temporal logic"},
{"keyword": "linear time"},
{"keyword": "linear transformations"},
{"keyword": "linear upper bound"},
{"keyword": "linear variable-separated rewrite systems"},
{"keyword": "linear-time temporal logic"},
{"keyword": "linearised looplessly"},
{"keyword": "linearly independent"},
{"keyword": "linearly ordered borel-spaces"},
{"keyword": "linearly ordered commutative semigroups"},
{"keyword": "linearly ordered group"},
{"keyword": "linearly ordered sets"},
{"keyword": "link tangle equivalence"},
{"keyword": "linux firewall iptables"},
{"keyword": "linux netfilter iptables firewall"},
{"keyword": "linux-based firewall"},
{"keyword": "linux-based router"},
{"keyword": "linux-style router"},
{"keyword": "liouville numbers"},
{"keyword": "lipschitz maps"},
{"keyword": "list"},
{"keyword": "list interleavings"},
{"keyword": "list lookup operation"},
{"keyword": "list module"},
{"keyword": "list operations"},
{"keyword": "list type"},
{"keyword": "list update algorithms"},
{"keyword": "list update problem"},
{"keyword": "lists representation"},
{"keyword": "litte theorem"},
{"keyword": "llists"},
{"keyword": "lll algorithm"},
{"keyword": "lll basis reduction algorithm"},
{"keyword": "local clock"},
{"keyword": "local hidden variable hypothesis"},
{"keyword": "local hidden variables"},
{"keyword": "local lexing"},
{"keyword": "local lexing semantics"},
{"keyword": "local parallel compositions"},
{"keyword": "local type definitions"},
{"keyword": "locale assumptions"},
{"keyword": "locale assumptions correspond"},
{"keyword": "locale eval lowbar"},
{"keyword": "locale mechanism"},
{"keyword": "locale-centric approach"},
{"keyword": "locally control back-end settings"},
{"keyword": "locally finite"},
{"keyword": "locally nameless representation"},
{"keyword": "locally ringed space"},
{"keyword": "lock synchronisation"},
{"keyword": "lockstep models"},
{"keyword": "log levels"},
{"keyword": "log log"},
{"keyword": "log-gamma function"},
{"keyword": "logarithmic amortized complexity"},
{"keyword": "logarithmic expected time"},
{"keyword": "logarithmic time"},
{"keyword": "logarithmic upper bound"},
{"keyword": "logger configurations"},
{"keyword": "logging-dependent message anonymity"},
{"keyword": "logging-independent message anonymity"},
{"keyword": "logic"},
{"keyword": "logic due"},
{"keyword": "logic programming"},
{"keyword": "logic tla merz 1999"},
{"keyword": "logical approaches"},
{"keyword": "logical calculus"},
{"keyword": "logical connectives"},
{"keyword": "logical foundation"},
{"keyword": "logical reasoning"},
{"keyword": "logical systems"},
{"keyword": "logically equivalent"},
{"keyword": "logically equivalent quantifier-free formula"},
{"keyword": "logically exclusive"},
{"keyword": "logically safe"},
{"keyword": "logics denote regular languages"},
{"keyword": "logics feature recovery operators"},
{"keyword": "longer guaranteed"},
{"keyword": "longer periods"},
{"keyword": "longer valid"},
{"keyword": "longest lyndon suffix"},
{"keyword": "longest recognized substrings"},
{"keyword": "loop freedom"},
{"keyword": "low edge probability"},
{"keyword": "low-degree polynomials"},
{"keyword": "lower bound"},
{"keyword": "lower semicontinuous"},
{"keyword": "lower semicontinuous hull"},
{"keyword": "lower-level language based"},
{"keyword": "lp spaces"},
{"keyword": "lsfa 2020 paper"},
{"keyword": "ltl formula"},
{"keyword": "ltl model checker"},
{"keyword": "ltl properties"},
{"keyword": "ltl yielding"},
{"keyword": "lu cleverly extended"},
{"keyword": "lucas ndash"},
{"keyword": "lyndon words"},
{"keyword": "lyndon-sch tzenberger theorem"},
{"keyword": "mac lane"},
{"keyword": "macaulay matrices"},
{"keyword": "macaulay matrix"},
{"keyword": "macaulay matrix constructed"},
{"keyword": "machine checked collections framework"},
{"keyword": "machine checked proofs"},
{"keyword": "machine configuration"},
{"keyword": "machine language"},
{"keyword": "machine learning"},
{"keyword": "machine words"},
{"keyword": "machine-assisted proof"},
{"keyword": "machine-checked correctness theorems"},
{"keyword": "machine-checked proofs"},
{"keyword": "machine-checked text annex"},
{"keyword": "machine-checked tree automata library"},
{"keyword": "machine-checked version"},
{"keyword": "machine-verifiable proof certificates"},
{"keyword": "maclaurin formula"},
{"keyword": "maclaurin series"},
{"keyword": "maclaurin summation formula"},
{"keyword": "magic wand"},
{"keyword": "magic wand assertion"},
{"keyword": "magic wand formula"},
{"keyword": "magic wand mathbin"},
{"keyword": "main advantage"},
{"keyword": "main concern"},
{"keyword": "main contribution"},
{"keyword": "main crypto_standards theory"},
{"keyword": "main entry point"},
{"keyword": "main goal"},
{"keyword": "main motivation"},
{"keyword": "main novelty"},
{"keyword": "main operation"},
{"keyword": "main order fully coincides"},
{"keyword": "main premise"},
{"keyword": "main result"},
{"keyword": "main results verified"},
{"keyword": "main routing table"},
{"keyword": "main theorem"},
{"keyword": "main theorem relates"},
{"keyword": "main theorem states"},
{"keyword": "main thrust"},
{"keyword": "main topics"},
{"keyword": "mainstream structures"},
{"keyword": "maintain hidden state"},
{"keyword": "maintaining knowledge"},
{"keyword": "major case study"},
{"keyword": "major goal"},
{"keyword": "manipulating data types"},
{"keyword": "mansky"},
{"keyword": "manual alpha-conversions"},
{"keyword": "manual approach"},
{"keyword": "manual proofs"},
{"keyword": "many-sorted first-order logic"},
{"keyword": "many-sorted problem"},
{"keyword": "map lists"},
{"keyword": "mapping method"},
{"keyword": "mapping regular expressions"},
{"keyword": "margulis-gabber-galil graphs"},
{"keyword": "mark 1 machine"},
{"keyword": "marked regular expressions"},
{"keyword": "markov chains"},
{"keyword": "markov decision processes"},
{"keyword": "marriage theorem"},
{"keyword": "mason ndash"},
{"keyword": "master students"},
{"keyword": "master theorem"},
{"keyword": "master theorem based"},
{"keyword": "match expression"},
{"keyword": "matching"},
{"keyword": "material decribed"},
{"keyword": "mathbf sim gamma phi"},
{"keyword": "mathcal"},
{"keyword": "mathematical areas"},
{"keyword": "mathematical book written"},
{"keyword": "mathematical components"},
{"keyword": "mathematical development"},
{"keyword": "mathematical development presented"},
{"keyword": "mathematical formulation"},
{"keyword": "mathematical framework"},
{"keyword": "mathematical logic"},
{"keyword": "mathematical machinery"},
{"keyword": "mathematical sets"},
{"keyword": "mathematical structures"},
{"keyword": "mathematical text"},
{"keyword": "mathematical theories"},
{"keyword": "mathematical tools"},
{"keyword": "mathematical tripos taught"},
{"keyword": "mathematically precise theory"},
{"keyword": "mathematics stack exchange page"},
{"keyword": "mathtt length"},
{"keyword": "mathtt lists"},
{"keyword": "mathtt sat"},
{"keyword": "matrices represented"},
{"keyword": "matrix equation"},
{"keyword": "matrix rank"},
{"keyword": "matrix representation"},
{"keyword": "matrix theory"},
{"keyword": "matryoshka website"},
{"keyword": "matt devos"},
{"keyword": "max-flow min-cut theorem"},
{"keyword": "maximal consistent saturated sets"},
{"keyword": "maximal consistent set"},
{"keyword": "maximal load factors"},
{"keyword": "maximal normal subgroups"},
{"keyword": "maximally consistent"},
{"keyword": "maximally consistent sets"},
{"keyword": "maximize reuse"},
{"keyword": "maximum cardinality"},
{"keyword": "maximum cardinality matching"},
{"keyword": "maximum determination"},
{"keyword": "maximum element"},
{"keyword": "maximum flow"},
{"keyword": "maximum norm"},
{"keyword": "maximum reachability probabilities"},
{"keyword": "maximum segment sum problem"},
{"keyword": "maximum-flow minimal-cut theorem"},
{"keyword": "mcss based"},
{"keyword": "mdp model checking"},
{"keyword": "meaningless encodings"},
+{"keyword": "measurable space generated"},
{"keyword": "measurable spaces"},
{"keyword": "measurable subset"},
{"keyword": "measure preserving transformations"},
{"keyword": "measure theory"},
{"keyword": "measuring angles"},
{"keyword": "mechanical derivation"},
{"keyword": "mechanical theorem proving"},
{"keyword": "mechanically supported logic analysis"},
{"keyword": "mechanically verifying algorithms"},
{"keyword": "mechanised proofs"},
{"keyword": "mechanised proofs offermat"},
{"keyword": "mechanising proofs"},
{"keyword": "mechanized proof"},
{"keyword": "mechanized soundness proof"},
{"keyword": "mechanizing gauss"},
{"keyword": "meet schneider"},
{"keyword": "meeting point"},
{"keyword": "meld operations"},
{"keyword": "memory implementations"},
{"keyword": "memory model"},
{"keyword": "memory model theory"},
{"keyword": "memory resolve"},
{"keyword": "memory semantics"},
{"keyword": "mentioned algorithms"},
{"keyword": "mentioned logics"},
{"keyword": "mentioned properties"},
{"keyword": "mergesort algorithm"},
{"keyword": "merkle functors"},
{"keyword": "message"},
{"keyword": "message anonymity"},
{"keyword": "message confidentiality"},
{"keyword": "message filters"},
{"keyword": "metaphysical questions"},
{"keyword": "metaphysical theory"},
{"keyword": "metatheoretical observation"},
{"keyword": "metatheoretical properties"},
{"keyword": "method called separata"},
{"keyword": "method calls"},
{"keyword": "method exploits"},
{"keyword": "method normalises applicative expressions"},
{"keyword": "methodology chosen"},
{"keyword": "metric dynamic logic"},
{"keyword": "metric embeddings"},
{"keyword": "metric first-order dynamic logic"},
{"keyword": "metric first-order temporal logic"},
{"keyword": "metric space"},
{"keyword": "metric temporal logic"},
{"keyword": "mfodl supports real-time constraints"},
{"keyword": "microsoft research"},
{"keyword": "mid 80s"},
{"keyword": "mild condition attractivity"},
{"keyword": "miller ndash"},
{"keyword": "minimal complete sets"},
{"keyword": "minimal dfas"},
{"keyword": "minimal polynomial"},
{"keyword": "minimal set"},
{"keyword": "minimal space usage"},
{"keyword": "minimal ssa form"},
{"keyword": "minimal unsatisfiable cores"},
{"keyword": "minimisation"},
{"keyword": "minimization algorithm"},
{"keyword": "minimum weight basis"},
{"keyword": "minimum weighted path length"},
{"keyword": "minkowski inequalities"},
{"keyword": "minkowski space-time"},
{"keyword": "minkowski spacetime"},
{"keyword": "minor corrections"},
{"keyword": "minor technical issue"},
{"keyword": "minsky configurations"},
{"keyword": "minsky machines"},
{"keyword": "mirroring beringer"},
{"keyword": "missing gaps"},
{"keyword": "mit press 1995"},
{"keyword": "mixed-integer solutions"},
{"keyword": "mixed-product property"},
{"keyword": "mobile computing"},
{"keyword": "mobius base logic"},
{"keyword": "modal collapse"},
{"keyword": "modal kleene algebra"},
{"keyword": "modal logic"},
{"keyword": "modal operators"},
{"keyword": "modal powerset quantale"},
{"keyword": "modal quantales"},
{"keyword": "modal relational type theory"},
{"keyword": "model checker spin"},
{"keyword": "model checkers"},
{"keyword": "model checking"},
{"keyword": "model compatibility"},
{"keyword": "model entire prover architectures"},
{"keyword": "model existence"},
{"keyword": "model existence theorem"},
{"keyword": "model formulas"},
{"keyword": "model partial correctness"},
{"keyword": "model reactive systems"},
{"keyword": "model refinement"},
{"keyword": "model satisfies"},
{"keyword": "model systems"},
{"keyword": "model total correctness"},
{"keyword": "model unweighted graphs"},
{"keyword": "model weighted graphs"},
{"keyword": "model-level og proof"},
{"keyword": "modeling application level protocols"},
{"keyword": "modeling firewall policies"},
{"keyword": "modeling languages"},
{"keyword": "modeling real-time systems"},
{"keyword": "modelling security"},
{"keyword": "models partial functions"},
{"keyword": "modern day politics"},
{"keyword": "modern environment"},
{"keyword": "modern multiprocessors depend"},
{"keyword": "modern sat solvers"},
{"keyword": "modern web browser"},
{"keyword": "modified policy iteration"},
{"keyword": "modified version"},
{"keyword": "modify nodes"},
{"keyword": "modular arithmetic plays"},
{"keyword": "modular assembly kit"},
{"keyword": "modular exponentiation"},
{"keyword": "modular hierarchy"},
{"keyword": "module development"},
{"keyword": "modulo operation"},
{"keyword": "monad carries"},
{"keyword": "monad transformers"},
{"keyword": "monadic functions"},
{"keyword": "monadic interpreter"},
{"keyword": "monadic language"},
{"keyword": "monadic refinement framework"},
{"keyword": "monadic second-order logic"},
{"keyword": "monadified version"},
{"keyword": "monetary supply grows"},
{"keyword": "monic irreducible polynomials"},
{"keyword": "monitor supports aggregation operations"},
{"keyword": "monitoring algorithm"},
{"keyword": "monitoring tools"},
{"keyword": "mono de libre"},
{"keyword": "monochromatic line"},
{"keyword": "monoidal categories"},
{"keyword": "monoidal category"},
{"keyword": "monoidal category rel"},
{"keyword": "monoidal functor"},
{"keyword": "monoids generated"},
{"keyword": "monolithic structure"},
{"keyword": "monotone boolean functions"},
{"keyword": "monotone maps"},
{"keyword": "monotone predicate"},
{"keyword": "monotonic boolean transformers"},
{"keyword": "monotonic functions"},
{"keyword": "monotonic predicate transformers"},
{"keyword": "monotonic property transformers"},
{"keyword": "monotonically decreasing sequence"},
{"keyword": "morally questionable"},
{"keyword": "morris-pratt string matching algorithm"},
{"keyword": "morse lemma asserting"},
{"keyword": "msc thesis"},
{"keyword": "msc thesis sch15"},
{"keyword": "mso formulas correspond"},
{"keyword": "multi-head monitoring algorithm"},
{"keyword": "multi-head paradigm"},
{"keyword": "multi-node extension"},
{"keyword": "multi-party computation"},
{"keyword": "multi-stage compiler verifications"},
{"keyword": "multidimensional binary trees"},
{"keyword": "multiple algebraic structures"},
{"keyword": "multiple goods"},
{"keyword": "multiple oblivious transfer"},
{"keyword": "multiple positions"},
{"keyword": "multiple relational databases"},
{"keyword": "multiplication"},
{"keyword": "multiplication protocol"},
{"keyword": "multiplication syntactically"},
{"keyword": "multiplicative constants"},
{"keyword": "multiplicative group"},
{"keyword": "multiplicative monoid"},
{"keyword": "multiplicative subset"},
{"keyword": "multiset-comparison problems"},
{"keyword": "multitape tm runs"},
{"keyword": "multitape tms"},
{"keyword": "multitape turing machines"},
{"keyword": "multithreaded case"},
{"keyword": "multivariate polynomial rings"},
{"keyword": "multivariate polynomials"},
{"keyword": "multivariate quantifier elimination"},
{"keyword": "multivariate taylor models"},
{"keyword": "mutable references"},
{"keyword": "mutating operations performed"},
{"keyword": "mutilated chess board"},
{"keyword": "mutually inverse"},
{"keyword": "mutually recursive functions"},
{"keyword": "mutually recursive procedures"},
{"keyword": "mutually-recursive definition"},
{"keyword": "myhill nerode theorem"},
{"keyword": "myhill-nerode theorem"},
{"keyword": "n2m operation"},
{"keyword": "naive algorithm"},
{"keyword": "naive union operation"},
{"keyword": "nash-williams discovered"},
{"keyword": "nat-bijection theory"},
{"keyword": "nathan chong"},
{"keyword": "native sequential consistency"},
{"keyword": "natural bijections"},
{"keyword": "natural deduction"},
{"keyword": "natural deduction proof calculus"},
{"keyword": "natural deduction system"},
{"keyword": "natural homomorphism"},
{"keyword": "natural language processing"},
{"keyword": "natural logarithm"},
{"keyword": "natural number"},
{"keyword": "natural number greater"},
{"keyword": "natural numbers 0"},
{"keyword": "natural question"},
{"keyword": "natural transformations"},
{"keyword": "natural transformations simply"},
{"keyword": "natural-language explanations"},
{"keyword": "nature allowing"},
{"keyword": "nearest lattice vector"},
{"keyword": "nearest neighbor algorithm"},
{"keyword": "nearest shadow root"},
{"keyword": "necessarily numbers"},
{"keyword": "negated subquery"},
{"keyword": "negative cycles"},
{"keyword": "negative diagonal entry"},
{"keyword": "negative integers"},
{"keyword": "negative real parts"},
{"keyword": "negative resolution"},
{"keyword": "negative solution"},
{"keyword": "nested binary joins"},
{"keyword": "nested multiset datatype"},
{"keyword": "nested multiset order"},
{"keyword": "nested multisets"},
{"keyword": "network"},
{"keyword": "network model"},
{"keyword": "network protocols"},
{"keyword": "network security mechanisms"},
{"keyword": "networking protocols"},
{"keyword": "neutral absolute space"},
{"keyword": "neutral social decision scheme"},
{"keyword": "newly detected states"},
{"keyword": "newton interpolation"},
{"keyword": "newton puiseux theorem"},
{"keyword": "next-free ltl formula"},
{"keyword": "nicta l4v"},
{"keyword": "niederreiter"},
{"keyword": "nieto verification"},
{"keyword": "nigsberg bridge problem"},
{"keyword": "nist"},
{"keyword": "nnf-based algorithms"},
{"keyword": "no-cloning theorem"},
{"keyword": "no-frills state-exception monad"},
{"keyword": "node labeled 1"},
{"keyword": "nodes"},
{"keyword": "nodes labeled"},
{"keyword": "nominal"},
{"keyword": "nominal datatype package"},
{"keyword": "nominal logic"},
{"keyword": "nominal logic formalism"},
{"keyword": "nominal sets"},
{"keyword": "nominal style"},
{"keyword": "nominal2 library"},
{"keyword": "nominal2 package"},
{"keyword": "non-adjacent distinct vertices"},
{"keyword": "non-atomic keys"},
{"keyword": "non-boolean gray code"},
{"keyword": "non-classical negations"},
{"keyword": "non-consecutive fibonacci numbers"},
{"keyword": "non-deterministic algorithm"},
{"keyword": "non-deterministic automata"},
{"keyword": "non-deterministic buechi-automaton"},
{"keyword": "non-deterministic finite state machine"},
{"keyword": "non-deterministic interpreter"},
{"keyword": "non-deterministic languages"},
{"keyword": "non-deterministic monad"},
{"keyword": "non-deterministic tms"},
{"keyword": "non-elementary worst-case blow-"},
{"keyword": "non-functional requirements"},
{"keyword": "non-negative cost function"},
{"keyword": "non-negative integer"},
{"keyword": "non-negative real"},
{"keyword": "non-negative real matrix"},
{"keyword": "non-negative real-"},
{"keyword": "non-negative reals a_1"},
{"keyword": "non-negative solutions"},
{"keyword": "non-negative weights w_1"},
{"keyword": "non-obvious closed form"},
{"keyword": "non-redundant clause learning"},
{"keyword": "non-relational reasoning"},
{"keyword": "non-strict computations"},
{"keyword": "non-strict function abstractions"},
{"keyword": "non-terminating executions"},
{"keyword": "noncommuting words"},
{"keyword": "noncommuting words form"},
{"keyword": "nondeterminism monad"},
{"keyword": "nondeterministic branching"},
{"keyword": "nondeterministic programs"},
{"keyword": "noninterference proofs"},
{"keyword": "noninterference security"},
{"keyword": "noninterference security applying"},
{"keyword": "noninterference theorem"},
{"keyword": "nontrivial size"},
{"keyword": "nonzero rational number"},
{"keyword": "nora szasz"},
{"keyword": "normal filters"},
{"keyword": "normal form"},
{"keyword": "normal form --"},
{"keyword": "normal form property"},
{"keyword": "normal functions"},
{"keyword": "normal series"},
{"keyword": "normal strategy"},
{"keyword": "normal subgroups"},
{"keyword": "normalisation algorithm"},
{"keyword": "normalisation procedures"},
{"keyword": "normalise monadic hol terms"},
{"keyword": "normalises monadic expressions"},
{"keyword": "normalization equivalence"},
{"keyword": "normalizing strategy"},
{"keyword": "normed space"},
{"keyword": "notable result"},
{"keyword": "notably holcf"},
{"keyword": "notably poicar recurrence theorem"},
{"keyword": "notes"},
{"keyword": "notes introduction"},
{"keyword": "notions probabilistic noninterference"},
{"keyword": "np-complete optimization problems"},
{"keyword": "np-complete problem"},
{"keyword": "np-hard problem"},
{"keyword": "np-hardness proofs"},
{"keyword": "null space"},
{"keyword": "nullable types"},
{"keyword": "number"},
{"keyword": "number partitions"},
{"keyword": "number theoretic result"},
{"keyword": "number theoretic transform"},
{"keyword": "number theory"},
{"keyword": "number-theoretic foundations"},
{"keyword": "number-theoretic functions"},
{"keyword": "number-theoretic lemmas"},
{"keyword": "number-theoretic results"},
{"keyword": "numeral type"},
{"keyword": "numeric constants occurring"},
{"keyword": "numerical algorithms"},
{"keyword": "numerous applications"},
{"keyword": "numerous existing correctness"},
{"keyword": "numerous instances"},
{"keyword": "numerous misunderstandings"},
{"keyword": "numerous models"},
{"keyword": "o-automata framework"},
{"keyword": "object logic"},
{"keyword": "object logic chaudhuri"},
{"keyword": "object logic zfc"},
{"keyword": "object oriented design"},
{"keyword": "object-free style"},
{"keyword": "object-oriented data"},
{"keyword": "object-oriented data-type theories generated"},
{"keyword": "object-oriented programming"},
{"keyword": "objects based"},
{"keyword": "observation set"},
{"keyword": "observe execution times"},
{"keyword": "observed sequence"},
{"keyword": "obtain concrete upper bounds"},
{"keyword": "obtain dynamic programming algorithms"},
{"keyword": "obtain efficient certified algorithms"},
{"keyword": "obtain efficient code"},
{"keyword": "obtain executable code"},
{"keyword": "obtain liouville numbers"},
{"keyword": "obtain maximally consistent sets"},
{"keyword": "ocaml executable instance"},
{"keyword": "occurrence counts"},
{"keyword": "ocl specification"},
{"keyword": "ocl standard"},
{"keyword": "ocl standard targeting"},
{"keyword": "ocl type system"},
{"keyword": "octet string"},
{"keyword": "octonionic product"},
{"keyword": "odd bernoulli numbers"},
{"keyword": "odd natural numbers"},
{"keyword": "odd ranking"},
{"keyword": "odd-set cover"},
{"keyword": "odd-set cover osc"},
{"keyword": "offers low-latency data-"},
{"keyword": "official standard"},
{"keyword": "okamoto sigma-protocols"},
{"keyword": "old_datatype command"},
{"keyword": "omega 1 alpha"},
{"keyword": "omega 1 alpha cdot"},
{"keyword": "omega omega"},
{"keyword": "omega operation"},
{"keyword": "omega-complete non-orders"},
{"keyword": "omnipresent foundational errors"},
{"keyword": "one-complete computably enumerable set"},
{"keyword": "one-dimensional case"},
{"keyword": "one-pass uniform substitutions"},
{"keyword": "one-sided sequent calculus"},
{"keyword": "one-time efforts benefit"},
{"keyword": "ongoing development"},
{"keyword": "ontological argument"},
{"keyword": "oopsla 2006 paper"},
{"keyword": "open induction schema based"},
{"keyword": "open problem"},
{"keyword": "open publishing association"},
{"keyword": "operating system"},
{"keyword": "operation results"},
{"keyword": "operational"},
{"keyword": "operational correspondence"},
{"keyword": "operational properties"},
{"keyword": "operational rules"},
{"keyword": "operational semantics"},
{"keyword": "operations efficiently"},
{"keyword": "operations needed"},
{"keyword": "operations run"},
{"keyword": "operator applications"},
{"keyword": "operators"},
{"keyword": "operators combine"},
{"keyword": "opinion"},
{"keyword": "opposite case"},
{"keyword": "optimal binary search trees"},
{"keyword": "optimal running time"},
{"keyword": "optimal stationary deterministic solution"},
{"keyword": "optimality equations"},
{"keyword": "optimisations suggested"},
{"keyword": "optimizations heuristics"},
{"keyword": "optimized variant"},
{"keyword": "orbit-stabiliser theorem"},
{"keyword": "order embedding"},
{"keyword": "order extension"},
{"keyword": "order logic"},
{"keyword": "order relation"},
{"keyword": "order relativity theory"},
{"keyword": "order theory specrel"},
{"keyword": "order types"},
{"keyword": "order-theoretic concepts"},
{"keyword": "ordered bdd"},
{"keyword": "ordered resolution"},
{"keyword": "ordered semirings"},
{"keyword": "ordering properties"},
{"keyword": "orders"},
{"keyword": "ordinal alpha"},
{"keyword": "ordinal arithmetic"},
{"keyword": "ordinal exponentiation"},
{"keyword": "ordinary assertional reasoning"},
{"keyword": "ordinary differential equations"},
{"keyword": "ordinary functions"},
{"keyword": "ordinary generating function"},
{"keyword": "ordinary transition systems"},
{"keyword": "org abs 1609"},
{"keyword": "org jasmin_blanchette isafol"},
{"keyword": "org vol-3002 paper7"},
{"keyword": "original afp entry"},
{"keyword": "original algorithm presented"},
{"keyword": "original article"},
{"keyword": "original compilation process"},
{"keyword": "original design"},
{"keyword": "original design based"},
{"keyword": "original expression"},
{"keyword": "original formula"},
{"keyword": "original functional sigma-calculus"},
{"keyword": "original functionality"},
{"keyword": "original gray code"},
{"keyword": "original imperative implementation"},
{"keyword": "original language"},
{"keyword": "original linear program"},
{"keyword": "original motivation"},
{"keyword": "original operational semantics"},
{"keyword": "original paper"},
{"keyword": "original parallel postulate"},
{"keyword": "original presentation"},
{"keyword": "original problem"},
{"keyword": "original proof"},
{"keyword": "original quantifier elimination algorithm"},
{"keyword": "original query"},
{"keyword": "original query evaluates"},
{"keyword": "original theorem statement"},
{"keyword": "original version"},
{"keyword": "originally expressed"},
{"keyword": "originally obtained"},
{"keyword": "originally reported"},
{"keyword": "orthogonal transformations"},
{"keyword": "orthogonal vectors"},
{"keyword": "osc"},
{"keyword": "outgoing edges"},
{"keyword": "output channels"},
{"keyword": "output consistency"},
{"keyword": "output infinite sequences"},
{"keyword": "output port"},
{"keyword": "output type"},
{"keyword": "outsourcing data storage"},
{"keyword": "outstanding work"},
{"keyword": "outwards-pointing normal vector"},
{"keyword": "over-approximate relational logics"},
{"keyword": "overriding principle"},
{"keyword": "p-adic fields"},
{"keyword": "pace authentication key"},
{"keyword": "pace secure channel"},
{"keyword": "package algorithms applicable"},
{"keyword": "package logic"},
{"keyword": "pages 20-34"},
{"keyword": "pairing heaps"},
{"keyword": "pairs consisting"},
{"keyword": "pairwise balanced designs"},
{"keyword": "pairwise commuting hermitian matrices"},
{"keyword": "pairwise commuting matrices"},
{"keyword": "pairwise comparison"},
{"keyword": "paper"},
{"keyword": "paper assumptions"},
{"keyword": "paper compositional verification"},
{"keyword": "paper describes"},
{"keyword": "paper describing"},
{"keyword": "paper enriches hoare"},
{"keyword": "paper formalising fisher"},
{"keyword": "paper local lexing"},
{"keyword": "paper mechanising turing machines"},
{"keyword": "paper multi-head monitoring"},
{"keyword": "paper titled verified"},
+{"keyword": "paper transport"},
{"keyword": "paper verified construction"},
{"keyword": "paracomplete logics"},
{"keyword": "paraconsistent engineering"},
{"keyword": "paraconsistent logic avoids"},
{"keyword": "paraconsistent logics"},
{"keyword": "paraconsistent many-"},
{"keyword": "parallel branches"},
{"keyword": "parallel composition"},
{"keyword": "parallel mode"},
{"keyword": "parallel postulates"},
{"keyword": "parallel prefix computations"},
{"keyword": "parallel substitution"},
{"keyword": "parameterised process architectures"},
{"keyword": "parameterized proofs"},
{"keyword": "parameterized verification framework"},
{"keyword": "parametric solution"},
{"keyword": "parametricity infrastructure"},
{"keyword": "parametrizable equality functions"},
{"keyword": "parent clauses"},
{"keyword": "parigots -calculus"},
{"keyword": "parity wallet bug"},
{"keyword": "parse trees"},
{"keyword": "parser monad built"},
{"keyword": "parser written"},
{"keyword": "parsing algorithm"},
{"keyword": "parsing concept"},
{"keyword": "part iii"},
{"keyword": "partial binary operation"},
{"keyword": "partial commutativity relationships"},
{"keyword": "partial composition"},
{"keyword": "partial correctness"},
{"keyword": "partial correctness setting"},
{"keyword": "partial data structures"},
{"keyword": "partial derivatives"},
{"keyword": "partial equivalence relations"},
+{"keyword": "partial galois connections"},
{"keyword": "partial herbrand interpretations"},
{"keyword": "partial meet contraction"},
{"keyword": "partial networks"},
{"keyword": "partial orders"},
{"keyword": "partial procedure"},
{"keyword": "partial recursive function"},
{"keyword": "partial semigroups"},
{"keyword": "partial sums"},
{"keyword": "partial synchrony"},
{"keyword": "partially filled"},
{"keyword": "partition function"},
{"keyword": "partition relations concerns generalisations"},
{"keyword": "partition theorem states"},
{"keyword": "partly commented"},
{"keyword": "partly recursive functions found"},
{"keyword": "party cryptographic primitives"},
{"keyword": "party-approval multi-winner elections"},
{"keyword": "party-approval multi-winner voting rules"},
{"keyword": "pascal schreck"},
{"keyword": "password authenticated connection establishment"},
{"keyword": "past experience"},
{"keyword": "past operators"},
{"keyword": "path"},
{"keyword": "path authorization"},
{"keyword": "path authorization mechanism"},
{"keyword": "path integrals"},
{"keyword": "path lengths"},
{"keyword": "path-aware internet architectures"},
{"keyword": "pattern matching"},
{"keyword": "pattern poses"},
{"keyword": "pattern specifications"},
{"keyword": "paul erd"},
{"keyword": "paul thomson"},
{"keyword": "paulson"},
{"keyword": "paulson semantics-based approach"},
{"keyword": "pctl formulas"},
{"keyword": "pdf"},
{"keyword": "peano arithmetic"},
{"keyword": "peculiar mapping argument"},
{"keyword": "pen-and-paper analysis"},
{"keyword": "pen-and-paper counterpart"},
{"keyword": "pen-and-paper proof"},
{"keyword": "pentagonal numbers"},
{"keyword": "perfect forward secrecy"},
{"keyword": "perfect logicians"},
{"keyword": "perfect logicians forbidden"},
{"keyword": "perfect matchings"},
{"keyword": "perfect number theorem"},
{"keyword": "perfect square"},
{"keyword": "perform stream fusion"},
{"keyword": "perform update operations naively"},
{"keyword": "performs comparable"},
{"keyword": "periodic arithmetic functions"},
{"keyword": "periodic bernoulli polynomials"},
{"keyword": "periodic function"},
{"keyword": "periodically adjusting"},
{"keyword": "periodicity lemma"},
{"keyword": "permission amounts held"},
{"keyword": "permissions held"},
{"keyword": "permitting multiset comparisons"},
{"keyword": "perron ndash"},
{"keyword": "persisted size"},
{"keyword": "personal byzantine quorum systems"},
{"keyword": "peter lammich"},
{"keyword": "petersen aplas 2012"},
{"keyword": "phd thesis"},
{"keyword": "phi functions"},
{"keyword": "phi holds"},
{"keyword": "philosophical justification"},
{"keyword": "philosphically grounded basis"},
{"keyword": "physical clocks"},
{"keyword": "pide development environment"},
{"keyword": "pide sub-system"},
{"keyword": "piecewise continuous functions"},
{"keyword": "pierre boutry"},
{"keyword": "pipeline-parallel stream processing"},
{"keyword": "places requirements"},
{"keyword": "planar dynamical systems"},
{"keyword": "planar systems"},
{"keyword": "plane geometry"},
{"keyword": "planetmath article"},
{"keyword": "planning domain definition language"},
{"keyword": "planning system fast-downward"},
{"keyword": "planning tasks language"},
{"keyword": "plas 2009 paper"},
{"keyword": "platonic forms"},
{"keyword": "playfair axiom"},
{"keyword": "pldi 2015 paper"},
{"keyword": "plotkin existential"},
{"keyword": "poincar -bendixson theorem"},
{"keyword": "poincar disc model"},
{"keyword": "poincar disc model development"},
{"keyword": "point-wise reasoning"},
{"keyword": "points constructible"},
{"keyword": "pointwise updates"},
{"keyword": "polar form transformation"},
{"keyword": "policy"},
{"keyword": "policy decision function"},
{"keyword": "policy decision point"},
{"keyword": "policy iteration algorithms"},
{"keyword": "polychronous systems"},
{"keyword": "polygonal number"},
{"keyword": "polygonal number theorems"},
{"keyword": "polymorphic edge type"},
{"keyword": "polymorphic lambda-calculus extended"},
{"keyword": "polynomial"},
{"keyword": "polynomial analogue"},
{"keyword": "polynomial division"},
{"keyword": "polynomial factorisation algorithms ndash"},
{"keyword": "polynomial growth"},
{"keyword": "polynomial identity testing"},
{"keyword": "polynomial interpolation"},
{"keyword": "polynomial interpretations"},
{"keyword": "polynomial rings"},
{"keyword": "polynomial sequences"},
{"keyword": "polynomial time"},
{"keyword": "polynomial-time algorithm"},
{"keyword": "polynomial-time basis reduction algorithm"},
{"keyword": "polynomial-time turing machine"},
{"keyword": "polynomially bounded"},
{"keyword": "polytimed systems"},
{"keyword": "pop-refinement enables"},
{"keyword": "poplmark challenge designed"},
{"keyword": "popular introduction"},
{"keyword": "popular notion"},
{"keyword": "popular theorems attributed"},
{"keyword": "port proofs"},
{"keyword": "posets preserves suprema"},
{"keyword": "positional determinacy"},
{"keyword": "positive fractions"},
{"keyword": "positive integer"},
{"keyword": "positive llists"},
{"keyword": "positive rationals"},
{"keyword": "positive real roots"},
{"keyword": "posix matching"},
{"keyword": "possibilistic information-flow properties"},
{"keyword": "possibilistic information-flow security properties"},
{"keyword": "possibilistic noninterference afp entry"},
{"keyword": "postponing soundness-critical admissibility checks"},
{"keyword": "potential applications"},
{"keyword": "potential breaks"},
{"keyword": "potential negative cycles"},
{"keyword": "potentials due"},
{"keyword": "power allegories extended"},
{"keyword": "power set relation algebras"},
{"keyword": "power sum polynomials"},
{"keyword": "powerful mathematical tools"},
{"keyword": "powerset algebra"},
{"keyword": "powerset construction mapping nfas"},
{"keyword": "powerset monad"},
{"keyword": "practical algebraic calculus"},
{"keyword": "practical application"},
{"keyword": "practical calculations"},
{"keyword": "practical combinations"},
{"keyword": "practical interoperability protocol"},
{"keyword": "practical purposes"},
{"keyword": "practically successful method"},
{"keyword": "practically usable verification environment"},
{"keyword": "practically worse time complexity"},
{"keyword": "pragmatic reasons"},
{"keyword": "precise algorithms"},
{"keyword": "precise effect"},
{"keyword": "precisely compute roots"},
{"keyword": "predicate"},
{"keyword": "predicate abstraction"},
{"keyword": "predicate identifies"},
{"keyword": "predicate satisfied"},
{"keyword": "predicate taking"},
{"keyword": "predicate transformer semantics"},
{"keyword": "predicate transformers"},
+{"keyword": "preexisting definitions coincide"},
{"keyword": "prefix length"},
{"keyword": "prefix match"},
{"keyword": "prefix order"},
{"keyword": "preliminaries chapter"},
{"keyword": "preliminary evaluations"},
{"keyword": "preorder relations"},
{"keyword": "presburger arithmetic"},
{"keyword": "present"},
{"keyword": "present article"},
{"keyword": "present development"},
{"keyword": "present formalisation formed"},
{"keyword": "present interpretations"},
{"keyword": "present polished"},
{"keyword": "present proof development represents"},
{"keyword": "present sufficient conditions"},
{"keyword": "present version hol-csp profits"},
{"keyword": "present work"},
{"keyword": "presentation"},
{"keyword": "presented formalization"},
{"keyword": "presented theory"},
{"keyword": "presented variants increase"},
{"keyword": "presented work"},
{"keyword": "presents experimental results"},
{"keyword": "presents interesting results"},
{"keyword": "preservation lemmas"},
{"keyword": "preserve spectral properties"},
{"keyword": "preserves semantics"},
{"keyword": "preserves suprema"},
{"keyword": "pretty printers"},
{"keyword": "pretty printing"},
{"keyword": "previous afp article"},
{"keyword": "previous afp entry"},
{"keyword": "previous algorithms"},
{"keyword": "previous analogous"},
{"keyword": "previous axiomatic encoding"},
{"keyword": "previous berlekamp zassenhaus development"},
{"keyword": "previous cc formalization constructive_cryptography"},
+{"keyword": "previous entry quasi-borel spaces"},
{"keyword": "previous formalisation"},
{"keyword": "previous theorem"},
{"keyword": "previous unifiers"},
{"keyword": "previous work"},
{"keyword": "previously break"},
{"keyword": "previously replaced term"},
{"keyword": "previously unknown paradox"},
{"keyword": "price determination"},
{"keyword": "price function"},
{"keyword": "price vickrey auction"},
{"keyword": "prim"},
{"keyword": "primal problem"},
{"keyword": "primarily based"},
{"keyword": "prime fields"},
{"keyword": "prime harmonic series"},
{"keyword": "prime iff"},
{"keyword": "prime ndash"},
{"keyword": "prime number"},
{"keyword": "prime number rdquo"},
{"keyword": "prime number theorem"},
{"keyword": "prime number theorem builds"},
{"keyword": "prime power"},
{"keyword": "prime-factorization algorithms"},
{"keyword": "primes"},
{"keyword": "primitive authentication construct"},
{"keyword": "primitive data types"},
{"keyword": "primitive list mathtt"},
{"keyword": "primitive pythagorean triples"},
{"keyword": "primitive recursive function"},
{"keyword": "primitively corecursive-"},
{"keyword": "primitives"},
{"keyword": "primitivity preserving"},
{"keyword": "principal ideal domains"},
{"keyword": "printing case expressions"},
{"keyword": "prior formalization attempt"},
{"keyword": "prior non-mechanized soundness proofs"},
{"keyword": "priority"},
{"keyword": "priority queue"},
{"keyword": "priority search tree"},
{"keyword": "privacy-preserving machine-learning framework based"},
{"keyword": "private information"},
{"keyword": "probabilistic arguments"},
{"keyword": "probabilistic behaviour"},
{"keyword": "probabilistic data structure"},
{"keyword": "probabilistic functional language"},
{"keyword": "probabilistic functional programming language"},
{"keyword": "probabilistic functions"},
{"keyword": "probabilistic loop termination"},
{"keyword": "probabilistic method"},
{"keyword": "probabilistic model"},
{"keyword": "probabilistic model checking"},
{"keyword": "probabilistic noninterference"},
+{"keyword": "probabilistic programs"},
{"keyword": "probabilistic proofs"},
{"keyword": "probabilistic system types"},
{"keyword": "probabilistic systems"},
{"keyword": "probabilistic timed automata"},
{"keyword": "probabilistic variant"},
{"keyword": "probability larger"},
{"keyword": "probability mass functions"},
{"keyword": "probability monad"},
{"keyword": "probability theory"},
{"keyword": "probable hidden state sequence"},
{"keyword": "problem arithmetic progressions"},
{"keyword": "problem reduction"},
{"keyword": "problems"},
+{"keyword": "process calculi encodings"},
{"keyword": "process control"},
{"keyword": "process crashes"},
{"keyword": "process invariant"},
{"keyword": "process trace"},
{"keyword": "processing components"},
{"keyword": "processor maintains"},
{"keyword": "prod limits_"},
{"keyword": "produce labeled subgoals"},
{"keyword": "produce observable outputs"},
{"keyword": "produce uniformly smaller automata"},
{"keyword": "product spaces"},
{"keyword": "product type"},
{"keyword": "profound formalism"},
{"keyword": "program analysis"},
{"keyword": "program compositions"},
{"keyword": "program construction"},
{"keyword": "program dependence graphs"},
{"keyword": "program execution"},
{"keyword": "program executions based"},
{"keyword": "program fulfilling"},
{"keyword": "program logic"},
{"keyword": "program logics similar"},
{"keyword": "program properties"},
{"keyword": "program refinement techniques"},
{"keyword": "program representation"},
{"keyword": "program trace semantics"},
{"keyword": "program traces"},
{"keyword": "program verification"},
{"keyword": "program verification competition"},
{"keyword": "program verification environment"},
{"keyword": "programming applications"},
{"keyword": "programming languages"},
{"keyword": "programming languages sml"},
{"keyword": "programming languages support working"},
{"keyword": "programs checking certificates"},
{"keyword": "programs written"},
{"keyword": "progress tracking protocol"},
{"keyword": "prohibited requests directly"},
{"keyword": "projection functions"},
{"keyword": "projective coordinates"},
{"keyword": "projective geometry"},
{"keyword": "projective plane geometry"},
{"keyword": "projective space geometry"},
{"keyword": "projective spaces"},
{"keyword": "promising increased tolerance"},
{"keyword": "promotes proof reuse"},
{"keyword": "pronounced lambda auth"},
{"keyword": "proof"},
{"keyword": "proof applies"},
{"keyword": "proof approach"},
{"keyword": "proof assistant"},
{"keyword": "proof assistant coq"},
{"keyword": "proof calculus"},
{"keyword": "proof closely"},
{"keyword": "proof details"},
{"keyword": "proof document supports"},
{"keyword": "proof due"},
{"keyword": "proof easily"},
{"keyword": "proof generalises euler"},
{"keyword": "proof involves removing"},
{"keyword": "proof language"},
{"keyword": "proof method"},
{"keyword": "proof method casify"},
{"keyword": "proof obligations automatically"},
{"keyword": "proof outlines"},
{"keyword": "proof principles"},
{"keyword": "proof relies"},
{"keyword": "proof reuses"},
{"keyword": "proof rules"},
{"keyword": "proof rules indexed"},
{"keyword": "proof search procedure"},
{"keyword": "proof significantly"},
{"keyword": "proof sketch"},
{"keyword": "proof sketches found"},
{"keyword": "proof step"},
{"keyword": "proof structure"},
{"keyword": "proof system"},
{"keyword": "proof techniques"},
{"keyword": "proof technology"},
{"keyword": "proof term checker embedded"},
{"keyword": "proof terms"},
{"keyword": "proof theory"},
{"keyword": "proof theory enables application"},
{"keyword": "proof tool"},
{"keyword": "proof-carrying-code style encoding"},
{"keyword": "proofs correct incompletenesses"},
{"keyword": "proofs involving linear algebra"},
{"keyword": "proofs necessitate"},
{"keyword": "proofs remain manageable"},
{"keyword": "proofs require"},
{"keyword": "proper generic extension"},
{"keyword": "proper grounding"},
{"keyword": "properties"},
{"keyword": "properties related"},
{"keyword": "property"},
{"keyword": "proposed approach"},
{"keyword": "proposed under-approximate logics"},
{"keyword": "proposes axiom systems"},
{"keyword": "propositional abstract separation logic"},
{"keyword": "propositional calculus"},
{"keyword": "propositional calculus embeds"},
{"keyword": "propositional clauses"},
{"keyword": "propositional fragment"},
{"keyword": "propositional linear-time temporal logic"},
{"keyword": "propositional logic"},
{"keyword": "propositional predicate symbols"},
{"keyword": "propositional sequent calculus"},
{"keyword": "propositional tableau calculus"},
{"keyword": "protect paths"},
{"keyword": "protecting authorized paths"},
{"keyword": "protocol"},
{"keyword": "protocol abstracts"},
{"keyword": "protocol analysis"},
{"keyword": "protocol analysis tools"},
{"keyword": "protocol transcript"},
{"keyword": "protocol verification"},
{"keyword": "protocols secure"},
{"keyword": "protocols sharing common structure"},
{"keyword": "protocols supported"},
{"keyword": "provably demonstrate"},
{"keyword": "prover implementing"},
{"keyword": "providing formalizations"},
{"keyword": "providing sequential composition"},
{"keyword": "providing stronger guarantees"},
{"keyword": "proving correctness"},
{"keyword": "proving functional correctness"},
{"keyword": "proving information flow security"},
{"keyword": "proving open properties"},
{"keyword": "proving progress"},
{"keyword": "proving safety"},
{"keyword": "proving secure information flow"},
{"keyword": "proving termination"},
{"keyword": "pseudo-bl algebras"},
{"keyword": "pseudo-random functions"},
{"keyword": "pseudo-wajsberg algebras"},
{"keyword": "pseudonatural transformations"},
{"keyword": "pseudonymous identifiers output"},
{"keyword": "psi holds"},
{"keyword": "psi vdash phi"},
{"keyword": "public announcement logic"},
{"keyword": "public key cryptography"},
{"keyword": "public output ports"},
{"keyword": "public ports"},
{"keyword": "publication forthcoming"},
{"keyword": "publication tphols 2009"},
{"keyword": "publisher component"},
{"keyword": "publisher subscriber"},
{"keyword": "publisher subscriber pattern"},
{"keyword": "pure exchange economy"},
{"keyword": "pure mathematical subjects"},
{"keyword": "purely algebraic"},
{"keyword": "purely axiomatic manner"},
{"keyword": "purely functional"},
{"keyword": "purely functional algorithms"},
{"keyword": "purely functional implementation based"},
{"keyword": "purely logical result yielding"},
{"keyword": "purely syntactic criteria"},
{"keyword": "purely syntactic normalisation procedure"},
{"keyword": "purposefully incomplete"},
{"keyword": "push-relabel algorithms"},
{"keyword": "putnam exam problems"},
{"keyword": "puzzle"},
{"keyword": "pythagoras law"},
{"keyword": "pythagorean triples"},
{"keyword": "quad int_0 1"},
{"keyword": "quad left"},
{"keyword": "quad text"},
{"keyword": "quadratic real arithmetic"},
{"keyword": "quadratic virtual substitution"},
{"keyword": "qualitative applications"},
{"keyword": "qualitative temporal representation"},
{"keyword": "quality criteria"},
{"keyword": "quantalic structure"},
{"keyword": "quantic nuclei"},
{"keyword": "quantified formula"},
{"keyword": "quantified modal logic kb"},
{"keyword": "quantifier elimination procedures"},
{"keyword": "quantifier elimination theorem"},
{"keyword": "quantitative analysis"},
{"keyword": "quantitative temporal constraints"},
{"keyword": "quantities induces congruences"},
{"keyword": "quantum circuits"},
{"keyword": "quantum computing"},
{"keyword": "quantum hoare logic"},
{"keyword": "quantum information theory"},
{"keyword": "quantum measurements"},
{"keyword": "quantum mechanics"},
{"keyword": "quantum prisoner"},
{"keyword": "quantum programs"},
{"keyword": "quantum projective measurements"},
{"keyword": "quantum registers"},
{"keyword": "quantum setting"},
{"keyword": "quantum setting permits"},
{"keyword": "quantum state"},
{"keyword": "quantum teleportation"},
{"keyword": "quartic equation"},
{"keyword": "quasi-borel spaces"},
{"keyword": "quasi-fixed point"},
{"keyword": "quelques probl"},
{"keyword": "query evaluation"},
{"keyword": "query optimization consisting"},
{"keyword": "queue data structures"},
{"keyword": "quickly verified"},
{"keyword": "quickstart guide"},
{"keyword": "quotient construction"},
{"keyword": "rabin automata"},
{"keyword": "racing effects"},
{"keyword": "radical coordinates"},
{"keyword": "radical expressions"},
{"keyword": "radix sort"},
{"keyword": "rado"},
{"keyword": "ramanujan sums gauss sums"},
{"keyword": "ramsey"},
{"keyword": "ramsey theory"},
{"keyword": "randall munroe"},
{"keyword": "random"},
{"keyword": "random binary search trees"},
{"keyword": "random bst"},
{"keyword": "random coin flips"},
{"keyword": "random element"},
{"keyword": "random experiment"},
{"keyword": "random graph"},
{"keyword": "random monad"},
{"keyword": "random order"},
{"keyword": "random pivot choice"},
{"keyword": "random serial dictatorship"},
{"keyword": "random systems"},
{"keyword": "random walks"},
{"keyword": "random-permutation random-function switching lemma"},
{"keyword": "randomised binary search trees"},
{"keyword": "randomised skip list"},
{"keyword": "randomised treaps"},
{"keyword": "randomized algorithms"},
{"keyword": "randomized approximation algorithms"},
{"keyword": "randomized comb algorithm"},
{"keyword": "randomized list update algorithm"},
{"keyword": "randomly generated inputs"},
{"keyword": "range queries"},
{"keyword": "range search algorithm"},
{"keyword": "rank nullity theorem entry"},
{"keyword": "rank-nullity theorem"},
{"keyword": "rank-nullity theorem generalises"},
{"keyword": "rank-nullity theorem roughly follow"},
{"keyword": "rapid prototyping"},
{"keyword": "rapidly growing literature"},
{"keyword": "rational actors"},
{"keyword": "rational exponents"},
{"keyword": "rational number"},
{"keyword": "rational polynomials"},
{"keyword": "rational root test"},
{"keyword": "rational roots"},
{"keyword": "re-usable dfs-based algorithms"},
{"keyword": "reachability analysis"},
{"keyword": "reachability relation"},
{"keyword": "reachable nodes"},
{"keyword": "reachable states"},
{"keyword": "reactive systems"},
{"keyword": "reading heads asynchronously"},
{"keyword": "real analysis"},
{"keyword": "real arithmetic"},
{"keyword": "real case"},
{"keyword": "real closed field"},
{"keyword": "real coefficients"},
{"keyword": "real component"},
{"keyword": "real eigenvalue"},
{"keyword": "real error function erf"},
{"keyword": "real exponents"},
{"keyword": "real gamma function gamma"},
{"keyword": "real ideal world paradigm"},
{"keyword": "real matrix"},
{"keyword": "real normed division algebras"},
{"keyword": "real numbers"},
{"keyword": "real polynomial"},
{"keyword": "real roots"},
{"keyword": "real vectors spaces"},
{"keyword": "real world"},
{"keyword": "real world distributed systems"},
{"keyword": "real-normed fields"},
{"keyword": "real-time constraints"},
{"keyword": "real-word firewall errors"},
{"keyword": "real-world computer networks"},
{"keyword": "real-world programming languages"},
{"keyword": "real-world protocol"},
{"keyword": "realistic virtual machine"},
{"keyword": "reasonable efficiency"},
{"keyword": "reasoning stays"},
{"keyword": "recently proposed framework"},
{"keyword": "recovering structure"},
{"keyword": "recovery operators"},
{"keyword": "recurrence equations"},
{"keyword": "recurrence relation"},
{"keyword": "recursion combinator"},
{"keyword": "recursion principle"},
{"keyword": "recursion theorems"},
{"keyword": "recursion theory --- definitions"},
{"keyword": "recursive datatype"},
{"keyword": "recursive enumerability"},
{"keyword": "recursive fashion"},
{"keyword": "recursive fast fourier transform"},
{"keyword": "recursive formalization"},
{"keyword": "recursive function operates"},
{"keyword": "recursive functions"},
{"keyword": "recursive functions heavily inspired"},
{"keyword": "recursive inseparability"},
{"keyword": "recursive path order"},
{"keyword": "recursive procedures"},
{"keyword": "recursive programs based"},
{"keyword": "recursively enumerable set"},
{"keyword": "recursively expressed"},
{"keyword": "recursively inseparable"},
{"keyword": "red-black trees"},
{"keyword": "reduced echelon form"},
{"keyword": "reduced row echelon form"},
{"keyword": "reduces proof obligations"},
{"keyword": "reducible control flow graph"},
{"keyword": "reduction conformance relations"},
{"keyword": "reduction path"},
{"keyword": "reduction step"},
{"keyword": "reduction theorem"},
{"keyword": "reference implementation"},
{"keyword": "reference point"},
{"keyword": "refine system specifications"},
{"keyword": "refined version"},
{"keyword": "refinement approach scales"},
{"keyword": "refinement based verification"},
{"keyword": "refinement calculus literature"},
{"keyword": "refinement framework"},
{"keyword": "refinement kleene algebra"},
{"keyword": "refinement orders"},
{"keyword": "refinement proof"},
{"keyword": "refinement relations"},
{"keyword": "refinement steps"},
{"keyword": "refinement techniques"},
{"keyword": "refinement theorem"},
{"keyword": "refinement theory"},
{"keyword": "refinement type systems"},
{"keyword": "refinement-based theorem proving approach"},
{"keyword": "reflected binary code"},
{"keyword": "reflection formula"},
{"keyword": "reflection-based decision procedure"},
{"keyword": "reflective quantifier elimination procedures"},
{"keyword": "reflexive transitive closure"},
{"keyword": "reflexive transitive closure operation"},
{"keyword": "reflexive-transitive closures"},
{"keyword": "refused events"},
{"keyword": "refutational completeness"},
{"keyword": "refutational theorem proving"},
{"keyword": "refutationally complete"},
{"keyword": "regain sequential consistency"},
{"keyword": "region boundaries explicitly"},
{"keyword": "register aliasing"},
{"keyword": "register refers"},
{"keyword": "registering applicative functors"},
{"keyword": "registering automatic methods"},
{"keyword": "regular algebra hierarchy"},
{"keyword": "regular algebras"},
{"keyword": "regular algebras axiomatise"},
{"keyword": "regular arithmetic geometric"},
{"keyword": "regular expression"},
{"keyword": "regular expression equivalence"},
{"keyword": "regular expression matches"},
{"keyword": "regular expressions extended"},
{"keyword": "regular expressions needed"},
{"keyword": "regular identities"},
{"keyword": "regular language identity"},
{"keyword": "regular languages"},
{"keyword": "regular operations"},
{"keyword": "regular sets"},
{"keyword": "regular structures"},
{"keyword": "regularity lemma"},
{"keyword": "reifies property patterns"},
{"keyword": "reify property patterns"},
{"keyword": "reimposing upper bounds"},
{"keyword": "relabelling function"},
{"keyword": "related concepts"},
{"keyword": "related equation"},
{"keyword": "related formalizations"},
{"keyword": "related recurrence relations"},
{"keyword": "related rewrite rules"},
{"keyword": "related splay heaps"},
{"keyword": "related structures"},
{"keyword": "related theorem"},
{"keyword": "relation algebra"},
{"keyword": "relation algebras equipped"},
{"keyword": "relation algebras extended"},
{"keyword": "relation composition"},
{"keyword": "relation constraints"},
{"keyword": "relation reduces"},
{"keyword": "relation-algebraic concepts"},
{"keyword": "relational concurrent separation logic"},
{"keyword": "relational constructors"},
{"keyword": "relational core"},
{"keyword": "relational language based"},
{"keyword": "relational model"},
{"keyword": "relational monoids"},
{"keyword": "relational parametricity"},
{"keyword": "relational parametricity due"},
{"keyword": "relational program logics"},
{"keyword": "relational tt-lifting"},
{"keyword": "relative safety"},
{"keyword": "relative soundness results"},
+{"keyword": "relativised concepts"},
{"keyword": "relativize paulson"},
{"keyword": "relativized general knowledge"},
{"keyword": "release ownership"},
{"keyword": "relevant definitions"},
{"keyword": "relevant material"},
{"keyword": "relevant proof methods"},
{"keyword": "relevant standard"},
{"keyword": "rely condition generalised"},
{"keyword": "rely guarantee reasoning"},
{"keyword": "rely quotient"},
{"keyword": "rely-guarantee-style reasoning"},
{"keyword": "remain anonymous"},
{"keyword": "remainder sequences"},
{"keyword": "remainder terms"},
{"keyword": "remaining computation"},
{"keyword": "remaining rules"},
{"keyword": "removes exception handler entries"},
{"keyword": "removes syntactic sugar"},
{"keyword": "removing intermediate list structures"},
{"keyword": "renaming-enriched sets"},
{"keyword": "repeated opening"},
{"keyword": "replacement rule"},
{"keyword": "replacement theorem"},
{"keyword": "replicated data"},
{"keyword": "replicated databases"},
{"keyword": "replicated datatypes"},
{"keyword": "replicated growable array"},
{"keyword": "represent objects"},
{"keyword": "represent physical quantities"},
{"keyword": "represent quantum states"},
{"keyword": "represent recursively enumerable sets"},
{"keyword": "representable bounds"},
{"keyword": "representation executable"},
{"keyword": "representation function"},
{"keyword": "representation independence"},
{"keyword": "representation theorem"},
{"keyword": "representative dynamic programming problems"},
{"keyword": "representing algorithms"},
{"keyword": "representing documents"},
{"keyword": "representing legal agreements"},
{"keyword": "represents dominators"},
{"keyword": "reproduce faithfully"},
{"keyword": "reproduced faithfully"},
{"keyword": "requested computation"},
{"keyword": "require"},
{"keyword": "require eventual consistency"},
{"keyword": "require guardedness up-"},
{"keyword": "require intermediate operational semantics"},
{"keyword": "required induction rule"},
{"keyword": "required truth lemma"},
{"keyword": "requirements"},
{"keyword": "requires precise statements"},
{"keyword": "research project"},
{"keyword": "research started"},
{"keyword": "residuated boolean algebra"},
{"keyword": "residuated functions"},
{"keyword": "residuated lattices"},
{"keyword": "residuated transition system"},
{"keyword": "residuation operation"},
{"keyword": "residue classes"},
{"keyword": "resolution calculus"},
{"keyword": "resolution rule"},
{"keyword": "resolution theorem proving chapter"},
{"keyword": "resolvable designs"},
{"keyword": "resource bound"},
{"keyword": "resp"},
{"keyword": "respect stream equivalence"},
{"keyword": "respective frameworks"},
{"keyword": "respective fundamental homomorphism theorems"},
{"keyword": "respective properties"},
{"keyword": "restricted definition"},
{"keyword": "restricted growth functions"},
{"keyword": "restricted identification"},
{"keyword": "restricted schedules"},
{"keyword": "restricted solution space"},
{"keyword": "restricted type"},
{"keyword": "restrictive definition"},
{"keyword": "result due"},
{"keyword": "resulting automata"},
{"keyword": "resulting automaton"},
{"keyword": "resulting bst"},
{"keyword": "resulting code"},
{"keyword": "resulting generalized counting sort"},
{"keyword": "resulting hierarchy"},
{"keyword": "resulting logic"},
{"keyword": "resulting proof system"},
{"keyword": "resulting recursion induction rules"},
{"keyword": "resulting set"},
{"keyword": "resulting system"},
{"keyword": "resulting tree"},
{"keyword": "results"},
{"keyword": "results hold"},
{"keyword": "resuting proofs"},
{"keyword": "retain key properties"},
{"keyword": "reusable building blocks"},
{"keyword": "reusable libraries"},
{"keyword": "reusable modelling"},
{"keyword": "reusable proof components"},
{"keyword": "reusable reasoning infrastructure"},
{"keyword": "reusing facts"},
{"keyword": "reverse post order number"},
{"keyword": "reversed morphisms"},
{"keyword": "revision 6081d5be8d08"},
{"keyword": "revision functions launches"},
{"keyword": "rewrite equivalent definitions"},
{"keyword": "rewrite rules"},
{"keyword": "rewriting tactics"},
{"keyword": "rgen villadsen"},
{"keyword": "ribbon proofs"},
{"keyword": "ribbon proofs emphasise"},
{"keyword": "rich expression typing rules"},
{"keyword": "richard char-tung lee"},
{"keyword": "riemann integral"},
{"keyword": "riemann roch"},
{"keyword": "riemann zeta"},
{"keyword": "riemann zeta function"},
{"keyword": "right-hand side"},
{"keyword": "rigorous numerical algorithms"},
{"keyword": "rigorous polynomial approximation"},
{"keyword": "ring theory development"},
{"keyword": "ringed spaces"},
{"keyword": "risk-free lending protocol"},
{"keyword": "rivest commitment schemes"},
{"keyword": "road traffic"},
{"keyword": "rob arthan"},
{"keyword": "robbins conjecture"},
{"keyword": "robin smith"},
{"keyword": "robust supporting theory"},
{"keyword": "roger lipsett"},
{"keyword": "roots"},
{"keyword": "rose bohrer"},
{"keyword": "routh-hurwitz stability criterion"},
{"keyword": "routing policies"},
{"keyword": "routing table"},
{"keyword": "routing table entry"},
{"keyword": "rsa cryptography standard"},
{"keyword": "rsa keys"},
{"keyword": "rts algorithm"},
{"keyword": "rts algorithms select"},
{"keyword": "rts definition mandates safety"},
{"keyword": "rule induction"},
{"keyword": "rule modus ponens"},
{"keyword": "rules applying"},
{"keyword": "rules controls"},
{"keyword": "run construction rules"},
{"keyword": "runge-kutta methods"},
{"keyword": "running average"},
{"keyword": "running time"},
{"keyword": "running time bounds"},
{"keyword": "runtime bounds"},
{"keyword": "runtime faults"},
{"keyword": "runtime monitoring"},
{"keyword": "runtime verification tool"},
{"keyword": "ruzsa triangle inequality"},
+{"keyword": "s-finite measure monad"},
{"keyword": "safe approximation"},
{"keyword": "safe distance"},
{"keyword": "safe distance rule"},
{"keyword": "safe navigation operations"},
{"keyword": "safe ocl distincts nullable"},
{"keyword": "safe ocl typing rules"},
{"keyword": "safe regression test selection"},
{"keyword": "safe-range queries evaluate"},
{"keyword": "safe-range query"},
{"keyword": "safely composable"},
{"keyword": "safely composable dom"},
{"keyword": "safely composable web components"},
{"keyword": "safety policy"},
{"keyword": "safety properties"},
{"keyword": "safety violations"},
{"keyword": "salomon sickert"},
{"keyword": "sample authentication protocol"},
{"keyword": "sample computations"},
{"keyword": "sample main"},
{"keyword": "sat solver"},
{"keyword": "sat solver correctness proofs"},
{"keyword": "sat solver descriptions"},
{"keyword": "sat solver installs"},
{"keyword": "sat solver written"},
{"keyword": "satisfaction relation"},
{"keyword": "satisfying assignment"},
{"keyword": "satisfying model"},
{"keyword": "satisfying tuples"},
{"keyword": "saturated mcss"},
{"keyword": "saturation theorem proving"},
{"keyword": "saturation-based heuristic prover"},
{"keyword": "sauer-shelah lemma"},
{"keyword": "scalar multiplication"},
{"keyword": "sch15 anders schlichtkrull"},
{"keyword": "sch16 anders schlichtkrull"},
{"keyword": "sch18 anders schlichtkrull"},
{"keyword": "scheduling activity"},
{"keyword": "schneider"},
{"keyword": "schultz refers"},
{"keyword": "schur decomposition"},
{"keyword": "schwartz-zippel lemma"},
{"keyword": "scl backtrack rule"},
{"keyword": "score admits 2"},
{"keyword": "scott-continuous monad morphism"},
{"keyword": "sd-strategy- proofness"},
{"keyword": "sdss random dictatorship"},
{"keyword": "search algorithms"},
{"keyword": "search path"},
{"keyword": "search tree"},
{"keyword": "search trees based"},
{"keyword": "search-time information"},
{"keyword": "search-tree property"},
{"keyword": "second-order derivation"},
{"keyword": "second-order logic"},
{"keyword": "second-order properties"},
{"keyword": "secret data"},
{"keyword": "secret data manipulated"},
{"keyword": "secure auto-completion"},
{"keyword": "secure hash standard"},
{"keyword": "secure information flow"},
{"keyword": "secure messaging channel established"},
{"keyword": "secure multiple case studies"},
{"keyword": "secure network configurations"},
{"keyword": "secure process"},
{"keyword": "secure stateful implementation"},
{"keyword": "security concepts"},
{"keyword": "security configuration actual firewall"},
{"keyword": "security definition"},
{"keyword": "security expressed"},
{"keyword": "security guarantees"},
{"keyword": "security invariant theory"},
{"keyword": "security invariants"},
{"keyword": "security invariants hold"},
{"keyword": "security policy"},
{"keyword": "security proof"},
{"keyword": "security properties"},
{"keyword": "security properties turn"},
{"keyword": "security property"},
{"keyword": "security protocols based"},
{"keyword": "security requirements expressed"},
{"keyword": "security statements"},
{"keyword": "security systems"},
{"keyword": "security type system"},
{"keyword": "security unwinding technique"},
{"keyword": "security violations"},
{"keyword": "selection functions"},
{"keyword": "selection sort"},
{"keyword": "self-adjusting binary search trees"},
{"keyword": "self-contained certifier"},
{"keyword": "self-contained specification"},
{"keyword": "self-referential implementation"},
{"keyword": "seligman-style tableau system"},
{"keyword": "semantic annotations"},
{"keyword": "semantic arguments"},
{"keyword": "semantic back-ends"},
{"keyword": "semantic definitions"},
{"keyword": "semantic domain"},
{"keyword": "semantic embedding"},
{"keyword": "semantic engine"},
{"keyword": "semantic information directly embedded"},
{"keyword": "semantic interpretation"},
{"keyword": "semantic model"},
{"keyword": "semantic resolution"},
{"keyword": "semantic side conditions"},
{"keyword": "semantic trees"},
{"keyword": "semantic type soundness"},
{"keyword": "semantical representation"},
{"keyword": "semi-honest security setting"},
{"keyword": "seminal paper natural semantics"},
{"keyword": "sending end host selects"},
{"keyword": "sends pairs"},
{"keyword": "separable characters induced moduli"},
{"keyword": "separate afp entries goedel_hfset_semantic"},
{"keyword": "separate afp entry"},
{"keyword": "separating conjunction"},
{"keyword": "separation algebra"},
{"keyword": "separation kernels"},
{"keyword": "separation logic"},
{"keyword": "separation logic assertion"},
{"keyword": "separation logic connective"},
{"keyword": "separation logic formulae"},
{"keyword": "separation logic framework"},
{"keyword": "separation logic theory"},
{"keyword": "separation logic utilities"},
{"keyword": "separation-logic based correctness proofs"},
{"keyword": "separator smaller"},
{"keyword": "sepref tool"},
{"keyword": "sequence preserves fairness"},
{"keyword": "sequent calculus"},
{"keyword": "sequent calculus prover"},
{"keyword": "sequential compactness"},
{"keyword": "sequential composition"},
{"keyword": "sequential consistency"},
{"keyword": "sequential imperative programming language"},
{"keyword": "sequential java bytecode"},
{"keyword": "sequential semantics"},
{"keyword": "sequentially consistent"},
{"keyword": "series consisting"},
{"keyword": "session keys"},
{"keyword": "set based representation"},
{"keyword": "set categories"},
{"keyword": "set category"},
{"keyword": "set category locale"},
{"keyword": "set construction"},
{"keyword": "set mapping"},
{"keyword": "set monad notation"},
{"keyword": "set operations"},
{"keyword": "set partitions"},
{"keyword": "set theoretic formulation"},
{"keyword": "set theory"},
{"keyword": "set theory framework"},
{"keyword": "severe limitation"},
{"keyword": "shadow dom"},
{"keyword": "shadow root"},
{"keyword": "shadow tree"},
{"keyword": "shallow embedding"},
{"keyword": "shallow embedding manner"},
{"keyword": "shallow learning"},
{"keyword": "shallow semantic embeddings"},
{"keyword": "shallow semantical embeddings"},
{"keyword": "shallowly embed"},
{"keyword": "shannon decomposition"},
{"keyword": "shapeless library"},
{"keyword": "share common algorithmic ideas"},
{"keyword": "shared bdd"},
{"keyword": "shared data"},
{"keyword": "shared data commute"},
{"keyword": "shared environments"},
{"keyword": "shared resources"},
{"keyword": "shaz qadeer"},
{"keyword": "sheldon axler"},
{"keyword": "shifting intervals"},
{"keyword": "short applications"},
{"keyword": "short entry"},
{"keyword": "short explanation"},
{"keyword": "short outline"},
{"keyword": "short proof"},
{"keyword": "short sketch"},
{"keyword": "shorter refinement proofs"},
{"keyword": "shortest non-"},
{"keyword": "shortest path"},
{"keyword": "shortest vector problem"},
{"keyword": "showcase haskell"},
{"keyword": "showing termination based"},
{"keyword": "side conditions"},
{"keyword": "side effects"},
{"keyword": "side product"},
{"keyword": "sifum_type_systems afp entry"},
{"keyword": "sigma function"},
{"keyword": "signed diffie-hellman"},
{"keyword": "signed measure"},
{"keyword": "signed words"},
{"keyword": "significant confidentiality theorems"},
{"keyword": "significant contribution"},
{"keyword": "significant extensions"},
{"keyword": "significant gain"},
{"keyword": "significant generalization"},
{"keyword": "significant piece"},
{"keyword": "significantly differ"},
{"keyword": "significantly expands"},
{"keyword": "significantly larger"},
{"keyword": "significantly reduce"},
{"keyword": "significantly worse"},
{"keyword": "sim gamma"},
{"keyword": "sim phi"},
{"keyword": "sim sqrt 2 pi"},
{"keyword": "simd extensions"},
{"keyword": "similar cegar-"},
{"keyword": "similar construction"},
{"keyword": "similar documentation"},
{"keyword": "similar level"},
{"keyword": "similar normal form"},
{"keyword": "similar preferences"},
{"keyword": "similar proof"},
{"keyword": "similar systems"},
{"keyword": "simon robillard"},
{"keyword": "simple"},
{"keyword": "simple algebraic basis"},
{"keyword": "simple clause learning"},
{"keyword": "simple compilation function"},
{"keyword": "simple executable algorithms"},
{"keyword": "simple exercises"},
{"keyword": "simple firewall model"},
{"keyword": "simple formalization covering"},
{"keyword": "simple graph"},
{"keyword": "simple hops"},
{"keyword": "simple hybrid programs"},
{"keyword": "simple imperative language"},
{"keyword": "simple imperative language imp"},
{"keyword": "simple inductive proof"},
{"keyword": "simple interactive proof assistant"},
{"keyword": "simple language"},
{"keyword": "simple model"},
{"keyword": "simple object calculus"},
{"keyword": "simple paper proof"},
{"keyword": "simple procedure call mechanism"},
{"keyword": "simple programming language"},
{"keyword": "simple proofs"},
{"keyword": "simple relation-algebraic semantics"},
{"keyword": "simple solution"},
{"keyword": "simple specification"},
{"keyword": "simple subformula conditions"},
{"keyword": "simple summation conversion"},
{"keyword": "simple techniques"},
{"keyword": "simple type system"},
{"keyword": "simple verification conditions"},
{"keyword": "simple verified token"},
{"keyword": "simple while-language"},
{"keyword": "simpler operations"},
{"keyword": "simpler problem"},
{"keyword": "simpler pseudo-random construction avoiding"},
{"keyword": "simpler secure processes"},
{"keyword": "simpler sigma-calculus based"},
{"keyword": "simpler versions"},
{"keyword": "simplex algorithm"},
{"keyword": "simplicial complex"},
{"keyword": "simplicial complexes"},
{"keyword": "simplifier integration"},
{"keyword": "simplify complex iptables rulests"},
{"keyword": "simplify program verification"},
{"keyword": "simplify protocol verification"},
{"keyword": "simply hermite-lindemann"},
{"keyword": "simply strengthen"},
{"keyword": "simply transforms"},
{"keyword": "simply-typed lambda terms"},
{"keyword": "simulate minsky machines"},
{"keyword": "simulation code generation"},
+{"keyword": "simulation preorders"},
{"keyword": "simulation relation"},
{"keyword": "simulation-based proofs"},
{"keyword": "simulation-based security paradigms"},
{"keyword": "simultaneously empowering end hosts"},
{"keyword": "simultaneously reason"},
{"keyword": "simultaneously solving"},
{"keyword": "single binders"},
{"keyword": "single component"},
{"keyword": "single element"},
{"keyword": "single event list varying"},
{"keyword": "single exponential blow-"},
{"keyword": "single infinite point"},
{"keyword": "single nodes"},
{"keyword": "single parse tree"},
{"keyword": "single partial binary operation"},
{"keyword": "single partial composition operation"},
{"keyword": "single permanent failure"},
{"keyword": "single setting"},
{"keyword": "single strip"},
{"keyword": "single triangle"},
{"keyword": "single unit"},
{"keyword": "single variable ranging"},
{"keyword": "single-set categories"},
{"keyword": "single-source shortest path function"},
{"keyword": "single-source shortest path problem"},
{"keyword": "sizeable family"},
{"keyword": "sk sum"},
{"keyword": "sketches found"},
{"keyword": "skew binomial heaps"},
{"keyword": "skew heaps"},
{"keyword": "skew links"},
{"keyword": "skew product"},
{"keyword": "skip blocks"},
{"keyword": "skip lists"},
{"keyword": "skip lists consists"},
{"keyword": "sliced graph"},
{"keyword": "slicing based"},
{"keyword": "slide operation"},
{"keyword": "sliding window algorithm"},
{"keyword": "slightly advanced properties"},
{"keyword": "slightly extended"},
{"keyword": "slightly mars"},
{"keyword": "slightly modified"},
{"keyword": "slightly stronger hypothesis"},
{"keyword": "small abstract subsystems"},
{"keyword": "small classes"},
{"keyword": "small imperative language imp"},
{"keyword": "small predicate"},
{"keyword": "small set"},
{"keyword": "small step operational semantics"},
{"keyword": "small step program refinement"},
{"keyword": "small step semantics"},
{"keyword": "small-step operational semantics"},
{"keyword": "small-step semantics akin"},
{"keyword": "small-step semantics instrumented"},
{"keyword": "smaller fixed fraction returned"},
{"keyword": "smaller set"},
{"keyword": "smallest number n_"},
{"keyword": "smith normal form"},
{"keyword": "sml parser"},
{"keyword": "smt"},
{"keyword": "smt proof"},
{"keyword": "snyder found"},
{"keyword": "so-called desargues"},
{"keyword": "so-called hessenberg"},
{"keyword": "so-called hyperproperties"},
{"keyword": "so-called key equalities"},
{"keyword": "so-called sturm sequences"},
{"keyword": "so-called trace properties"},
{"keyword": "social decision schemes"},
{"keyword": "social welfare"},
{"keyword": "software framework"},
{"keyword": "software framework incorporates"},
{"keyword": "software security"},
{"keyword": "software tool"},
{"keyword": "software tool authors"},
{"keyword": "solid polyhedra"},
{"keyword": "solomon feferman"},
{"keyword": "solovay ndash"},
{"keyword": "solution"},
{"keyword": "solution obtained"},
{"keyword": "solutions based"},
{"keyword": "solve automatically"},
{"keyword": "solve clique"},
{"keyword": "solve mdps"},
{"keyword": "solved deterministically"},
{"keyword": "solved explicitly"},
{"keyword": "solver based"},
{"keyword": "solving equational systems"},
{"keyword": "solving equations"},
{"keyword": "solving linear programs"},
{"keyword": "solving markov decision processes"},
{"keyword": "sophie tourret"},
{"keyword": "sophisticated languages"},
{"keyword": "sophisticated object-oriented bytecode language"},
{"keyword": "sorted linked lists"},
{"keyword": "sorted linked lists enhanced"},
{"keyword": "sorted monadic equational logic"},
{"keyword": "sorting algorithm"},
{"keyword": "sorts objects"},
{"keyword": "sound"},
{"keyword": "sound syntactic criteria"},
{"keyword": "soundness proof"},
{"keyword": "source code"},
{"keyword": "source coding theorem"},
{"keyword": "source type"},
{"keyword": "source-to-assembly step matching"},
{"keyword": "space complexity"},
{"keyword": "space complexity guarantees"},
{"keyword": "space usage"},
{"keyword": "spacetime location"},
{"keyword": "spanning basic algorithms"},
{"keyword": "spanning subhypergraphs"},
{"keyword": "sparcv8 architecture"},
{"keyword": "sparcv8 cpu"},
{"keyword": "sparcv8 cpu simulator"},
{"keyword": "sparcv8 instruction set architecture"},
{"keyword": "spark certify"},
{"keyword": "sparse grid"},
{"keyword": "sparse relations"},
{"keyword": "spatially-separated views"},
{"keyword": "spatio-temporal multi-modal logic"},
{"keyword": "special care"},
{"keyword": "special case"},
{"keyword": "special combination"},
{"keyword": "special form"},
{"keyword": "special functions"},
{"keyword": "special halting problem"},
{"keyword": "special issue"},
{"keyword": "specialized sliding window algorithm"},
{"keyword": "specially well-"},
{"keyword": "specific conflict analysis algorithm"},
{"keyword": "specific instantiations"},
{"keyword": "specific integer polynomial"},
{"keyword": "specific isomorphism expressing"},
{"keyword": "specific operations"},
{"keyword": "specific parameterization"},
{"keyword": "specific part"},
{"keyword": "specific series fulfilling"},
{"keyword": "specific tactic support"},
{"keyword": "specific variants"},
{"keyword": "specification decomposition principles"},
{"keyword": "specification holds"},
{"keyword": "specification language"},
{"keyword": "specification language statecharts"},
{"keyword": "specification language tla"},
{"keyword": "specification mechanism"},
{"keyword": "specifies compilation"},
{"keyword": "spectral gap"},
{"keyword": "spectral radius"},
{"keyword": "spectral radius theory"},
{"keyword": "spectral theorem states"},
{"keyword": "speculative linearizability framework"},
{"keyword": "splay heaps"},
{"keyword": "splay trees"},
{"keyword": "splitting compilation"},
{"keyword": "sqrt sin"},
{"keyword": "square complex matrix"},
{"keyword": "square integrable functions"},
{"keyword": "square matrices form"},
{"keyword": "square roots"},
{"keyword": "square-free factorization algorithm"},
{"keyword": "squarefree integers"},
{"keyword": "squares"},
{"keyword": "squares euclid"},
{"keyword": "squares problem"},
{"keyword": "squares theorem"},
{"keyword": "ssa"},
{"keyword": "stability"},
{"keyword": "stable configuration"},
{"keyword": "stable property detection"},
{"keyword": "standard"},
{"keyword": "standard algorithms textbooks"},
{"keyword": "standard approach"},
{"keyword": "standard arithmetic"},
{"keyword": "standard axiomatisation"},
{"keyword": "standard boolean algebra operations"},
+{"keyword": "standard borel space"},
{"keyword": "standard compliant formalization"},
{"keyword": "standard construction"},
{"keyword": "standard definitions"},
{"keyword": "standard disassembly tool objdump"},
{"keyword": "standard dolev-yao"},
{"keyword": "standard estimations"},
{"keyword": "standard finite_map theory"},
{"keyword": "standard laws"},
{"keyword": "standard logistic function"},
{"keyword": "standard operators"},
{"keyword": "standard prelude"},
{"keyword": "standard proof methods"},
{"keyword": "standard protocol descriptions based"},
{"keyword": "standard real cartesian model"},
{"keyword": "standard reduction path"},
{"keyword": "standard redundancy criterion"},
{"keyword": "standard restrictions"},
{"keyword": "standard security protocols"},
{"keyword": "standard semantics"},
{"keyword": "standard semirings"},
{"keyword": "standard signature algorithm"},
{"keyword": "standard superposition calculus corresponds"},
{"keyword": "standard system"},
{"keyword": "standard textbook proof"},
{"keyword": "standard textbook version"},
{"keyword": "standard theorems"},
{"keyword": "standard total-correctness hoare logic"},
{"keyword": "standard transfinite kbo"},
{"keyword": "standard two-phase slicer"},
{"keyword": "standard types"},
{"keyword": "standard verification technology"},
{"keyword": "standard versions"},
{"keyword": "standardization theorem"},
{"keyword": "standards operate"},
{"keyword": "stanford encyclopedia"},
{"keyword": "star-free regular expressions"},
{"keyword": "starting point"},
{"keyword": "state monad"},
{"keyword": "state proofs"},
{"keyword": "state sigma iff"},
{"keyword": "state sigma_a"},
{"keyword": "state space"},
{"keyword": "state transformers"},
{"keyword": "state-based non-deterministic sequential computations"},
{"keyword": "state-based semantics based"},
{"keyword": "state-merging technique"},
{"keyword": "state-normalisation allowing"},
{"keyword": "state-of-the-art automated protocol verifiers"},
{"keyword": "state-of-the-art sat-based planner"},
{"keyword": "state-of-the-art smt solvers"},
{"keyword": "state-space construction"},
{"keyword": "stateful connection semantics"},
{"keyword": "stateful network implementation"},
{"keyword": "statement"},
{"keyword": "statement applies"},
{"keyword": "statement boundaries"},
{"keyword": "states"},
{"keyword": "states common definitions"},
{"keyword": "static analysis"},
{"keyword": "static fields"},
{"keyword": "static interprocedural slicing"},
{"keyword": "static intraprocedural slicing"},
{"keyword": "static intraprocedural slicing based"},
{"keyword": "static openflow rules"},
{"keyword": "static program analysis"},
{"keyword": "static refutational completeness"},
{"keyword": "static single assignment"},
{"keyword": "static single assignment form"},
{"keyword": "stationary distributions"},
{"keyword": "steam boiler system"},
{"keyword": "stein"},
{"keyword": "stellar quorum systems"},
{"keyword": "step functions"},
{"keyword": "step-wise refinement based"},
{"keyword": "stephanie bell"},
{"keyword": "stepping stone"},
{"keyword": "stepwise inductive definition"},
{"keyword": "stepwise manner"},
{"keyword": "stepwise program refinement"},
{"keyword": "stepwise program refinement techniques"},
{"keyword": "stepwise refinement"},
{"keyword": "stepwise refinement based approach"},
{"keyword": "stepwise refinement techniques"},
{"keyword": "stieltjes constants"},
{"keyword": "stiffness matrix"},
{"keyword": "stiffness matrix represents"},
{"keyword": "stimulus structure"},
{"keyword": "stochastic dominance"},
{"keyword": "stochastic matrices"},
{"keyword": "stochastic matrix"},
{"keyword": "stone algebra"},
{"keyword": "stone relation algebras"},
{"keyword": "stone-kleene relation algebras"},
{"keyword": "store buffer"},
{"keyword": "store buffer forwarding"},
{"keyword": "store buffering"},
{"keyword": "stores key information"},
{"keyword": "stothers theorem"},
{"keyword": "straightforward analytic proof"},
{"keyword": "stream fusion"},
{"keyword": "stream fusion library"},
{"keyword": "stream fusion transformation"},
{"keyword": "stream processing components"},
{"keyword": "stream processing functions"},
{"keyword": "stream types"},
{"keyword": "stream versions"},
{"keyword": "streaming algorithm presented"},
{"keyword": "streamlining formal definitions"},
{"keyword": "strengthen mertens"},
{"keyword": "strict omega -categories"},
{"keyword": "strict omega -category"},
{"keyword": "strict partial orders"},
{"keyword": "strict preferences"},
{"keyword": "strict standard compliance formalization"},
{"keyword": "strict version"},
{"keyword": "stricter safety guarantess"},
{"keyword": "strictly dominated"},
{"keyword": "strictly increasing"},
{"keyword": "strictly larger"},
{"keyword": "strictness theorem"},
{"keyword": "strips fragment"},
{"keyword": "strips soundness meta-theory"},
{"keyword": "strong duality theorem"},
{"keyword": "strong eventual consistency"},
{"keyword": "strong eventual consistency guarantees"},
{"keyword": "strong law"},
{"keyword": "strong local confluence"},
{"keyword": "strong normalization"},
{"keyword": "strong nullstellensatz"},
{"keyword": "strong properties"},
{"keyword": "strong security"},
{"keyword": "strong soundness"},
{"keyword": "strong ties"},
{"keyword": "strong versions"},
{"keyword": "stronger notion"},
{"keyword": "stronger safety guarantees"},
{"keyword": "stronger version"},
{"keyword": "strongest postconditions based"},
{"keyword": "strongly connected components"},
{"keyword": "strongly explicit construction"},
{"keyword": "strongly normalizing"},
{"keyword": "structurally recursive approach"},
{"keyword": "structure abstractly"},
{"keyword": "structure proofs"},
{"keyword": "structured isar proofs"},
{"keyword": "structured proof techniques"},
{"keyword": "structures"},
{"keyword": "structures play"},
{"keyword": "stuart rankin"},
{"keyword": "study filters based"},
{"keyword": "study models"},
{"keyword": "study second-order formalisations"},
{"keyword": "studying system-level properties"},
{"keyword": "sturm proof method"},
{"keyword": "sturm-tarksi theorem forms"},
{"keyword": "stuttering"},
{"keyword": "stuttering equivalence"},
{"keyword": "stuttering equivalence afp-entry"},
{"keyword": "stuttering equivalent"},
{"keyword": "stuttering equivalent runs"},
{"keyword": "stuttering invariance central"},
{"keyword": "stuttering sampling functions"},
{"keyword": "style presented"},
{"keyword": "sub-probability mass functions"},
{"keyword": "subject reduction property"},
{"keyword": "sublists alternately extracted"},
{"keyword": "submission"},
{"keyword": "subresultant polynomial remainder sequence"},
{"keyword": "subsequent article smooth manifolds"},
{"keyword": "subsequent formalisation"},
{"keyword": "subset relation"},
{"keyword": "subset sum"},
{"keyword": "subseteq alpha"},
{"keyword": "subseteq alpha order-isomorphic"},
{"keyword": "substantial background"},
{"keyword": "substantial performance penalty"},
{"keyword": "substantial set"},
{"keyword": "substantially optimizing"},
{"keyword": "substitute hybrid games"},
{"keyword": "substructural logics"},
{"keyword": "subsumes lexicographic path orders"},
{"keyword": "subsumption order"},
{"keyword": "subsystems"},
{"keyword": "subsystems involves causality"},
{"keyword": "subterm coefficient functions"},
{"keyword": "subterm property"},
{"keyword": "subtle algorithmic mechanisms"},
{"keyword": "subtle behaviors"},
{"keyword": "subtypes inherit"},
{"keyword": "success probability"},
{"keyword": "success probability grows exponentially"},
{"keyword": "success sensitiveness"},
{"keyword": "successful model checkers"},
{"keyword": "successful termination"},
{"keyword": "successfully analyzed threads satisfies"},
{"keyword": "successfully formalising"},
{"keyword": "successively extending"},
{"keyword": "successor function"},
{"keyword": "successor search"},
{"keyword": "sufficient condition"},
{"keyword": "sufficient criterion"},
{"keyword": "sufficiently efficient"},
{"keyword": "sufficiently large"},
{"keyword": "sufficiently large group"},
{"keyword": "sufficiently large inputs"},
{"keyword": "sufficiently nice sdss"},
{"keyword": "sufficiently rich"},
{"keyword": "suffix"},
{"keyword": "suffix comparability"},
{"keyword": "suitable choice"},
{"keyword": "suitable denotational model"},
{"keyword": "suitable distributed system model"},
{"keyword": "suitable inductive predicate"},
{"keyword": "suitable invariants"},
{"keyword": "suitable setup"},
{"keyword": "suitable shorthand notation"},
{"keyword": "suitably extending paulson"},
{"keyword": "sum"},
{"keyword": "sum phi leftarrow phi"},
{"keyword": "sum psi leftarrow psi"},
{"keyword": "sum type"},
{"keyword": "summary edges"},
{"keyword": "summation bounds grow"},
{"keyword": "sunflower lemma"},
{"keyword": "superposition calculus"},
{"keyword": "superposition rules"},
{"keyword": "support"},
{"keyword": "support arbitrary nesting"},
{"keyword": "support negative joins"},
{"keyword": "support tostring functions"},
{"keyword": "supported unicode characters"},
{"keyword": "supporting automatic refinement"},
{"keyword": "supports low-effort security proofs"},
{"keyword": "supports mutual recursion"},
{"keyword": "supports operation"},
{"keyword": "supports range queries"},
{"keyword": "surely produce"},
{"keyword": "surjective function"},
{"keyword": "surprise hanging"},
{"keyword": "survey papers monographs"},
{"keyword": "survival model"},
{"keyword": "swierczkowski ndash"},
{"keyword": "switching conveniently"},
{"keyword": "sylow p-subgroups"},
{"keyword": "sylow theorem"},
{"keyword": "symbolic computations"},
{"keyword": "symbolic execution"},
{"keyword": "symbolic execution step"},
{"keyword": "symbolic states"},
{"keyword": "symbolic transitions systems"},
{"keyword": "symmetric cases"},
{"keyword": "symmetric directed graphs"},
{"keyword": "symmetric multivariate polynomials"},
{"keyword": "symmetric polynomial"},
{"keyword": "symmetric polynomial combination"},
{"keyword": "symmetric range"},
{"keyword": "symmetry arguments"},
{"keyword": "symmetry properties"},
{"keyword": "symmetry property"},
{"keyword": "synchronous step semantics"},
{"keyword": "syntactic approximations"},
{"keyword": "syntactic approximations imply"},
{"keyword": "syntactic bisimulation"},
{"keyword": "syntactic context"},
{"keyword": "syntactic formula"},
{"keyword": "syntactic multiplication"},
{"keyword": "syntactic rewrite rules"},
{"keyword": "syntax syntax"},
{"keyword": "syntax tree"},
{"keyword": "syntax-independent logic infrastructure"},
{"keyword": "synthesize imperative programs"},
{"keyword": "synthetic approach"},
{"keyword": "synthetic method"},
{"keyword": "system"},
{"keyword": "system describes"},
{"keyword": "system enters"},
{"keyword": "system implies"},
{"keyword": "system types"},
{"keyword": "system verification"},
{"keyword": "systematic development"},
{"keyword": "systems communication"},
{"keyword": "systems communication patterns"},
{"keyword": "systems communication plays"},
{"keyword": "szl kalm"},
{"keyword": "tableau blocks"},
{"keyword": "tableau systems"},
{"keyword": "tactic code"},
{"keyword": "tail bounds"},
{"keyword": "tail-recursive function"},
{"keyword": "tail-recursive function definitions"},
{"keyword": "tail-recursive generalization"},
{"keyword": "tail-recursive implementation"},
{"keyword": "taking advantage"},
{"keyword": "talking explicitly"},
{"keyword": "tame plane graphs"},
{"keyword": "target concurrent operating systems"},
{"keyword": "target imperative hol"},
{"keyword": "target language"},
{"keyword": "target language features"},
{"keyword": "target logic"},
{"keyword": "target terms"},
{"keyword": "target theory"},
{"keyword": "target-language expression"},
{"keyword": "targeted security property"},
{"keyword": "tarski-seidenberg theorem established"},
{"keyword": "tauberian theorem"},
{"keyword": "tautology elimination"},
{"keyword": "taylor expansions"},
{"keyword": "taylor models"},
{"keyword": "taylor series expansions"},
{"keyword": "teaching purposes"},
{"keyword": "technical challenge"},
{"keyword": "technical problems"},
{"keyword": "technical university"},
{"keyword": "technique"},
{"keyword": "technique widely applicable"},
{"keyword": "technische universit"},
{"keyword": "tedious proofs"},
{"keyword": "temporal intervals"},
{"keyword": "temporal logic"},
{"keyword": "temporal logic operators"},
{"keyword": "temporal operators"},
{"keyword": "temporal order"},
{"keyword": "temporal specification technique"},
{"keyword": "ten lemmas"},
{"keyword": "tensor analysis"},
{"keyword": "tensor product"},
{"keyword": "term focus"},
{"keyword": "term occurring"},
{"keyword": "term rewrite systems"},
{"keyword": "term rewriting"},
{"keyword": "term shallow-style embedding"},
{"keyword": "terminated successfully"},
{"keyword": "termination techniques"},
{"keyword": "terms"},
{"keyword": "terms algebraically"},
{"keyword": "terms relevant"},
{"keyword": "ternary kripke frames"},
{"keyword": "ternary relation"},
{"keyword": "test check"},
{"keyword": "test decides primality"},
{"keyword": "test output formats"},
{"keyword": "test strategies"},
{"keyword": "test suite"},
{"keyword": "test vectors"},
{"keyword": "test-generation techniques"},
{"keyword": "tetrahedral group"},
{"keyword": "text"},
{"keyword": "text book level"},
{"keyword": "text introduction"},
{"keyword": "textbook computational complexity"},
{"keyword": "textbook first-order logic"},
{"keyword": "textbook modal logic"},
{"keyword": "textbook presentation"},
{"keyword": "textbook proof"},
{"keyword": "textbook ramsey theory"},
{"keyword": "textbook reasoning"},
{"keyword": "textbook types"},
{"keyword": "textual language"},
{"keyword": "tfrac 1 2 log"},
{"keyword": "thematic section"},
{"keyword": "theology"},
{"keyword": "theorem"},
{"keyword": "theorem 2"},
{"keyword": "theorem applying"},
{"keyword": "theorem due"},
{"keyword": "theorem implies combinatorial planarity"},
{"keyword": "theorem prover"},
{"keyword": "theorem prover based"},
{"keyword": "theorem prover ehdm"},
{"keyword": "theorem relates"},
{"keyword": "theorem statement"},
{"keyword": "theorem states"},
{"keyword": "theorems hold"},
{"keyword": "theorems related"},
{"keyword": "theorems state"},
{"keyword": "theorems state propositions"},
{"keyword": "theorems stated"},
{"keyword": "theoretical computer science"},
{"keyword": "theoretical evidence"},
+{"keyword": "theoretical framework"},
{"keyword": "theoretical insights"},
{"keyword": "theoretically incomparable"},
{"keyword": "theories list"},
{"keyword": "theories listinf"},
{"keyword": "theories presented"},
{"keyword": "theories presents"},
{"keyword": "theories reasoning"},
{"keyword": "theory"},
{"keyword": "theory builds"},
{"keyword": "theory change"},
{"keyword": "theory dpt_sat_solver"},
{"keyword": "theory fair-stream"},
{"keyword": "theory file"},
{"keyword": "theory generates"},
{"keyword": "theory listinf list2"},
{"keyword": "therories describe hoare logics"},
{"keyword": "thesis presents"},
{"keyword": "thick chamber complexes endowed"},
{"keyword": "thomas jech"},
{"keyword": "thread creation"},
{"keyword": "threat models"},
{"keyword": "three-party computation framework"},
{"keyword": "threshold probability"},
{"keyword": "thy -files"},
{"keyword": "thy files"},
{"keyword": "tight upper bound"},
{"keyword": "tim gowers"},
{"keyword": "time"},
{"keyword": "time bounds"},
{"keyword": "time complexity"},
{"keyword": "time complexity bound"},
{"keyword": "time domain"},
{"keyword": "time events"},
{"keyword": "time frames"},
{"keyword": "time polynomial"},
{"keyword": "time real exponents"},
{"keyword": "time sufficient properties"},
{"keyword": "timed automata"},
{"keyword": "timed automata carries"},
{"keyword": "timed coordination"},
{"keyword": "timely dataflow"},
{"keyword": "timing functions"},
{"keyword": "timing information"},
{"keyword": "timothy gowers"},
{"keyword": "timothy gowers introduction"},
{"keyword": "tla axioms"},
{"keyword": "tla specifications"},
{"keyword": "tlc model checker"},
{"keyword": "to-string functions"},
{"keyword": "tolerate faults"},
{"keyword": "tom ridge"},
{"keyword": "tool box allowing"},
{"keyword": "tool implementors"},
{"keyword": "top 100 mathematical theorems"},
{"keyword": "top 100 theorems list"},
{"keyword": "topological boolean algebras"},
{"keyword": "topological curiosity discovered"},
{"keyword": "topological nature"},
{"keyword": "topological proof"},
{"keyword": "topological space generated"},
{"keyword": "torino group"},
{"keyword": "total"},
{"keyword": "total correctness"},
{"keyword": "total correctness based"},
{"keyword": "total correctness proof"},
{"keyword": "total learning"},
{"keyword": "total order relation"},
{"keyword": "total recursive functions"},
{"keyword": "total store order"},
{"keyword": "total supremum function"},
{"keyword": "totient function phi"},
{"keyword": "tour revisited"},
{"keyword": "tphols 2008 paper"},
{"keyword": "trace based"},
+{"keyword": "trace inclusion checking"},
{"keyword": "trace set"},
{"keyword": "trace set inclusion"},
{"keyword": "trace set process"},
{"keyword": "trace set processes"},
{"keyword": "traceback properties"},
{"keyword": "track counter-party obligations"},
{"keyword": "traditional approach"},
{"keyword": "traditional formalisations"},
{"keyword": "traditional hoare logics"},
{"keyword": "traditional pen-and-paper-based reasoning"},
{"keyword": "traditional proof outlines"},
{"keyword": "traditional query languages"},
{"keyword": "traditional query plan optimizations"},
{"keyword": "transactional memory"},
{"keyword": "transcendence"},
{"keyword": "transcendence criteria"},
{"keyword": "transcendental numbers"},
{"keyword": "transfer package"},
{"keyword": "transferring lifted properties back"},
{"keyword": "transfinite cardinalities"},
{"keyword": "transfinite induction"},
{"keyword": "transfinite recursion"},
{"keyword": "transfinite version"},
{"keyword": "transformations"},
{"keyword": "transforming xml trees"},
{"keyword": "transition execution function"},
{"keyword": "transition function relation"},
{"keyword": "transition paths"},
{"keyword": "transition system"},
{"keyword": "transitive class"},
{"keyword": "transitive closure"},
{"keyword": "transitive closure bypasses matrices"},
{"keyword": "transitive noninterference policies"},
{"keyword": "translate mathematical contest problems"},
{"keyword": "transparent exchange"},
+{"keyword": "transport programs"},
{"keyword": "transport theorems"},
{"keyword": "transposition theorem"},
{"keyword": "travel faster"},
{"keyword": "traversing sets"},
{"keyword": "treat binding sequences"},
{"keyword": "treated abstractly"},
{"keyword": "treated implicitly"},
{"keyword": "tree automata"},
{"keyword": "tree automata apf-entry"},
{"keyword": "tree automata technique"},
{"keyword": "tree boundaries set"},
{"keyword": "tree decomposition"},
{"keyword": "tree theorem"},
{"keyword": "tree width"},
{"keyword": "tree-regular languages"},
{"keyword": "triangle"},
{"keyword": "triangle constructed"},
{"keyword": "triangle counting lemma"},
{"keyword": "triangle removal lemma"},
{"keyword": "triangular numbers"},
{"keyword": "trick"},
{"keyword": "trie data structure invented"},
{"keyword": "trigger events"},
{"keyword": "trivially unsatisfiable inequality"},
{"keyword": "true preferences"},
{"keyword": "trusted base"},
{"keyword": "trusted external trusted components"},
{"keyword": "trusted reference implementation"},
{"keyword": "trustworthy procedure"},
{"keyword": "truth lemma"},
{"keyword": "tsinakis conditions"},
{"keyword": "tuples satisfying"},
{"keyword": "turing computability"},
{"keyword": "turing decidability"},
{"keyword": "turing machines"},
{"keyword": "turing machines arose"},
{"keyword": "turing reducibility"},
{"keyword": "turn outputs descriptions"},
{"keyword": "twelve bijections"},
{"keyword": "two-argument partition function"},
{"keyword": "two-element security lattice"},
{"keyword": "two-tape oblivious turing machine"},
{"keyword": "type"},
{"keyword": "type checker"},
{"keyword": "type checking phase"},
{"keyword": "type class"},
{"keyword": "type class functions"},
{"keyword": "type class hierarchy"},
{"keyword": "type class laws"},
{"keyword": "type class real_algebra_1"},
{"keyword": "type class system"},
{"keyword": "type classes"},
{"keyword": "type classes connected"},
{"keyword": "type constructor"},
{"keyword": "type constructor representing"},
{"keyword": "type definitions"},
{"keyword": "type inference algorithm"},
{"keyword": "type inference rules"},
{"keyword": "type information"},
{"keyword": "type preservation"},
{"keyword": "type safety"},
{"keyword": "type safety proof"},
{"keyword": "type synonym"},
{"keyword": "type system"},
{"keyword": "type system restrictions"},
{"keyword": "type theory presented"},
{"keyword": "type-class based structures"},
{"keyword": "type-safe conversions"},
{"keyword": "typed model"},
{"keyword": "types int"},
{"keyword": "types-to-sets mechanism"},
{"keyword": "typing rules"},
{"keyword": "uiuc"},
{"keyword": "ultimately culminating"},
{"keyword": "ultimately refutational completeness"},
{"keyword": "uml class diagrams"},
{"keyword": "unbounded nondeterminism"},
{"keyword": "unbounded sequences"},
{"keyword": "unbounded version"},
{"keyword": "unboundedly long path"},
{"keyword": "unboxing optimization"},
{"keyword": "unchanged results"},
{"keyword": "uncountable transfinite sequences"},
{"keyword": "under-approximate hoare logic"},
{"keyword": "under-approximate relational logic"},
{"keyword": "undergraduate dissertation"},
{"keyword": "underlying algebra"},
{"keyword": "underlying algorithmic mechanisms"},
{"keyword": "underlying boolean algebra structure"},
{"keyword": "underlying calculus"},
{"keyword": "underlying category"},
{"keyword": "underlying commented theories"},
{"keyword": "underlying concepts"},
{"keyword": "underlying decision procedure"},
{"keyword": "underlying disambiguation strategy"},
{"keyword": "underlying graph"},
{"keyword": "underlying ideas"},
{"keyword": "underlying libraries"},
{"keyword": "underlying local hidden-variable theory"},
{"keyword": "underlying routing protocol"},
{"keyword": "underlying theorem"},
{"keyword": "underlying theory"},
{"keyword": "underlying transition system"},
{"keyword": "understood problem"},
{"keyword": "undesirable side-effect"},
{"keyword": "undesired information leak"},
{"keyword": "undirected graph theory"},
{"keyword": "undirected graphs"},
{"keyword": "unexecutable specification"},
{"keyword": "ungeneralised counterparts"},
{"keyword": "unification algorithm"},
{"keyword": "unification problem"},
{"keyword": "unified approximation order"},
{"keyword": "unified manner"},
{"keyword": "unified modeling language"},
{"keyword": "unified policy framework"},
{"keyword": "unified translation"},
{"keyword": "unified translation approach"},
{"keyword": "unified view"},
{"keyword": "unifies previous formalisations"},
{"keyword": "uniform boundedness principle"},
{"keyword": "uniform framework"},
{"keyword": "uniform global clock"},
{"keyword": "uniform proof"},
{"keyword": "uniform semantic substrate"},
{"keyword": "uniform substitution calculus"},
{"keyword": "uniform substitution principle"},
{"keyword": "uniform substitutions"},
{"keyword": "uniform substitutions substitute"},
{"keyword": "uniformly bounded"},
{"keyword": "uniformly coxeter"},
{"keyword": "unify computation models"},
{"keyword": "unify correctness statements"},
{"keyword": "unifying theories"},
{"keyword": "uninterpreted functions"},
{"keyword": "union concatenation"},
{"keyword": "unique decomposition"},
{"keyword": "unique factorization domain"},
{"keyword": "unique factorization domain form"},
{"keyword": "unique irreducible factors"},
{"keyword": "unique normal forms"},
{"keyword": "unique program"},
{"keyword": "unique solutions"},
{"keyword": "unique squarefree decomposition"},
{"keyword": "uniquely determined polynomial combination"},
{"keyword": "uniquely determined product"},
{"keyword": "uniquely distinguish quantum states"},
{"keyword": "uniquely represented"},
{"keyword": "unit propagation"},
{"keyword": "unit resolution"},
{"keyword": "unit vector"},
{"keyword": "univariate monic polynomial"},
{"keyword": "univariate polynomial"},
{"keyword": "universal composability framework"},
{"keyword": "universal logical reasoning"},
{"keyword": "universal partial recursive function"},
{"keyword": "universal properties"},
{"keyword": "universal property"},
{"keyword": "universal tool"},
{"keyword": "universal turing machine"},
{"keyword": "universal turing machine entry"},
{"keyword": "universally quantified uninterpreted terms"},
{"keyword": "universit paris vii"},
{"keyword": "university-level computer science curriculum"},
{"keyword": "unlabeled trees"},
{"keyword": "unlike traditional decision procedures"},
{"keyword": "unlike treaps"},
{"keyword": "unnamed initial segment"},
{"keyword": "unordered pairs"},
{"keyword": "unprecedented time"},
{"keyword": "unpublished specialized algorithms"},
{"keyword": "unrelated times"},
{"keyword": "unrestricted resolution rule"},
{"keyword": "unrestricted rules"},
{"keyword": "unsolvable system"},
{"keyword": "unsorted first-order logic"},
{"keyword": "unsorted list deterministically"},
{"keyword": "unverified checkers"},
{"keyword": "unverified reference implementation"},
{"keyword": "unverified ssa construction algorithm"},
{"keyword": "unverified tools"},
{"keyword": "unverified translation"},
{"keyword": "unwanted subtleties"},
{"keyword": "unwinding results"},
{"keyword": "unwinding theorem"},
{"keyword": "up-closed sets"},
{"keyword": "upcoming entry iptables semantics"},
{"keyword": "upcoming work principia logico-metaphysica"},
{"keyword": "update constant pattern"},
{"keyword": "update functions"},
{"keyword": "updated july 8th"},
{"keyword": "updated version"},
{"keyword": "updown scheme"},
{"keyword": "upf emphasizes"},
{"keyword": "upper bound"},
{"keyword": "upper semicontinuous"},
{"keyword": "upper triangular"},
{"keyword": "upper-bound remains valid"},
{"keyword": "usable framework"},
{"keyword": "useless zero-reductions"},
{"keyword": "user command"},
{"keyword": "usual definitions"},
{"keyword": "usual monad laws"},
{"keyword": "usual redundancy criteria based"},
{"keyword": "usual redundancy elimination rules"},
{"keyword": "usual semantics"},
{"keyword": "usual set operations union"},
{"keyword": "utility functions"},
{"keyword": "utility functions form"},
{"keyword": "utilizing modern proof assistants"},
{"keyword": "uwe waldmann"},
{"keyword": "valid completeness threshold"},
{"keyword": "valid formula"},
{"keyword": "valid octet quot"},
{"keyword": "valid parameters"},
{"keyword": "validate termination"},
{"keyword": "value-dependent noninterference property"},
{"keyword": "van der waerden"},
{"keyword": "van der waerden number"},
{"keyword": "van emde boas tree"},
{"keyword": "van oostrom"},
{"keyword": "vandermonde identity"},
{"keyword": "vandermonde matrices"},
{"keyword": "varepsilon 0"},
{"keyword": "variable assignment"},
{"keyword": "variable convention"},
{"keyword": "variable-for-variable substitution"},
{"keyword": "variants"},
{"keyword": "varphi_i vee mathbf"},
{"keyword": "varying numbers"},
{"keyword": "vcg auction"},
{"keyword": "vdash psi"},
{"keyword": "vdash varphi longrightarrow"},
{"keyword": "vdm-reminiscent partial-correctness specifications"},
{"keyword": "veblen hierarchies"},
{"keyword": "vector cross product"},
{"keyword": "vector fields"},
{"keyword": "vector space"},
{"keyword": "verification back-ends"},
{"keyword": "verification components"},
{"keyword": "verification condition generation"},
{"keyword": "verification condition generator"},
{"keyword": "verification condition generators producing"},
{"keyword": "verification conditions"},
{"keyword": "verification conditions generated"},
{"keyword": "verification operation"},
{"keyword": "verification techniques"},
{"keyword": "verification tools"},
{"keyword": "verified"},
{"keyword": "verified algorithms"},
{"keyword": "verified approach"},
{"keyword": "verified checker past"},
{"keyword": "verified code"},
{"keyword": "verified compilation toolchain"},
{"keyword": "verified compiler"},
{"keyword": "verified construction"},
{"keyword": "verified decision procedures"},
{"keyword": "verified functional skew heaps"},
{"keyword": "verified functional splay trees"},
{"keyword": "verified heap functions"},
{"keyword": "verified implementation"},
{"keyword": "verified iptables firewall analysis"},
{"keyword": "verified monitor"},
{"keyword": "verified monitor implements"},
{"keyword": "verified programs"},
{"keyword": "verified refinement step"},
{"keyword": "verified ssa construction"},
{"keyword": "verified tool"},
{"keyword": "verified translation"},
{"keyword": "verified type checker"},
{"keyword": "verified virtual machines"},
{"keyword": "verifies infinite families"},
{"keyword": "verify algorithms"},
{"keyword": "verify axioms"},
{"keyword": "verify basic algorithms"},
{"keyword": "verify first-order relativity theory"},
{"keyword": "verify properties"},
{"keyword": "verify purely functional"},
{"keyword": "verify spoofing protection"},
{"keyword": "verify theorems"},
{"keyword": "verify truth tables"},
{"keyword": "verify-- philosophical arguments"},
{"keyword": "verifying depth-"},
{"keyword": "verifying dynamic"},
{"keyword": "verifying functional"},
{"keyword": "verifying functional programs"},
{"keyword": "verifying network security policies"},
{"keyword": "verifying practical algorithms"},
{"keyword": "verifying program correctness"},
{"keyword": "verifying safety properties"},
{"keyword": "verifying security policies"},
{"keyword": "verifying stateful security protocols"},
{"keyword": "verifying techniques"},
{"keyword": "verifying uri nodelman"},
{"keyword": "verifythis competition series"},
{"keyword": "version due"},
{"keyword": "version states"},
{"keyword": "vertical composite"},
{"keyword": "vincent bloemen"},
{"keyword": "vincent rahli"},
{"keyword": "violate sortedness"},
{"keyword": "virtual methods"},
{"keyword": "visualizing class models"},
{"keyword": "vital part"},
{"keyword": "viterbi algorithm"},
{"keyword": "volpano smith system"},
{"keyword": "volpano smith-style noninterference notions"},
{"keyword": "volume greater"},
{"keyword": "volume proofs"},
{"keyword": "von lindemann"},
{"keyword": "von neumann hierarchy"},
{"keyword": "von neumann measurements"},
{"keyword": "von wright"},
{"keyword": "von zur gathen"},
{"keyword": "von-neumann-morgenstern utility theorem"},
{"keyword": "vstte paper"},
{"keyword": "w_1 ldots w_n 1"},
{"keyword": "w_i a_i"},
{"keyword": "weak bi-quantales"},
{"keyword": "weak bisimilarity"},
{"keyword": "weak conjunction"},
{"keyword": "weak conjunction operator"},
{"keyword": "weak conjunction operator coincides"},
{"keyword": "weak duality theorem"},
{"keyword": "weak form"},
{"keyword": "weak law"},
{"keyword": "weak nullstellensatz"},
{"keyword": "weak preferences"},
{"keyword": "weak simulation"},
{"keyword": "weaker statement contained"},
{"keyword": "weaker variants"},
{"keyword": "weakest precondition component"},
{"keyword": "weakest-precondition entailment"},
{"keyword": "web community"},
{"keyword": "web components"},
{"keyword": "web standards"},
{"keyword": "webassembly language"},
{"keyword": "weight-balanced trees"},
{"keyword": "weighted arithmetic geometric"},
{"keyword": "weighted graphs"},
{"keyword": "weighted path order"},
{"keyword": "welfare economics holds"},
{"keyword": "well-formedness properties"},
{"keyword": "well-order relation"},
{"keyword": "well-ordered type"},
{"keyword": "well-typed attacks"},
{"keyword": "well-typed programs"},
{"keyword": "well-understood low-level behavior"},
{"keyword": "wide design space"},
{"keyword": "wide range"},
{"keyword": "wide variety"},
{"keyword": "widely applicable"},
{"keyword": "widely studied topic"},
{"keyword": "widening operation"},
{"keyword": "wider scope"},
{"keyword": "wikipedia articles"},
{"keyword": "wilf theorem"},
{"keyword": "winding number"},
{"keyword": "winding number measures"},
{"keyword": "wireless mesh network"},
{"keyword": "wireless networks"},
{"keyword": "witnessing diamonds"},
{"keyword": "wolfram engine"},
{"keyword": "woots strong eventual consistency"},
{"keyword": "word count program"},
{"keyword": "word equations"},
{"keyword": "word iff"},
{"keyword": "word inside"},
{"keyword": "word numerals"},
{"keyword": "word power"},
{"keyword": "word problem"},
{"keyword": "words lexicographically minimal"},
{"keyword": "work comprises proofs"},
{"keyword": "work focuses"},
{"keyword": "work implements"},
{"keyword": "work presents"},
{"keyword": "work revealed minor"},
{"keyword": "worker wrapper transformation"},
{"keyword": "working backwards"},
{"keyword": "working mathematician"},
{"keyword": "works based"},
{"keyword": "world code"},
{"keyword": "worst case"},
{"keyword": "worst-case optimal multiway-join algorithms"},
{"keyword": "worst-time complexity"},
{"keyword": "wpo subsumes kbo"},
{"keyword": "write access"},
{"keyword": "write alpha"},
{"keyword": "write operations"},
{"keyword": "write poof strategies"},
{"keyword": "write specifications"},
{"keyword": "written standard"},
{"keyword": "x1j hellip"},
{"keyword": "x1n hellip"},
{"keyword": "x86-64 assembly instructions"},
{"keyword": "x_1"},
{"keyword": "x_1 exists"},
{"keyword": "x_1 varepsilon"},
{"keyword": "xml trees"},
{"keyword": "yacc style grammars"},
{"keyword": "yamada 2"},
{"keyword": "years formal verification"},
{"keyword": "yielding dynamic programming algorithms"},
{"keyword": "yielding significant state-space reduction"},
{"keyword": "yoneda embedding preserves limits"},
{"keyword": "yoneda functor"},
{"keyword": "yoneda lemma"},
{"keyword": "yosuke-ito-345 actuary"},
{"keyword": "yufei zhao"},
{"keyword": "zeroth frequency moment"},
{"keyword": "zf set theory"},
{"keyword": "zfc set theory"},
{"keyword": "zout domains"}]
\ No newline at end of file
diff --git a/web/dependencies/index.html b/web/dependencies/index.html
--- a/web/dependencies/index.html
+++ b/web/dependencies/index.html
@@ -1,2170 +1,2184 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Archive of Formal Proofs </title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<meta property="og:title" content="Dependencies" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/dependencies/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Dependencies"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>D</span>ependencies
</h1>
<div>
</div>
</header>
<div>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../dependencies/ml_unification/">ML_Unification</a></h5>
+ <br>
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../dependencies/stone_relation_algebras/">Stone_Relation_Algebras</a></h5>
<br>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-infinite/">List-Infinite</a></h5>
<br>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/undirected_graph_theory/">Undirected_Graph_Theory</a></h5>
<br>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fishers_inequality/">Fishers_Inequality</a></h5>
<br>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/design_theory/">Design_Theory</a></h5>
<br>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_partitions/">Card_Partitions</a></h5>
<br>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/speccheck/">SpecCheck</a></h5>
<br>
</div>
<span class="date">Sep 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/triangle/">Triangle</a></h5>
<br>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relation_algebra/">Relation_Algebra</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quantales_converse/">Quantales_Converse</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quantales/">Quantales</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kad/">KAD</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/three_squares/">Three_Squares</a></h5>
<br>
</div>
<span class="date">Aug 10</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../dependencies/standard_borel_spaces/">Standard_Borel_Spaces</a></h5>
+ <br>
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../dependencies/kleene_algebra/">Kleene_Algebra</a></h5>
<br>
</div>
<span class="date">Jul 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zeta_function/">Zeta_Function</a></h5>
<br>
</div>
<span class="date">Jun 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_while/">Probabilistic_While</a></h5>
<br>
</div>
<span class="date">Jun 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/elliptic_curves_group_law/">Elliptic_Curves_Group_Law</a></h5>
<br>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/weighted_path_order/">Weighted_Path_Order</a></h5>
<br>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complete_non_orders/">Complete_Non_Orders</a></h5>
<br>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-index/">List-Index</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hereditarilyfinite/">HereditarilyFinite</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/graph_theory/">Graph_Theory</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fresh_identifiers/">Fresh_Identifiers</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_l/">Dirichlet_L</a></h5>
<br>
</div>
<span class="date">May 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/skip_lists/">Skip_Lists</a></h5>
<br>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jordan_normal_form/">Jordan_Normal_Form</a></h5>
<br>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/factor_algebraic_polynomial/">Factor_Algebraic_Polynomial</a></h5>
<br>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/saturation_framework_extensions/">Saturation_Framework_Extensions</a></h5>
<br>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/saturation_framework/">Saturation_Framework</a></h5>
<br>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordered_resolution_prover/">Ordered_Resolution_Prover</a></h5>
<br>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/functional_ordered_resolution_prover/">Functional_Ordered_Resolution_Prover</a></h5>
<br>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_order_terms/">First_Order_Terms</a></h5>
<br>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/commuting_hermitian/">Commuting_Hermitian</a></h5>
<br>
</div>
<span class="date">Apr 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stirling_formula/">Stirling_Formula</a></h5>
<br>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/expander_graphs/">Expander_Graphs</a></h5>
<br>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/discrete_summation/">Discrete_Summation</a></h5>
<br>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/weighted_arithmetic_geometric_mean/">Weighted_Arithmetic_Geometric_Mean</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/perron_frobenius/">Perron_Frobenius</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/frequency_moments/">Frequency_Moments</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/suppes_theorem/">Suppes_Theorem</a></h5>
<br>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lll_basis_reduction/">LLL_Basis_Reduction</a></h5>
<br>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/berlekamp_zassenhaus/">Berlekamp_Zassenhaus</a></h5>
<br>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/benor_kozen_reif/">BenOr_Kozen_Reif</a></h5>
<br>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crypthol/">CryptHOL</a></h5>
<br>
</div>
<span class="date">Jan 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/propositional_logic_class/">Propositional_Logic_Class</a></h5>
<br>
</div>
<span class="date">Jan 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive/">Coinductive</a></h5>
<br>
</div>
<span class="date">Jan 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/combinatorics_words_graph_lemma/">Combinatorics_Words_Graph_Lemma</a></h5>
<br>
</div>
<span class="date">Jan 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/combinatorics_words/">Combinatorics_Words</a></h5>
<br>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/virtual_substitution/">Virtual_Substitution</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_interpolation/">Polynomial_Interpolation</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/descartes_sign_rule/">Descartes_Sign_Rule</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datatype_order_generator/">Datatype_Order_Generator</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/algebraic_numbers/">Algebraic_Numbers</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/word_lib/">Word_Lib</a></h5>
<br>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_algebra/">Separation_Algebra</a></h5>
<br>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/containers/">Containers</a></h5>
<br>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pluennecke_ruzsa_inequality/">Pluennecke_Ruzsa_Inequality</a></h5>
<br>
</div>
<span class="date">Nov 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jacobson_basic_algebra/">Jacobson_Basic_Algebra</a></h5>
<br>
</div>
<span class="date">Nov 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_graph_subgraph_threshold/">Random_Graph_Subgraph_Threshold</a></h5>
<br>
</div>
<span class="date">Nov 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/girth_chromatic/">Girth_Chromatic</a></h5>
<br>
</div>
<span class="date">Nov 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/falling_factorial_sum/">Falling_Factorial_Sum</a></h5>
<br>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_number_partitions/">Card_Number_Partitions</a></h5>
<br>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/randomised_social_choice/">Randomised_Social_Choice</a></h5>
<br>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deriving/">Deriving</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/collections/">Collections</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/epistemic_logic/">Epistemic_Logic</a></h5>
<br>
</div>
<span class="date">Sep 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/padic_ints/">Padic_Ints</a></h5>
<br>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/localization_ring/">Localization_Ring</a></h5>
<br>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/number_theoretic_transform/">Number_Theoretic_Transform</a></h5>
<br>
</div>
<span class="date">Sep 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bernoulli/">Bernoulli</a></h5>
<br>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/native_word/">Native_Word</a></h5>
<br>
</div>
<span class="date">Aug 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/projective_measurements/">Projective_Measurements</a></h5>
<br>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finite-map-extras/">Finite-Map-Extras</a></h5>
<br>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_series/">Dirichlet_Series</a></h5>
<br>
</div>
<span class="date">Jun 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lucas_theorem/">Lucas_Theorem</a></h5>
<br>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/digit_expansions/">Digit_Expansions</a></h5>
<br>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular_tree_relations/">Regular_Tree_Relations</a></h5>
<br>
</div>
<span class="date">Jun 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/package_logic/">Package_logic</a></h5>
<br>
</div>
<span class="date">May 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sunflowers/">Sunflowers</a></h5>
<br>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_factorization/">Polynomial_Factorization</a></h5>
<br>
</div>
<span class="date">Apr 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/groebner_bases/">Groebner_Bases</a></h5>
<br>
</div>
<span class="date">Apr 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/universal_hash_families/">Universal_Hash_Families</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prefix_free_code_combinators/">Prefix_Free_Code_Combinators</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_method/">Median_Method</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lp/">Lp</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/interpolation_polynomials_hol_algebra/">Interpolation_Polynomials_HOL_Algebra</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/equivalence_relation_enumeration/">Equivalence_Relation_Enumeration</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bertrands_postulate/">Bertrands_Postulate</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_soundness/">Abstract_Soundness</a></h5>
<br>
</div>
<span class="date">Mar 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_completeness/">Abstract_Completeness</a></h5>
<br>
</div>
<span class="date">Mar 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive_models/">Transitive_Models</a></h5>
<br>
</div>
<span class="date">Mar 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/delta_system_lemma/">Delta_System_Lemma</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finite_fields/">Finite_Fields</a></h5>
<br>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zfc_in_hol/">ZFC_in_HOL</a></h5>
<br>
</div>
<span class="date">Feb 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_equiv_relations/">Card_Equiv_Relations</a></h5>
<br>
</div>
<span class="date">Feb 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/linear_inequalities/">Linear_Inequalities</a></h5>
<br>
</div>
<span class="date">Feb 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol-fitting/">FOL-Fitting</a></h5>
<br>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol_seq_calc1/">FOL_Seq_Calc1</a></h5>
<br>
</div>
<span class="date">Jan 31</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szemeredi_regularity/">Szemeredi_Regularity</a></h5>
<br>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ergodic_theory/">Ergodic_Theory</a></h5>
<br>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mdp-rewards/">MDP-Rewards</a></h5>
<br>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss_jordan/">Gauss_Jordan</a></h5>
<br>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/knuth_bendix_order/">Knuth_Bendix_Order</a></h5>
<br>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/robdd/">ROBDD</a></h5>
<br>
</div>
<span class="date">Nov 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_imperative_hol/">Refine_Imperative_HOL</a></h5>
<br>
</div>
<span class="date">Nov 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/automatic_refinement/">Automatic_Refinement</a></h5>
<br>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomials/">Polynomials</a></h5>
<br>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite_lindemann/">Hermite_Lindemann</a></h5>
<br>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_bounded_operators/">Complex_Bounded_Operators</a></h5>
<br>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subset_boolean_algebras/">Subset_Boolean_Algebras</a></h5>
<br>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_kleene_relation_algebras/">Stone_Kleene_Relation_Algebras</a></h5>
<br>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monobooltranalgebra/">MonoBoolTranAlgebra</a></h5>
<br>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/real_impl/">Real_Impl</a></h5>
<br>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/banach_steinhaus/">Banach_Steinhaus</a></h5>
<br>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/intro_dest_elim/">Intro_Dest_Elim</a></h5>
<br>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_foundations/">CZH_Foundations</a></h5>
<br>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_elementary_categories/">CZH_Elementary_Categories</a></h5>
<br>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_transfer_rule/">Conditional_Transfer_Rule</a></h5>
<br>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_simplification/">Conditional_Simplification</a></h5>
<br>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinja/">Jinja</a></h5>
<br>
</div>
<span class="date">Sep 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_geometry/">Complex_Geometry</a></h5>
<br>
</div>
<span class="date">Sep 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/budan_fourier/">Budan_Fourier</a></h5>
<br>
</div>
<span class="date">Aug 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bounded_deducibility_security/">Bounded_Deducibility_Security</a></h5>
<br>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bd_security_compositional/">BD_Security_Compositional</a></h5>
<br>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nested_multisets_ordinals/">Nested_Multisets_Ordinals</a></h5>
<br>
</div>
<span class="date">Aug 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/show/">Show</a></h5>
<br>
</div>
<span class="date">Jun 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nominal2/">Nominal2</a></h5>
<br>
</div>
<span class="date">Jun 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szpilrajn/">Szpilrajn</a></h5>
<br>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinjadci/">JinjaDCI</a></h5>
<br>
</div>
<span class="date">Apr 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_tarski/">Sturm_Tarski</a></h5>
<br>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/parity_game/">Parity_Game</a></h5>
<br>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sigma_commit_crypto/">Sigma_Commit_Crypto</a></h5>
<br>
</div>
<span class="date">Mar 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/game_based_crypto/">Game_Based_Crypto</a></h5>
<br>
</div>
<span class="date">Mar 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructive_cryptography/">Constructive_Cryptography</a></h5>
<br>
</div>
<span class="date">Mar 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/smith_normal_form/">Smith_Normal_Form</a></h5>
<br>
</div>
<span class="date">Mar 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite/">Hermite</a></h5>
<br>
</div>
<span class="date">Mar 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/qhlprover/">QHLProver</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/power_sum_polynomials/">Power_Sum_Polynomials</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pi_transcendental/">Pi_Transcendental</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/isabelle_marries_dirac/">Isabelle_Marries_Dirac</a></h5>
<br>
</div>
<span class="date">Mar 03</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relational_disjoint_set_forests/">Relational_Disjoint_Set_Forests</a></h5>
<br>
</div>
<span class="date">Dec 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vericomp/">VeriComp</a></h5>
<br>
</div>
<span class="date">Dec 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vectorspace/">VectorSpace</a></h5>
<br>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix_tensor/">Matrix_Tensor</a></h5>
<br>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hol-csp/">HOL-CSP</a></h5>
<br>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/propositional_proof_systems/">Propositional_Proof_Systems</a></h5>
<br>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/certification_monads/">Certification_Monads</a></h5>
<br>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ai_planning_languages_semantics/">AI_Planning_Languages_Semantics</a></h5>
<br>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_sc_dom/">Shadow_SC_DOM</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_dom/">Shadow_DOM</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_sc_dom/">Core_SC_DOM</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_dom/">Core_DOM</a></h5>
<br>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/syntax_independent_logic/">Syntax_Independent_Logic</a></h5>
<br>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/incompleteness/">Incompleteness</a></h5>
<br>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/goedel_incompleteness/">Goedel_Incompleteness</a></h5>
<br>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finfun/">FinFun</a></h5>
<br>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/extended_finite_state_machines/">Extended_Finite_State_Machines</a></h5>
<br>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/aggregation_algebras/">Aggregation_Algebras</a></h5>
<br>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/well_quasi_orders/">Well_Quasi_Orders</a></h5>
<br>
</div>
<span class="date">Aug 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/holcf-prelude/">HOLCF-Prelude</a></h5>
<br>
</div>
<span class="date">Aug 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pratt_certificate/">Pratt_Certificate</a></h5>
<br>
</div>
<span class="date">Aug 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nash_williams/">Nash_Williams</a></h5>
<br>
</div>
<span class="date">Aug 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_sequences/">Sturm_Sequences</a></h5>
<br>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix/">Matrix</a></h5>
<br>
</div>
<span class="date">May 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_distribution_elementary/">Prime_Distribution_Elementary</a></h5>
<br>
</div>
<span class="date">May 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_master_theorem/">LTL_Master_Theorem</a></h5>
<br>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl/">LTL</a></h5>
<br>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/symmetric_polynomials/">Symmetric_Polynomials</a></h5>
<br>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hybrid_systems_vcs/">Hybrid_Systems_VCs</a></h5>
<br>
</div>
<span class="date">Apr 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfotl_monitor/">MFOTL_Monitor</a></h5>
<br>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lambda_free_rpos/">Lambda_Free_RPOs</a></h5>
<br>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ieee_floating_point/">IEEE_Floating_Point</a></h5>
<br>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/generic_join/">Generic_Join</a></h5>
<br>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stateful_protocol_composition_and_typing/">Stateful_Protocol_Composition_and_Typing</a></h5>
<br>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_algebras/">Stone_Algebras</a></h5>
<br>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_prime_tests/">Probabilistic_Prime_Tests</a></h5>
<br>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pell/">Pell</a></h5>
<br>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/root_balanced_tree/">Root_Balanced_Tree</a></h5>
<br>
</div>
<span class="date">Jan 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/akra_bazzi/">Akra_Bazzi</a></h5>
<br>
</div>
<span class="date">Jan 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_normalisation/">Monad_Normalisation</a></h5>
<br>
</div>
<span class="date">Jan 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monoidalcategory/">MonoidalCategory</a></h5>
<br>
</div>
<span class="date">Jan 06</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_number_theorem/">Prime_Number_Theorem</a></h5>
<br>
</div>
<span class="date">Dec 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/e_transcendental/">E_Transcendental</a></h5>
<br>
</div>
<span class="date">Dec 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinary_differential_equations/">Ordinary_Differential_Equations</a></h5>
<br>
</div>
<span class="date">Dec 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transformer_semantics/">Transformer_Semantics</a></h5>
<br>
</div>
<span class="date">Sep 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kat_and_dra/">KAT_and_DRA</a></h5>
<br>
</div>
<span class="date">Sep 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transition_systems_and_automata/">Transition_Systems_and_Automata</a></h5>
<br>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/farkas/">Farkas</a></h5>
<br>
</div>
<span class="date">Aug 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pairing_heap/">Pairing_Heap</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/huffman/">Huffman</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/higher_order_terms/">Higher_Order_Terms</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dict_construction/">Dict_Construction</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructor_funs/">Constructor_Funs</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cakeml/">CakeML</a></h5>
<br>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/priority_search_trees/">Priority_Search_Trees</a></h5>
<br>
</div>
<span class="date">Jun 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/imp2/">IMP2</a></h5>
<br>
</div>
<span class="date">Jun 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_of_medians_selection/">Median_Of_Medians_Selection</a></h5>
<br>
</div>
<span class="date">May 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deep_learning/">Deep_Learning</a></h5>
<br>
</div>
<span class="date">Mar 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_monadic/">Refine_Monadic</a></h5>
<br>
</div>
<span class="date">Feb 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matroids/">Matroids</a></h5>
<br>
</div>
<span class="date">Feb 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/optics/">Optics</a></h5>
<br>
</div>
<span class="date">Feb 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simplex/">Simplex</a></h5>
<br>
</div>
<span class="date">Jan 17</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/auto2_hol/">Auto2_HOL</a></h5>
<br>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/order_lattice_props/">Order_Lattice_Props</a></h5>
<br>
</div>
<span class="date">Dec 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/open_induction/">Open_Induction</a></h5>
<br>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_bsts/">Random_BSTs</a></h5>
<br>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/recursion-theory-i/">Recursion-Theory-I</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract-rewriting/">Abstract-Rewriting</a></h5>
<br>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_welfare_theorem/">First_Welfare_Theorem</a></h5>
<br>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stuttering_equivalence/">Stuttering_Equivalence</a></h5>
<br>
</div>
<span class="date">Jun 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_memo_dp/">Monad_Memo_DP</a></h5>
<br>
</div>
<span class="date">May 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/markov_models/">Markov_Models</a></h5>
<br>
</div>
<span class="date">May 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/timed_automata/">Timed_Automata</a></h5>
<br>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dynamicarchitectures/">DynamicArchitectures</a></h5>
<br>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/landau_symbols/">Landau_Symbols</a></h5>
<br>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/comparison_sort_lower_bound/">Comparison_Sort_Lower_Bound</a></h5>
<br>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/affine_arithmetic/">Affine_Arithmetic</a></h5>
<br>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finitely_generated_abelian_groups/">Finitely_Generated_Abelian_Groups</a></h5>
<br>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crdt/">CRDT</a></h5>
<br>
</div>
<span class="date">Nov 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gabow_scc/">Gabow_SCC</a></h5>
<br>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dfs_framework/">DFS_Framework</a></h5>
<br>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/winding_number_eval/">Winding_Number_Eval</a></h5>
<br>
</div>
<span class="date">Oct 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/euler_maclaurin/">Euler_MacLaurin</a></h5>
<br>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/count_complex_roots/">Count_Complex_Roots</a></h5>
<br>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/amortized_complexity/">Amortized_Complexity</a></h5>
<br>
</div>
<span class="date">Aug 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/program-conflict-analysis/">Program-Conflict-Analysis</a></h5>
<br>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/flow_networks/">Flow_Networks</a></h5>
<br>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_automata/">CAVA_Automata</a></h5>
<br>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy_case/">Lazy_Case</a></h5>
<br>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monomorphic_monad/">Monomorphic_Monad</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfmc_countable/">MFMC_Countable</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/applicative_lifting/">Applicative_Lifting</a></h5>
<br>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/category3/">Category3</a></h5>
<br>
</div>
<span class="date">May 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quick_sort_cost/">Quick_Sort_Cost</a></h5>
<br>
</div>
<span class="date">Apr 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular-sets/">Regular-Sets</a></h5>
<br>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/formal_ssa/">Formal_SSA</a></h5>
<br>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/upf/">UPF</a></h5>
<br>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_multisets/">Card_Multisets</a></h5>
<br>
</div>
<span class="date">Dec 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bell_numbers_spivey/">Bell_Numbers_Spivey</a></h5>
<br>
</div>
<span class="date">Dec 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinal/">Ordinal</a></h5>
<br>
</div>
<span class="date">Nov 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/iptables_semantics/">Iptables_Semantics</a></h5>
<br>
</div>
<span class="date">Oct 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subresultants/">Subresultants</a></h5>
<br>
</div>
<span class="date">Oct 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/efficient-mergesort/">Efficient-Mergesort</a></h5>
<br>
</div>
<span class="date">Oct 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/routing/">Routing</a></h5>
<br>
</div>
<span class="date">Sep 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simple_firewall/">Simple_Firewall</a></h5>
<br>
</div>
<span class="date">Aug 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ip_addresses/">IP_Addresses</a></h5>
<br>
</div>
<span class="date">Aug 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_logic_imperative_hol/">Separation_Logic_Imperative_HOL</a></h5>
<br>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dijkstra_shortest_path/">Dijkstra_Shortest_Path</a></h5>
<br>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dependent_sifum_type_systems/">Dependent_SIFUM_Type_Systems</a></h5>
<br>
</div>
<span class="date">Jun 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_sequential_composition/">Noninterference_Sequential_Composition</a></h5>
<br>
</div>
<span class="date">Jun 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/rank_nullity_theorem/">Rank_Nullity_Theorem</a></h5>
<br>
</div>
<span class="date">May 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/edmondskarp_maxflow/">EdmondsKarp_Maxflow</a></h5>
<br>
</div>
<span class="date">May 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_ipurge_unwinding/">Noninterference_Ipurge_Unwinding</a></h5>
<br>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/boolean_expression_checkers/">Boolean_Expression_Checkers</a></h5>
<br>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/slicing/">Slicing</a></h5>
<br>
</div>
<span class="date">Feb 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sqrt_babylonian/">Sqrt_Babylonian</a></h5>
<br>
</div>
<span class="date">Jan 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_function_mr/">Partial_Function_MR</a></h5>
<br>
</div>
<span class="date">Jan 29</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/marriage/">Marriage</a></h5>
<br>
</div>
<span class="date">Dec 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive-closure/">Transitive-Closure</a></h5>
<br>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simpl/">Simpl</a></h5>
<br>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/case_labeling/">Case_Labeling</a></h5>
<br>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kbps/">KBPs</a></h5>
<br>
</div>
<span class="date">Sep 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/echelon_form/">Echelon_Form</a></h5>
<br>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_csp/">Noninterference_CSP</a></h5>
<br>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list_interleaving/">List_Interleaving</a></h5>
<br>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive_languages/">Coinductive_Languages</a></h5>
<br>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/concurrentimp/">ConcurrentIMP</a></h5>
<br>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/heard_of/">Heard_Of</a></h5>
<br>
</div>
<span class="date">Mar 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/launchbury/">Launchbury</a></h5>
<br>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cayley_hamilton/">Cayley_Hamilton</a></h5>
<br>
</div>
<span class="date">Feb 12</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/awn/">AWN</a></h5>
<br>
</div>
<span class="date">Oct 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/secondary_sylow/">Secondary_Sylow</a></h5>
<br>
</div>
<span class="date">Sep 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/splay_tree/">Splay_Tree</a></h5>
<br>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/skew_heap/">Skew_Heap</a></h5>
<br>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/promela/">Promela</a></h5>
<br>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_order_reduction/">Partial_Order_Reduction</a></h5>
<br>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_to_gba/">LTL_to_GBA</a></h5>
<br>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/strong_security/">Strong_Security</a></h5>
<br>
</div>
<span class="date">Apr 23</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lehmer/">Lehmer</a></h5>
<br>
</div>
<span class="date">Jul 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/trie/">Trie</a></h5>
<br>
</div>
<span class="date">Apr 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finger-trees/">Finger-Trees</a></h5>
<br>
</div>
<span class="date">Apr 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cauchy/">Cauchy</a></h5>
<br>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss-jordan-elim-fun/">Gauss-Jordan-Elim-Fun</a></h5>
<br>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/latticeproperties/">LatticeProperties</a></h5>
<br>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nat-interval-logic/">Nat-Interval-Logic</a></h5>
<br>
</div>
<span class="date">Feb 23</span>
</article>
<h2 class="head">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datarefinementibp/">DataRefinementIBP</a></h5>
<br>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hrb-slicing/">HRB-Slicing</a></h5>
<br>
</div>
<span class="date">Mar 23</span>
</article>
<h2 class="head">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/binomial-heaps/">Binomial-Heaps</a></h5>
<br>
</div>
<span class="date">Nov 25</span>
</article>
<h2 class="head">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/group-ring-module/">Group-Ring-Module</a></h5>
<br>
</div>
<span class="date">Aug 08</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy-lists-ii/">Lazy-Lists-II</a></h5>
<br>
</div>
<span class="date">Apr 26</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/dependencies/index.json b/web/dependencies/index.json
--- a/web/dependencies/index.json
+++ b/web/dependencies/index.json
@@ -1,1452 +1,1462 @@
[
{
"id": 0,
"link": "/dependencies/abstract-rewriting/",
"name": "Abstract-Rewriting"
},
{
"id": 1,
"link": "/dependencies/abstract_completeness/",
"name": "Abstract_Completeness"
},
{
"id": 2,
"link": "/dependencies/abstract_soundness/",
"name": "Abstract_Soundness"
},
{
"id": 3,
"link": "/dependencies/affine_arithmetic/",
"name": "Affine_Arithmetic"
},
{
"id": 4,
"link": "/dependencies/aggregation_algebras/",
"name": "Aggregation_Algebras"
},
{
"id": 5,
"link": "/dependencies/ai_planning_languages_semantics/",
"name": "AI_Planning_Languages_Semantics"
},
{
"id": 6,
"link": "/dependencies/akra_bazzi/",
"name": "Akra_Bazzi"
},
{
"id": 7,
"link": "/dependencies/algebraic_numbers/",
"name": "Algebraic_Numbers"
},
{
"id": 8,
"link": "/dependencies/amortized_complexity/",
"name": "Amortized_Complexity"
},
{
"id": 9,
"link": "/dependencies/applicative_lifting/",
"name": "Applicative_Lifting"
},
{
"id": 10,
"link": "/dependencies/auto2_hol/",
"name": "Auto2_HOL"
},
{
"id": 11,
"link": "/dependencies/automatic_refinement/",
"name": "Automatic_Refinement"
},
{
"id": 12,
"link": "/dependencies/awn/",
"name": "AWN"
},
{
"id": 13,
"link": "/dependencies/banach_steinhaus/",
"name": "Banach_Steinhaus"
},
{
"id": 14,
"link": "/dependencies/bd_security_compositional/",
"name": "BD_Security_Compositional"
},
{
"id": 15,
"link": "/dependencies/bell_numbers_spivey/",
"name": "Bell_Numbers_Spivey"
},
{
"id": 16,
"link": "/dependencies/benor_kozen_reif/",
"name": "BenOr_Kozen_Reif"
},
{
"id": 17,
"link": "/dependencies/berlekamp_zassenhaus/",
"name": "Berlekamp_Zassenhaus"
},
{
"id": 18,
"link": "/dependencies/bernoulli/",
"name": "Bernoulli"
},
{
"id": 19,
"link": "/dependencies/bertrands_postulate/",
"name": "Bertrands_Postulate"
},
{
"id": 20,
"link": "/dependencies/binomial-heaps/",
"name": "Binomial-Heaps"
},
{
"id": 21,
"link": "/dependencies/boolean_expression_checkers/",
"name": "Boolean_Expression_Checkers"
},
{
"id": 22,
"link": "/dependencies/bounded_deducibility_security/",
"name": "Bounded_Deducibility_Security"
},
{
"id": 23,
"link": "/dependencies/budan_fourier/",
"name": "Budan_Fourier"
},
{
"id": 24,
"link": "/dependencies/cakeml/",
"name": "CakeML"
},
{
"id": 25,
"link": "/dependencies/card_equiv_relations/",
"name": "Card_Equiv_Relations"
},
{
"id": 26,
"link": "/dependencies/card_multisets/",
"name": "Card_Multisets"
},
{
"id": 27,
"link": "/dependencies/card_number_partitions/",
"name": "Card_Number_Partitions"
},
{
"id": 28,
"link": "/dependencies/card_partitions/",
"name": "Card_Partitions"
},
{
"id": 29,
"link": "/dependencies/case_labeling/",
"name": "Case_Labeling"
},
{
"id": 30,
"link": "/dependencies/category3/",
"name": "Category3"
},
{
"id": 31,
"link": "/dependencies/cauchy/",
"name": "Cauchy"
},
{
"id": 32,
"link": "/dependencies/cava_automata/",
"name": "CAVA_Automata"
},
{
"id": 33,
"link": "/dependencies/cayley_hamilton/",
"name": "Cayley_Hamilton"
},
{
"id": 34,
"link": "/dependencies/certification_monads/",
"name": "Certification_Monads"
},
{
"id": 35,
"link": "/dependencies/coinductive/",
"name": "Coinductive"
},
{
"id": 36,
"link": "/dependencies/coinductive_languages/",
"name": "Coinductive_Languages"
},
{
"id": 37,
"link": "/dependencies/collections/",
"name": "Collections"
},
{
"id": 38,
"link": "/dependencies/combinatorics_words/",
"name": "Combinatorics_Words"
},
{
"id": 39,
"link": "/dependencies/combinatorics_words_graph_lemma/",
"name": "Combinatorics_Words_Graph_Lemma"
},
{
"id": 40,
"link": "/dependencies/commuting_hermitian/",
"name": "Commuting_Hermitian"
},
{
"id": 41,
"link": "/dependencies/comparison_sort_lower_bound/",
"name": "Comparison_Sort_Lower_Bound"
},
{
"id": 42,
"link": "/dependencies/complete_non_orders/",
"name": "Complete_Non_Orders"
},
{
"id": 43,
"link": "/dependencies/complex_bounded_operators/",
"name": "Complex_Bounded_Operators"
},
{
"id": 44,
"link": "/dependencies/complex_geometry/",
"name": "Complex_Geometry"
},
{
"id": 45,
"link": "/dependencies/concurrentimp/",
"name": "ConcurrentIMP"
},
{
"id": 46,
"link": "/dependencies/conditional_simplification/",
"name": "Conditional_Simplification"
},
{
"id": 47,
"link": "/dependencies/conditional_transfer_rule/",
"name": "Conditional_Transfer_Rule"
},
{
"id": 48,
"link": "/dependencies/constructive_cryptography/",
"name": "Constructive_Cryptography"
},
{
"id": 49,
"link": "/dependencies/constructor_funs/",
"name": "Constructor_Funs"
},
{
"id": 50,
"link": "/dependencies/containers/",
"name": "Containers"
},
{
"id": 51,
"link": "/dependencies/core_dom/",
"name": "Core_DOM"
},
{
"id": 52,
"link": "/dependencies/core_sc_dom/",
"name": "Core_SC_DOM"
},
{
"id": 53,
"link": "/dependencies/count_complex_roots/",
"name": "Count_Complex_Roots"
},
{
"id": 54,
"link": "/dependencies/crdt/",
"name": "CRDT"
},
{
"id": 55,
"link": "/dependencies/crypthol/",
"name": "CryptHOL"
},
{
"id": 56,
"link": "/dependencies/czh_elementary_categories/",
"name": "CZH_Elementary_Categories"
},
{
"id": 57,
"link": "/dependencies/czh_foundations/",
"name": "CZH_Foundations"
},
{
"id": 58,
"link": "/dependencies/datarefinementibp/",
"name": "DataRefinementIBP"
},
{
"id": 59,
"link": "/dependencies/datatype_order_generator/",
"name": "Datatype_Order_Generator"
},
{
"id": 60,
"link": "/dependencies/deep_learning/",
"name": "Deep_Learning"
},
{
"id": 61,
"link": "/dependencies/delta_system_lemma/",
"name": "Delta_System_Lemma"
},
{
"id": 62,
"link": "/dependencies/dependent_sifum_type_systems/",
"name": "Dependent_SIFUM_Type_Systems"
},
{
"id": 63,
"link": "/dependencies/deriving/",
"name": "Deriving"
},
{
"id": 64,
"link": "/dependencies/descartes_sign_rule/",
"name": "Descartes_Sign_Rule"
},
{
"id": 65,
"link": "/dependencies/design_theory/",
"name": "Design_Theory"
},
{
"id": 66,
"link": "/dependencies/dfs_framework/",
"name": "DFS_Framework"
},
{
"id": 67,
"link": "/dependencies/dict_construction/",
"name": "Dict_Construction"
},
{
"id": 68,
"link": "/dependencies/digit_expansions/",
"name": "Digit_Expansions"
},
{
"id": 69,
"link": "/dependencies/dijkstra_shortest_path/",
"name": "Dijkstra_Shortest_Path"
},
{
"id": 70,
"link": "/dependencies/dirichlet_l/",
"name": "Dirichlet_L"
},
{
"id": 71,
"link": "/dependencies/dirichlet_series/",
"name": "Dirichlet_Series"
},
{
"id": 72,
"link": "/dependencies/discrete_summation/",
"name": "Discrete_Summation"
},
{
"id": 73,
"link": "/dependencies/dynamicarchitectures/",
"name": "DynamicArchitectures"
},
{
"id": 74,
"link": "/dependencies/e_transcendental/",
"name": "E_Transcendental"
},
{
"id": 75,
"link": "/dependencies/echelon_form/",
"name": "Echelon_Form"
},
{
"id": 76,
"link": "/dependencies/edmondskarp_maxflow/",
"name": "EdmondsKarp_Maxflow"
},
{
"id": 77,
"link": "/dependencies/efficient-mergesort/",
"name": "Efficient-Mergesort"
},
{
"id": 78,
"link": "/dependencies/elliptic_curves_group_law/",
"name": "Elliptic_Curves_Group_Law"
},
{
"id": 79,
"link": "/dependencies/epistemic_logic/",
"name": "Epistemic_Logic"
},
{
"id": 80,
"link": "/dependencies/equivalence_relation_enumeration/",
"name": "Equivalence_Relation_Enumeration"
},
{
"id": 81,
"link": "/dependencies/ergodic_theory/",
"name": "Ergodic_Theory"
},
{
"id": 82,
"link": "/dependencies/euler_maclaurin/",
"name": "Euler_MacLaurin"
},
{
"id": 83,
"link": "/dependencies/expander_graphs/",
"name": "Expander_Graphs"
},
{
"id": 84,
"link": "/dependencies/extended_finite_state_machines/",
"name": "Extended_Finite_State_Machines"
},
{
"id": 85,
"link": "/dependencies/factor_algebraic_polynomial/",
"name": "Factor_Algebraic_Polynomial"
},
{
"id": 86,
"link": "/dependencies/falling_factorial_sum/",
"name": "Falling_Factorial_Sum"
},
{
"id": 87,
"link": "/dependencies/farkas/",
"name": "Farkas"
},
{
"id": 88,
"link": "/dependencies/finfun/",
"name": "FinFun"
},
{
"id": 89,
"link": "/dependencies/finger-trees/",
"name": "Finger-Trees"
},
{
"id": 90,
"link": "/dependencies/finite-map-extras/",
"name": "Finite-Map-Extras"
},
{
"id": 91,
"link": "/dependencies/finite_fields/",
"name": "Finite_Fields"
},
{
"id": 92,
"link": "/dependencies/finitely_generated_abelian_groups/",
"name": "Finitely_Generated_Abelian_Groups"
},
{
"id": 93,
"link": "/dependencies/first_order_terms/",
"name": "First_Order_Terms"
},
{
"id": 94,
"link": "/dependencies/first_welfare_theorem/",
"name": "First_Welfare_Theorem"
},
{
"id": 95,
"link": "/dependencies/fishers_inequality/",
"name": "Fishers_Inequality"
},
{
"id": 96,
"link": "/dependencies/flow_networks/",
"name": "Flow_Networks"
},
{
"id": 97,
"link": "/dependencies/fol-fitting/",
"name": "FOL-Fitting"
},
{
"id": 98,
"link": "/dependencies/fol_seq_calc1/",
"name": "FOL_Seq_Calc1"
},
{
"id": 99,
"link": "/dependencies/formal_ssa/",
"name": "Formal_SSA"
},
{
"id": 100,
"link": "/dependencies/frequency_moments/",
"name": "Frequency_Moments"
},
{
"id": 101,
"link": "/dependencies/fresh_identifiers/",
"name": "Fresh_Identifiers"
},
{
"id": 102,
"link": "/dependencies/functional_ordered_resolution_prover/",
"name": "Functional_Ordered_Resolution_Prover"
},
{
"id": 103,
"link": "/dependencies/gabow_scc/",
"name": "Gabow_SCC"
},
{
"id": 104,
"link": "/dependencies/game_based_crypto/",
"name": "Game_Based_Crypto"
},
{
"id": 105,
"link": "/dependencies/gauss-jordan-elim-fun/",
"name": "Gauss-Jordan-Elim-Fun"
},
{
"id": 106,
"link": "/dependencies/gauss_jordan/",
"name": "Gauss_Jordan"
},
{
"id": 107,
"link": "/dependencies/generic_join/",
"name": "Generic_Join"
},
{
"id": 108,
"link": "/dependencies/girth_chromatic/",
"name": "Girth_Chromatic"
},
{
"id": 109,
"link": "/dependencies/goedel_incompleteness/",
"name": "Goedel_Incompleteness"
},
{
"id": 110,
"link": "/dependencies/graph_theory/",
"name": "Graph_Theory"
},
{
"id": 111,
"link": "/dependencies/groebner_bases/",
"name": "Groebner_Bases"
},
{
"id": 112,
"link": "/dependencies/group-ring-module/",
"name": "Group-Ring-Module"
},
{
"id": 113,
"link": "/dependencies/heard_of/",
"name": "Heard_Of"
},
{
"id": 114,
"link": "/dependencies/hereditarilyfinite/",
"name": "HereditarilyFinite"
},
{
"id": 115,
"link": "/dependencies/hermite/",
"name": "Hermite"
},
{
"id": 116,
"link": "/dependencies/hermite_lindemann/",
"name": "Hermite_Lindemann"
},
{
"id": 117,
"link": "/dependencies/higher_order_terms/",
"name": "Higher_Order_Terms"
},
{
"id": 118,
"link": "/dependencies/hol-csp/",
"name": "HOL-CSP"
},
{
"id": 119,
"link": "/dependencies/holcf-prelude/",
"name": "HOLCF-Prelude"
},
{
"id": 120,
"link": "/dependencies/hrb-slicing/",
"name": "HRB-Slicing"
},
{
"id": 121,
"link": "/dependencies/huffman/",
"name": "Huffman"
},
{
"id": 122,
"link": "/dependencies/hybrid_systems_vcs/",
"name": "Hybrid_Systems_VCs"
},
{
"id": 123,
"link": "/dependencies/ieee_floating_point/",
"name": "IEEE_Floating_Point"
},
{
"id": 124,
"link": "/dependencies/imp2/",
"name": "IMP2"
},
{
"id": 125,
"link": "/dependencies/incompleteness/",
"name": "Incompleteness"
},
{
"id": 126,
"link": "/dependencies/interpolation_polynomials_hol_algebra/",
"name": "Interpolation_Polynomials_HOL_Algebra"
},
{
"id": 127,
"link": "/dependencies/intro_dest_elim/",
"name": "Intro_Dest_Elim"
},
{
"id": 128,
"link": "/dependencies/ip_addresses/",
"name": "IP_Addresses"
},
{
"id": 129,
"link": "/dependencies/iptables_semantics/",
"name": "Iptables_Semantics"
},
{
"id": 130,
"link": "/dependencies/isabelle_marries_dirac/",
"name": "Isabelle_Marries_Dirac"
},
{
"id": 131,
"link": "/dependencies/jacobson_basic_algebra/",
"name": "Jacobson_Basic_Algebra"
},
{
"id": 132,
"link": "/dependencies/jinja/",
"name": "Jinja"
},
{
"id": 133,
"link": "/dependencies/jinjadci/",
"name": "JinjaDCI"
},
{
"id": 134,
"link": "/dependencies/jordan_normal_form/",
"name": "Jordan_Normal_Form"
},
{
"id": 135,
"link": "/dependencies/kad/",
"name": "KAD"
},
{
"id": 136,
"link": "/dependencies/kat_and_dra/",
"name": "KAT_and_DRA"
},
{
"id": 137,
"link": "/dependencies/kbps/",
"name": "KBPs"
},
{
"id": 138,
"link": "/dependencies/kleene_algebra/",
"name": "Kleene_Algebra"
},
{
"id": 139,
"link": "/dependencies/knuth_bendix_order/",
"name": "Knuth_Bendix_Order"
},
{
"id": 140,
"link": "/dependencies/lambda_free_rpos/",
"name": "Lambda_Free_RPOs"
},
{
"id": 141,
"link": "/dependencies/landau_symbols/",
"name": "Landau_Symbols"
},
{
"id": 142,
"link": "/dependencies/latticeproperties/",
"name": "LatticeProperties"
},
{
"id": 143,
"link": "/dependencies/launchbury/",
"name": "Launchbury"
},
{
"id": 144,
"link": "/dependencies/lazy-lists-ii/",
"name": "Lazy-Lists-II"
},
{
"id": 145,
"link": "/dependencies/lazy_case/",
"name": "Lazy_Case"
},
{
"id": 146,
"link": "/dependencies/lehmer/",
"name": "Lehmer"
},
{
"id": 147,
"link": "/dependencies/linear_inequalities/",
"name": "Linear_Inequalities"
},
{
"id": 148,
"link": "/dependencies/list-index/",
"name": "List-Index"
},
{
"id": 149,
"link": "/dependencies/list-infinite/",
"name": "List-Infinite"
},
{
"id": 150,
"link": "/dependencies/list_interleaving/",
"name": "List_Interleaving"
},
{
"id": 151,
"link": "/dependencies/lll_basis_reduction/",
"name": "LLL_Basis_Reduction"
},
{
"id": 152,
"link": "/dependencies/localization_ring/",
"name": "Localization_Ring"
},
{
"id": 153,
"link": "/dependencies/lp/",
"name": "Lp"
},
{
"id": 154,
"link": "/dependencies/ltl/",
"name": "LTL"
},
{
"id": 155,
"link": "/dependencies/ltl_master_theorem/",
"name": "LTL_Master_Theorem"
},
{
"id": 156,
"link": "/dependencies/ltl_to_gba/",
"name": "LTL_to_GBA"
},
{
"id": 157,
"link": "/dependencies/lucas_theorem/",
"name": "Lucas_Theorem"
},
{
"id": 158,
"link": "/dependencies/markov_models/",
"name": "Markov_Models"
},
{
"id": 159,
"link": "/dependencies/marriage/",
"name": "Marriage"
},
{
"id": 160,
"link": "/dependencies/matrix/",
"name": "Matrix"
},
{
"id": 161,
"link": "/dependencies/matrix_tensor/",
"name": "Matrix_Tensor"
},
{
"id": 162,
"link": "/dependencies/matroids/",
"name": "Matroids"
},
{
"id": 163,
"link": "/dependencies/mdp-rewards/",
"name": "MDP-Rewards"
},
{
"id": 164,
"link": "/dependencies/median_method/",
"name": "Median_Method"
},
{
"id": 165,
"link": "/dependencies/median_of_medians_selection/",
"name": "Median_Of_Medians_Selection"
},
{
"id": 166,
"link": "/dependencies/mfmc_countable/",
"name": "MFMC_Countable"
},
{
"id": 167,
"link": "/dependencies/mfotl_monitor/",
"name": "MFOTL_Monitor"
},
{
"id": 168,
+ "link": "/dependencies/ml_unification/",
+ "name": "ML_Unification"
+ },
+ {
+ "id": 169,
"link": "/dependencies/monad_memo_dp/",
"name": "Monad_Memo_DP"
},
{
- "id": 169,
+ "id": 170,
"link": "/dependencies/monad_normalisation/",
"name": "Monad_Normalisation"
},
{
- "id": 170,
+ "id": 171,
"link": "/dependencies/monobooltranalgebra/",
"name": "MonoBoolTranAlgebra"
},
{
- "id": 171,
+ "id": 172,
"link": "/dependencies/monoidalcategory/",
"name": "MonoidalCategory"
},
{
- "id": 172,
+ "id": 173,
"link": "/dependencies/monomorphic_monad/",
"name": "Monomorphic_Monad"
},
{
- "id": 173,
+ "id": 174,
"link": "/dependencies/nash_williams/",
"name": "Nash_Williams"
},
{
- "id": 174,
+ "id": 175,
"link": "/dependencies/nat-interval-logic/",
"name": "Nat-Interval-Logic"
},
{
- "id": 175,
+ "id": 176,
"link": "/dependencies/native_word/",
"name": "Native_Word"
},
{
- "id": 176,
+ "id": 177,
"link": "/dependencies/nested_multisets_ordinals/",
"name": "Nested_Multisets_Ordinals"
},
{
- "id": 177,
+ "id": 178,
"link": "/dependencies/nominal2/",
"name": "Nominal2"
},
{
- "id": 178,
+ "id": 179,
"link": "/dependencies/noninterference_csp/",
"name": "Noninterference_CSP"
},
{
- "id": 179,
+ "id": 180,
"link": "/dependencies/noninterference_ipurge_unwinding/",
"name": "Noninterference_Ipurge_Unwinding"
},
{
- "id": 180,
+ "id": 181,
"link": "/dependencies/noninterference_sequential_composition/",
"name": "Noninterference_Sequential_Composition"
},
{
- "id": 181,
+ "id": 182,
"link": "/dependencies/number_theoretic_transform/",
"name": "Number_Theoretic_Transform"
},
{
- "id": 182,
+ "id": 183,
"link": "/dependencies/open_induction/",
"name": "Open_Induction"
},
{
- "id": 183,
+ "id": 184,
"link": "/dependencies/optics/",
"name": "Optics"
},
{
- "id": 184,
+ "id": 185,
"link": "/dependencies/order_lattice_props/",
"name": "Order_Lattice_Props"
},
{
- "id": 185,
+ "id": 186,
"link": "/dependencies/ordered_resolution_prover/",
"name": "Ordered_Resolution_Prover"
},
{
- "id": 186,
+ "id": 187,
"link": "/dependencies/ordinal/",
"name": "Ordinal"
},
{
- "id": 187,
+ "id": 188,
"link": "/dependencies/ordinary_differential_equations/",
"name": "Ordinary_Differential_Equations"
},
{
- "id": 188,
+ "id": 189,
"link": "/dependencies/package_logic/",
"name": "Package_logic"
},
{
- "id": 189,
+ "id": 190,
"link": "/dependencies/padic_ints/",
"name": "Padic_Ints"
},
{
- "id": 190,
+ "id": 191,
"link": "/dependencies/pairing_heap/",
"name": "Pairing_Heap"
},
{
- "id": 191,
+ "id": 192,
"link": "/dependencies/parity_game/",
"name": "Parity_Game"
},
{
- "id": 192,
+ "id": 193,
"link": "/dependencies/partial_function_mr/",
"name": "Partial_Function_MR"
},
{
- "id": 193,
+ "id": 194,
"link": "/dependencies/partial_order_reduction/",
"name": "Partial_Order_Reduction"
},
{
- "id": 194,
+ "id": 195,
"link": "/dependencies/pell/",
"name": "Pell"
},
{
- "id": 195,
+ "id": 196,
"link": "/dependencies/perron_frobenius/",
"name": "Perron_Frobenius"
},
{
- "id": 196,
+ "id": 197,
"link": "/dependencies/pi_transcendental/",
"name": "Pi_Transcendental"
},
{
- "id": 197,
+ "id": 198,
"link": "/dependencies/pluennecke_ruzsa_inequality/",
"name": "Pluennecke_Ruzsa_Inequality"
},
{
- "id": 198,
+ "id": 199,
"link": "/dependencies/polynomial_factorization/",
"name": "Polynomial_Factorization"
},
{
- "id": 199,
+ "id": 200,
"link": "/dependencies/polynomial_interpolation/",
"name": "Polynomial_Interpolation"
},
{
- "id": 200,
+ "id": 201,
"link": "/dependencies/polynomials/",
"name": "Polynomials"
},
{
- "id": 201,
+ "id": 202,
"link": "/dependencies/power_sum_polynomials/",
"name": "Power_Sum_Polynomials"
},
{
- "id": 202,
+ "id": 203,
"link": "/dependencies/pratt_certificate/",
"name": "Pratt_Certificate"
},
{
- "id": 203,
+ "id": 204,
"link": "/dependencies/prefix_free_code_combinators/",
"name": "Prefix_Free_Code_Combinators"
},
{
- "id": 204,
+ "id": 205,
"link": "/dependencies/prime_distribution_elementary/",
"name": "Prime_Distribution_Elementary"
},
{
- "id": 205,
+ "id": 206,
"link": "/dependencies/prime_number_theorem/",
"name": "Prime_Number_Theorem"
},
{
- "id": 206,
+ "id": 207,
"link": "/dependencies/priority_search_trees/",
"name": "Priority_Search_Trees"
},
{
- "id": 207,
+ "id": 208,
"link": "/dependencies/probabilistic_prime_tests/",
"name": "Probabilistic_Prime_Tests"
},
{
- "id": 208,
+ "id": 209,
"link": "/dependencies/probabilistic_while/",
"name": "Probabilistic_While"
},
{
- "id": 209,
+ "id": 210,
"link": "/dependencies/program-conflict-analysis/",
"name": "Program-Conflict-Analysis"
},
{
- "id": 210,
+ "id": 211,
"link": "/dependencies/projective_measurements/",
"name": "Projective_Measurements"
},
{
- "id": 211,
+ "id": 212,
"link": "/dependencies/promela/",
"name": "Promela"
},
{
- "id": 212,
+ "id": 213,
"link": "/dependencies/propositional_logic_class/",
"name": "Propositional_Logic_Class"
},
{
- "id": 213,
+ "id": 214,
"link": "/dependencies/propositional_proof_systems/",
"name": "Propositional_Proof_Systems"
},
{
- "id": 214,
+ "id": 215,
"link": "/dependencies/qhlprover/",
"name": "QHLProver"
},
{
- "id": 215,
+ "id": 216,
"link": "/dependencies/quantales/",
"name": "Quantales"
},
{
- "id": 216,
+ "id": 217,
"link": "/dependencies/quantales_converse/",
"name": "Quantales_Converse"
},
{
- "id": 217,
+ "id": 218,
"link": "/dependencies/quick_sort_cost/",
"name": "Quick_Sort_Cost"
},
{
- "id": 218,
+ "id": 219,
"link": "/dependencies/random_bsts/",
"name": "Random_BSTs"
},
{
- "id": 219,
+ "id": 220,
"link": "/dependencies/random_graph_subgraph_threshold/",
"name": "Random_Graph_Subgraph_Threshold"
},
{
- "id": 220,
+ "id": 221,
"link": "/dependencies/randomised_social_choice/",
"name": "Randomised_Social_Choice"
},
{
- "id": 221,
+ "id": 222,
"link": "/dependencies/rank_nullity_theorem/",
"name": "Rank_Nullity_Theorem"
},
{
- "id": 222,
+ "id": 223,
"link": "/dependencies/real_impl/",
"name": "Real_Impl"
},
{
- "id": 223,
+ "id": 224,
"link": "/dependencies/recursion-theory-i/",
"name": "Recursion-Theory-I"
},
{
- "id": 224,
+ "id": 225,
"link": "/dependencies/refine_imperative_hol/",
"name": "Refine_Imperative_HOL"
},
{
- "id": 225,
+ "id": 226,
"link": "/dependencies/refine_monadic/",
"name": "Refine_Monadic"
},
{
- "id": 226,
+ "id": 227,
"link": "/dependencies/regular-sets/",
"name": "Regular-Sets"
},
{
- "id": 227,
+ "id": 228,
"link": "/dependencies/regular_tree_relations/",
"name": "Regular_Tree_Relations"
},
{
- "id": 228,
+ "id": 229,
"link": "/dependencies/relation_algebra/",
"name": "Relation_Algebra"
},
{
- "id": 229,
+ "id": 230,
"link": "/dependencies/relational_disjoint_set_forests/",
"name": "Relational_Disjoint_Set_Forests"
},
{
- "id": 230,
+ "id": 231,
"link": "/dependencies/robdd/",
"name": "ROBDD"
},
{
- "id": 231,
+ "id": 232,
"link": "/dependencies/root_balanced_tree/",
"name": "Root_Balanced_Tree"
},
{
- "id": 232,
+ "id": 233,
"link": "/dependencies/routing/",
"name": "Routing"
},
{
- "id": 233,
+ "id": 234,
"link": "/dependencies/saturation_framework/",
"name": "Saturation_Framework"
},
{
- "id": 234,
+ "id": 235,
"link": "/dependencies/saturation_framework_extensions/",
"name": "Saturation_Framework_Extensions"
},
{
- "id": 235,
+ "id": 236,
"link": "/dependencies/secondary_sylow/",
"name": "Secondary_Sylow"
},
{
- "id": 236,
+ "id": 237,
"link": "/dependencies/separation_algebra/",
"name": "Separation_Algebra"
},
{
- "id": 237,
+ "id": 238,
"link": "/dependencies/separation_logic_imperative_hol/",
"name": "Separation_Logic_Imperative_HOL"
},
{
- "id": 238,
+ "id": 239,
"link": "/dependencies/shadow_dom/",
"name": "Shadow_DOM"
},
{
- "id": 239,
+ "id": 240,
"link": "/dependencies/shadow_sc_dom/",
"name": "Shadow_SC_DOM"
},
{
- "id": 240,
+ "id": 241,
"link": "/dependencies/show/",
"name": "Show"
},
{
- "id": 241,
+ "id": 242,
"link": "/dependencies/sigma_commit_crypto/",
"name": "Sigma_Commit_Crypto"
},
{
- "id": 242,
+ "id": 243,
"link": "/dependencies/simpl/",
"name": "Simpl"
},
{
- "id": 243,
+ "id": 244,
"link": "/dependencies/simple_firewall/",
"name": "Simple_Firewall"
},
{
- "id": 244,
+ "id": 245,
"link": "/dependencies/simplex/",
"name": "Simplex"
},
{
- "id": 245,
+ "id": 246,
"link": "/dependencies/skew_heap/",
"name": "Skew_Heap"
},
{
- "id": 246,
+ "id": 247,
"link": "/dependencies/skip_lists/",
"name": "Skip_Lists"
},
{
- "id": 247,
+ "id": 248,
"link": "/dependencies/slicing/",
"name": "Slicing"
},
{
- "id": 248,
+ "id": 249,
"link": "/dependencies/smith_normal_form/",
"name": "Smith_Normal_Form"
},
{
- "id": 249,
+ "id": 250,
"link": "/dependencies/speccheck/",
"name": "SpecCheck"
},
{
- "id": 250,
+ "id": 251,
"link": "/dependencies/splay_tree/",
"name": "Splay_Tree"
},
{
- "id": 251,
+ "id": 252,
"link": "/dependencies/sqrt_babylonian/",
"name": "Sqrt_Babylonian"
},
{
- "id": 252,
+ "id": 253,
+ "link": "/dependencies/standard_borel_spaces/",
+ "name": "Standard_Borel_Spaces"
+ },
+ {
+ "id": 254,
"link": "/dependencies/stateful_protocol_composition_and_typing/",
"name": "Stateful_Protocol_Composition_and_Typing"
},
{
- "id": 253,
+ "id": 255,
"link": "/dependencies/stirling_formula/",
"name": "Stirling_Formula"
},
{
- "id": 254,
+ "id": 256,
"link": "/dependencies/stone_algebras/",
"name": "Stone_Algebras"
},
{
- "id": 255,
+ "id": 257,
"link": "/dependencies/stone_kleene_relation_algebras/",
"name": "Stone_Kleene_Relation_Algebras"
},
{
- "id": 256,
+ "id": 258,
"link": "/dependencies/stone_relation_algebras/",
"name": "Stone_Relation_Algebras"
},
{
- "id": 257,
+ "id": 259,
"link": "/dependencies/strong_security/",
"name": "Strong_Security"
},
{
- "id": 258,
+ "id": 260,
"link": "/dependencies/sturm_sequences/",
"name": "Sturm_Sequences"
},
{
- "id": 259,
+ "id": 261,
"link": "/dependencies/sturm_tarski/",
"name": "Sturm_Tarski"
},
{
- "id": 260,
+ "id": 262,
"link": "/dependencies/stuttering_equivalence/",
"name": "Stuttering_Equivalence"
},
{
- "id": 261,
+ "id": 263,
"link": "/dependencies/subresultants/",
"name": "Subresultants"
},
{
- "id": 262,
+ "id": 264,
"link": "/dependencies/subset_boolean_algebras/",
"name": "Subset_Boolean_Algebras"
},
{
- "id": 263,
+ "id": 265,
"link": "/dependencies/sunflowers/",
"name": "Sunflowers"
},
{
- "id": 264,
+ "id": 266,
"link": "/dependencies/suppes_theorem/",
"name": "Suppes_Theorem"
},
{
- "id": 265,
+ "id": 267,
"link": "/dependencies/symmetric_polynomials/",
"name": "Symmetric_Polynomials"
},
{
- "id": 266,
+ "id": 268,
"link": "/dependencies/syntax_independent_logic/",
"name": "Syntax_Independent_Logic"
},
{
- "id": 267,
+ "id": 269,
"link": "/dependencies/szemeredi_regularity/",
"name": "Szemeredi_Regularity"
},
{
- "id": 268,
+ "id": 270,
"link": "/dependencies/szpilrajn/",
"name": "Szpilrajn"
},
{
- "id": 269,
+ "id": 271,
"link": "/dependencies/three_squares/",
"name": "Three_Squares"
},
{
- "id": 270,
+ "id": 272,
"link": "/dependencies/timed_automata/",
"name": "Timed_Automata"
},
{
- "id": 271,
+ "id": 273,
"link": "/dependencies/transformer_semantics/",
"name": "Transformer_Semantics"
},
{
- "id": 272,
+ "id": 274,
"link": "/dependencies/transition_systems_and_automata/",
"name": "Transition_Systems_and_Automata"
},
{
- "id": 273,
+ "id": 275,
"link": "/dependencies/transitive-closure/",
"name": "Transitive-Closure"
},
{
- "id": 274,
+ "id": 276,
"link": "/dependencies/transitive_models/",
"name": "Transitive_Models"
},
{
- "id": 275,
+ "id": 277,
"link": "/dependencies/triangle/",
"name": "Triangle"
},
{
- "id": 276,
+ "id": 278,
"link": "/dependencies/trie/",
"name": "Trie"
},
{
- "id": 277,
+ "id": 279,
"link": "/dependencies/undirected_graph_theory/",
"name": "Undirected_Graph_Theory"
},
{
- "id": 278,
+ "id": 280,
"link": "/dependencies/universal_hash_families/",
"name": "Universal_Hash_Families"
},
{
- "id": 279,
+ "id": 281,
"link": "/dependencies/upf/",
"name": "UPF"
},
{
- "id": 280,
+ "id": 282,
"link": "/dependencies/vectorspace/",
"name": "VectorSpace"
},
{
- "id": 281,
+ "id": 283,
"link": "/dependencies/vericomp/",
"name": "VeriComp"
},
{
- "id": 282,
+ "id": 284,
"link": "/dependencies/virtual_substitution/",
"name": "Virtual_Substitution"
},
{
- "id": 283,
+ "id": 285,
"link": "/dependencies/weighted_arithmetic_geometric_mean/",
"name": "Weighted_Arithmetic_Geometric_Mean"
},
{
- "id": 284,
+ "id": 286,
"link": "/dependencies/weighted_path_order/",
"name": "Weighted_Path_Order"
},
{
- "id": 285,
+ "id": 287,
"link": "/dependencies/well_quasi_orders/",
"name": "Well_Quasi_Orders"
},
{
- "id": 286,
+ "id": 288,
"link": "/dependencies/winding_number_eval/",
"name": "Winding_Number_Eval"
},
{
- "id": 287,
+ "id": 289,
"link": "/dependencies/word_lib/",
"name": "Word_Lib"
},
{
- "id": 288,
+ "id": 290,
"link": "/dependencies/zeta_function/",
"name": "Zeta_Function"
},
{
- "id": 289,
+ "id": 291,
"link": "/dependencies/zfc_in_hol/",
"name": "ZFC_in_HOL"
}
]
\ No newline at end of file
diff --git a/web/dependencies/ml_unification/index.html b/web/dependencies/ml_unification/index.html
new file mode 100644
--- /dev/null
+++ b/web/dependencies/ml_unification/index.html
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>ML_Unification - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+ <link rel="alternate" type="application/rss+xml" href="../../dependencies/ml_unification/index.xml" title="Archive of Formal Proofs" />
+
+ <meta property="og:title" content="ML_Unification" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/dependencies/ml_unification/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="ML_Unification"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class="logo-link">
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>M</span><span class='first'>L</span>_<span class='first'>U</span>nification
+ Dependents
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/dependencies/ml_unification/index.xml b/web/dependencies/ml_unification/index.xml
new file mode 100644
--- /dev/null
+++ b/web/dependencies/ml_unification/index.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>ML_Unification on Archive of Formal Proofs
+ </title>
+ <link>/dependencies/ml_unification/</link>
+ <description>
+ Recent content in ML_Unification
+ on Archive of Formal Proofs
+ </description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
+ <atom:link href="/dependencies/ml_unification/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ </channel>
+</rss>
diff --git a/web/dependencies/standard_borel_spaces/index.html b/web/dependencies/standard_borel_spaces/index.html
new file mode 100644
--- /dev/null
+++ b/web/dependencies/standard_borel_spaces/index.html
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Standard_Borel_Spaces - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+ <link rel="alternate" type="application/rss+xml" href="../../dependencies/standard_borel_spaces/index.xml" title="Archive of Formal Proofs" />
+
+ <meta property="og:title" content="Standard_Borel_Spaces" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/dependencies/standard_borel_spaces/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Standard_Borel_Spaces"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class="logo-link">
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>S</span>tandard_<span class='first'>B</span>orel_<span class='first'>S</span>paces
+ Dependents
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="../../authors/hirata">Michikazu Hirata</a> and <a href="../../authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/dependencies/standard_borel_spaces/index.xml b/web/dependencies/standard_borel_spaces/index.xml
new file mode 100644
--- /dev/null
+++ b/web/dependencies/standard_borel_spaces/index.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>Standard_Borel_Spaces on Archive of Formal Proofs
+ </title>
+ <link>/dependencies/standard_borel_spaces/</link>
+ <description>
+ Recent content in Standard_Borel_Spaces
+ on Archive of Formal Proofs
+ </description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+
+ <lastBuildDate>Tue, 08 Aug 2023 00:00:00 +0000</lastBuildDate>
+ <atom:link href="/dependencies/standard_borel_spaces/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ </channel>
+</rss>
diff --git a/web/entries/Automated_Stateful_Protocol_Verification.html b/web/entries/Automated_Stateful_Protocol_Verification.html
--- a/web/entries/Automated_Stateful_Protocol_Verification.html
+++ b/web/entries/Automated_Stateful_Protocol_Verification.html
@@ -1,284 +1,285 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Automated Stateful Protocol Verification - Archive of Formal Proofs</title>
<meta name="description" content="In protocol verification we observe a wide spectrum from fully
automated methods to interactive theorem proving with proof assistants
like Isabelle/HOL. In...">
<meta property="og:title" content="Automated Stateful Protocol Verification" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Automated_Stateful_Protocol_Verification.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2020-04-08T00:00:00+00:00" />
<meta property="article:modified_time" content="2020-04-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Automated Stateful Protocol Verification"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>A</span>utomated <span class='first'>S</span>tateful <span class='first'>P</span>rotocol <span class='first'>V</span>erification
</h1>
<div>
<p>
<a href="../authors/hess">Andreas V. Hess</a> <a class="obfuscated" data="eyJob3N0IjpbImR0dSIsImRrIl0sInVzZXIiOlsiYXZoZSJdfQ==">📧</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a> <a href="https://people.compute.dtu.dk/samo/">🌐</a>, <a href="../authors/brucker">Achim D. Brucker</a> <a href="https://www.brucker.ch/">🌐</a> and <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> <a href="https://people.compute.dtu.dk/andschl/">🌐</a>
</p>
<p class="date">April 8, 2020</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">In protocol verification we observe a wide spectrum from fully
automated methods to interactive theorem proving with proof assistants
like Isabelle/HOL. In this AFP entry, we present a fully-automated
approach for verifying stateful security protocols, i.e., protocols
with mutable state that may span several sessions. The approach
supports reachability goals like secrecy and authentication. We also
include a simple user-friendly transaction-based protocol
specification language that is embedded into Isabelle.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/computer-science/security">Computer science/Security</a></li>
<li><a href="../topics/tools">Tools</a></li>
</ul>
<h3>Session Automated_Stateful_Protocol_Verification</h3>
<ul>
<li><a href="../sessions/automated_stateful_protocol_verification/#Transactions">Transactions</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Term_Abstraction">Term_Abstraction</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Stateful_Protocol_Model">Stateful_Protocol_Model</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Term_Variants">Term_Variants</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Term_Implication">Term_Implication</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Stateful_Protocol_Verification">Stateful_Protocol_Verification</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Eisbach_Protocol_Verification">Eisbach_Protocol_Verification</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#ml_yacc_lib">ml_yacc_lib</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#trac_term">trac_term</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#trac_fp_parser">trac_fp_parser</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#trac_protocol_parser">trac_protocol_parser</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#trac">trac</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#PSPSP">PSPSP</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#introduction">introduction</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#KeyserverEx">KeyserverEx</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#manual">manual</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Keyserver">Keyserver</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Keyserver2">Keyserver2</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Keyserver_Composition">Keyserver_Composition</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#PKCS_Model03">PKCS_Model03</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#PKCS_Model07">PKCS_Model07</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#PKCS_Model09">PKCS_Model09</a></li>
<li><a href="../sessions/automated_stateful_protocol_verification/#Examples">Examples</a></li>
</ul>
<div class="flex-wrap">
<div>
<h3>Depends on</h3>
<ul class="horizontal-list">
<li><a href="../entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></li>
</ul>
</div>
<div>
<h3>Auto-related entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></li>
<li><a href="../entries/Proof_Strategy_Language.html">Proof Strategy Language</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Automated_Stateful_Protocol_Verification/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Automated_Stateful_Protocol_Verification/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Automated_Stateful_Protocol_Verification/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Automated_Stateful_Protocol_Verification-AFP</p>
<pre id="copy-text">@article{Automated_Stateful_Protocol_Verification-AFP,
author = {Andreas V. Hess and Sebastian Mödersheim and Achim D. Brucker and Anders Schlichtkrull},
title = {Automated Stateful Protocol Verification},
journal = {Archive of Formal Proofs},
month = {April},
year = {2020},
note = {\url{https://isa-afp.org/entries/Automated_Stateful_Protocol_Verification.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-current.tar.gz"
download>Download latest</a>
<p>Older releases:</p>
<ul>
<li>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-2023-09-13.tar.gz">
Sep 13, 2023
</a>
: Isabelle2023
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-2022-10-27.tar.gz">
Oct 27, 2022
</a>
: Isabelle2022
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-2021-12-14.tar.gz">
Dec 14, 2021
</a>
: Isabelle2021-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-2021-02-23.tar.gz">
Feb 23, 2021
</a>
: Isabelle2021
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Automated_Stateful_Protocol_Verification-2020-05-20.tar.gz">
May 20, 2020
</a>
: Isabelle2020
</li>
</ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Coupledsim_Contrasim.html b/web/entries/Coupledsim_Contrasim.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Coupledsim_Contrasim.html
@@ -0,0 +1,235 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them - Archive of Formal Proofs</title>
+ <meta name="description" content="We survey and extend characterizations of coupled similarity and contrasimilarity and prove properties relevant for algorithms computing their simulation...">
+
+ <meta property="og:title" content="Coupled Similarity and Contrasimilarity, and How to Compute Them" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Coupledsim_Contrasim.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2023-08-18T00:00:00+00:00" />
+<meta property="article:modified_time" content="2023-08-18T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Coupled Similarity and Contrasimilarity, and How to Compute Them"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
+ </script>
+ <script src="../js/entries.js"></script>
+
+ <script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script>
+ <script src="../js/header-search.js"></script>
+ <script src="../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class="logo-link">
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content entries'>
+ <header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>C</span>oupled <span class='first'>S</span>imilarity and <span class='first'>C</span>ontrasimilarity, and <span class='first'>H</span>ow to <span class='first'>C</span>ompute <span class='first'>T</span>hem
+
+ </h1>
+ <div>
+ <p>
+ <a href="../authors/bisping">Benjamin Bisping</a> <a href="https://bbisping.de">🌐</a> and <a href="../authors/montanari">Luisa Montanari</a>
+
+ </p>
+ <p class="date">August 18, 2023</p>
+ </div>
+</header>
+ <div>
+
+ <main>
+ <h3>Abstract</h3>
+
+ <div class="abstract mathjax_process"><p>We survey and extend characterizations of <em>coupled similarity</em> and <em>contrasimilarity</em> and prove properties relevant for algorithms computing their simulation preorders and equivalences.</p>
+
+<p>Coupled similarity and contrasimilarity are two weak forms of bisimilarity for systems with internal behavior. They have outstanding applications in contexts where internal choices must transparently be distributed in time or space, for example, in process calculi encodings or in action refinements.</p>
+
+<p>Our key contribution is to characterize the coupled simulation and contrasimulation preorders by <em>reachability games</em>. We also show how preexisting definitions coincide and that they can be reformulated using <em>coupled delay simulations</em>. We moreover verify a polynomial-time coinductive fixed-point algorithm computing the coupled simulation preorder. Through reduction proofs, we establish that deciding coupled similarity is at least as complex as computing weak similarity; and that contrasimilarity checking is at least as hard as trace inclusion checking.</p></div>
+
+ <h3>License</h3>
+ <div>
+ <a href="https://isa-afp.org/LICENSE">BSD License</a>
+ </div>
+ <h3>Topics</h3>
+ <ul>
+ <li><a href="../topics/computer-science/concurrency">Computer science/Concurrency</a></li>
+ <li><a href="../topics/mathematics/games-and-economics">Mathematics/Games and economics</a></li>
+ <li><a href="../topics/logic/general-logic/modal-logic">Logic/General logic/Modal logic</a></li>
+ </ul>
+ <h3>Related publications</h3>
+ <ul>
+ <li>Bisping, B., & Nestmann, U. (2019). Computing Coupled Similarity. Lecture Notes in Computer Science, 244–261. <a href="https://doi.org/10.1007/978-3-030-17462-0_14">https://doi.org/10.1007/978-3-030-17462-0_14</a>
+
+ </li>
+ <li>Bisping, B., & Montanari, L. (2021). A Game Characterization for Contrasimilarity. Electronic Proceedings in Theoretical Computer Science, 339, 27–42. https://doi.org/10.4204/eptcs.339.5
+
+ </li>
+ </ul>
+ <h3>Session Coupledsim_Contrasim</h3>
+ <ul>
+ <li><a href="../sessions/coupledsim_contrasim/#Transition_Systems">Transition_Systems</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Weak_Transition_Systems">Weak_Transition_Systems</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Simple_Game">Simple_Game</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Strong_Relations">Strong_Relations</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Weak_Relations">Weak_Relations</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Contrasimulation">Contrasimulation</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Coupled_Simulation">Coupled_Simulation</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Coupledsim_Game_Delay">Coupledsim_Game_Delay</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Coupledsim_Fixpoint_Algo_Delay">Coupledsim_Fixpoint_Algo_Delay</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Contrasim_Word_Game">Contrasim_Word_Game</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Contrasim_Set_Game">Contrasim_Set_Game</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#HM_Logic_Infinitary">HM_Logic_Infinitary</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Weak_HML_Contrasimulation">Weak_HML_Contrasimulation</a></li>
+ <li><a href="../sessions/coupledsim_contrasim/#Tau_Sinks">Tau_Sinks</a></li>
+ </ul>
+
+ <div class="flex-wrap">
+ </div>
+
+ </main>
+
+ <nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/outline.pdf">Proof outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/document.pdf">Proof document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/session_graph.pdf">Dependencies</a>
+ </nav>
+
+ <div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Coupledsim_Contrasim-AFP</p>
+ <pre id="copy-text">@article{Coupledsim_Contrasim-AFP,
+ author = {Benjamin Bisping and Luisa Montanari},
+ title = {Coupled Similarity and Contrasimilarity, and How to Compute Them},
+ journal = {Archive of Formal Proofs},
+ month = {August},
+ year = {2023},
+ note = {\url{https://isa-afp.org/entries/Coupledsim_Contrasim.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+ </div>
+
+ <div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release/afp-Coupledsim_Contrasim-current.tar.gz"
+ download>Download latest</a>
+ </div>
+ </div>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/entries/FLP.html b/web/entries/FLP.html
--- a/web/entries/FLP.html
+++ b/web/entries/FLP.html
@@ -1,291 +1,291 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>A Constructive Proof for FLP - Archive of Formal Proofs</title>
<meta name="description" content="The impossibility of distributed consensus with one faulty process is
a result with important consequences for real world distributed
systems e.g., commits...">
<meta property="og:title" content="A Constructive Proof for FLP" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/FLP.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-05-18T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-05-18T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="A Constructive Proof for FLP"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>A</span> <span class='first'>C</span>onstructive <span class='first'>P</span>roof for <span class='first'>F</span><span class='first'>L</span><span class='first'>P</span>
</h1>
<div>
<p>
- <a href="../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
+ <a href="../authors/bisping">Benjamin Bisping</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYmVuamFtaW4iLCJiaXNwaW5nIl19">📧</a>, <a href="../authors/brodmann">Paul-David Brodmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsicCIsImJyb2RtYW5uIl19">📧</a>, <a href="../authors/jungnickel">Tim Jungnickel</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsidGltIiwianVuZ25pY2tlbCJdfQ==">📧</a>, <a href="../authors/rickmann">Christina Rickmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYyIsInJpY2ttYW5uIl19">📧</a>, <a href="../authors/seidler">Henning Seidler</a> <a class="obfuscated" data="eyJob3N0IjpbIm1haWxib3giLCJ0dS1iZXJsaW4iLCJkZSJdLCJ1c2VyIjpbImhlbm5pbmciLCJzZWlkbGVyIl19">📧</a>, <a href="../authors/stueber">Anke Stüber</a> <a class="obfuscated" data="eyJob3N0IjpbImNhbXB1cyIsInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYW5rZSIsInN0dWViZXIiXX0=">📧</a>, <a href="../authors/weidner">Arno Wilhelm-Weidner</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsiYXJubyIsIndpbGhlbG0td2VpZG5lciJdfQ==">📧</a>, <a href="../authors/peters">Kirstin Peters</a> <a class="obfuscated" data="eyJob3N0IjpbInR1LWJlcmxpbiIsImRlIl0sInVzZXIiOlsia2lyc3RpbiIsInBldGVycyJdfQ==">📧</a> and <a href="../authors/nestmann">Uwe Nestmann</a> <a href="https://www.mtv.tu-berlin.de/nestmann/">🌐</a>
</p>
<p class="date">May 18, 2016</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">The impossibility of distributed consensus with one faulty process is
a result with important consequences for real world distributed
systems e.g., commits in replicated databases. Since proofs are not
immune to faults and even plausible proofs with a profound formalism
can conclude wrong results, we validate the fundamental result named
FLP after Fischer, Lynch and Paterson.
We present a formalization of distributed systems
and the aforementioned consensus problem. Our proof is based on Hagen
Völzer's paper "A constructive proof for FLP". In addition to the
enhanced confidence in the validity of Völzer's proof, we contribute
the missing gaps to show the correctness in Isabelle/HOL. We clarify
the proof details and even prove fairness of the infinite execution
that contradicts consensus. Our Isabelle formalization can also be
reused for further proofs of properties of distributed systems.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/computer-science/concurrency">Computer science/Concurrency</a></li>
</ul>
<h3>Session FLP</h3>
<ul>
<li><a href="../sessions/flp/#Multiset">Multiset</a></li>
<li><a href="../sessions/flp/#AsynchronousSystem">AsynchronousSystem</a></li>
<li><a href="../sessions/flp/#ListUtilities">ListUtilities</a></li>
<li><a href="../sessions/flp/#Execution">Execution</a></li>
<li><a href="../sessions/flp/#FLPSystem">FLPSystem</a></li>
<li><a href="../sessions/flp/#FLPTheorem">FLPTheorem</a></li>
<li><a href="../sessions/flp/#FLPExistingSystem">FLPExistingSystem</a></li>
</ul>
<div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FLP/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FLP/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FLP/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">FLP-AFP</p>
<pre id="copy-text">@article{FLP-AFP,
author = {Benjamin Bisping and Paul-David Brodmann and Tim Jungnickel and Christina Rickmann and Henning Seidler and Anke Stüber and Arno Wilhelm-Weidner and Kirstin Peters and Uwe Nestmann},
title = {A Constructive Proof for FLP},
journal = {Archive of Formal Proofs},
month = {May},
year = {2016},
note = {\url{https://isa-afp.org/entries/FLP.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-FLP-current.tar.gz"
download>Download latest</a>
<p>Older releases:</p>
<ul>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2023-09-13.tar.gz">
Sep 13, 2023
</a>
: Isabelle2023
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2022-10-27.tar.gz">
Oct 27, 2022
</a>
: Isabelle2022
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2021-12-14.tar.gz">
Dec 14, 2021
</a>
: Isabelle2021-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2021-02-23.tar.gz">
Feb 23, 2021
</a>
: Isabelle2021
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2020-04-18.tar.gz">
Apr 18, 2020
</a>
: Isabelle2020
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2019-06-11.tar.gz">
Jun 11, 2019
</a>
: Isabelle2019
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2018-08-16.tar.gz">
Aug 16, 2018
</a>
: Isabelle2018
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2017-10-10.tar.gz">
Oct 10, 2017
</a>
: Isabelle2017
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2016-12-17.tar.gz">
Dec 17, 2016
</a>
: Isabelle2016-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-FLP-2016-05-18.tar.gz">
May 18, 2016
</a>
: Isabelle2016
</li>
</ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/IO_Language_Conformance.html b/web/entries/IO_Language_Conformance.html
new file mode 100644
--- /dev/null
+++ b/web/entries/IO_Language_Conformance.html
@@ -0,0 +1,214 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Conformance Relations between Input/Output Languages - Archive of Formal Proofs</title>
+ <meta name="description" content="This entry formalises the paper of the same name by Huang et al. and presents a unifying characterisation of well-known conformance relations such as...">
+
+ <meta property="og:title" content="Conformance Relations between Input/Output Languages" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/IO_Language_Conformance.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2023-09-01T00:00:00+00:00" />
+<meta property="article:modified_time" content="2023-09-01T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Conformance Relations between Input/Output Languages"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
+ </script>
+ <script src="../js/entries.js"></script>
+
+ <script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script>
+ <script src="../js/header-search.js"></script>
+ <script src="../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class="logo-link">
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content entries'>
+ <header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>C</span>onformance <span class='first'>R</span>elations between <span class='first'>I</span>nput/<span class='first'>O</span>utput <span class='first'>L</span>anguages
+
+ </h1>
+ <div>
+ <p>
+ <a href="../authors/sachtleben">Robert Sachtleben</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1icmVtZW4iLCJkZSJdLCJ1c2VyIjpbInJvYl9zYWMiXX0=">📧</a>
+
+ </p>
+ <p class="date">September 1, 2023</p>
+ </div>
+</header>
+ <div>
+
+ <main>
+ <h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">This entry formalises the paper of the same name by Huang et al. and presents a unifying characterisation of well-known conformance relations such as equivalence and language inclusion (reduction) on languages over input/output pairs.
+This characterisation simplifies comparisons between conformance relations and from it a fundamental necessary and sufficient criterion for conformance testing is developed.</div>
+
+ <h3>License</h3>
+ <div>
+ <a href="https://isa-afp.org/LICENSE">BSD License</a>
+ </div>
+ <h3>Topics</h3>
+ <ul>
+ <li><a href="../topics/computer-science/automata-and-formal-languages">Computer science/Automata and formal languages</a></li>
+ </ul>
+ <h3>Related publications</h3>
+ <ul>
+ <li>Huang, W., & Sachtleben, R. (2023). Conformance Relations Between Input/Output Languages. Applicable Formal Methods for Safe Industrial Products, 49–67. <a href="https://doi.org/10.1007/978-3-031-40132-9_4">https://doi.org/10.1007/978-3-031-40132-9_4</a>
+
+ </li>
+ </ul>
+ <h3>Session IO_Language_Conformance</h3>
+ <ul>
+ <li><a href="../sessions/io_language_conformance/#Input_Output_Language_Conformance">Input_Output_Language_Conformance</a></li>
+ </ul>
+
+ <div class="flex-wrap">
+ </div>
+
+ </main>
+
+ <nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/IO_Language_Conformance/outline.pdf">Proof outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/IO_Language_Conformance/document.pdf">Proof document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/IO_Language_Conformance/session_graph.pdf">Dependencies</a>
+ </nav>
+
+ <div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">IO_Language_Conformance-AFP</p>
+ <pre id="copy-text">@article{IO_Language_Conformance-AFP,
+ author = {Robert Sachtleben},
+ title = {Conformance Relations between Input/Output Languages},
+ journal = {Archive of Formal Proofs},
+ month = {September},
+ year = {2023},
+ note = {\url{https://isa-afp.org/entries/IO_Language_Conformance.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+ </div>
+
+ <div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release/afp-IO_Language_Conformance-current.tar.gz"
+ download>Download latest</a>
+ </div>
+ </div>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/entries/KAD.html b/web/entries/KAD.html
--- a/web/entries/KAD.html
+++ b/web/entries/KAD.html
@@ -1,322 +1,322 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Kleene Algebras with Domain - Archive of Formal Proofs</title>
<meta name="description" content="Kleene algebras with domain are Kleene algebras endowed with an
operation that maps each element of the algebra to its domain of
definition (or its...">
<meta property="og:title" content="Kleene Algebras with Domain" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/KAD.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-04-12T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-04-12T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Kleene Algebras with Domain"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>K</span>leene <span class='first'>A</span>lgebras with <span class='first'>D</span>omain
</h1>
<div>
<p>
<a href="../authors/gomes">Victor B. F. Gomes</a> <a href="http://www.dcs.shef.ac.uk/~victor">🌐</a>, <a href="../authors/guttmann">Walter Guttmann</a> <a href="https://www.cosc.canterbury.ac.nz/walter.guttmann/">🌐</a>, <a href="../authors/hoefner">Peter Höfner</a> <a href="http://www.hoefner-online.de/">🌐</a>, <a href="../authors/struth">Georg Struth</a> <a href="http://staffwww.dcs.shef.ac.uk/people/G.Struth/">🌐</a> and <a href="../authors/weber">Tjark Weber</a> <a href="http://user.it.uu.se/~tjawe125/">🌐</a>
</p>
<p class="date">April 12, 2016</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">Kleene algebras with domain are Kleene algebras endowed with an
operation that maps each element of the algebra to its domain of
definition (or its complement) in abstract fashion. They form a simple
algebraic basis for Hoare logics, dynamic logics or predicate
transformer semantics. We formalise a modular hierarchy of algebras
with domain and antidomain (domain complement) operations in
Isabelle/HOL that ranges from domain and antidomain semigroups to
modal Kleene algebras and divergence Kleene algebras. We link these
algebras with models of binary relations and program traces. We
include some examples from modal logics, termination and program
analysis.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/computer-science/programming-languages/logics">Computer science/Programming languages/Logics</a></li>
<li><a href="../topics/computer-science/automata-and-formal-languages">Computer science/Automata and formal languages</a></li>
<li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li>
</ul>
<h3>Session KAD</h3>
<ul>
<li><a href="../sessions/kad/#Domain_Semiring">Domain_Semiring</a></li>
<li><a href="../sessions/kad/#Antidomain_Semiring">Antidomain_Semiring</a></li>
<li><a href="../sessions/kad/#Range_Semiring">Range_Semiring</a></li>
<li><a href="../sessions/kad/#Modal_Kleene_Algebra">Modal_Kleene_Algebra</a></li>
<li><a href="../sessions/kad/#Modal_Kleene_Algebra_Models">Modal_Kleene_Algebra_Models</a></li>
<li><a href="../sessions/kad/#Modal_Kleene_Algebra_Applications">Modal_Kleene_Algebra_Applications</a></li>
</ul>
<div class="flex-wrap">
<div>
<h3>Depends on</h3>
<ul class="horizontal-list">
<li><a href="../entries/Kleene_Algebra.html">Kleene Algebra</a></li>
</ul>
</div>
<div>
<h3>Used by</h3>
<ul class="horizontal-list">
<li>
<a href="../entries/Catoids.html">Catoids, Categories, Groupoids</a>
</li>
<li>
<a href="../entries/Quantales_Converse.html">Modal quantales, involutive quantales, Dedekind Quantales</a>
</li>
<li>
<a href="../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a>
</li>
<li>
<a href="../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a>
</li>
</ul>
</div>
<div>
<h3>Auto-related entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></li>
<li><a href="../entries/Transformer_Semantics.html">Transformer Semantics</a></li>
<li><a href="../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></li>
<li><a href="../entries/Multirelations.html">Binary Multirelations</a></li>
<li><a href="../entries/Relation_Algebra.html">Relation Algebra</a></li>
- <li><a href="../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/KAD/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/KAD/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/KAD/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">KAD-AFP</p>
<pre id="copy-text">@article{KAD-AFP,
author = {Victor B. F. Gomes and Walter Guttmann and Peter Höfner and Georg Struth and Tjark Weber},
title = {Kleene Algebras with Domain},
journal = {Archive of Formal Proofs},
month = {April},
year = {2016},
note = {\url{https://isa-afp.org/entries/KAD.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-KAD-current.tar.gz"
download>Download latest</a>
<p>Older releases:</p>
<ul>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2023-09-13.tar.gz">
Sep 13, 2023
</a>
: Isabelle2023
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2022-10-27.tar.gz">
Oct 27, 2022
</a>
: Isabelle2022
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2021-12-14.tar.gz">
Dec 14, 2021
</a>
: Isabelle2021-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2021-02-23.tar.gz">
Feb 23, 2021
</a>
: Isabelle2021
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2020-04-18.tar.gz">
Apr 18, 2020
</a>
: Isabelle2020
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2019-06-11.tar.gz">
Jun 11, 2019
</a>
: Isabelle2019
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2018-08-16.tar.gz">
Aug 16, 2018
</a>
: Isabelle2018
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2017-10-10.tar.gz">
Oct 10, 2017
</a>
: Isabelle2017
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2016-12-17.tar.gz">
Dec 17, 2016
</a>
: Isabelle2016-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-KAD-2016-04-12.tar.gz">
Apr 12, 2016
</a>
: Isabelle2016
</li>
</ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/ML_Unification.html b/web/entries/ML_Unification.html
--- a/web/entries/ML_Unification.html
+++ b/web/entries/ML_Unification.html
@@ -1,280 +1,288 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Unification Utilities for Isabelle/ML - Archive of Formal Proofs</title>
<meta name="description" content="This article provides various unification utilities for Isabelle/ML, most prominently: First-order and higher-order pattern E-unification and E-matching....">
<meta property="og:title" content="Unification Utilities for Isabelle/ML" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/ML_Unification.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2023-09-19T00:00:00+00:00" />
<meta property="article:modified_time" content="2023-09-19T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Unification Utilities for Isabelle/ML"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>U</span>nification <span class='first'>U</span>tilities for <span class='first'>I</span>sabelle/<span class='first'>M</span><span class='first'>L</span>
</h1>
<div>
<p>
<a href="../authors/kappelmann">Kevin Kappelmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsia2V2aW4iLCJrYXBwZWxtYW5uIl19">📧</a>
</p>
<p class="date">September 19, 2023</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">This article provides various unification utilities for Isabelle/ML, most prominently:
<ol>
<li>First-order and higher-order pattern
<a href="https://en.wikipedia.org/wiki/Unification_(computer_science)#E-unification">E-unification</a>
and E-matching.
While unifiers in Isabelle/ML only consider the $\alpha\beta\eta$-equational theory of the $\lambda$-calculus,
unifiers in this article
may take an extra background theory, in the form of an equational prover, into account.
For example, the unification problem $n + 1 \equiv {}?m + Suc\; 0$
may be solved by providing a prover for the background theory $\forall n.\ n + 1 \equiv n + Suc\; 0$.</li>
<li>Tactics, methods, and attributes with adjustable unifiers (e.g.\ resolution, fact, assumption, OF).</li>
<li>A generalisation of <a href="https://doi.org/10.1007/978-3-642-03359-9_8">unification hints</a>.
Unification hints are a flexible extension for unifiers.
Among other things, they can be used for reflective tactics,
to provide canonical unification instances,
or to simply strengthen the background theory of a unifier in a controlled manner.</li>
<li>Simplifier integration for e-unifiers.</li>
<li>Practical combinations of unification algorithms, e.g. a combination of first-order and
higher-order pattern unification.</li>
<li>A hierarchical logger for Isabelle/ML,
including per logger configurations with log levels, output channels, message filters.</li>
</ol>
While this entry works with every object logic,
some extra setup for Isabelle/HOL and application examples are provided.
All unifiers are tested with <a href="https://isa-afp.org/entries/SpecCheck.html">SpecCheck</a>.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/tools">Tools</a></li>
</ul>
<h3>Session ML_Unification</h3>
<ul>
<li><a href="../sessions/ml_unification/#ML_Code_Utils">ML_Code_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Attributes">ML_Attributes</a></li>
<li><a href="../sessions/ml_unification/#ML_Logger">ML_Logger</a></li>
<li><a href="../sessions/ml_unification/#Setup_Result_Commands">Setup_Result_Commands</a></li>
<li><a href="../sessions/ml_unification/#ML_Logger_Examples">ML_Logger_Examples</a></li>
<li><a href="../sessions/ml_unification/#ML_Attribute_Utils">ML_Attribute_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Conversion_Utils">ML_Conversion_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Parsing_Utils">ML_Parsing_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Functor_Instances">ML_Functor_Instances</a></li>
<li><a href="../sessions/ml_unification/#ML_General_Utils">ML_General_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Generic_Data_Utils">ML_Generic_Data_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Method_Utils">ML_Method_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Priorities">ML_Priorities</a></li>
<li><a href="../sessions/ml_unification/#ML_Normalisations">ML_Normalisations</a></li>
<li><a href="../sessions/ml_unification/#ML_Binders">ML_Binders</a></li>
<li><a href="../sessions/ml_unification/#ML_Term_Utils">ML_Term_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Tactic_Utils">ML_Tactic_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Theorem_Utils">ML_Theorem_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Utils">ML_Utils</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_Base">ML_Unification_Base</a></li>
<li><a href="../sessions/ml_unification/#Simps_To">Simps_To</a></li>
<li><a href="../sessions/ml_unification/#ML_Unifiers">ML_Unifiers</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_Parsers">ML_Unification_Parsers</a></li>
<li><a href="../sessions/ml_unification/#Unify_Assumption_Tactic">Unify_Assumption_Tactic</a></li>
<li><a href="../sessions/ml_unification/#Unify_Resolve_Tactics">Unify_Resolve_Tactics</a></li>
<li><a href="../sessions/ml_unification/#Unify_Fact_Tactic">Unify_Fact_Tactic</a></li>
<li><a href="../sessions/ml_unification/#Unification_Tactics">Unification_Tactics</a></li>
<li><a href="../sessions/ml_unification/#Unification_Attributes">Unification_Attributes</a></li>
<li><a href="../sessions/ml_unification/#ML_Term_Index">ML_Term_Index</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_Hints">ML_Unification_Hints</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_HOL_Setup">ML_Unification_HOL_Setup</a></li>
<li><a href="../sessions/ml_unification/#E_Unification_Examples">E_Unification_Examples</a></li>
<li><a href="../sessions/ml_unification/#Unification_Hints_Reification_Examples">Unification_Hints_Reification_Examples</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_Tests_Base">ML_Unification_Tests_Base</a></li>
<li><a href="../sessions/ml_unification/#First_Order_ML_Unification_Tests">First_Order_ML_Unification_Tests</a></li>
<li><a href="../sessions/ml_unification/#Higher_Order_Pattern_ML_Unification_Tests">Higher_Order_Pattern_ML_Unification_Tests</a></li>
<li><a href="../sessions/ml_unification/#Higher_Order_ML_Unification_Tests">Higher_Order_ML_Unification_Tests</a></li>
<li><a href="../sessions/ml_unification/#ML_Unification_Tests">ML_Unification_Tests</a></li>
</ul>
<div class="flex-wrap">
<div>
<h3>Depends on</h3>
<ul class="horizontal-list">
<li><a href="../entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></li>
</ul>
</div>
+ <div>
+ <h3>Used by</h3>
+ <ul class="horizontal-list">
+ <li>
+ <a href="../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a>
+ </li>
+ </ul>
+ </div>
<div>
<h3>Auto-related entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ML_Unification/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ML_Unification/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ML_Unification/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">ML_Unification-AFP</p>
<pre id="copy-text">@article{ML_Unification-AFP,
author = {Kevin Kappelmann},
title = {Unification Utilities for Isabelle/ML},
journal = {Archive of Formal Proofs},
month = {September},
year = {2023},
note = {\url{https://isa-afp.org/entries/ML_Unification.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-ML_Unification-current.tar.gz"
download>Download latest</a>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Multirelations.html b/web/entries/Multirelations.html
--- a/web/entries/Multirelations.html
+++ b/web/entries/Multirelations.html
@@ -1,298 +1,299 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Binary Multirelations - Archive of Formal Proofs</title>
<meta name="description" content="Binary multirelations associate elements of a set with its subsets; hence
they are binary relations from a set to its power set. Applications include...">
<meta property="og:title" content="Binary Multirelations" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Multirelations.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2015-06-11T00:00:00+00:00" />
<meta property="article:modified_time" content="2015-06-11T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Binary Multirelations"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>B</span>inary <span class='first'>M</span>ultirelations
</h1>
<div>
<p>
<a href="../authors/furusawa">Hitoshi Furusawa</a> <a href="http://www.sci.kagoshima-u.ac.jp/~furusawa/">🌐</a> and <a href="../authors/struth">Georg Struth</a> <a href="http://staffwww.dcs.shef.ac.uk/people/G.Struth/">🌐</a>
</p>
<p class="date">June 11, 2015</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">Binary multirelations associate elements of a set with its subsets; hence
they are binary relations from a set to its power set. Applications include
alternating automata, models and logics for games, program semantics with
dual demonic and angelic nondeterministic choices and concurrent dynamic
logics. This proof document supports an arXiv article that formalises the
basic algebra of multirelations and proposes axiom systems for them,
ranging from weak bi-monoids to weak bi-quantales.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li>
</ul>
<h3>Session Multirelations</h3>
<ul>
<li><a href="../sessions/multirelations/#C_Algebras">C_Algebras</a></li>
<li><a href="../sessions/multirelations/#Multirelations">Multirelations</a></li>
</ul>
<div class="flex-wrap">
<div>
<h3>Depends on</h3>
<ul class="horizontal-list">
<li><a href="../entries/Kleene_Algebra.html">Kleene Algebra</a></li>
</ul>
</div>
<div>
<h3>Auto-related entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></li>
<li><a href="../entries/Multirelations_Heterogeneous.html">Inner Structure, Determinism and Modal Algebra of Multirelations</a></li>
<li><a href="../entries/KAD.html">Kleene Algebras with Domain</a></li>
<li><a href="../entries/Relation_Algebra.html">Relation Algebra</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Multirelations/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Multirelations/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Multirelations/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Multirelations-AFP</p>
<pre id="copy-text">@article{Multirelations-AFP,
author = {Hitoshi Furusawa and Georg Struth},
title = {Binary Multirelations},
journal = {Archive of Formal Proofs},
month = {June},
year = {2015},
note = {\url{https://isa-afp.org/entries/Multirelations.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-Multirelations-current.tar.gz"
download>Download latest</a>
<p>Older releases:</p>
<ul>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2023-09-13.tar.gz">
Sep 13, 2023
</a>
: Isabelle2023
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2022-10-27.tar.gz">
Oct 27, 2022
</a>
: Isabelle2022
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2021-12-14.tar.gz">
Dec 14, 2021
</a>
: Isabelle2021-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2021-02-23.tar.gz">
Feb 23, 2021
</a>
: Isabelle2021
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2020-04-20.tar.gz">
Apr 20, 2020
</a>
: Isabelle2020
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2019-06-11.tar.gz">
Jun 11, 2019
</a>
: Isabelle2019
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2018-08-16.tar.gz">
Aug 16, 2018
</a>
: Isabelle2018
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2017-10-10.tar.gz">
Oct 10, 2017
</a>
: Isabelle2017
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2016-12-17.tar.gz">
Dec 17, 2016
</a>
: Isabelle2016-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2016-02-22.tar.gz">
Feb 22, 2016
</a>
: Isabelle2016
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Multirelations-2015-06-13.tar.gz">
Jun 13, 2015
</a>
: Isabelle2015
</li>
</ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Relation_Algebra.html b/web/entries/Relation_Algebra.html
--- a/web/entries/Relation_Algebra.html
+++ b/web/entries/Relation_Algebra.html
@@ -1,336 +1,337 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Relation Algebra - Archive of Formal Proofs</title>
<meta name="description" content="Tarski&#39;s algebra of binary relations is formalised along the lines of
the standard textbooks of Maddux and Schmidt and Ströhlein. This
includes...">
<meta property="og:title" content="Relation Algebra" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Relation_Algebra.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2014-01-25T00:00:00+00:00" />
<meta property="article:modified_time" content="2014-01-25T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Relation Algebra"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>R</span>elation <span class='first'>A</span>lgebra
</h1>
<div>
<p>
<a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/fosters">Simon Foster</a> <a class="obfuscated" data="eyJob3N0IjpbInlvcmsiLCJhYyIsInVrIl0sInVzZXIiOlsic2ltb24iLCJmb3N0ZXIiXX0=">📧</a>, <a href="../authors/struth">Georg Struth</a> <a href="http://staffwww.dcs.shef.ac.uk/people/G.Struth/">🌐</a> and <a href="../authors/weber">Tjark Weber</a> <a href="http://user.it.uu.se/~tjawe125/">🌐</a>
</p>
<p class="date">January 25, 2014</p>
</div>
</header>
<div>
<main>
<h3>Abstract</h3>
<div class="abstract mathjax_process">Tarski's algebra of binary relations is formalised along the lines of
the standard textbooks of Maddux and Schmidt and Ströhlein. This
includes relation-algebraic concepts such as subidentities, vectors and
a domain operation as well as various notions associated to functions.
Relation algebras are also expanded by a reflexive transitive closure
operation, and they are linked with Kleene algebras and models of binary
relations and Boolean matrices.</div>
<h3>License</h3>
<div>
<a href="https://isa-afp.org/LICENSE">BSD License</a>
</div>
<h3>Topics</h3>
<ul>
<li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li>
</ul>
<h3>Session Relation_Algebra</h3>
<ul>
<li><a href="../sessions/relation_algebra/#More_Boolean_Algebra">More_Boolean_Algebra</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra">Relation_Algebra</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_Vectors">Relation_Algebra_Vectors</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_Tests">Relation_Algebra_Tests</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_Functions">Relation_Algebra_Functions</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_Direct_Products">Relation_Algebra_Direct_Products</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_RTC">Relation_Algebra_RTC</a></li>
<li><a href="../sessions/relation_algebra/#Relation_Algebra_Models">Relation_Algebra_Models</a></li>
</ul>
<div class="flex-wrap">
<div>
<h3>Depends on</h3>
<ul class="horizontal-list">
<li><a href="../entries/Kleene_Algebra.html">Kleene Algebra</a></li>
</ul>
</div>
<div>
<h3>Used by</h3>
<ul class="horizontal-list">
<li>
<a href="../entries/Catoids.html">Catoids, Categories, Groupoids</a>
</li>
<li>
<a href="../entries/Relational_Paths.html">Relational Characterisations of Paths</a>
</li>
<li>
<a href="../entries/Residuated_Lattices.html">Residuated Lattices</a>
</li>
</ul>
</div>
<div>
<h3>Auto-related entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></li>
<li><a href="../entries/KAD.html">Kleene Algebras with Domain</a></li>
<li><a href="../entries/Multirelations.html">Binary Multirelations</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Relation_Algebra/outline.pdf">Proof outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Relation_Algebra/document.pdf">Proof document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Relation_Algebra/session_graph.pdf">Dependencies</a>
</nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Relation_Algebra-AFP</p>
<pre id="copy-text">@article{Relation_Algebra-AFP,
author = {Alasdair Armstrong and Simon Foster and Georg Struth and Tjark Weber},
title = {Relation Algebra},
journal = {Archive of Formal Proofs},
month = {January},
year = {2014},
note = {\url{https://isa-afp.org/entries/Relation_Algebra.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-current.tar.gz"
download>Download latest</a>
<p>Older releases:</p>
<ul>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2023-09-13.tar.gz">
Sep 13, 2023
</a>
: Isabelle2023
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2022-10-27.tar.gz">
Oct 27, 2022
</a>
: Isabelle2022
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2021-12-14.tar.gz">
Dec 14, 2021
</a>
: Isabelle2021-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2021-02-23.tar.gz">
Feb 23, 2021
</a>
: Isabelle2021
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2020-04-20.tar.gz">
Apr 20, 2020
</a>
: Isabelle2020
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2019-06-11.tar.gz">
Jun 11, 2019
</a>
: Isabelle2019
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2018-08-16.tar.gz">
Aug 16, 2018
</a>
: Isabelle2018
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2017-10-10.tar.gz">
Oct 10, 2017
</a>
: Isabelle2017
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2016-12-17.tar.gz">
Dec 17, 2016
</a>
: Isabelle2016-1
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2016-02-22.tar.gz">
Feb 22, 2016
</a>
: Isabelle2016
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2015-05-27.tar.gz">
May 27, 2015
</a>
: Isabelle2015
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2014-08-28.tar.gz">
Aug 28, 2014
</a>
: Isabelle2014
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2014-01-31.tar.gz">
Jan 31, 2014
</a>
: Isabelle2013-2
</li>
<li>
<a href="https://www.isa-afp.org/release/afp-Relation_Algebra-2014-01-25.tar.gz">
Jan 25, 2014
</a>
: Isabelle2013-2
</li>
</ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/S_Finite_Measure_Monad.html b/web/entries/S_Finite_Measure_Monad.html
new file mode 100644
--- /dev/null
+++ b/web/entries/S_Finite_Measure_Monad.html
@@ -0,0 +1,236 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces - Archive of Formal Proofs</title>
+ <meta name="description" content="The s-finite measure monad on quasi-Borel spaces provides a suitable denotational model for higher-order probabilistic programs with conditioning. This...">
+
+ <meta property="og:title" content="S-Finite Measure Monad on Quasi-Borel Spaces" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/S_Finite_Measure_Monad.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2023-08-08T00:00:00+00:00" />
+<meta property="article:modified_time" content="2023-08-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="S-Finite Measure Monad on Quasi-Borel Spaces"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
+ </script>
+ <script src="../js/entries.js"></script>
+
+ <script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script>
+ <script src="../js/header-search.js"></script>
+ <script src="../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class="logo-link">
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content entries'>
+ <header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>S</span>-<span class='first'>F</span>inite <span class='first'>M</span>easure <span class='first'>M</span>onad on <span class='first'>Q</span>uasi-<span class='first'>B</span>orel <span class='first'>S</span>paces
+
+ </h1>
+ <div>
+ <p>
+ <a href="../authors/hirata">Michikazu Hirata</a> <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">📧</a> and <a href="../authors/minamide">Yasuhiko Minamide</a> <a class="obfuscated" data="eyJob3N0IjpbImlzIiwidGl0ZWNoIiwiYWMiLCJqcCJdLCJ1c2VyIjpbIm1pbmFtaWRlIl19">📧</a>
+
+ </p>
+ <p class="date">August 8, 2023</p>
+ </div>
+</header>
+ <div>
+
+ <main>
+ <h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">The s-finite measure monad on quasi-Borel spaces provides a suitable denotational model for higher-order probabilistic programs with conditioning. This entry is a formalization of the s-finite measure monad and related notions, including s-finite measures, s-finite kernels, and a proof automation for quasi-Borel spaces which is an extension of our previous entry <a href="https://www.isa-afp.org/entries/Quasi_Borel_Spaces.html"><i>Quasi-Borel Spaces</i></a>. We also implement several examples of probabilistic programs in previous works and prove their property.
+This work is a part of the work by Hirata, Minamide, and Sato, <i>Semantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL</i> presented at the 14th Conference on Interactive Theorem Proving (ITP2023).</div>
+
+ <h3>License</h3>
+ <div>
+ <a href="https://isa-afp.org/LICENSE">BSD License</a>
+ </div>
+ <h3>Topics</h3>
+ <ul>
+ <li><a href="../topics/computer-science/semantics-and-reasoning">Computer science/Semantics and reasoning</a></li>
+ <li><a href="../topics/mathematics/measure-and-integration">Mathematics/Measure and integration</a></li>
+ <li><a href="../topics/mathematics/probability-theory">Mathematics/Probability theory</a></li>
+ </ul>
+ <h3>Related publications</h3>
+ <ul>
+ <li>Hirata, M., Minamide, Y., &amp; Sato, T. (2023). Semantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL. <i>Schloss Dagstuhl - Leibniz-Zentrum Für Informatik</i>. https://doi.org/10.4230/LIPICS.ITP.2023.18
+ </li>
+ </ul>
+ <h3>Session S_Finite_Measure_Monad</h3>
+ <ul>
+ <li><a href="../sessions/s_finite_measure_monad/#Lemmas_S_Finite_Measure_Monad">Lemmas_S_Finite_Measure_Monad</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#Kernels">Kernels</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#QuasiBorel">QuasiBorel</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#QBS_Morphism">QBS_Morphism</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#Measure_QuasiBorel_Adjunction">Measure_QuasiBorel_Adjunction</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#Monad_QuasiBorel">Monad_QuasiBorel</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#Montecarlo">Montecarlo</a></li>
+ <li><a href="../sessions/s_finite_measure_monad/#Query">Query</a></li>
+ </ul>
+
+ <div class="flex-wrap">
+ <div>
+ <h3>Depends on</h3>
+ <ul class="horizontal-list">
+ <li><a href="../entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></li>
+ </ul>
+ </div>
+ <div>
+ <h3>Auto-related entries</h3>
+ <ul class="horizontal-list">
+ <li><a href="../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></li>
+ <li><a href="../entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></li>
+ <li><a href="../entries/Proof_Strategy_Language.html">Proof Strategy Language</a></li>
+ </ul>
+ </div>
+ </div>
+
+ </main>
+
+ <nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/outline.pdf">Proof outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/document.pdf">Proof document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/session_graph.pdf">Dependencies</a>
+ </nav>
+
+ <div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">S_Finite_Measure_Monad-AFP</p>
+ <pre id="copy-text">@article{S_Finite_Measure_Monad-AFP,
+ author = {Michikazu Hirata and Yasuhiko Minamide},
+ title = {S-Finite Measure Monad on Quasi-Borel Spaces},
+ journal = {Archive of Formal Proofs},
+ month = {August},
+ year = {2023},
+ note = {\url{https://isa-afp.org/entries/S_Finite_Measure_Monad.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+ </div>
+
+ <div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release/afp-S_Finite_Measure_Monad-current.tar.gz"
+ download>Download latest</a>
+ </div>
+ </div>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/entries/Standard_Borel_Spaces.html b/web/entries/Standard_Borel_Spaces.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Standard_Borel_Spaces.html
@@ -0,0 +1,226 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Standard Borel Spaces - Archive of Formal Proofs</title>
+ <meta name="description" content="This entry includes a formalization of standard Borel spaces and (a variant of) the Borel isomorphism theorem. A separable complete metrizable topological...">
+
+ <meta property="og:title" content="Standard Borel Spaces" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Standard_Borel_Spaces.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2023-08-08T00:00:00+00:00" />
+<meta property="article:modified_time" content="2023-08-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Standard Borel Spaces"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
+ </script>
+ <script src="../js/entries.js"></script>
+
+ <script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script>
+ <script src="../js/header-search.js"></script>
+ <script src="../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class="logo-link">
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content entries'>
+ <header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>S</span>tandard <span class='first'>B</span>orel <span class='first'>S</span>paces
+
+ </h1>
+ <div>
+ <p>
+ <a href="../authors/hirata">Michikazu Hirata</a> <a class="obfuscated" data="eyJob3N0IjpbIm0iLCJ0aXRlY2giLCJhYyIsImpwIl0sInVzZXIiOlsiaGlyYXRhIiwibSIsImFjIl19">📧</a>
+
+ </p>
+ <p class="date">August 8, 2023</p>
+ </div>
+</header>
+ <div>
+
+ <main>
+ <h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">This entry includes a formalization of standard Borel spaces and (a variant of) the Borel isomorphism theorem. A separable complete metrizable topological space is called a polish space and a measurable space generated from a polish space is called a standard Borel space. We formalize the notion of standard Borel spaces by establishing set-based metric spaces, and then prove (a variant of) the Borel isomorphism theorem. The theorem states that a standard Borel spaces is either a countable discrete space or isomorphic to $\mathbb{R}$.</div>
+
+ <h3>License</h3>
+ <div>
+ <a href="https://isa-afp.org/LICENSE">BSD License</a>
+ </div>
+ <h3>Topics</h3>
+ <ul>
+ <li><a href="../topics/mathematics/analysis">Mathematics/Analysis</a></li>
+ <li><a href="../topics/mathematics/topology">Mathematics/Topology</a></li>
+ </ul>
+ <h3>Related publications</h3>
+ <ul>
+ <li>Hirata, M., Minamide, Y., &amp; Sato, T. (2023). Semantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL. <i>Schloss Dagstuhl - Leibniz-Zentrum Für Informatik</i>. https://doi.org/10.4230/LIPICS.ITP.2023.18
+ </li>
+ </ul>
+ <h3>Session Standard_Borel_Spaces</h3>
+ <ul>
+ <li><a href="../sessions/standard_borel_spaces/#Lemmas_StandardBorel">Lemmas_StandardBorel</a></li>
+ <li><a href="../sessions/standard_borel_spaces/#Set_Based_Metric_Space">Set_Based_Metric_Space</a></li>
+ <li><a href="../sessions/standard_borel_spaces/#Set_Based_Metric_Product">Set_Based_Metric_Product</a></li>
+ <li><a href="../sessions/standard_borel_spaces/#Abstract_Metrizable_Topology">Abstract_Metrizable_Topology</a></li>
+ <li><a href="../sessions/standard_borel_spaces/#StandardBorel">StandardBorel</a></li>
+ <li><a href="../sessions/standard_borel_spaces/#Space_of_Continuous_Maps">Space_of_Continuous_Maps</a></li>
+ </ul>
+
+ <div class="flex-wrap">
+ <div>
+ <h3>Used by</h3>
+ <ul class="horizontal-list">
+ <li>
+ <a href="../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+
+ </main>
+
+ <nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/outline.pdf">Proof outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/document.pdf">Proof document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/session_graph.pdf">Dependencies</a>
+ </nav>
+
+ <div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Standard_Borel_Spaces-AFP</p>
+ <pre id="copy-text">@article{Standard_Borel_Spaces-AFP,
+ author = {Michikazu Hirata},
+ title = {Standard Borel Spaces},
+ journal = {Archive of Formal Proofs},
+ month = {August},
+ year = {2023},
+ note = {\url{https://isa-afp.org/entries/Standard_Borel_Spaces.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+ </div>
+
+ <div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release/afp-Standard_Borel_Spaces-current.tar.gz"
+ download>Download latest</a>
+ </div>
+ </div>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/entries/Transport.html b/web/entries/Transport.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Transport.html
@@ -0,0 +1,350 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Transport via Partial Galois Connections and Equivalences - Archive of Formal Proofs</title>
+ <meta name="description" content="This entry contains the accompanying formalisation of the paper &#34;Transport via Partial Galois Connections and Equivalences&#34; (APLAS 2023). It contains a...">
+
+ <meta property="og:title" content="Transport via Partial Galois Connections and Equivalences" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Transport.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2023-10-11T00:00:00+00:00" />
+<meta property="article:modified_time" content="2023-10-11T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Transport via Partial Galois Connections and Equivalences"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
+ </script>
+ <script src="../js/entries.js"></script>
+
+ <script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script>
+ <script src="../js/header-search.js"></script>
+ <script src="../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class="logo-link">
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
+ class="logo">
+ </a>
+ <ul>
+ <a href="../">
+ <li >
+ Home
+ </li>
+ </a>
+ <a href="../topics/">
+ <li >
+ Topics
+ </li>
+ </a>
+ <a href="../download/">
+ <li >
+ Download
+ </li>
+ </a>
+ <a href="../help/">
+ <li >
+ Help
+ </li>
+ </a>
+ <a href="../submission/">
+ <li >
+ Submission
+ </li>
+ </a>
+ <a href="../statistics/">
+ <li >
+ Statistics
+ </li>
+ </a>
+ <a href="../about/">
+ <li >
+ About
+ </li>
+ </a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content entries'>
+ <header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>T</span>ransport via <span class='first'>P</span>artial <span class='first'>G</span>alois <span class='first'>C</span>onnections and <span class='first'>E</span>quivalences
+
+ </h1>
+ <div>
+ <p>
+ <a href="../authors/kappelmann">Kevin Kappelmann</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsia2V2aW4iLCJrYXBwZWxtYW5uIl19">📧</a>
+
+ </p>
+ <p class="date">October 11, 2023</p>
+ </div>
+</header>
+ <div>
+
+ <main>
+ <h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">This entry contains the accompanying formalisation of the paper
+<a href="https://conf.researchr.org/details/aplas-2023/aplas-2023-research-papers/15/Transport-via-Partial-Galois-Connections-and-Equivalences">"Transport via Partial Galois Connections and Equivalences" (APLAS 2023)</a>.
+It contains a theoretical framework to transport programs via equivalences,
+subsuming the theory of <a href="https://doi.org/10.1007/978-3-319-03545-1_9">Isabelle's Lifting package</a>.
+It also contains a prototype to automate transports using this framework in Isabelle/HOL,
+but this prototype is not yet ready for production.
+Finally, it contains a library on top of Isabelle/HOL's axioms,
+including various relativised concepts on orders, functions, binary relations,
+and Galois connections and equivalences.</div>
+
+ <h3>License</h3>
+ <div>
+ <a href="https://isa-afp.org/LICENSE">BSD License</a>
+ </div>
+ <h3>Topics</h3>
+ <ul>
+ <li><a href="../topics/computer-science/programming-languages/lambda-calculi">Computer science/Programming languages/Lambda calculi</a></li>
+ <li><a href="../topics/computer-science/programming-languages/type-systems">Computer science/Programming languages/Type systems</a></li>
+ <li><a href="../topics/computer-science/semantics-and-reasoning">Computer science/Semantics and reasoning</a></li>
+ <li><a href="../topics/mathematics/order">Mathematics/Order</a></li>
+ </ul>
+ <h3>Related publications</h3>
+ <ul>
+ <li>Kappelmann, K. (2023). <i>Transport via Partial Galois Connections and Equivalences</i> (Version 4). arXiv. https://doi.org/10.48550/ARXIV.2303.05244
+ </li>
+ </ul>
+ <h3>Session Transport</h3>
+ <ul>
+ <li><a href="../sessions/transport/#HOL_Basics_Base">HOL_Basics_Base</a></li>
+ <li><a href="../sessions/transport/#Binary_Relation_Functions">Binary_Relation_Functions</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Order_Base">Binary_Relations_Order_Base</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Lattice">Binary_Relations_Lattice</a></li>
+ <li><a href="../sessions/transport/#Functions_Base">Functions_Base</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Lattices">HOL_Syntax_Bundles_Lattices</a></li>
+ <li><a href="../sessions/transport/#Predicates_Lattice">Predicates_Lattice</a></li>
+ <li><a href="../sessions/transport/#Function_Relators">Function_Relators</a></li>
+ <li><a href="../sessions/transport/#Predicates_Order">Predicates_Order</a></li>
+ <li><a href="../sessions/transport/#Predicates">Predicates</a></li>
+ <li><a href="../sessions/transport/#Functions_Monotone">Functions_Monotone</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Reflexive">Binary_Relations_Reflexive</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Symmetric">Binary_Relations_Symmetric</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Transitive">Binary_Relations_Transitive</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Order">Binary_Relations_Order</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Antisymmetric">Binary_Relations_Antisymmetric</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Injective">Binary_Relations_Injective</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Irreflexive">Binary_Relations_Irreflexive</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Left_Total">Binary_Relations_Left_Total</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Right_Unique">Binary_Relations_Right_Unique</a></li>
+ <li><a href="../sessions/transport/#Binary_Relations_Surjective">Binary_Relations_Surjective</a></li>
+ <li><a href="../sessions/transport/#Binary_Relation_Properties">Binary_Relation_Properties</a></li>
+ <li><a href="../sessions/transport/#Preorders">Preorders</a></li>
+ <li><a href="../sessions/transport/#Partial_Equivalence_Relations">Partial_Equivalence_Relations</a></li>
+ <li><a href="../sessions/transport/#Equivalence_Relations">Equivalence_Relations</a></li>
+ <li><a href="../sessions/transport/#Partial_Orders">Partial_Orders</a></li>
+ <li><a href="../sessions/transport/#Restricted_Equality">Restricted_Equality</a></li>
+ <li><a href="../sessions/transport/#LBinary_Relations">LBinary_Relations</a></li>
+ <li><a href="../sessions/transport/#Functions_Injective">Functions_Injective</a></li>
+ <li><a href="../sessions/transport/#Functions_Inverse">Functions_Inverse</a></li>
+ <li><a href="../sessions/transport/#Functions_Bijection">Functions_Bijection</a></li>
+ <li><a href="../sessions/transport/#Functions_Surjective">Functions_Surjective</a></li>
+ <li><a href="../sessions/transport/#Function_Properties">Function_Properties</a></li>
+ <li><a href="../sessions/transport/#LFunctions">LFunctions</a></li>
+ <li><a href="../sessions/transport/#Order_Functions_Base">Order_Functions_Base</a></li>
+ <li><a href="../sessions/transport/#Order_Functors_Base">Order_Functors_Base</a></li>
+ <li><a href="../sessions/transport/#Galois_Base">Galois_Base</a></li>
+ <li><a href="../sessions/transport/#Galois_Relator_Base">Galois_Relator_Base</a></li>
+ <li><a href="../sessions/transport/#Order_Equivalences">Order_Equivalences</a></li>
+ <li><a href="../sessions/transport/#Half_Galois_Property">Half_Galois_Property</a></li>
+ <li><a href="../sessions/transport/#Galois_Property">Galois_Property</a></li>
+ <li><a href="../sessions/transport/#Galois_Connections">Galois_Connections</a></li>
+ <li><a href="../sessions/transport/#Galois_Equivalences">Galois_Equivalences</a></li>
+ <li><a href="../sessions/transport/#Galois_Relator">Galois_Relator</a></li>
+ <li><a href="../sessions/transport/#Galois">Galois</a></li>
+ <li><a href="../sessions/transport/#Closure_Operators">Closure_Operators</a></li>
+ <li><a href="../sessions/transport/#Order_Functions">Order_Functions</a></li>
+ <li><a href="../sessions/transport/#Order_Functors">Order_Functors</a></li>
+ <li><a href="../sessions/transport/#Orders">Orders</a></li>
+ <li><a href="../sessions/transport/#HOL_Basics">HOL_Basics</a></li>
+ <li><a href="../sessions/transport/#HOL_Mem_Of">HOL_Mem_Of</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Relations">HOL_Syntax_Bundles_Relations</a></li>
+ <li><a href="../sessions/transport/#HOL_Alignment_Binary_Relations">HOL_Alignment_Binary_Relations</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Functions">HOL_Syntax_Bundles_Functions</a></li>
+ <li><a href="../sessions/transport/#HOL_Alignment_Functions">HOL_Alignment_Functions</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Orders">HOL_Syntax_Bundles_Orders</a></li>
+ <li><a href="../sessions/transport/#HOL_Alignment_Orders">HOL_Alignment_Orders</a></li>
+ <li><a href="../sessions/transport/#HOL_Alignments">HOL_Alignments</a></li>
+ <li><a href="../sessions/transport/#HOL_Algebra_Alignment_Orders">HOL_Algebra_Alignment_Orders</a></li>
+ <li><a href="../sessions/transport/#HOL_Algebra_Alignment_Galois">HOL_Algebra_Alignment_Galois</a></li>
+ <li><a href="../sessions/transport/#HOL_Algebra_Alignments">HOL_Algebra_Alignments</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Base">HOL_Syntax_Bundles_Base</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles_Groups">HOL_Syntax_Bundles_Groups</a></li>
+ <li><a href="../sessions/transport/#HOL_Syntax_Bundles">HOL_Syntax_Bundles</a></li>
+ <li><a href="../sessions/transport/#Transport_Base">Transport_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Bijections">Transport_Bijections</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Base">Transport_Compositions_Agree_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Monotone">Transport_Compositions_Agree_Monotone</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Galois_Property">Transport_Compositions_Agree_Galois_Property</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Galois_Connection">Transport_Compositions_Agree_Galois_Connection</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Galois_Equivalence">Transport_Compositions_Agree_Galois_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Galois_Relator">Transport_Compositions_Agree_Galois_Relator</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree_Order_Equivalence">Transport_Compositions_Agree_Order_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Agree">Transport_Compositions_Agree</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Base">Transport_Compositions_Generic_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Galois_Property">Transport_Compositions_Generic_Galois_Property</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Monotone">Transport_Compositions_Generic_Monotone</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Galois_Connection">Transport_Compositions_Generic_Galois_Connection</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Galois_Equivalence">Transport_Compositions_Generic_Galois_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Galois_Relator">Transport_Compositions_Generic_Galois_Relator</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Order_Base">Transport_Compositions_Generic_Order_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic_Order_Equivalence">Transport_Compositions_Generic_Order_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions_Generic">Transport_Compositions_Generic</a></li>
+ <li><a href="../sessions/transport/#Transport_Compositions">Transport_Compositions</a></li>
+ <li><a href="../sessions/transport/#Reflexive_Relator">Reflexive_Relator</a></li>
+ <li><a href="../sessions/transport/#Monotone_Function_Relator">Monotone_Function_Relator</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Base">Transport_Functions_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Monotone">Transport_Functions_Monotone</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Galois_Property">Transport_Functions_Galois_Property</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Galois_Connection">Transport_Functions_Galois_Connection</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Order_Base">Transport_Functions_Order_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Galois_Equivalence">Transport_Functions_Galois_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Relation_Simplifications">Transport_Functions_Relation_Simplifications</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Galois_Relator">Transport_Functions_Galois_Relator</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions_Order_Equivalence">Transport_Functions_Order_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Functions">Transport_Functions</a></li>
+ <li><a href="../sessions/transport/#Transport_Identity">Transport_Identity</a></li>
+ <li><a href="../sessions/transport/#Transport">Transport</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors_Base">Transport_Natural_Functors_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors_Galois">Transport_Natural_Functors_Galois</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors_Galois_Relator">Transport_Natural_Functors_Galois_Relator</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors_Order_Base">Transport_Natural_Functors_Order_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors_Order_Equivalence">Transport_Natural_Functors_Order_Equivalence</a></li>
+ <li><a href="../sessions/transport/#Transport_Natural_Functors">Transport_Natural_Functors</a></li>
+ <li><a href="../sessions/transport/#Transport_Rel_If">Transport_Rel_If</a></li>
+ <li><a href="../sessions/transport/#Transport_Prototype">Transport_Prototype</a></li>
+ <li><a href="../sessions/transport/#Transport_Syntax">Transport_Syntax</a></li>
+ <li><a href="../sessions/transport/#Transport_Dep_Fun_Rel_Examples">Transport_Dep_Fun_Rel_Examples</a></li>
+ <li><a href="../sessions/transport/#Transport_Lists_Sets_Examples">Transport_Lists_Sets_Examples</a></li>
+ <li><a href="../sessions/transport/#Transport_Partial_Quotient_Types">Transport_Partial_Quotient_Types</a></li>
+ <li><a href="../sessions/transport/#Transport_Typedef_Base">Transport_Typedef_Base</a></li>
+ <li><a href="../sessions/transport/#Transport_Typedef">Transport_Typedef</a></li>
+ <li><a href="../sessions/transport/#Transport_Via_Partial_Galois_Connections_Equivalences_Paper">Transport_Via_Partial_Galois_Connections_Equivalences_Paper</a></li>
+ </ul>
+
+ <div class="flex-wrap">
+ <div>
+ <h3>Depends on</h3>
+ <ul class="horizontal-list">
+ <li><a href="../entries/ML_Unification.html">Unification Utilities for Isabelle/ML</a></li>
+ </ul>
+ </div>
+ <div>
+ <h3>Auto-related entries</h3>
+ <ul class="horizontal-list">
+ <li><a href="../entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></li>
+ <li><a href="../entries/KAD.html">Kleene Algebras with Domain</a></li>
+ <li><a href="../entries/Multirelations.html">Binary Multirelations</a></li>
+ <li><a href="../entries/Relation_Algebra.html">Relation Algebra</a></li>
+ </ul>
+ </div>
+ </div>
+
+ </main>
+
+ <nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Transport/outline.pdf">Proof outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Transport/document.pdf">Proof document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Transport/session_graph.pdf">Dependencies</a>
+ </nav>
+
+ <div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Transport-AFP</p>
+ <pre id="copy-text">@article{Transport-AFP,
+ author = {Kevin Kappelmann},
+ title = {Transport via Partial Galois Connections and Equivalences},
+ journal = {Archive of Formal Proofs},
+ month = {October},
+ year = {2023},
+ note = {\url{https://isa-afp.org/entries/Transport.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+ </div>
+
+ <div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release/afp-Transport-current.tar.gz"
+ download>Download latest</a>
+ </div>
+ </div>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/entries/index.html b/web/entries/index.html
--- a/web/entries/index.html
+++ b/web/entries/index.html
@@ -1,7061 +1,7106 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Archive of Formal Proofs </title>
<meta name="description" content="">
<link rel="alternate" type="application/rss+xml" href="../entries/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Entries" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/entries/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Entries"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js">
</script>
<script src="../js/entries.js"></script>
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content entries'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>E</span>ntries
</h1>
<div>
</div>
</header>
<div>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Relational_Cardinality.html">Cardinality and Representation of Stone Relation Algebras</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hypergraph_Basics.html">Hypergraphs</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lovasz_Local.html">General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ML_Unification.html">Unification Utilities for Isabelle/ML</a></h5>
<br>
by <a href="../authors/kappelmann">Kevin Kappelmann</a>
</div>
<span class="date">Sep 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_Polyhedron_Formula.html">Euler&#39;s Polyhedron Formula</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/IO_Language_Conformance.html">Conformance Relations between Input/Output Languages</a></h5>
+ <br>
+ by <a href="../authors/sachtleben">Robert Sachtleben</a>
+
+ </div>
+ <span class="date">Sep 01</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by <a href="../authors/bisping">Benjamin Bisping</a> and <a href="../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">Aug 18</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Ceva.html">Ceva&#39;s Theorem</a></h5>
<br>
by <a href="../authors/rabing">Mathias Schack Rabing</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fixed_Length_Vector.html">Fixed-length vectors</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Catoids.html">Catoids, Categories, Groupoids</a></h5>
<br>
by <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polygonal_Number_Theorem.html">Polygonal Number Theorem</a></h5>
<br>
by <a href="../authors/leek">Kevin Lee</a>, <a href="../authors/yez">Zhengkun Ye</a> and <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">Aug 10</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></h5>
+ <br>
+ by <a href="../authors/hirata">Michikazu Hirata</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="../authors/hirata">Michikazu Hirata</a> and <a href="../authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Quantales_Converse.html">Modal quantales, involutive quantales, Dedekind Quantales</a></h5>
<br>
by <a href="../authors/struth">Georg Struth</a> and <a href="../authors/calk">Cameron Calk</a>
</div>
<span class="date">Jul 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Earley_Parser.html">Earley Parser</a></h5>
<br>
by <a href="../authors/rau">Martin Rau</a>
</div>
<span class="date">Jul 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gray_Codes.html">Gray Codes for Arbitrary Numeral Systems</a></h5>
<br>
by <a href="../authors/spitz">Maximilian Spitz</a>
</div>
<span class="date">Jul 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Executable_Randomized_Algorithms.html">Executable Randomized Algorithms</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DCR-ExecutionEquivalence.html">DCR Syntax and Execution Equivalent Markings</a></h5>
<br>
by <a href="../authors/christfort">Axel Christfort</a> and <a href="../authors/debois">Søren Debois</a>
</div>
<span class="date">Jun 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeckendorf.html">Zeckendorf’s Theorem</a></h5>
<br>
by <a href="../authors/dalvit">Christian Dalvit</a>
</div>
<span class="date">Jun 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Crypto_Standards.html">Cryptographic Standards</a></h5>
<br>
by <a href="../authors/whitley">A Whitley</a>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Efficient_Weighted_Path_Order.html">A Verified Efficient Implementation of the Weighted Path Order</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/wenninger">Elias Wenninger</a>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Directed_Sets.html">Formalizing Results on Directed Sets</a></h5>
<br>
by <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multirelations_Heterogeneous.html">Inner Structure, Determinism and Modal Algebra of Multirelations</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">May 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree_Enumeration.html">Tree Enumeration</a></h5>
<br>
by <a href="../authors/cremer">Nils Cremer</a>
</div>
<span class="date">May 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MLSS_Decision_Proc.html">MLSS Decision Procedure</a></h5>
<br>
by <a href="../authors/stevens">Lukas Stevens</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Three_Squares.html">Three Squares Theorem</a></h5>
<br>
by <a href="../authors/danilkin">Anton Danilkin</a> and <a href="../authors/chevalier">Loïc Chevalier</a>
</div>
<span class="date">May 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MHComputation.html">The Halting Problem is Soluble in Malament-Hogarth Spacetimes</a></h5>
<br>
by <a href="../authors/stannett">Mike Stannett</a>
</div>
<span class="date">Apr 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Schwartz_Zippel.html">The Schwartz-Zippel Lemma</a></h5>
<br>
by <a href="../authors/kim">Sunpill Kim</a> and <a href="../authors/tan">Yong Kiam Tan</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simple_Clause_Learning.html">A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</a></h5>
<br>
by <a href="../authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TsirelsonBound.html">The CHSH inequality: Tsirelson&#39;s upper-bound and other results</a></h5>
<br>
by <a href="../authors/echenim">Mnacho Echenim</a>, <a href="../authors/mhalla">Mehdi Mhalla</a> and <a href="../authors/mori">Coraline Mori</a>
</div>
<span class="date">Apr 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DigitsInBase.html">Positional Notation for Natural Numbers in an Arbitrary Base</a></h5>
<br>
by <a href="../authors/staats">Charles Staats</a>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HyperHoareLogic.html">Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Distributed_Distinct_Elements.html">Distributed Distinct Elements</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CommCSL.html">Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/No_FTL_observers_Gen_Rel.html">No Faster-Than-Light Observers (GenRel)</a></h5>
<br>
by <a href="../authors/stannett">Mike Stannett</a>, <a href="../authors/higgins">Edward Higgins</a>, <a href="../authors/andreka">Hajnal Andreka</a>, <a href="../authors/madarasz">Judit Madarasz</a>, <a href="../authors/nemeti">István Németi</a> and <a href="../authors/szekely">Gergely Szekely</a>
</div>
<span class="date">Mar 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Expander_Graphs.html">Expander Graphs</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rensets.html">Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Feb 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probability_Inequality_Completeness.html">A Sound and Complete Calculus for Probability Inequalities</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Edwards_Elliptic_Curves_Group.html">Group Law of Edwards Elliptic Curves</a></h5>
<br>
by <a href="../authors/raya">Rodrigo Raya</a>
</div>
<span class="date">Feb 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CVP_Hardness.html">Hardness of Lattice Problems</a></h5>
<br>
by <a href="../authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ABY3_Protocols.html">ABY3 Multiplication and Array Shuffling</a></h5>
<br>
by <a href="../authors/hu">Shuwei Hu</a>
</div>
<span class="date">Jan 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Given_Clause_Loops.html">Given Clause Loops</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/qiu">Qi Qiu</a> and <a href="../authors/tourret">Sophie Tourret</a>
</div>
<span class="date">Jan 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Suppes_Theorem.html">Suppes&#39; Theorem For Probability Logic</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">Jan 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HoareForDivergence.html">A Hoare Logic for Diverging Programs</a></h5>
<br>
by <a href="../authors/pohjola">Johannes Åman Pohjola</a>, <a href="../authors/myreen">Magnus O. Myreen</a> and <a href="../authors/tanaka">Miki Tanaka</a>
</div>
<span class="date">Jan 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/StrictOmegaCategories.html">Strict Omega Categories</a></h5>
<br>
by <a href="../authors/bordg">Anthony Bordg</a> and <a href="../authors/mateo">Adrián Doña Mateo</a>
</div>
<span class="date">Jan 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Synthetic_Completeness.html">Synthetic Completeness</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Jan 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cook_Levin.html">The Cook-Levin theorem</a></h5>
<br>
by <a href="../authors/balbach">Frank J. Balbach</a>
</div>
<span class="date">Jan 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Two_Generated_Word_Monoids_Intersection.html">Intersection of two monoids generated by two element codes</a></h5>
<br>
by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">Jan 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binary_Code_Imprimitive.html">Binary codes that do not preserve primitivity</a></h5>
<br>
by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/raska">Martin Raška</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Propositional_Logic_Class.html">Class-based Classical Propositional Logic</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quantifier_Elimination_Hybrid.html">A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/cordwell">Katherine Kosaian</a>, <a href="../authors/tan">Yong Kiam Tan</a> and <a href="../authors/platzer">André Platzer</a>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Birkhoff_Finite_Distributive_Lattices.html">Birkhoff&#39;s Representation Theorem For Finite Distributive Lattices</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">Dec 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolos_Curious_Inference_Automated.html">Automation of Boolos&#39; Curious Inference in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/benzmueller">Christoph Benzmüller</a>, <a href="../authors/fuenmayor">David Fuenmayor</a>, <a href="../authors/steen">Alexander Steen</a> and <a href="../authors/sutcliffe">Geoff Sutcliffe</a>
</div>
<span class="date">Dec 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multitape_To_Singletape_TM.html">A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</a></h5>
<br>
by <a href="../authors/dalvit">Christian Dalvit</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Nov 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AOT.html">Abstract Object Theory</a></h5>
<br>
by <a href="../authors/kirchner">Daniel Kirchner</a>
</div>
<span class="date">Nov 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CHERI-C_Memory_Model.html">A Formal CHERI-C Memory Model</a></h5>
<br>
by <a href="../authors/park">Seung Hoon Park</a>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sauer_Shelah_Lemma.html">Sauer-Shelah Lemma</a></h5>
<br>
by <a href="../authors/keskin">Ata Keskin</a>
</div>
<span class="date">Nov 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kneser_Cauchy_Davenport.html">Kneser&#39;s Theorem and the Cauchy–Davenport Theorem</a></h5>
<br>
by <a href="../authors/baksys">Mantas Bakšys</a> and <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">Nov 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Turans_Graph_Theorem.html">Turán&#39;s Graph Theorem</a></h5>
<br>
by <a href="../authors/lauermann">Nils Lauermann</a>
</div>
<span class="date">Nov 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Balog_Szemeredi_Gowers.html">The Balog–Szemerédi–Gowers Theorem</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>, <a href="../authors/baksys">Mantas Bakšys</a> and <a href="../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorial_Enumeration_Algorithms.html">Combinatorial Enumeration Algorithms</a></h5>
<br>
by <a href="../authors/hofmeier">Paul Hofmeier</a> and <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAPP_Impossibility.html">The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</a></h5>
<br>
by <a href="../authors/delemazure">Théo Delemazure</a>, <a href="../authors/demeulemeester">Tom Demeulemeester</a>, <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/israel">Jonas Israel</a> and <a href="../authors/lederer">Patrick Lederer</a>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5>
<br>
by <a href="../authors/stevens">Lukas Stevens</a> and <a href="../authors/stoeckl">Bernhard Stöckl</a>
</div>
<span class="date">Oct 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Undirected_Graph_Theory.html">Undirected Graph Theory</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Sep 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Maximum_Segment_Sum.html">Maximum Segment Sum</a></h5>
<br>
by <a href="../authors/cremer">Nils Cremer</a>
</div>
<span class="date">Sep 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_Range_RC.html">Making Arbitrary Relational Calculus Queries Safe-Range</a></h5>
<br>
by <a href="../authors/raszyk">Martin Raszyk</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stalnaker_Logic.html">Stalnaker&#39;s Epistemic Logic</a></h5>
<br>
by <a href="../authors/guzman">Laura P. Gamboa Guzman</a>
</div>
<span class="date">Sep 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5>
<br>
by <a href="../authors/crighton">Aaron Crighton</a>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">Sep 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5>
<br>
by <a href="../authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">Sep 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">Sep 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5>
<br>
by <a href="../authors/sulejmani">Ujkan Sulejmani</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5>
<br>
by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">Aug 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5>
<br>
by <a href="../authors/merz">Stephan Merz</a> and <a href="../authors/trelat">Vincent Trélat</a>
</div>
<span class="date">Aug 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5>
<br>
by <a href="../authors/bortin">Maksym Bortin</a>
</div>
<span class="date">Aug 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5>
<br>
by <a href="../authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">Aug 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">Jul 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5>
<br>
by <a href="../authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/marmsoler">Diego Marmsoler</a> and <a href="../authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jul 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5>
<br>
by <a href="../authors/toth">Balazs Toth</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/ketland">Jeffrey Ketland</a>
</div>
<span class="date">Jun 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5>
<br>
by <a href="../authors/klenze">Tobias Klenze</a> and <a href="../authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">Jun 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Fields.html">Finite Fields</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Jun 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5>
<br>
by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/stock">Benedikt Stock</a>, <a href="../authors/pal">Abhik Pal</a>, <a href="../authors/matiyasevich">Yuri Matiyasevich</a> and <a href="../authors/schleicher">Dierk Schleicher</a>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5>
<br>
by <a href="../authors/lochmann">Alexander Lochmann</a>
</div>
<span class="date">Jun 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">May 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">May 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">May 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Apr 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/schmidinger">Lukas Schmidinger</a>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Digit_Expansions.html">Digit Expansions</a></h5>
<br>
by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/pal">Abhik Pal</a> and <a href="../authors/stock">Benedikt Stock</a>
</div>
<span class="date">Apr 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5>
<br>
by <a href="../authors/fleuriot">Jacques D. Fleuriot</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Mar 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Mar 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Mar 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5>
<br>
by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a>
</div>
<span class="date">Mar 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5>
<br>
by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5>
<br>
by <a href="../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Feb 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Hash_Families.html">Universal Hash Families</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Feb 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Eval_FO.html">First-Order Query Evaluation</a></h5>
<br>
by <a href="../authors/raszyk">Martin Raszyk</a>
</div>
<span class="date">Feb 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5>
<br>
by <a href="../authors/raszyk">Martin Raszyk</a>
</div>
<span class="date">Feb 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Feb 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by <a href="../authors/hirata">Michikazu Hirata</a>, <a href="../authors/minamide">Yasuhiko Minamide</a> and <a href="../authors/sato">Tetsuya Sato</a>
</div>
<span class="date">Feb 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LP_Duality.html">Duality of Linear Programming</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5>
<br>
by <a href="../authors/lochmann">Alexander Lochmann</a> and <a href="../authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/jacobsen">Frederik Krogsdal Jacobsen</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Jan 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Method.html">Median Method</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a>
</div>
<span class="date">Jan 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5>
<br>
by <a href="../authors/ito">Yosuke Ito</a>
</div>
<span class="date">Jan 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Jan 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5>
<br>
by <a href="../authors/koller">Lukas Koller</a>
</div>
<span class="date">Jan 04</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5>
<br>
by <a href="../authors/smola">Filip Smola</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">Dec 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Dec 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5>
<br>
by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5>
<br>
by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5>
<br>
by <a href="../authors/lochmann">Alexander Lochmann</a>, <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/sternagelt">Thomas Sternagel</a>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5>
<br>
by <a href="../authors/aransay">Jesús Aransay</a>, <a href="../authors/campo">Alejandro del Campo</a> and <a href="../authors/michaelis">Julius Michaelis</a>
</div>
<span class="date">Nov 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5>
<br>
by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5>
<br>
by <a href="../authors/iwama">Fumiya Iwama</a>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5>
<br>
by <a href="../authors/cousin">Marie Cousin</a>, <a href="../authors/echenim">Mnacho Echenim</a> and <a href="../authors/guiol">Hervé Guiol</a>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5>
<br>
by <a href="../authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/reiche">Sebastian Reiche</a>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Nov 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Registers.html">Quantum and Classical Registers</a></h5>
<br>
by <a href="../authors/unruh">Dominique Unruh</a>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Belief_Revision.html">Belief Revision Theory</a></h5>
<br>
by <a href="../authors/fouillard">Valentin Fouillard</a>, <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/sabouret">Nicolas Sabouret</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5>
<br>
by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="../authors/bockenek">Joshua Bockenek</a>, <a href="../authors/roessle">Ian Roessle</a>, <a href="../authors/weerwag">Timmy Weerwag</a> and <a href="../authors/ravindran">Binoy Ravindran</a>
</div>
<span class="date">Oct 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5>
<br>
by <a href="../authors/scharager">Matias Scharager</a>, <a href="../authors/cordwell">Katherine Kosaian</a>, <a href="../authors/mitsch">Stefan Mitsch</a> and <a href="../authors/platzer">André Platzer</a>
</div>
<span class="date">Oct 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Sep 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5>
<br>
by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="../authors/unruh">Dominique Unruh</a>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Simplification.html">Conditional Simplification</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5>
<br>
by <a href="../authors/milehins">Mihails Milehins</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5>
<br>
by <a href="../authors/jiang">Nan Jiang</a>
</div>
<span class="date">Sep 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Sep 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Three_Circles.html">The Theorem of Three Circles</a></h5>
<br>
by <a href="../authors/thomson">Fox Thomson</a> and <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Aug 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fresh_Identifiers.html">Fresh identifiers</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5>
<br>
by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5>
<br>
by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BD_Security_Compositional.html">Compositional BD Security</a></h5>
<br>
by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Design_Theory.html">Combinatorial Design Theory</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Aug 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Forests.html">Relational Forests</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Aug 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5>
<br>
by <a href="../authors/schmoetten">Richard Schmoetten</a>, <a href="../authors/palmer">Jake Palmer</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">Jul 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5>
<br>
by <a href="../authors/thommes">Joseph Thommes</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5>
<br>
by <a href="../authors/kappelmann">Kevin Kappelmann</a>, <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/willenbrink">Sebastian Willenbrink</a>
</div>
<span class="date">Jul 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5>
<br>
by <a href="../authors/kreuzer">Katharina Kreuzer</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5>
<br>
by <a href="../authors/wassell">Mark Wassell</a>
</div>
<span class="date">Jun 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Jun 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jun 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5>
<br>
by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5>
<br>
by <a href="../authors/holub">Štěpán Holub</a>, <a href="../authors/raska">Martin Raška</a> and <a href="../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5>
<br>
by <a href="../authors/holub">Štěpán Holub</a>, <a href="../authors/raska">Martin Raška</a> and <a href="../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regression_Test_Selection.html">Regression Test Selection</a></h5>
<br>
by <a href="../authors/mansky">Susannah Mansky</a>
</div>
<span class="date">Apr 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5>
<br>
by <a href="../authors/kadzioka">Maya Kądziołka</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/rosskopf">Simon Roßkopf</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5>
<br>
by <a href="../authors/cordwell">Katherine Kosaian</a>, <a href="../authors/tan">Yong Kiam Tan</a> and <a href="../authors/platzer">André Platzer</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5>
<br>
by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5>
<br>
by <a href="../authors/brun">Matthias Brun</a>, <a href="../authors/decova">Sára Decova</a>, <a href="../authors/lattuada">Andrea Lattuada</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5>
<br>
by <a href="../authors/nordhoff">Benedikt Nordhoff</a>
</div>
<span class="date">Apr 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5>
<br>
by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/paulson">Lawrence C. Paulson</a> and <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Mar 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5>
<br>
by <a href="../authors/crighton">Aaron Crighton</a>
</div>
<span class="date">Mar 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Mar 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5>
<br>
by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Mar 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5>
<br>
by <a href="../authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">Mar 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mereology.html">Mereology</a></h5>
<br>
by <a href="../authors/blumson">Ben Blumson</a>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5>
<br>
by <a href="../authors/muendler">Niels Mündler</a>
</div>
<span class="date">Feb 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5>
<br>
by <a href="../authors/coghetto">Roland Coghetto</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5>
<br>
by <a href="../authors/kadzioka">Maya Kądziołka</a>
</div>
<span class="date">Jan 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5>
<br>
by <a href="../authors/londono">Alejandro Gómez-Londoño</a>
</div>
<span class="date">Jan 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5>
<br>
by <a href="../authors/mansky">Susannah Mansky</a>
</div>
<span class="date">Jan 11</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5>
<br>
by <a href="../authors/terraf">Pedro Sánchez Terraf</a>
</div>
<span class="date">Dec 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5>
<br>
by <a href="../authors/fuenmayor">David Fuenmayor</a>
</div>
<span class="date">Dec 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/brien">Nicolas Robinson-O&rsquo;Brien</a>
</div>
<span class="date">Dec 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5>
<br>
by <a href="../authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">Dec 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Dec 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5>
<br>
by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/lachnitt">Hanna Lachnitt</a> and <a href="../authors/he">Yijun He</a>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5>
<br>
by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/ye">Lina Ye</a>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5>
<br>
by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/kurz">Friedrich Kurz</a>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5>
<br>
by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5>
<br>
by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite-Map-Extras.html">Finite Map Extras</a></h5>
<br>
by <a href="../authors/diaz">Javier Díaz</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DOM_Components.html">A Formalization of Web Components</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5>
<br>
by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5>
<br>
by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5>
<br>
by <a href="../authors/balbach">Frank J. Balbach</a>
</div>
<span class="date">Aug 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5>
<br>
by <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/kaufmann">Daniela Kaufmann</a>
</div>
<span class="date">Aug 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Aug 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/tourret">Sophie Tourret</a>
</div>
<span class="date">Aug 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amicable_Numbers.html">Amicable Numbers</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">Aug 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Aug 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5>
<br>
by <a href="../authors/fiedler">Ben Fiedler</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Jul 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/hoefner">Peter Höfner</a>
</div>
<span class="date">Jul 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5>
<br>
by <a href="../authors/rizaldi">Albert Rizaldi</a> and <a href="../authors/immler">Fabian Immler</a>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">May 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">May 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">May 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5>
<br>
by <a href="../authors/dunaev">Georgy Dunaev</a>
</div>
<span class="date">May 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5>
<br>
by <a href="../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5>
<br>
by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a> and <a href="../authors/terraf">Pedro Sánchez Terraf</a>
</div>
<span class="date">May 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5>
<br>
by <a href="../authors/unruh">Dominique Unruh</a> and <a href="../authors/caballero">José Manuel Rodríguez Caballero</a>
</div>
<span class="date">May 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5>
<br>
by <a href="../authors/kammueller">Florian Kammüller</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gaussian_Integers.html">Gaussian Integers</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5>
<br>
by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">Apr 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maric">Ognjen Marić</a>
</div>
<span class="date">Apr 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5>
<br>
by <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/schneider">Joshua Schneider</a>
</div>
<span class="date">Apr 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>, <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/raszyk">Martin Raszyk</a>, <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5>
<br>
by <a href="../authors/tourret">Sophie Tourret</a>
</div>
<span class="date">Apr 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5>
<br>
by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a> and <a href="../authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5>
<br>
by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a>, <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>
</div>
<span class="date">Apr 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5>
<br>
by <a href="../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Apr 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5>
<br>
by <a href="../authors/karayel">Emin Karayel</a> and <a href="../authors/gonzalez">Edgar Gonzàlez</a>
</div>
<span class="date">Mar 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5>
<br>
by <a href="../authors/murray">Toby Murray</a>
</div>
<span class="date">Mar 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hello_World.html">Hello World</a></h5>
<br>
by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Mar 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5>
<br>
by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">Feb 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5>
<br>
by <a href="../authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">Feb 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5>
<br>
by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a>
</div>
<span class="date">Feb 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/moeller">Bernhard Möller</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5>
<br>
by <a href="../authors/essmann">Robin Eßmann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/robillard">Simon Robillard</a> and <a href="../authors/sulejmani">Ujkan Sulejmani</a>
</div>
<span class="date">Jan 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5>
<br>
by <a href="../authors/rau">Martin Rau</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jan 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skip_Lists.html">Skip Lists</a></h5>
<br>
by <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bicategory.html">Bicategories</a></h5>
<br>
by <a href="../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Jan 06</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Dec 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/tan">Yong Kiam Tan</a>
</div>
<span class="date">Dec 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Disc.html">Poincaré Disc Model</a></h5>
<br>
by <a href="../authors/simic">Danijela Simić</a>, <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/boutry">Pierre Boutry</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Geometry.html">Complex Geometry</a></h5>
<br>
by <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/simic">Danijela Simić</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5>
<br>
by <a href="../authors/raya">Rodrigo Raya</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Dec 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5>
<br>
by <a href="../authors/bohrer">Rose Bohrer</a>
</div>
<span class="date">Nov 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Oct 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_C.html">Isabelle/C</a></h5>
<br>
by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">Oct 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">Oct 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5>
<br>
by <a href="../authors/butler">David Butler</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Oct 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5>
<br>
by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5>
<br>
by <a href="../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5>
<br>
by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">Sep 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fourier.html">Fourier Series</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5>
<br>
by <a href="../authors/ballarin">Clemens Ballarin</a>
</div>
<span class="date">Aug 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5>
<br>
by <a href="../authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laplace_Transform.html">Laplace Transform</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Programming.html">Linear Programming</a></h5>
<br>
by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Aug 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5>
<br>
by <a href="../authors/buyse">Maxime Buyse</a> and <a href="../authors/jaskolka">Jason Jaskolka</a>
</div>
<span class="date">Aug 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Aug 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5>
<br>
by <a href="../authors/losa">Giuliano Losa</a>
</div>
<span class="date">Aug 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5>
<br>
by <a href="../authors/van">Hai Nguyen Van</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Jul 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5>
<br>
by <a href="../authors/zeller">Peter Zeller</a> and <a href="../authors/stevens">Lukas Stevens</a>
</div>
<span class="date">Jul 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Jul 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5>
<br>
by <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5>
<br>
by <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">Jun 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Search_Trees.html">Priority Search Trees</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Inequalities.html">Linear Inequalities</a></h5>
<br>
by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/reynaud">Alban Reynaud</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jun 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5>
<br>
by <a href="../authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">Jun 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5>
<br>
by <a href="../authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">Jun 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5>
<br>
by <a href="../authors/griebel">Simon Griebel</a>
</div>
<span class="date">Jun 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Game_Logic.html">Differential Game Logic</a></h5>
<br>
by <a href="../authors/platzer">André Platzer</a>
</div>
<span class="date">Jun 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5>
<br>
by <a href="../authors/rau">Martin Rau</a>
</div>
<span class="date">May 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5>
<br>
by <a href="../authors/brun">Matthias Brun</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5>
<br>
by <a href="../authors/aspinall">David Aspinall</a> and <a href="../authors/butler">David Butler</a>
</div>
<span class="date">May 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5>
<br>
by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/ye">Lina Ye</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5>
<br>
by <a href="../authors/seidl">Benedikt Seidl</a> and <a href="../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Apr 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5>
<br>
by <a href="../authors/gheri">Lorenzo Gheri</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Apr 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Mar 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QHLProver.html">Quantum Hoare Logic</a></h5>
<br>
by <a href="../authors/liu">Junyi Liu</a>, <a href="../authors/zhan">Bohua Zhan</a>, <a href="../authors/wang">Shuling Wang</a>, <a href="../authors/ying">Shenggang Ying</a>, <a href="../authors/liut">Tao Liu</a>, <a href="../authors/liy">Yangjia Li</a>, <a href="../authors/yingm">Mingsheng Ying</a> and <a href="../authors/zhann">Naijun Zhan</a>
</div>
<span class="date">Mar 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_OCL.html">Safe OCL</a></h5>
<br>
by <a href="../authors/nikiforov">Denis Nikiforov</a>
</div>
<span class="date">Mar 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5>
<br>
by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/biendarra">Julian Biendarra</a>
</div>
<span class="date">Feb 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5>
<br>
by <a href="../authors/stuewe">Daniel Stüwe</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5>
<br>
by <a href="../authors/xu">Jian Xu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a>, <a href="../authors/urban">Christian Urban</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="../authors/regensburger">Franz Regensburger</a>
</div>
<span class="date">Feb 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Inversions.html">The Inversions of a List</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5>
<br>
by <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/zeyda">Frank Zeyda</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/ribeiro">Pedro Ribeiro</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Feb 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5>
<br>
by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">Jan 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Jan 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5>
<br>
by <a href="../authors/cohen">Ernie Cohen</a> and <a href="../authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">Jan 07</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">Dec 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5>
<br>
by <a href="../authors/overbeek">Roy Overbeek</a>
</div>
<span class="date">Dec 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5>
<br>
by <a href="../authors/zhan">Bohua Zhan</a>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Dec 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transformer_Semantics.html">Transformer Semantics</a></h5>
<br>
by <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Dec 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quantales.html">Quantales</a></h5>
<br>
by <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Dec 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5>
<br>
by <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Dec 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Saturation.html">Graph Saturation</a></h5>
<br>
by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5>
<br>
by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_HOL.html">Auto2 Prover</a></h5>
<br>
by <a href="../authors/zhan">Bohua Zhan</a>
</div>
<span class="date">Nov 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matroids.html">Matroids</a></h5>
<br>
by <a href="../authors/keinholz">Jonas Keinholz</a>
</div>
<span class="date">Nov 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5>
<br>
by <a href="../authors/raedle">Jonas Rädle</a> and <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Nov 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">Oct 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5>
<br>
by <a href="../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Oct 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/zhan">Bohua Zhan</a>
</div>
<span class="date">Oct 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5>
<br>
by <a href="../authors/kurz">Friedrich Kurz</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Transcendental.html">The Transcendence of π</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Sep 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5>
<br>
by <a href="../authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Sep 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Octonions.html">Octonions</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">Sep 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quaternions.html">Quaternions</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Budan_Fourier.html">The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</a></h5>
<br>
by <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5>
<br>
by <a href="../authors/maricf">Filip Marić</a>, <a href="../authors/spasic">Mirko Spasić</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Aug 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minsky_Machines.html">Minsky Machines</a></h5>
<br>
by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5>
<br>
by <a href="../authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">Jul 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5>
<br>
by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pell.html">Pell&#39;s Equation</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5>
<br>
by <a href="../authors/bordg">Anthony Bordg</a>
</div>
<span class="date">Jun 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Geometry.html">Projective Geometry</a></h5>
<br>
by <a href="../authors/bordg">Anthony Bordg</a>
</div>
<span class="date">Jun 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5>
<br>
by <a href="../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Jun 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/somogyi">Dániel Somogyi</a>
</div>
<span class="date">May 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">May 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5>
<br>
by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5>
<br>
by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/scott">Dana Scott</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a>, <a href="../authors/hu">Shuwei Hu</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">May 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5>
<br>
by <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a>
</div>
<span class="date">May 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5>
<br>
by <a href="../authors/bracevac">Oliver Bračevac</a>, <a href="../authors/gay">Richard Gay</a>, <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a>, <a href="../authors/sudbrock">Henning Sudbrock</a> and <a href="../authors/tasch">Markus Tasch</a>
</div>
<span class="date">May 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WebAssembly.html">WebAssembly</a></h5>
<br>
by <a href="../authors/watt">Conrad Watt</a>
</div>
<span class="date">Apr 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5>
<br>
by <a href="../authors/brandt">Felix Brandt</a>, <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/saile">Christian Saile</a> and <a href="../authors/stricker">Christian Stricker</a>
</div>
<span class="date">Mar 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/dirix">Stefan Dirix</a>
</div>
<span class="date">Mar 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML.html">CakeML</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a> and <a href="../authors/zhang">Yu Zhang</a>
</div>
<span class="date">Mar 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5>
<br>
by <a href="../authors/marmsoler">Diego Marmsoler</a>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5>
<br>
by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Feb 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Treaps.html">Treaps</a></h5>
<br>
by <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Error_Function.html">The Error Function</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Order_Terms.html">First-Order Terms</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5>
<br>
by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Feb 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5>
<br>
by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/waldmann">Uwe Waldmann</a>
</div>
<span class="date">Jan 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5>
<br>
by <a href="../authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">Jan 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5>
<br>
by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Jan 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Taylor_Models.html">Taylor Models</a></h5>
<br>
by <a href="../authors/traut">Christoph Traut</a> and <a href="../authors/immler">Fabian Immler</a>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Dec 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Dec 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5>
<br>
by <a href="../authors/hellauer">Fabian Hellauer</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Dec 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5>
<br>
by <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/oldenburg">Lennart Oldenburg</a> and <a href="../authors/loibl">Matthias Loibl</a>
</div>
<span class="date">Nov 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5>
<br>
by <a href="../authors/linker">Sven Linker</a>
</div>
<span class="date">Nov 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/gioiosa">Gianpaolo Gioiosa</a>
</div>
<span class="date">Oct 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5>
<br>
by <a href="../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buchi_Complementation.html">Büchi Complementation</a></h5>
<br>
by <a href="../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5>
<br>
by <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Oct 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5>
<br>
by <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Oct 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5>
<br>
by <a href="../authors/messner">Florian Messner</a>, <a href="../authors/parsert">Julian Parsert</a>, <a href="../authors/schoepf">Jonas Schöpf</a> and <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Oct 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Recurrences.html">Linear Recurrences</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_Series.html">Dirichlet Series</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5>
<br>
by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">Sep 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/kirchner">Daniel Kirchner</a>
</div>
<span class="date">Sep 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/blumson">Ben Blumson</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5>
<br>
by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Sep 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5>
<br>
by <a href="../authors/raedle">Jonas Rädle</a>
</div>
<span class="date">Aug 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaMu.html">The LambdaMu-calculus</a></h5>
<br>
by <a href="../authors/matache">Cristina Matache</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/mulligan">Dominic P. Mulligan</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Jul 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DynamicArchitectures.html">Dynamic Architectures</a></h5>
<br>
by <a href="../authors/marmsoler">Diego Marmsoler</a>
</div>
<span class="date">Jul 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5>
<br>
by <a href="../authors/siek">Jeremy Siek</a>
</div>
<span class="date">Jul 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>, <a href="../authors/huffman">Brian Huffman</a>, <a href="../authors/mitchell">Neil Mitchell</a> and <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Jul 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5>
<br>
by <a href="../authors/rawson">Michael Rawson</a>
</div>
<span class="date">Jul 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5>
<br>
by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Jul 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5>
<br>
by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5>
<br>
by <a href="../authors/dongol">Brijesh Dongol</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Jun 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optics.html">Optics</a></h5>
<br>
by <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/laursen">Christian Pardillo-Laursen</a> and <a href="../authors/zeyda">Frank Zeyda</a>
</div>
<span class="date">May 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dict_Construction.html">Dictionary Construction</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5>
<br>
by <a href="../authors/sprenger">Christoph Sprenger</a> and <a href="../authors/somaini">Ivano Somaini</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_While.html">Probabilistic while loop</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Normalisation.html">Monad normalisation</a></h5>
<br>
by <a href="../authors/schneider">Joshua Schneider</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>, <a href="../authors/sefidgar">S. Reza Sefidgar</a> and <a href="../authors/bhatt">Bhargav Bhatt</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptHOL.html">CryptHOL</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoidalCategory.html">Monoidal Categories</a></h5>
<br>
by <a href="../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">May 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">May 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LocalLexing.html">Local Lexing</a></h5>
<br>
by <a href="../authors/obua">Steven Obua</a>
</div>
<span class="date">Apr 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructor_Funs.html">Constructor Functions</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Apr 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy_Case.html">Lazifying case constants</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Apr 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subresultants.html">Subresultants</a></h5>
<br>
by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Apr 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5>
<br>
by <a href="../authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">Feb 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Menger.html">Menger&#39;s Theorem</a></h5>
<br>
by <a href="../authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">Feb 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5>
<br>
by <a href="../authors/bohrer">Rose Bohrer</a>
</div>
<span class="date">Feb 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Soundness.html">Abstract Soundness</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Feb 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Feb 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5>
<br>
by <a href="../authors/lallemand">Joseph Lallemand</a> and <a href="../authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bernoulli.html">Bernoulli Numbers</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5>
<br>
by <a href="../authors/wagner">Max Wagner</a> and <a href="../authors/lohner">Denis Lohner</a>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5>
<br>
by <a href="../authors/biendarra">Julian Biendarra</a> and <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/E_Transcendental.html">The Transcendence of e</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Jan 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jan 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5>
<br>
by <a href="../authors/jensen">Alexander Birch Jensen</a>, <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">Jan 01</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5>
<br>
by <a href="../authors/fell">Julian Fell</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/velykis">Andrius Velykis</a>
</div>
<span class="date">Dec 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Twelvefold_Way.html">The Twelvefold Way</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Dec 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5>
<br>
by <a href="../authors/nagashima">Yutaka Nagashima</a>
</div>
<span class="date">Dec 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Paraconsistency.html">Paraconsistency</a></h5>
<br>
by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">Dec 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5>
<br>
by <a href="../authors/amani">Sidney Amani</a>, <a href="../authors/andronick">June Andronick</a>, <a href="../authors/bortin">Maksym Bortin</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/rizkallah">Christine Rizkallah</a> and <a href="../authors/tuongj">Joseph Tuong</a>
</div>
<span class="date">Nov 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Nov 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5>
<br>
by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a>, <a href="../authors/gore">Rajeev Gore</a> and <a href="../authors/clouston">Ranald Clouston</a>
</div>
<span class="date">Nov 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Nov 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="../authors/becker">Heiko Becker</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a>
</div>
<span class="date">Nov 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5>
<br>
by <a href="../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5>
<br>
by <a href="../authors/weber">Tjark Weber</a>, <a href="../authors/eriksson">Lars-Henrik Eriksson</a>, <a href="../authors/parrow">Joachim Parrow</a>, <a href="../authors/borgstroem">Johannes Borgström</a> and <a href="../authors/gutkovas">Ramunas Gutkovas</a>
</div>
<span class="date">Oct 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stable_Matching.html">Stable Matching</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Oct 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5>
<br>
by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">Oct 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5>
<br>
by <a href="../authors/hibon">Quentin Hibon</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5>
<br>
by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a> and <a href="../authors/liuy">Yang Liu</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Oct 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Oct 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lp.html">Lp spaces</a></h5>
<br>
by <a href="../authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">Oct 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Sep 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5>
<br>
by <a href="../authors/ghourabi">Fadoua Ghourabi</a>
</div>
<span class="date">Sep 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a>
</div>
<span class="date">Sep 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Iptables_Semantics.html">Iptables Semantics</a></h5>
<br>
by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Sep 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Algebras.html">Stone Algebras</a></h5>
<br>
by <a href="../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5>
<br>
by <a href="../authors/peltier">Nicolas Peltier</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Sep 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Routing.html">Routing</a></h5>
<br>
by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">Aug 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simple_Firewall.html">Simple Firewall</a></h5>
<br>
by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/haslbeck">Max W. Haslbeck</a>
</div>
<span class="date">Aug 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5>
<br>
by <a href="../authors/aissat">Romain Aissat</a>, <a href="../authors/voisin">Frederic Voisin</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Aug 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Aug 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Aug 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Surprise_Paradox.html">Surprise Paradox</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Jul 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pairing_Heap.html">Pairing Heap</a></h5>
<br>
by <a href="../authors/brinkop">Hauke Brinkop</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jul 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/neumann">René Neumann</a>
</div>
<span class="date">Jul 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5>
<br>
by <a href="../authors/sylvestre">Jeremy Sylvestre</a>
</div>
<span class="date">Jul 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewriting_Z.html">The Z Property</a></h5>
<br>
by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/nagele">Julian Nagele</a>, <a href="../authors/oostrom">Vincent van Oostrom</a> and <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Jun 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5>
<br>
by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>
</div>
<span class="date">Jun 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IP_Addresses.html">IP Addresses</a></h5>
<br>
by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Jun 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5>
<br>
by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">Jun 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5>
<br>
by <a href="../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Jun 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Multisets.html">Cardinality of Multisets</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Jun 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5>
<br>
by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">Jun 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Catalan_Numbers.html">Catalan Numbers</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5>
<br>
by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Jun 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jun 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Word_Lib.html">Finite Machine Word Library</a></h5>
<br>
by <a href="../authors/beeren">Joel Beeren</a>, <a href="../authors/fernandez">Matthew Fernandez</a>, <a href="../authors/gao">Xin Gao</a>, <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a>, <a href="../authors/lim">Japheth Lim</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/matichuk">Daniel Matichuk</a> and <a href="../authors/sewell">Thomas Sewell</a>
</div>
<span class="date">Jun 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree_Decomposition.html">Tree Decomposition</a></h5>
<br>
by <a href="../authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">May 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5>
<br>
by <a href="../authors/ausaf">Fahad Ausaf</a>, <a href="../authors/dyckhoff">Roy Dyckhoff</a> and <a href="../authors/urban">Christian Urban</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a> and <a href="../authors/lohner">Denis Lohner</a>
</div>
<span class="date">May 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/kuncar">Ondřej Kunčar</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">May 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by <a href="../authors/bisping">Benjamin Bisping</a>, <a href="../authors/brodmann">Paul-David Brodmann</a>, <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/rickmann">Christina Rickmann</a>, <a href="../authors/seidler">Henning Seidler</a>, <a href="../authors/stueber">Anke Stüber</a>, <a href="../authors/weidner">Arno Wilhelm-Weidner</a>, <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/nestmann">Uwe Nestmann</a>
</div>
<span class="date">May 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">May 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">May 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">May 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5>
<br>
by <a href="../authors/stannett">Mike Stannett</a> and <a href="../authors/nemeti">István Németi</a>
</div>
<span class="date">Apr 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5>
<br>
by <a href="../authors/michaelis">Julius Michaelis</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5>
<br>
by <a href="../authors/bortin">Maksym Bortin</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAD.html">Kleene Algebras with Domain</a></h5>
<br>
by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/guttmann">Walter Guttmann</a>, <a href="../authors/hoefner">Peter Höfner</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a>
</div>
<span class="date">Apr 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5>
<br>
by <a href="../authors/peltier">Nicolas Peltier</a>
</div>
<span class="date">Mar 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Timed_Automata.html">Timed Automata</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">Mar 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Mar 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL.html">Linear Temporal Logic</a></h5>
<br>
by <a href="../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Update.html">Analysis of List Update Algorithms</a></h5>
<br>
by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Feb 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5>
<br>
by <a href="../authors/ullrich">Sebastian Ullrich</a> and <a href="../authors/lohner">Denis Lohner</a>
</div>
<span class="date">Feb 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Jan 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Jan 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knot_Theory.html">Knot Theory</a></h5>
<br>
by <a href="../authors/prathamesh">T.V.H. Prathamesh</a>
</div>
<span class="date">Jan 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5>
<br>
by <a href="../authors/prathamesh">T.V.H. Prathamesh</a>
</div>
<span class="date">Jan 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Jan 14</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Liouville_Numbers.html">Liouville numbers</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Dec 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Applicative_Lifting.html">Applicative Lifting</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a>
</div>
<span class="date">Dec 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">Dec 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Dec 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Latin_Square.html">Latin Square</a></h5>
<br>
by <a href="../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Dec 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ergodic_Theory.html">Ergodic Theory</a></h5>
<br>
by <a href="../authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">Dec 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Nov 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Planarity_Certificates.html">Planarity Certificates</a></h5>
<br>
by <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5>
<br>
by <a href="../authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">Nov 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5>
<br>
by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5>
<br>
by <a href="../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Sep 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">Aug 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5>
<br>
by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">Aug 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Aug 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5>
<br>
by <a href="../authors/sylvestre">Jeremy Sylvestre</a>
</div>
<span class="date">Aug 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5>
<br>
by <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/glabbeek">Rob van Glabbeek</a>
</div>
<span class="date">Aug 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5>
<br>
by <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Jul 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Landau_Symbols.html">Landau Symbols</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite.html">Hermite Normal Form</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Derangements.html">Derangements Formula</a></h5>
<br>
by <a href="../authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">Jun 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multirelations.html">Binary Multirelations</a></h5>
<br>
by <a href="../authors/furusawa">Hitoshi Furusawa</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Jun 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5>
<br>
by <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5>
<br>
by <a href="../authors/hoelzl">Johannes Hölzl</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5>
<br>
by <a href="../authors/caminati">Marco B. Caminati</a>, <a href="../authors/kerber">Manfred Kerber</a>, <a href="../authors/lange">Christoph Lange</a> and <a href="../authors/rowat">Colin Rowat</a>
</div>
<span class="date">Apr 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Residuated_Lattices.html">Residuated Lattices</a></h5>
<br>
by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Apr 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>, <a href="../authors/hosking">Tony Hosking</a> and <a href="../authors/engelhardt">Kai Engelhardt</a>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentIMP.html">Concurrent IMP</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Trie.html">Trie</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Mar 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Consensus_Refined.html">Consensus Refined</a></h5>
<br>
by <a href="../authors/maric">Ognjen Marić</a> and <a href="../authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">Mar 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deriving.html">Deriving class instances for datatypes</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Mar 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Call_Arity.html">The Safety of Call Arity</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QR_Decomposition.html">QR Decomposition</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a>
</div>
<span class="date">Feb 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Echelon_Form.html">Echelon Form</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a>
</div>
<span class="date">Feb 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Feb 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5>
<br>
by <a href="../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Jan 28</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF.html">The Unified Policy Framework (UPF)</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Nov 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5>
<br>
by <a href="../authors/bourke">Timothy Bourke</a> and <a href="../authors/hoefner">Peter Höfner</a>
</div>
<span class="date">Oct 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Oct 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maximova">Alexandra Maximova</a>
</div>
<span class="date">Oct 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Oct 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5>
<br>
by <a href="../authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">Oct 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/XML.html">XML</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Oct 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Certification_Monads.html">Certification Monads</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Oct 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Sep 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Tarski.html">The Sturm–Tarski Theorem</a></h5>
<br>
by <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Sep 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5>
<br>
by <a href="../authors/adelsberger">Stephan Adelsberger</a>, <a href="../authors/hetzl">Stefan Hetzl</a> and <a href="../authors/pollak">Florian Pollak</a>
</div>
<span class="date">Sep 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5>
<br>
by <a href="../authors/raumer">Jakob von Raumer</a>
</div>
<span class="date">Sep 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Sep 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a>
</div>
<span class="date">Sep 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VectorSpace.html">Vector Spaces</a></h5>
<br>
by <a href="../authors/lee">Holden Lee</a>
</div>
<span class="date">Aug 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Aug 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skew_Heap.html">Skew Heap</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Splay_Tree.html">Splay Tree</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jul 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5>
<br>
by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/tverdyshev">Sergey Tverdyshev</a>, <a href="../authors/havle">Oto Havle</a>, <a href="../authors/blasum">Holger Blasum</a>, <a href="../authors/langenstein">Bruno Langenstein</a>, <a href="../authors/stephan">Werner Stephan</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/schmaltz">Julien Schmaltz</a>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/pGCL.html">pGCL for Isabelle</a></h5>
<br>
by <a href="../authors/cock">David Cock</a>
</div>
<span class="date">Jul 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jul 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5>
<br>
by <a href="../authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pop_Refinement.html">Pop-Refinement</a></h5>
<br>
by <a href="../authors/coglio">Alessandro Coglio</a>
</div>
<span class="date">Jul 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5>
<br>
by <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_Automata.html">The CAVA Automata Library</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Promela.html">Promela Formalization</a></h5>
<br>
by <a href="../authors/neumann">René Neumann</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5>
<br>
by <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5>
<br>
by <a href="../authors/esparza">Javier Esparza</a>, <a href="../authors/lammich">Peter Lammich</a>, <a href="../authors/neumann">René Neumann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/smaus">Jan-Georg Smaus</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5>
<br>
by <a href="../authors/wenzel">Makarius Wenzel</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Algebras.html">Regular Algebras</a></h5>
<br>
by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">May 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5>
<br>
by <a href="../authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">Apr 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Strong_Security.html">A Formalization of Strong Security</a></h5>
<br>
by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5>
<br>
by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5>
<br>
by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/schoepe">Daniel Schoepe</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">Apr 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Completeness.html">Abstract Completeness</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Apr 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5>
<br>
by <a href="../authors/rabe">Markus N. Rabe</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Apr 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Discrete_Summation.html">Discrete Summation</a></h5>
<br>
by <a href="../authors/haftmann">Florian Haftmann</a>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5>
<br>
by <a href="../authors/wickerson">John Wickerson</a>
</div>
<span class="date">Apr 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Mar 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5>
<br>
by <a href="../authors/bourke">Timothy Bourke</a>
</div>
<span class="date">Mar 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5>
<br>
by <a href="../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Feb 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5>
<br>
by <a href="../authors/petrovic">Danijela Petrovic</a>
</div>
<span class="date">Feb 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a>
</div>
<span class="date">Feb 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Jan 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5>
<br>
by <a href="../authors/raumer">Jakob von Raumer</a>
</div>
<span class="date">Jan 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relation_Algebra.html">Relation Algebra</a></h5>
<br>
by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a>
</div>
<span class="date">Jan 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5>
<br>
by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a>
</div>
<span class="date">Jan 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5>
<br>
by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Jan 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5>
<br>
by <a href="../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5>
<br>
by <a href="../authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">Jan 11</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5>
<br>
by <a href="../authors/noce">Pasquale Noce</a>
</div>
<span class="date">Dec 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Nov 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5>
<br>
by <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Nov 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5>
<br>
by <a href="../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Nov 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5>
<br>
by <a href="../authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">Nov 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/paleo">Bruno Woltzenlogel Paleo</a>
</div>
<span class="date">Nov 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5>
<br>
by <a href="../authors/zankl">Harald Zankl</a>
</div>
<span class="date">Nov 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Oct 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Native_Word.html">Native Word</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Sep 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5>
<br>
by <a href="../authors/yu">Lei Yu</a>
</div>
<span class="date">Jul 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Jul 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5>
<br>
by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Jul 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5>
<br>
by <a href="../authors/li">Wenda Li</a>
</div>
<span class="date">Jul 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Jun 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5>
<br>
by <a href="../authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">May 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Theory.html">Graph Theory</a></h5>
<br>
by <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Apr 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Containers.html">Light-weight Containers</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Apr 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nominal2.html">Nominal 2</a></h5>
<br>
by <a href="../authors/urban">Christian Urban</a>, <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Feb 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Jan 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5>
<br>
by <a href="../authors/wickerson">John Wickerson</a>
</div>
<span class="date">Jan 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5>
<br>
by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a>
</div>
<span class="date">Jan 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kleene_Algebra.html">Kleene Algebra</a></h5>
<br>
by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a>
</div>
<span class="date">Jan 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/meis">Rene Meis</a>
</div>
<span class="date">Nov 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Open_Induction.html">Open Induction</a></h5>
<br>
by <a href="../authors/ogawa">Mizuhito Ogawa</a> and <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Nov 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5>
<br>
by <a href="../authors/makarios">T. J. M. Makarios</a>
</div>
<span class="date">Oct 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bondy.html">Bondy&#39;s Theorem</a></h5>
<br>
by <a href="../authors/avigad">Jeremy Avigad</a> and <a href="../authors/hetzl">Stefan Hetzl</a>
</div>
<span class="date">Oct 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Sep 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Aug 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5>
<br>
by <a href="../authors/romanos">Ralph Romanos</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Aug 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5>
<br>
by <a href="../authors/debrat">Henri Debrat</a> and <a href="../authors/merz">Stephan Merz</a>
</div>
<span class="date">Jul 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PCF.html">Logical Relations for PCF</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Jul 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5>
<br>
by <a href="../authors/huffman">Brian Huffman</a>
</div>
<span class="date">Jun 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5>
<br>
by <a href="../authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">May 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5>
<br>
by <a href="../authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">May 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CCS.html">CCS in nominal logic</a></h5>
<br>
by <a href="../authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">May 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Circus.html">Isabelle/Circus</a></h5>
<br>
by <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/gaudel">Marie-Claude Gaudel</a>
</div>
<span class="date">May 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Algebra.html">Separation Algebra</a></h5>
<br>
by <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a> and <a href="../authors/boyton">Andrew Boyton</a>
</div>
<span class="date">May 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5>
<br>
by <a href="../authors/merz">Stephan Merz</a>
</div>
<span class="date">May 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5>
<br>
by <a href="../authors/bella">Giampaolo Bella</a>
</div>
<span class="date">May 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Apr 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5>
<br>
by <a href="../authors/guerraoui">Rachid Guerraoui</a>, <a href="../authors/kuncak">Viktor Kuncak</a> and <a href="../authors/losa">Giuliano Losa</a>
</div>
<span class="date">Mar 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5>
<br>
by <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5>
<br>
by <a href="../authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Jan 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5>
<br>
by <a href="../authors/nordhoff">Benedikt Nordhoff</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Jan 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Markov_Models.html">Markov Models</a></h5>
<br>
by <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/grov">Gudmund Grov</a> and <a href="../authors/merz">Stephan Merz</a>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">Nov 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PseudoHoops.html">Pseudo Hoops</a></h5>
<br>
by <a href="../authors/georgescu">George Georgescu</a>, <a href="../authors/leustean">Laurentiu Leustean</a> and <a href="../authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LatticeProperties.html">Lattice Properties</a></h5>
<br>
by <a href="../authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5>
<br>
by <a href="../authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">Sep 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5>
<br>
by <a href="../authors/wu">Chunhan Wu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a> and <a href="../authors/urban">Christian Urban</a>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5>
<br>
by <a href="../authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">Jul 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KBPs.html">Knowledge-based programs</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">May 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/General-Triangle.html">The General Triangle Is Unique</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Apr 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Mar 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5>
<br>
by <a href="../authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">Feb 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Infinite.html">Infinite Lists</a></h5>
<br>
by <a href="../authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">Feb 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5>
<br>
by <a href="../authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">Feb 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LightweightJava.html">Lightweight Java</a></h5>
<br>
by <a href="../authors/strnisa">Rok Strniša</a> and <a href="../authors/parkinson">Matthew Parkinson</a>
</div>
<span class="date">Feb 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5>
<br>
by <a href="../authors/immler">Fabian Immler</a>
</div>
<span class="date">Jan 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5>
<br>
by <a href="../authors/grechuk">Bogdan Grechuk</a>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5>
<br>
by <a href="../authors/jiangd">Dongchen Jiang</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Dec 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Nov 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Queues.html">Functional Binomial Queues</a></h5>
<br>
by <a href="../authors/neumann">René Neumann</a>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finger-Trees.html">Finger Trees</a></h5>
<br>
by <a href="../authors/nordhoff">Benedikt Nordhoff</a>, <a href="../authors/koerner">Stefan Körner</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5>
<br>
by <a href="../authors/meis">Rene Meis</a>, <a href="../authors/nielsen">Finn Nielsen</a> and <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5>
<br>
by <a href="../authors/doczkal">Christian Doczkal</a>
</div>
<span class="date">Aug 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/maletzky">Alexander Maletzky</a>, <a href="../authors/immler">Fabian Immler</a>, <a href="../authors/haftmann">Florian Haftmann</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Aug 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5>
<br>
by <a href="../authors/helke">Steffen Helke</a> and <a href="../authors/kammueller">Florian Kammüller</a>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Groups.html">Free Groups</a></h5>
<br>
by <a href="../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Jun 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category2.html">Category Theory</a></h5>
<br>
by <a href="../authors/katovsky">Alexander Katovsky</a>
</div>
<span class="date">Jun 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jun 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5>
<br>
by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jun 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5>
<br>
by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5>
<br>
by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5>
<br>
by <a href="../authors/doty">Matthew Doty</a>
</div>
<span class="date">May 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular-Sets.html">Regular Sets and Expressions</a></h5>
<br>
by <a href="../authors/krauss">Alexander Krauss</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">May 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5>
<br>
by <a href="../authors/henrio">Ludovic Henrio</a>, <a href="../authors/kammueller">Florian Kammüller</a>, <a href="../authors/lutz">Bianca Lutz</a> and <a href="../authors/sudhof">Henry Sudhof</a>
</div>
<span class="date">Apr 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5>
<br>
by <a href="../authors/huffman">Brian Huffman</a>
</div>
<span class="date">Mar 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5>
<br>
by <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Mar 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5>
<br>
by <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Mar 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Index.html">List Index</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive.html">Coinductive</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Feb 12</span>
</article>
<h2 class="head">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5>
<br>
by <a href="../authors/heller">Armin Heller</a>
</div>
<span class="date">Dec 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5>
<br>
by <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/reiter">Markus Reiter</a>
</div>
<span class="date">Dec 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree-Automata.html">Tree Automata</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Collections.html">Collections Framework</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5>
<br>
by <a href="../authors/ijbema">Mark Ijbema</a>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5>
<br>
by <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Nov 13</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Oct 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5>
<br>
by <a href="../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Sep 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5>
<br>
by <a href="../authors/chapman">Peter Chapman</a>
</div>
<span class="date">Aug 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/kastermans">Bart Kastermans</a>
</div>
<span class="date">Aug 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FinFun.html">Code Generation for Functions as Data</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream-Fusion.html">Stream Fusion</a></h5>
<br>
by <a href="../authors/huffman">Brian Huffman</a>
</div>
<span class="date">Apr 29</span>
</article>
<h2 class="head">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5>
<br>
by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a>
</div>
<span class="date">Dec 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFPL.html">Secure information flow and program logics</a></h5>
<br>
by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5>
<br>
by <a href="../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Nov 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithTilings.html">Fun With Tilings</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Nov 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5>
<br>
by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>
</div>
<span class="date">Oct 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Slicing.html">Towards Certified Slicing</a></h5>
<br>
by <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Sep 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5>
<br>
by <a href="../authors/snelting">Gregor Snelting</a> and <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Sep 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithFunctions.html">Fun With Functions</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5>
<br>
by <a href="../authors/maricf">Filip Marić</a>
</div>
<span class="date">Jul 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Theory-I.html">Recursion Theory I</a></h5>
<br>
by <a href="../authors/nedzelsky">Michael Nedzelsky</a>
</div>
<span class="date">Apr 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BDD.html">BDD Normalisation</a></h5>
<br>
by <a href="../authors/ortner">Veronika Ortner</a> and <a href="../authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">Feb 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5>
<br>
by <a href="../authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">Feb 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/NormByEval.html">Normalization by Evaluation</a></h5>
<br>
by <a href="../authors/aehlig">Klaus Aehlig</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Feb 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jan 11</span>
</article>
<h2 class="head">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5>
<br>
by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/olm">Markus Müller-Olm</a>
</div>
<span class="date">Dec 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaThreads.html">Jinja with Threads</a></h5>
<br>
by <a href="../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">Dec 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5>
<br>
by <a href="../authors/boehme">Sascha Böhme</a>
</div>
<span class="date">Nov 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SumSquares.html">Sums of Two and Four Squares</a></h5>
<br>
by <a href="../authors/oosterhuis">Roelof Oosterhuis</a>
</div>
<span class="date">Aug 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5>
<br>
by <a href="../authors/oosterhuis">Roelof Oosterhuis</a>
</div>
<span class="date">Aug 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5>
<br>
by <a href="../authors/kobayashi">Hidetsune Kobayashi</a>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5>
<br>
by <a href="../authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">Aug 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5>
<br>
by <a href="../authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">Aug 02</span>
</article>
<h2 class="head">2006</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HotelKeyCards.html">Hotel Key Card System</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Sep 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5>
<br>
by <a href="../authors/bauer">Gertrud Bauer</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">May 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5>
<br>
by <a href="../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">May 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5>
<br>
by <a href="../authors/fosterj">J. Nathan Foster</a> and <a href="../authors/vytiniotis">Dimitrios Vytiniotis</a>
</div>
<span class="date">Mar 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5>
<br>
by <a href="../authors/barsotti">Damián Barsotti</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5>
<br>
by <a href="../authors/porter">Benjamin Porter</a>
</div>
<span class="date">Mar 14</span>
</article>
<h2 class="head">2005</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal.html">Countable Ordinals</a></h5>
<br>
by <a href="../authors/huffman">Brian Huffman</a>
</div>
<span class="date">Nov 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FFT.html">Fast Fourier Transform</a></h5>
<br>
by <a href="../authors/ballarin">Clemens Ballarin</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5>
<br>
by <a href="../authors/tiu">Alwen Tiu</a>
</div>
<span class="date">Jun 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5>
<br>
by <a href="../authors/jaskelioff">Mauro Jaskelioff</a> and <a href="../authors/merz">Stephan Merz</a>
</div>
<span class="date">Jun 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5>
<br>
by <a href="../authors/rauch">Nicole Rauch</a> and <a href="../authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">Jun 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jinja.html">Jinja is not Java</a></h5>
<br>
by <a href="../authors/klein">Gerwin Klein</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5>
<br>
by <a href="../authors/lindenberg">Christina Lindenberg</a> and <a href="../authors/wirt">Kai Wirt</a>
</div>
<span class="date">May 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5>
<br>
by <a href="../authors/keefe">Greg O&rsquo;Keefe</a>
</div>
<span class="date">Apr 21</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FileRefinement.html">File Refinement</a></h5>
<br>
by <a href="../authors/zee">Karen Zee</a> and <a href="../authors/kuncak">Viktor Kuncak</a>
</div>
<span class="date">Dec 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Integration.html">Integration theory and random variables</a></h5>
<br>
by <a href="../authors/richter">Stefan Richter</a>
</div>
<span class="date">Nov 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5>
<br>
by <a href="../authors/ridge">Tom Ridge</a>
</div>
<span class="date">Sep 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5>
<br>
by <a href="../authors/ridge">Tom Ridge</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Completeness.html">Completeness theorem</a></h5>
<br>
by <a href="../authors/margetson">James Margetson</a> and <a href="../authors/ridge">Tom Ridge</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jul 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Depth-First-Search.html">Depth First Search</a></h5>
<br>
by <a href="../authors/nishihara">Toshiaki Nishihara</a> and <a href="../authors/minamide">Yasuhiko Minamide</a>
</div>
<span class="date">Jun 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5>
<br>
by <a href="../authors/kobayashi">Hidetsune Kobayashi</a>, <a href="../authors/chen">L. Chen</a> and <a href="../authors/murao">H. Murao</a>
</div>
<span class="date">May 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topology.html">Topology</a></h5>
<br>
by <a href="../authors/friedrich">Stefan Friedrich</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy-Lists-II.html">Lazy Lists II</a></h5>
<br>
by <a href="../authors/friedrich">Stefan Friedrich</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BinarySearchTree.html">Binary Search Trees</a></h5>
<br>
by <a href="../authors/kuncak">Viktor Kuncak</a>
</div>
<span class="date">Apr 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional-Automata.html">Functional Automata</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Mar 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniML.html">Mini ML</a></h5>
<br>
by <a href="../authors/naraschewski">Wolfgang Naraschewski</a> and <a href="../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Mar 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AVL-Trees.html">AVL Trees</a></h5>
<br>
by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/pusch">Cornelia Pusch</a>
</div>
<span class="date">Mar 19</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/index.xml b/web/entries/index.xml
--- a/web/entries/index.xml
+++ b/web/entries/index.xml
@@ -1,5386 +1,5421 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Entries on Archive of Formal Proofs
</title>
<link>/entries/</link>
<description>
Recent content in Entries
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Fri, 22 Sep 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/entries/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Cardinality and Representation of Stone Relation Algebras</title>
<link>/entries/Relational_Cardinality.html</link>
<pubDate>Fri, 22 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Cardinality.html</guid>
<description></description>
</item>
<item>
<title>General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</title>
<link>/entries/Lovasz_Local.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Lovasz_Local.html</guid>
<description></description>
</item>
<item>
<title>Hypergraphs</title>
<link>/entries/Hypergraph_Basics.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Hypergraph_Basics.html</guid>
<description></description>
</item>
<item>
<title>Unification Utilities for Isabelle/ML</title>
<link>/entries/ML_Unification.html</link>
<pubDate>Tue, 19 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/ML_Unification.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Polyhedron Formula</title>
<link>/entries/Euler_Polyhedron_Formula.html</link>
<pubDate>Sat, 16 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Polyhedron_Formula.html</guid>
<description></description>
</item>
<item>
+ <title>Conformance Relations between Input/Output Languages</title>
+ <link>/entries/IO_Language_Conformance.html</link>
+ <pubDate>Fri, 01 Sep 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/IO_Language_Conformance.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Ceva&#39;s Theorem</title>
<link>/entries/Ceva.html</link>
<pubDate>Wed, 16 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Ceva.html</guid>
<description></description>
</item>
<item>
<title>Catoids, Categories, Groupoids</title>
<link>/entries/Catoids.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Catoids.html</guid>
<description></description>
</item>
<item>
<title>Fixed-length vectors</title>
<link>/entries/Fixed_Length_Vector.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Fixed_Length_Vector.html</guid>
<description></description>
</item>
<item>
<title>Polygonal Number Theorem</title>
<link>/entries/Polygonal_Number_Theorem.html</link>
<pubDate>Thu, 10 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Polygonal_Number_Theorem.html</guid>
<description></description>
</item>
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Earley Parser</title>
<link>/entries/Earley_Parser.html</link>
<pubDate>Sun, 16 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Earley_Parser.html</guid>
<description></description>
</item>
<item>
<title>Gray Codes for Arbitrary Numeral Systems</title>
<link>/entries/Gray_Codes.html</link>
<pubDate>Tue, 11 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Gray_Codes.html</guid>
<description></description>
</item>
<item>
<title>Executable Randomized Algorithms</title>
<link>/entries/Executable_Randomized_Algorithms.html</link>
<pubDate>Mon, 19 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Executable_Randomized_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>DCR Syntax and Execution Equivalent Markings</title>
<link>/entries/DCR-ExecutionEquivalence.html</link>
<pubDate>Fri, 16 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/DCR-ExecutionEquivalence.html</guid>
<description></description>
</item>
<item>
<title>Zeckendorf’s Theorem</title>
<link>/entries/Zeckendorf.html</link>
<pubDate>Mon, 12 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Zeckendorf.html</guid>
<description></description>
</item>
<item>
<title>Cryptographic Standards</title>
<link>/entries/Crypto_Standards.html</link>
<pubDate>Tue, 06 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Crypto_Standards.html</guid>
<description></description>
</item>
<item>
<title>A Verified Efficient Implementation of the Weighted Path Order</title>
<link>/entries/Efficient_Weighted_Path_Order.html</link>
<pubDate>Thu, 01 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Efficient_Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Results on Directed Sets</title>
<link>/entries/Directed_Sets.html</link>
<pubDate>Wed, 24 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Directed_Sets.html</guid>
<description></description>
</item>
<item>
<title>Inner Structure, Determinism and Modal Algebra of Multirelations</title>
<link>/entries/Multirelations_Heterogeneous.html</link>
<pubDate>Mon, 22 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations_Heterogeneous.html</guid>
<description></description>
</item>
<item>
<title>Tree Enumeration</title>
<link>/entries/Tree_Enumeration.html</link>
<pubDate>Tue, 09 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>Three Squares Theorem</title>
<link>/entries/Three_Squares.html</link>
<pubDate>Wed, 03 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Three_Squares.html</guid>
<description></description>
</item>
<item>
<title>The Halting Problem is Soluble in Malament-Hogarth Spacetimes</title>
<link>/entries/MHComputation.html</link>
<pubDate>Sat, 29 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/MHComputation.html</guid>
<description></description>
</item>
<item>
<title>The Schwartz-Zippel Lemma</title>
<link>/entries/Schwartz_Zippel.html</link>
<pubDate>Thu, 27 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Schwartz_Zippel.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</title>
<link>/entries/Simple_Clause_Learning.html</link>
<pubDate>Thu, 20 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Clause_Learning.html</guid>
<description></description>
</item>
<item>
<title>The CHSH inequality: Tsirelson&#39;s upper-bound and other results</title>
<link>/entries/TsirelsonBound.html</link>
<pubDate>Tue, 18 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/TsirelsonBound.html</guid>
<description></description>
</item>
<item>
<title>Distributed Distinct Elements</title>
<link>/entries/Distributed_Distinct_Elements.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Distributed_Distinct_Elements.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</title>
<link>/entries/HyperHoareLogic.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/HyperHoareLogic.html</guid>
<description></description>
</item>
<item>
<title>Positional Notation for Natural Numbers in an Arbitrary Base</title>
<link>/entries/DigitsInBase.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/DigitsInBase.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers (GenRel)</title>
<link>/entries/No_FTL_observers_Gen_Rel.html</link>
<pubDate>Sun, 05 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers_Gen_Rel.html</guid>
<description></description>
</item>
<item>
<title>Expander Graphs</title>
<link>/entries/Expander_Graphs.html</link>
<pubDate>Fri, 03 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/Expander_Graphs.html</guid>
<description></description>
</item>
<item>
<title>Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</title>
<link>/entries/Rensets.html</link>
<pubDate>Tue, 28 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Rensets.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Group Law of Edwards Elliptic Curves</title>
<link>/entries/Edwards_Elliptic_Curves_Group.html</link>
<pubDate>Thu, 16 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Edwards_Elliptic_Curves_Group.html</guid>
<description></description>
</item>
<item>
<title>Hardness of Lattice Problems</title>
<link>/entries/CVP_Hardness.html</link>
<pubDate>Thu, 02 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/CVP_Hardness.html</guid>
<description></description>
</item>
<item>
<title>ABY3 Multiplication and Array Shuffling</title>
<link>/entries/ABY3_Protocols.html</link>
<pubDate>Fri, 27 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/ABY3_Protocols.html</guid>
<description></description>
</item>
<item>
<title>Given Clause Loops</title>
<link>/entries/Given_Clause_Loops.html</link>
<pubDate>Wed, 25 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Given_Clause_Loops.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A Hoare Logic for Diverging Programs</title>
<link>/entries/HoareForDivergence.html</link>
<pubDate>Fri, 20 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/HoareForDivergence.html</guid>
<description></description>
</item>
<item>
<title>Strict Omega Categories</title>
<link>/entries/StrictOmegaCategories.html</link>
<pubDate>Sat, 14 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/StrictOmegaCategories.html</guid>
<description></description>
</item>
<item>
<title>Synthetic Completeness</title>
<link>/entries/Synthetic_Completeness.html</link>
<pubDate>Mon, 09 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Synthetic_Completeness.html</guid>
<description></description>
</item>
<item>
<title>The Cook-Levin theorem</title>
<link>/entries/Cook_Levin.html</link>
<pubDate>Sun, 08 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Cook_Levin.html</guid>
<description></description>
</item>
<item>
<title>Binary codes that do not preserve primitivity</title>
<link>/entries/Binary_Code_Imprimitive.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Binary_Code_Imprimitive.html</guid>
<description></description>
</item>
<item>
<title>Intersection of two monoids generated by two element codes</title>
<link>/entries/Two_Generated_Word_Monoids_Intersection.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Two_Generated_Word_Monoids_Intersection.html</guid>
<description></description>
</item>
<item>
<title>A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL</title>
<link>/entries/Quantifier_Elimination_Hybrid.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quantifier_Elimination_Hybrid.html</guid>
<description></description>
</item>
<item>
<title>Class-based Classical Propositional Logic</title>
<link>/entries/Propositional_Logic_Class.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Logic_Class.html</guid>
<description></description>
</item>
<item>
<title>Birkhoff&#39;s Representation Theorem For Finite Distributive Lattices</title>
<link>/entries/Birkhoff_Finite_Distributive_Lattices.html</link>
<pubDate>Tue, 06 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Birkhoff_Finite_Distributive_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</title>
<link>/entries/Multitape_To_Singletape_TM.html</link>
<pubDate>Wed, 30 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multitape_To_Singletape_TM.html</guid>
<description></description>
</item>
<item>
<title>Abstract Object Theory</title>
<link>/entries/AOT.html</link>
<pubDate>Mon, 28 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/AOT.html</guid>
<description></description>
</item>
<item>
<title>A Formal CHERI-C Memory Model</title>
<link>/entries/CHERI-C_Memory_Model.html</link>
<pubDate>Fri, 25 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/CHERI-C_Memory_Model.html</guid>
<description></description>
</item>
<item>
<title>Sauer-Shelah Lemma</title>
<link>/entries/Sauer_Shelah_Lemma.html</link>
<pubDate>Thu, 24 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sauer_Shelah_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Kneser&#39;s Theorem and the Cauchy–Davenport Theorem</title>
<link>/entries/Kneser_Cauchy_Davenport.html</link>
<pubDate>Mon, 21 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Kneser_Cauchy_Davenport.html</guid>
<description></description>
</item>
<item>
<title>Turán&#39;s Graph Theorem</title>
<link>/entries/Turans_Graph_Theorem.html</link>
<pubDate>Mon, 14 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Turans_Graph_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Enumeration Algorithms</title>
<link>/entries/Combinatorial_Enumeration_Algorithms.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorial_Enumeration_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>The Balog–Szemerédi–Gowers Theorem</title>
<link>/entries/Balog_Szemeredi_Gowers.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Balog_Szemeredi_Gowers.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</title>
<link>/entries/PAPP_Impossibility.html</link>
<pubDate>Thu, 10 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/PAPP_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Verification of Query Optimization Algorithms</title>
<link>/entries/Query_Optimization.html</link>
<pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
<guid>/entries/Query_Optimization.html</guid>
<description></description>
</item>
<item>
<title>Maximum Segment Sum</title>
<link>/entries/Maximum_Segment_Sum.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Maximum_Segment_Sum.html</guid>
<description></description>
</item>
<item>
<title>Undirected Graph Theory</title>
<link>/entries/Undirected_Graph_Theory.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Undirected_Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
<title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
<link>/entries/SCC_Bloemen_Sequential.html</link>
<pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/SCC_Bloemen_Sequential.html</guid>
<description></description>
</item>
<item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm–Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/index.html b/web/index.html
--- a/web/index.html
+++ b/web/index.html
@@ -1,8635 +1,8690 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content="Hugo 0.88.1" />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Archive of Formal Proofs </title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="./index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content=""/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="./css/front.min.css">
<link rel="icon" href="./images/favicon.ico" type="image/icon">
<script src="./js/obfuscate.js"></script>
<script src="./js/flexsearch.bundle.js"></script>
<script src="./js/scroll-spy.js"></script>
<script src="./js/theory.js"></script>
<script src="./js/util.js"></script>
<script src="./js/header-search.js"></script>
<script src="./js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="./images/menu.svg" alt="Menu" />
</label>
<a href="./" class="logo-link">
<img src="./images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="./" class='logo-link'>
<img src="./images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="./">
<li class="active" >
Home
</li>
</a>
<a href="./topics/">
<li >
Topics
</li>
</a>
<a href="./download/">
<li >
Download
</li>
</a>
<a href="./help/">
<li >
Help
</li>
</a>
<a href="./submission/">
<li >
Submission
</li>
</a>
<a href="./statistics/">
<li >
Statistics
</li>
</a>
<a href="./about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<h1
class="large-top-margin">
<span class='first'>A</span>rchive of <span class='first'>F</span>ormal <span class='first'>P</span>roofs
</h1>
<div>
</div>
</header>
<div>
<p>
The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments,
mechanically checked in the theorem prover <a href="https://isabelle.in.tum.de/">Isabelle</a>.
It is organized in the way of a scientific journal,
is indexed by <a href="https://dblp.uni-trier.de/db/journals/afp/">dblp</a>
and has an ISSN: 2150-914x.
Submissions are refereed and we encourage companion AFP submissions to conference and journal publications.
To cite an entry, please use the <a href="./help/#citing-entries">preferred citation style</a>.
</p>
<p>
A <a href="https://devel.isa-afp.org/">development version</a> of the archive is available as well.
</p>
<form autocomplete="off" action="./search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
Search
</button>
<datalist id="autocomplete"></datalist>
</div>
</form>
<div>
<h2 class="year">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="./authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">
+ Oct 11
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Relational_Cardinality.html">Cardinality and Representation of Stone Relation Algebras</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hypergraph_Basics.html">Hypergraphs</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lovasz_Local.html">General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ML_Unification.html">Unification Utilities for Isabelle/ML</a></h5>
<br>
by <a href="./authors/kappelmann">Kevin Kappelmann</a>
</div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_Polyhedron_Formula.html">Euler&#39;s Polyhedron Formula</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/IO_Language_Conformance.html">Conformance Relations between Input/Output Languages</a></h5>
+ <br>
+ by <a href="./authors/sachtleben">Robert Sachtleben</a>
+
+ </div>
+ <span class="date">
+ Sep 01
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="./entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by <a href="./authors/bisping">Benjamin Bisping</a> and <a href="./authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">
+ Aug 18
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Ceva.html">Ceva&#39;s Theorem</a></h5>
<br>
by <a href="./authors/rabing">Mathias Schack Rabing</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fixed_Length_Vector.html">Fixed-length vectors</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Catoids.html">Catoids, Categories, Groupoids</a></h5>
<br>
by <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polygonal_Number_Theorem.html">Polygonal Number Theorem</a></h5>
<br>
by <a href="./authors/leek">Kevin Lee</a>, <a href="./authors/yez">Zhengkun Ye</a> and <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></h5>
+ <br>
+ by <a href="./authors/hirata">Michikazu Hirata</a>
+
+ </div>
+ <span class="date">
+ Aug 08
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="./entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="./authors/hirata">Michikazu Hirata</a> and <a href="./authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">
+ Aug 08
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Quantales_Converse.html">Modal quantales, involutive quantales, Dedekind Quantales</a></h5>
<br>
by <a href="./authors/struth">Georg Struth</a> and <a href="./authors/calk">Cameron Calk</a>
</div>
<span class="date">
Jul 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Earley_Parser.html">Earley Parser</a></h5>
<br>
by <a href="./authors/rau">Martin Rau</a>
</div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gray_Codes.html">Gray Codes for Arbitrary Numeral Systems</a></h5>
<br>
by <a href="./authors/spitz">Maximilian Spitz</a>
</div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Executable_Randomized_Algorithms.html">Executable Randomized Algorithms</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jun 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DCR-ExecutionEquivalence.html">DCR Syntax and Execution Equivalent Markings</a></h5>
<br>
by <a href="./authors/christfort">Axel Christfort</a> and <a href="./authors/debois">Søren Debois</a>
</div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeckendorf.html">Zeckendorf’s Theorem</a></h5>
<br>
by <a href="./authors/dalvit">Christian Dalvit</a>
</div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Crypto_Standards.html">Cryptographic Standards</a></h5>
<br>
by <a href="./authors/whitley">A Whitley</a>
</div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Efficient_Weighted_Path_Order.html">A Verified Efficient Implementation of the Weighted Path Order</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/wenninger">Elias Wenninger</a>
</div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Directed_Sets.html">Formalizing Results on Directed Sets</a></h5>
<br>
by <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multirelations_Heterogeneous.html">Inner Structure, Determinism and Modal Algebra of Multirelations</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree_Enumeration.html">Tree Enumeration</a></h5>
<br>
by <a href="./authors/cremer">Nils Cremer</a>
</div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MLSS_Decision_Proc.html">MLSS Decision Procedure</a></h5>
<br>
by <a href="./authors/stevens">Lukas Stevens</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Three_Squares.html">Three Squares Theorem</a></h5>
<br>
by <a href="./authors/danilkin">Anton Danilkin</a> and <a href="./authors/chevalier">Loïc Chevalier</a>
</div>
<span class="date">
May 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MHComputation.html">The Halting Problem is Soluble in Malament-Hogarth Spacetimes</a></h5>
<br>
by <a href="./authors/stannett">Mike Stannett</a>
</div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Schwartz_Zippel.html">The Schwartz-Zippel Lemma</a></h5>
<br>
by <a href="./authors/kim">Sunpill Kim</a> and <a href="./authors/tan">Yong Kiam Tan</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simple_Clause_Learning.html">A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</a></h5>
<br>
by <a href="./authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TsirelsonBound.html">The CHSH inequality: Tsirelson&#39;s upper-bound and other results</a></h5>
<br>
by <a href="./authors/echenim">Mnacho Echenim</a>, <a href="./authors/mhalla">Mehdi Mhalla</a> and <a href="./authors/mori">Coraline Mori</a>
</div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DigitsInBase.html">Positional Notation for Natural Numbers in an Arbitrary Base</a></h5>
<br>
by <a href="./authors/staats">Charles Staats</a>
</div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HyperHoareLogic.html">Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Distributed_Distinct_Elements.html">Distributed Distinct Elements</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CommCSL.html">Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/No_FTL_observers_Gen_Rel.html">No Faster-Than-Light Observers (GenRel)</a></h5>
<br>
by <a href="./authors/stannett">Mike Stannett</a>, <a href="./authors/higgins">Edward Higgins</a>, <a href="./authors/andreka">Hajnal Andreka</a>, <a href="./authors/madarasz">Judit Madarasz</a>, <a href="./authors/nemeti">István Németi</a> and <a href="./authors/szekely">Gergely Szekely</a>
</div>
<span class="date">
Mar 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Expander_Graphs.html">Expander Graphs</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rensets.html">Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probability_Inequality_Completeness.html">A Sound and Complete Calculus for Probability Inequalities</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Edwards_Elliptic_Curves_Group.html">Group Law of Edwards Elliptic Curves</a></h5>
<br>
by <a href="./authors/raya">Rodrigo Raya</a>
</div>
<span class="date">
Feb 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CVP_Hardness.html">Hardness of Lattice Problems</a></h5>
<br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ABY3_Protocols.html">ABY3 Multiplication and Array Shuffling</a></h5>
<br>
by <a href="./authors/hu">Shuwei Hu</a>
</div>
<span class="date">
Jan 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Given_Clause_Loops.html">Given Clause Loops</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/qiu">Qi Qiu</a> and <a href="./authors/tourret">Sophie Tourret</a>
</div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Suppes_Theorem.html">Suppes&#39; Theorem For Probability Logic</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
Jan 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HoareForDivergence.html">A Hoare Logic for Diverging Programs</a></h5>
<br>
by <a href="./authors/pohjola">Johannes Åman Pohjola</a>, <a href="./authors/myreen">Magnus O. Myreen</a> and <a href="./authors/tanaka">Miki Tanaka</a>
</div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/StrictOmegaCategories.html">Strict Omega Categories</a></h5>
<br>
by <a href="./authors/bordg">Anthony Bordg</a> and <a href="./authors/mateo">Adrián Doña Mateo</a>
</div>
<span class="date">
Jan 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Synthetic_Completeness.html">Synthetic Completeness</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cook_Levin.html">The Cook-Levin theorem</a></h5>
<br>
by <a href="./authors/balbach">Frank J. Balbach</a>
</div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Two_Generated_Word_Monoids_Intersection.html">Intersection of two monoids generated by two element codes</a></h5>
<br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binary_Code_Imprimitive.html">Binary codes that do not preserve primitivity</a></h5>
<br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/raska">Martin Raška</a>
</div>
<span class="date">
Jan 03
</span>
</article>
</div>
<div>
<h2 class="year">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Propositional_Logic_Class.html">Class-based Classical Propositional Logic</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quantifier_Elimination_Hybrid.html">A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/cordwell">Katherine Kosaian</a>, <a href="./authors/tan">Yong Kiam Tan</a> and <a href="./authors/platzer">André Platzer</a>
</div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Birkhoff_Finite_Distributive_Lattices.html">Birkhoff&#39;s Representation Theorem For Finite Distributive Lattices</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
Dec 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolos_Curious_Inference_Automated.html">Automation of Boolos&#39; Curious Inference in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a>, <a href="./authors/fuenmayor">David Fuenmayor</a>, <a href="./authors/steen">Alexander Steen</a> and <a href="./authors/sutcliffe">Geoff Sutcliffe</a>
</div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multitape_To_Singletape_TM.html">A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</a></h5>
<br>
by <a href="./authors/dalvit">Christian Dalvit</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Nov 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AOT.html">Abstract Object Theory</a></h5>
<br>
by <a href="./authors/kirchner">Daniel Kirchner</a>
</div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CHERI-C_Memory_Model.html">A Formal CHERI-C Memory Model</a></h5>
<br>
by <a href="./authors/park">Seung Hoon Park</a>
</div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sauer_Shelah_Lemma.html">Sauer-Shelah Lemma</a></h5>
<br>
by <a href="./authors/keskin">Ata Keskin</a>
</div>
<span class="date">
Nov 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kneser_Cauchy_Davenport.html">Kneser&#39;s Theorem and the Cauchy–Davenport Theorem</a></h5>
<br>
by <a href="./authors/baksys">Mantas Bakšys</a> and <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">
Nov 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Turans_Graph_Theorem.html">Turán&#39;s Graph Theorem</a></h5>
<br>
by <a href="./authors/lauermann">Nils Lauermann</a>
</div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Balog_Szemeredi_Gowers.html">The Balog–Szemerédi–Gowers Theorem</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>, <a href="./authors/baksys">Mantas Bakšys</a> and <a href="./authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorial_Enumeration_Algorithms.html">Combinatorial Enumeration Algorithms</a></h5>
<br>
by <a href="./authors/hofmeier">Paul Hofmeier</a> and <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAPP_Impossibility.html">The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</a></h5>
<br>
by <a href="./authors/delemazure">Théo Delemazure</a>, <a href="./authors/demeulemeester">Tom Demeulemeester</a>, <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/israel">Jonas Israel</a> and <a href="./authors/lederer">Patrick Lederer</a>
</div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5>
<br>
by <a href="./authors/stevens">Lukas Stevens</a> and <a href="./authors/stoeckl">Bernhard Stöckl</a>
</div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Undirected_Graph_Theory.html">Undirected Graph Theory</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Maximum_Segment_Sum.html">Maximum Segment Sum</a></h5>
<br>
by <a href="./authors/cremer">Nils Cremer</a>
</div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_Range_RC.html">Making Arbitrary Relational Calculus Queries Safe-Range</a></h5>
<br>
by <a href="./authors/raszyk">Martin Raszyk</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stalnaker_Logic.html">Stalnaker&#39;s Epistemic Logic</a></h5>
<br>
by <a href="./authors/guzman">Laura P. Gamboa Guzman</a>
</div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5>
<br>
by <a href="./authors/crighton">Aaron Crighton</a>
</div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">
Sep 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5>
<br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5>
<br>
by <a href="./authors/sulejmani">Ujkan Sulejmani</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5>
<br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a>
</div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5>
<br>
by <a href="./authors/merz">Stephan Merz</a> and <a href="./authors/trelat">Vincent Trélat</a>
</div>
<span class="date">
Aug 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5>
<br>
by <a href="./authors/bortin">Maksym Bortin</a>
</div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5>
<br>
by <a href="./authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5>
<br>
by <a href="./authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/marmsoler">Diego Marmsoler</a> and <a href="./authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5>
<br>
by <a href="./authors/toth">Balazs Toth</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/ketland">Jeffrey Ketland</a>
</div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5>
<br>
by <a href="./authors/klenze">Tobias Klenze</a> and <a href="./authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Fields.html">Finite Fields</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5>
<br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/stock">Benedikt Stock</a>, <a href="./authors/pal">Abhik Pal</a>, <a href="./authors/matiyasevich">Yuri Matiyasevich</a> and <a href="./authors/schleicher">Dierk Schleicher</a>
</div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5>
<br>
by <a href="./authors/lochmann">Alexander Lochmann</a>
</div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
May 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/schmidinger">Lukas Schmidinger</a>
</div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Digit_Expansions.html">Digit Expansions</a></h5>
<br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/pal">Abhik Pal</a> and <a href="./authors/stock">Benedikt Stock</a>
</div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5>
<br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5>
<br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a>
</div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5>
<br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a>
</div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5>
<br>
by <a href="./authors/stark">Eugene W. Stark</a>
</div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Hash_Families.html">Universal Hash Families</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Eval_FO.html">First-Order Query Evaluation</a></h5>
<br>
by <a href="./authors/raszyk">Martin Raszyk</a>
</div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5>
<br>
by <a href="./authors/raszyk">Martin Raszyk</a>
</div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by <a href="./authors/hirata">Michikazu Hirata</a>, <a href="./authors/minamide">Yasuhiko Minamide</a> and <a href="./authors/sato">Tetsuya Sato</a>
</div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LP_Duality.html">Duality of Linear Programming</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5>
<br>
by <a href="./authors/lochmann">Alexander Lochmann</a> and <a href="./authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/jacobsen">Frederik Krogsdal Jacobsen</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Method.html">Median Method</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a>
</div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5>
<br>
by <a href="./authors/ito">Yosuke Ito</a>
</div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5>
<br>
by <a href="./authors/koller">Lukas Koller</a>
</div>
<span class="date">
Jan 04
</span>
</article>
</div>
<div>
<h2 class="year">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5>
<br>
by <a href="./authors/smola">Filip Smola</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5>
<br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5>
<br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5>
<br>
by <a href="./authors/lochmann">Alexander Lochmann</a>, <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/sternagelt">Thomas Sternagel</a>
</div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5>
<br>
by <a href="./authors/aransay">Jesús Aransay</a>, <a href="./authors/campo">Alejandro del Campo</a> and <a href="./authors/michaelis">Julius Michaelis</a>
</div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5>
<br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5>
<br>
by <a href="./authors/iwama">Fumiya Iwama</a>
</div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5>
<br>
by <a href="./authors/cousin">Marie Cousin</a>, <a href="./authors/echenim">Mnacho Echenim</a> and <a href="./authors/guiol">Hervé Guiol</a>
</div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5>
<br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/reiche">Sebastian Reiche</a>
</div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Nov 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Registers.html">Quantum and Classical Registers</a></h5>
<br>
by <a href="./authors/unruh">Dominique Unruh</a>
</div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Belief_Revision.html">Belief Revision Theory</a></h5>
<br>
by <a href="./authors/fouillard">Valentin Fouillard</a>, <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/sabouret">Nicolas Sabouret</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5>
<br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="./authors/bockenek">Joshua Bockenek</a>, <a href="./authors/roessle">Ian Roessle</a>, <a href="./authors/weerwag">Timmy Weerwag</a> and <a href="./authors/ravindran">Binoy Ravindran</a>
</div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5>
<br>
by <a href="./authors/scharager">Matias Scharager</a>, <a href="./authors/cordwell">Katherine Kosaian</a>, <a href="./authors/mitsch">Stefan Mitsch</a> and <a href="./authors/platzer">André Platzer</a>
</div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5>
<br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="./authors/unruh">Dominique Unruh</a>
</div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Simplification.html">Conditional Simplification</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5>
<br>
by <a href="./authors/milehins">Mihails Milehins</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5>
<br>
by <a href="./authors/jiang">Nan Jiang</a>
</div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Three_Circles.html">The Theorem of Three Circles</a></h5>
<br>
by <a href="./authors/thomson">Fox Thomson</a> and <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fresh_Identifiers.html">Fresh identifiers</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5>
<br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5>
<br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BD_Security_Compositional.html">Compositional BD Security</a></h5>
<br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Design_Theory.html">Combinatorial Design Theory</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Forests.html">Relational Forests</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5>
<br>
by <a href="./authors/schmoetten">Richard Schmoetten</a>, <a href="./authors/palmer">Jake Palmer</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5>
<br>
by <a href="./authors/thommes">Joseph Thommes</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5>
<br>
by <a href="./authors/kappelmann">Kevin Kappelmann</a>, <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/willenbrink">Sebastian Willenbrink</a>
</div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5>
<br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5>
<br>
by <a href="./authors/wassell">Mark Wassell</a>
</div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5>
<br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5>
<br>
by <a href="./authors/holub">Štěpán Holub</a>, <a href="./authors/raska">Martin Raška</a> and <a href="./authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5>
<br>
by <a href="./authors/holub">Štěpán Holub</a>, <a href="./authors/raska">Martin Raška</a> and <a href="./authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regression_Test_Selection.html">Regression Test Selection</a></h5>
<br>
by <a href="./authors/mansky">Susannah Mansky</a>
</div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5>
<br>
by <a href="./authors/kadzioka">Maya Kądziołka</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/rosskopf">Simon Roßkopf</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5>
<br>
by <a href="./authors/cordwell">Katherine Kosaian</a>, <a href="./authors/tan">Yong Kiam Tan</a> and <a href="./authors/platzer">André Platzer</a>
</div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5>
<br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5>
<br>
by <a href="./authors/brun">Matthias Brun</a>, <a href="./authors/decova">Sára Decova</a>, <a href="./authors/lattuada">Andrea Lattuada</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5>
<br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a>
</div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5>
<br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/paulson">Lawrence C. Paulson</a> and <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5>
<br>
by <a href="./authors/crighton">Aaron Crighton</a>
</div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5>
<br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5>
<br>
by <a href="./authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mereology.html">Mereology</a></h5>
<br>
by <a href="./authors/blumson">Ben Blumson</a>
</div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5>
<br>
by <a href="./authors/muendler">Niels Mündler</a>
</div>
<span class="date">
Feb 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5>
<br>
by <a href="./authors/coghetto">Roland Coghetto</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5>
<br>
by <a href="./authors/kadzioka">Maya Kądziołka</a>
</div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5>
<br>
by <a href="./authors/londono">Alejandro Gómez-Londoño</a>
</div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5>
<br>
by <a href="./authors/mansky">Susannah Mansky</a>
</div>
<span class="date">
Jan 11
</span>
</article>
</div>
<div>
<h2 class="year">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5>
<br>
by <a href="./authors/terraf">Pedro Sánchez Terraf</a>
</div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5>
<br>
by <a href="./authors/fuenmayor">David Fuenmayor</a>
</div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/brien">Nicolas Robinson-O&rsquo;Brien</a>
</div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5>
<br>
by <a href="./authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5>
<br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/lachnitt">Hanna Lachnitt</a> and <a href="./authors/he">Yijun He</a>
</div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5>
<br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/ye">Lina Ye</a>
</div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5>
<br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/kurz">Friedrich Kurz</a>
</div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5>
<br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5>
<br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite-Map-Extras.html">Finite Map Extras</a></h5>
<br>
by <a href="./authors/diaz">Javier Díaz</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DOM_Components.html">A Formalization of Web Components</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5>
<br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a>
</div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5>
<br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a>
</div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5>
<br>
by <a href="./authors/balbach">Frank J. Balbach</a>
</div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5>
<br>
by <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/kaufmann">Daniela Kaufmann</a>
</div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/tourret">Sophie Tourret</a>
</div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amicable_Numbers.html">Amicable Numbers</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5>
<br>
by <a href="./authors/fiedler">Ben Fiedler</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/hoefner">Peter Höfner</a>
</div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5>
<br>
by <a href="./authors/rizaldi">Albert Rizaldi</a> and <a href="./authors/immler">Fabian Immler</a>
</div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a>
</div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
May 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5>
<br>
by <a href="./authors/dunaev">Georgy Dunaev</a>
</div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5>
<br>
by <a href="./authors/sickert">Salomon Sickert</a>
</div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5>
<br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a> and <a href="./authors/terraf">Pedro Sánchez Terraf</a>
</div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5>
<br>
by <a href="./authors/unruh">Dominique Unruh</a> and <a href="./authors/caballero">José Manuel Rodríguez Caballero</a>
</div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5>
<br>
by <a href="./authors/kammueller">Florian Kammüller</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gaussian_Integers.html">Gaussian Integers</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5>
<br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maric">Ognjen Marić</a>
</div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5>
<br>
by <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/schneider">Joshua Schneider</a>
</div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>, <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/raszyk">Martin Raszyk</a>, <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5>
<br>
by <a href="./authors/tourret">Sophie Tourret</a>
</div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5>
<br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a> and <a href="./authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5>
<br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a>, <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>
</div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5>
<br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5>
<br>
by <a href="./authors/karayel">Emin Karayel</a> and <a href="./authors/gonzalez">Edgar Gonzàlez</a>
</div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5>
<br>
by <a href="./authors/murray">Toby Murray</a>
</div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hello_World.html">Hello World</a></h5>
<br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Mar 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5>
<br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5>
<br>
by <a href="./authors/desharnais">Martin Desharnais</a>
</div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5>
<br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a>
</div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/moeller">Bernhard Möller</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5>
<br>
by <a href="./authors/essmann">Robin Eßmann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/robillard">Simon Robillard</a> and <a href="./authors/sulejmani">Ujkan Sulejmani</a>
</div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5>
<br>
by <a href="./authors/rau">Martin Rau</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skip_Lists.html">Skip Lists</a></h5>
<br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bicategory.html">Bicategories</a></h5>
<br>
by <a href="./authors/stark">Eugene W. Stark</a>
</div>
<span class="date">
Jan 06
</span>
</article>
</div>
<div>
<h2 class="year">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/tan">Yong Kiam Tan</a>
</div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Disc.html">Poincaré Disc Model</a></h5>
<br>
by <a href="./authors/simic">Danijela Simić</a>, <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/boutry">Pierre Boutry</a>
</div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Geometry.html">Complex Geometry</a></h5>
<br>
by <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/simic">Danijela Simić</a>
</div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5>
<br>
by <a href="./authors/raya">Rodrigo Raya</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5>
<br>
by <a href="./authors/bohrer">Rose Bohrer</a>
</div>
<span class="date">
Nov 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_C.html">Isabelle/C</a></h5>
<br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5>
<br>
by <a href="./authors/butler">David Butler</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5>
<br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5>
<br>
by <a href="./authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5>
<br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fourier.html">Fourier Series</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5>
<br>
by <a href="./authors/ballarin">Clemens Ballarin</a>
</div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5>
<br>
by <a href="./authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laplace_Transform.html">Laplace Transform</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a>
</div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Programming.html">Linear Programming</a></h5>
<br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5>
<br>
by <a href="./authors/buyse">Maxime Buyse</a> and <a href="./authors/jaskolka">Jason Jaskolka</a>
</div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5>
<br>
by <a href="./authors/losa">Giuliano Losa</a>
</div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5>
<br>
by <a href="./authors/van">Hai Nguyen Van</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Jul 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5>
<br>
by <a href="./authors/zeller">Peter Zeller</a> and <a href="./authors/stevens">Lukas Stevens</a>
</div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5>
<br>
by <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5>
<br>
by <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Search_Trees.html">Priority Search Trees</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Inequalities.html">Linear Inequalities</a></h5>
<br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/reynaud">Alban Reynaud</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5>
<br>
by <a href="./authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5>
<br>
by <a href="./authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5>
<br>
by <a href="./authors/griebel">Simon Griebel</a>
</div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Game_Logic.html">Differential Game Logic</a></h5>
<br>
by <a href="./authors/platzer">André Platzer</a>
</div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5>
<br>
by <a href="./authors/rau">Martin Rau</a>
</div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5>
<br>
by <a href="./authors/brun">Matthias Brun</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5>
<br>
by <a href="./authors/aspinall">David Aspinall</a> and <a href="./authors/butler">David Butler</a>
</div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5>
<br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/ye">Lina Ye</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5>
<br>
by <a href="./authors/seidl">Benedikt Seidl</a> and <a href="./authors/sickert">Salomon Sickert</a>
</div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5>
<br>
by <a href="./authors/gheri">Lorenzo Gheri</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QHLProver.html">Quantum Hoare Logic</a></h5>
<br>
by <a href="./authors/liu">Junyi Liu</a>, <a href="./authors/zhan">Bohua Zhan</a>, <a href="./authors/wang">Shuling Wang</a>, <a href="./authors/ying">Shenggang Ying</a>, <a href="./authors/liut">Tao Liu</a>, <a href="./authors/liy">Yangjia Li</a>, <a href="./authors/yingm">Mingsheng Ying</a> and <a href="./authors/zhann">Naijun Zhan</a>
</div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_OCL.html">Safe OCL</a></h5>
<br>
by <a href="./authors/nikiforov">Denis Nikiforov</a>
</div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5>
<br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/biendarra">Julian Biendarra</a>
</div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5>
<br>
by <a href="./authors/stuewe">Daniel Stüwe</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5>
<br>
by <a href="./authors/xu">Jian Xu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a>, <a href="./authors/urban">Christian Urban</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="./authors/regensburger">Franz Regensburger</a>
</div>
<span class="date">
Feb 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Inversions.html">The Inversions of a List</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5>
<br>
by <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/zeyda">Frank Zeyda</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/ribeiro">Pedro Ribeiro</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5>
<br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5>
<br>
by <a href="./authors/cohen">Ernie Cohen</a> and <a href="./authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">
Jan 07
</span>
</article>
</div>
<div>
<h2 class="year">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a>
</div>
<span class="date">
Dec 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5>
<br>
by <a href="./authors/overbeek">Roy Overbeek</a>
</div>
<span class="date">
Dec 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5>
<br>
by <a href="./authors/zhan">Bohua Zhan</a>
</div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transformer_Semantics.html">Transformer Semantics</a></h5>
<br>
by <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quantales.html">Quantales</a></h5>
<br>
by <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5>
<br>
by <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Saturation.html">Graph Saturation</a></h5>
<br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5>
<br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_HOL.html">Auto2 Prover</a></h5>
<br>
by <a href="./authors/zhan">Bohua Zhan</a>
</div>
<span class="date">
Nov 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matroids.html">Matroids</a></h5>
<br>
by <a href="./authors/keinholz">Jonas Keinholz</a>
</div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5>
<br>
by <a href="./authors/raedle">Jonas Rädle</a> and <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5>
<br>
by <a href="./authors/from">Asta Halkjær From</a>
</div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/zhan">Bohua Zhan</a>
</div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5>
<br>
by <a href="./authors/kurz">Friedrich Kurz</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Transcendental.html">The Transcendence of π</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5>
<br>
by <a href="./authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Octonions.html">Octonions</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a>
</div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quaternions.html">Quaternions</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Budan_Fourier.html">The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</a></h5>
<br>
by <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5>
<br>
by <a href="./authors/maricf">Filip Marić</a>, <a href="./authors/spasic">Mirko Spasić</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minsky_Machines.html">Minsky Machines</a></h5>
<br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiscretePricing.html">Pricing in discrete financial models</a></h5>
<br>
by <a href="./authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5>
<br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pell.html">Pell&#39;s Equation</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5>
<br>
by <a href="./authors/bordg">Anthony Bordg</a>
</div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Geometry.html">Projective Geometry</a></h5>
<br>
by <a href="./authors/bordg">Anthony Bordg</a>
</div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5>
<br>
by <a href="./authors/brunner">Julian Brunner</a>
</div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/somogyi">Dániel Somogyi</a>
</div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5>
<br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5>
<br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/scott">Dana Scott</a>
</div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a>, <a href="./authors/hu">Shuwei Hu</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5>
<br>
by <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a>
</div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5>
<br>
by <a href="./authors/bracevac">Oliver Bračevac</a>, <a href="./authors/gay">Richard Gay</a>, <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a>, <a href="./authors/sudbrock">Henning Sudbrock</a> and <a href="./authors/tasch">Markus Tasch</a>
</div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WebAssembly.html">WebAssembly</a></h5>
<br>
by <a href="./authors/watt">Conrad Watt</a>
</div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a>
</div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5>
<br>
by <a href="./authors/brandt">Felix Brandt</a>, <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/saile">Christian Saile</a> and <a href="./authors/stricker">Christian Stricker</a>
</div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/dirix">Stefan Dirix</a>
</div>
<span class="date">
Mar 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML.html">CakeML</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a> and <a href="./authors/zhang">Yu Zhang</a>
</div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5>
<br>
by <a href="./authors/marmsoler">Diego Marmsoler</a>
</div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5>
<br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Treaps.html">Treaps</a></h5>
<br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Error_Function.html">The Error Function</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Order_Terms.html">First-Order Terms</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5>
<br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5>
<br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/waldmann">Uwe Waldmann</a>
</div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5>
<br>
by <a href="./authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5>
<br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Taylor_Models.html">Taylor Models</a></h5>
<br>
by <a href="./authors/traut">Christoph Traut</a> and <a href="./authors/immler">Fabian Immler</a>
</div>
<span class="date">
Jan 08
</span>
</article>
</div>
<div>
<h2 class="year">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Dec 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5>
<br>
by <a href="./authors/hellauer">Fabian Hellauer</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5>
<br>
by <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/oldenburg">Lennart Oldenburg</a> and <a href="./authors/loibl">Matthias Loibl</a>
</div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5>
<br>
by <a href="./authors/linker">Sven Linker</a>
</div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/gioiosa">Gianpaolo Gioiosa</a>
</div>
<span class="date">
Oct 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5>
<br>
by <a href="./authors/brunner">Julian Brunner</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buchi_Complementation.html">Büchi Complementation</a></h5>
<br>
by <a href="./authors/brunner">Julian Brunner</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5>
<br>
by <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5>
<br>
by <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5>
<br>
by <a href="./authors/messner">Florian Messner</a>, <a href="./authors/parsert">Julian Parsert</a>, <a href="./authors/schoepf">Jonas Schöpf</a> and <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Recurrences.html">Linear Recurrences</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_Series.html">Dirichlet Series</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5>
<br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">
Sep 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/kirchner">Daniel Kirchner</a>
</div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/blumson">Ben Blumson</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5>
<br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5>
<br>
by <a href="./authors/raedle">Jonas Rädle</a>
</div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaMu.html">The LambdaMu-calculus</a></h5>
<br>
by <a href="./authors/matache">Cristina Matache</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/mulligan">Dominic P. Mulligan</a>
</div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DynamicArchitectures.html">Dynamic Architectures</a></h5>
<br>
by <a href="./authors/marmsoler">Diego Marmsoler</a>
</div>
<span class="date">
Jul 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5>
<br>
by <a href="./authors/siek">Jeremy Siek</a>
</div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>, <a href="./authors/huffman">Brian Huffman</a>, <a href="./authors/mitchell">Neil Mitchell</a> and <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Jul 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5>
<br>
by <a href="./authors/rawson">Michael Rawson</a>
</div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5>
<br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a>
</div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5>
<br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5>
<br>
by <a href="./authors/dongol">Brijesh Dongol</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optics.html">Optics</a></h5>
<br>
by <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/laursen">Christian Pardillo-Laursen</a> and <a href="./authors/zeyda">Frank Zeyda</a>
</div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dict_Construction.html">Dictionary Construction</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5>
<br>
by <a href="./authors/sprenger">Christoph Sprenger</a> and <a href="./authors/somaini">Ivano Somaini</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_While.html">Probabilistic while loop</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Normalisation.html">Monad normalisation</a></h5>
<br>
by <a href="./authors/schneider">Joshua Schneider</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>, <a href="./authors/sefidgar">S. Reza Sefidgar</a> and <a href="./authors/bhatt">Bhargav Bhatt</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptHOL.html">CryptHOL</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoidalCategory.html">Monoidal Categories</a></h5>
<br>
by <a href="./authors/stark">Eugene W. Stark</a>
</div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">
May 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LocalLexing.html">Local Lexing</a></h5>
<br>
by <a href="./authors/obua">Steven Obua</a>
</div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructor_Funs.html">Constructor Functions</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy_Case.html">Lazifying case constants</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subresultants.html">Subresultants</a></h5>
<br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Mar 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5>
<br>
by <a href="./authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Menger.html">Menger&#39;s Theorem</a></h5>
<br>
by <a href="./authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5>
<br>
by <a href="./authors/bohrer">Rose Bohrer</a>
</div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Soundness.html">Abstract Soundness</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5>
<br>
by <a href="./authors/lallemand">Joseph Lallemand</a> and <a href="./authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bernoulli.html">Bernoulli Numbers</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5>
<br>
by <a href="./authors/wagner">Max Wagner</a> and <a href="./authors/lohner">Denis Lohner</a>
</div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5>
<br>
by <a href="./authors/biendarra">Julian Biendarra</a> and <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/E_Transcendental.html">The Transcendence of e</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5>
<br>
by <a href="./authors/jensen">Alexander Birch Jensen</a>, <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">
Jan 01
</span>
</article>
</div>
<div>
<h2 class="year">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5>
<br>
by <a href="./authors/fell">Julian Fell</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/velykis">Andrius Velykis</a>
</div>
<span class="date">
Dec 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Twelvefold_Way.html">The Twelvefold Way</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5>
<br>
by <a href="./authors/nagashima">Yutaka Nagashima</a>
</div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Paraconsistency.html">Paraconsistency</a></h5>
<br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a>
</div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5>
<br>
by <a href="./authors/amani">Sidney Amani</a>, <a href="./authors/andronick">June Andronick</a>, <a href="./authors/bortin">Maksym Bortin</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/rizkallah">Christine Rizkallah</a> and <a href="./authors/tuongj">Joseph Tuong</a>
</div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5>
<br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a>, <a href="./authors/gore">Rajeev Gore</a> and <a href="./authors/clouston">Ranald Clouston</a>
</div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="./authors/becker">Heiko Becker</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a>
</div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5>
<br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5>
<br>
by <a href="./authors/weber">Tjark Weber</a>, <a href="./authors/eriksson">Lars-Henrik Eriksson</a>, <a href="./authors/parrow">Joachim Parrow</a>, <a href="./authors/borgstroem">Johannes Borgström</a> and <a href="./authors/gutkovas">Ramunas Gutkovas</a>
</div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stable_Matching.html">Stable Matching</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5>
<br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5>
<br>
by <a href="./authors/hibon">Quentin Hibon</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5>
<br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a> and <a href="./authors/liuy">Yang Liu</a>
</div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Oct 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lp.html">Lp spaces</a></h5>
<br>
by <a href="./authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">
Oct 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5>
<br>
by <a href="./authors/ghourabi">Fadoua Ghourabi</a>
</div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a>
</div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Iptables_Semantics.html">Iptables Semantics</a></h5>
<br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Algebras.html">Stone Algebras</a></h5>
<br>
by <a href="./authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5>
<br>
by <a href="./authors/peltier">Nicolas Peltier</a>
</div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Routing.html">Routing</a></h5>
<br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simple_Firewall.html">Simple Firewall</a></h5>
<br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/haslbeck">Max W. Haslbeck</a>
</div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5>
<br>
by <a href="./authors/aissat">Romain Aissat</a>, <a href="./authors/voisin">Frederic Voisin</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Surprise_Paradox.html">Surprise Paradox</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pairing_Heap.html">Pairing Heap</a></h5>
<br>
by <a href="./authors/brinkop">Hauke Brinkop</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/neumann">René Neumann</a>
</div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5>
<br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a>
</div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewriting_Z.html">The Z Property</a></h5>
<br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/nagele">Julian Nagele</a>, <a href="./authors/oostrom">Vincent van Oostrom</a> and <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5>
<br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>
</div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IP_Addresses.html">IP Addresses</a></h5>
<br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5>
<br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5>
<br>
by <a href="./authors/stark">Eugene W. Stark</a>
</div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Multisets.html">Cardinality of Multisets</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5>
<br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Catalan_Numbers.html">Catalan Numbers</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5>
<br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Word_Lib.html">Finite Machine Word Library</a></h5>
<br>
by <a href="./authors/beeren">Joel Beeren</a>, <a href="./authors/fernandez">Matthew Fernandez</a>, <a href="./authors/gao">Xin Gao</a>, <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a>, <a href="./authors/lim">Japheth Lim</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/matichuk">Daniel Matichuk</a> and <a href="./authors/sewell">Thomas Sewell</a>
</div>
<span class="date">
Jun 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree_Decomposition.html">Tree Decomposition</a></h5>
<br>
by <a href="./authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">
May 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5>
<br>
by <a href="./authors/ausaf">Fahad Ausaf</a>, <a href="./authors/dyckhoff">Roy Dyckhoff</a> and <a href="./authors/urban">Christian Urban</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a> and <a href="./authors/lohner">Denis Lohner</a>
</div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/kuncar">Ondřej Kunčar</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by <a href="./authors/bisping">Benjamin Bisping</a>, <a href="./authors/brodmann">Paul-David Brodmann</a>, <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/rickmann">Christina Rickmann</a>, <a href="./authors/seidler">Henning Seidler</a>, <a href="./authors/stueber">Anke Stüber</a>, <a href="./authors/weidner">Arno Wilhelm-Weidner</a>, <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/nestmann">Uwe Nestmann</a>
</div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/maletzky">Alexander Maletzky</a>
</div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5>
<br>
by <a href="./authors/stannett">Mike Stannett</a> and <a href="./authors/nemeti">István Németi</a>
</div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5>
<br>
by <a href="./authors/michaelis">Julius Michaelis</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5>
<br>
by <a href="./authors/bortin">Maksym Bortin</a>
</div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAD.html">Kleene Algebras with Domain</a></h5>
<br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/guttmann">Walter Guttmann</a>, <a href="./authors/hoefner">Peter Höfner</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a>
</div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5>
<br>
by <a href="./authors/peltier">Nicolas Peltier</a>
</div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Timed_Automata.html">Timed Automata</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL.html">Linear Temporal Logic</a></h5>
<br>
by <a href="./authors/sickert">Salomon Sickert</a>
</div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Update.html">Analysis of List Update Algorithms</a></h5>
<br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5>
<br>
by <a href="./authors/ullrich">Sebastian Ullrich</a> and <a href="./authors/lohner">Denis Lohner</a>
</div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knot_Theory.html">Knot Theory</a></h5>
<br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a>
</div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5>
<br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a>
</div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Jan 14
</span>
</article>
</div>
<div>
<h2 class="year">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Liouville_Numbers.html">Liouville numbers</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Applicative_Lifting.html">Applicative Lifting</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a>
</div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Latin_Square.html">Latin Square</a></h5>
<br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ergodic_Theory.html">Ergodic Theory</a></h5>
<br>
by <a href="./authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Planarity_Certificates.html">Planarity Certificates</a></h5>
<br>
by <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5>
<br>
by <a href="./authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5>
<br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5>
<br>
by <a href="./authors/sickert">Salomon Sickert</a>
</div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a>
</div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5>
<br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5>
<br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a>
</div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5>
<br>
by <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/glabbeek">Rob van Glabbeek</a>
</div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5>
<br>
by <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Landau_Symbols.html">Landau Symbols</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite.html">Hermite Normal Form</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a>
</div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Derangements.html">Derangements Formula</a></h5>
<br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a>
</div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multirelations.html">Binary Multirelations</a></h5>
<br>
by <a href="./authors/furusawa">Hitoshi Furusawa</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5>
<br>
by <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5>
<br>
by <a href="./authors/hoelzl">Johannes Hölzl</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5>
<br>
by <a href="./authors/caminati">Marco B. Caminati</a>, <a href="./authors/kerber">Manfred Kerber</a>, <a href="./authors/lange">Christoph Lange</a> and <a href="./authors/rowat">Colin Rowat</a>
</div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Residuated_Lattices.html">Residuated Lattices</a></h5>
<br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>, <a href="./authors/hosking">Tony Hosking</a> and <a href="./authors/engelhardt">Kai Engelhardt</a>
</div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentIMP.html">Concurrent IMP</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Trie.html">Trie</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Consensus_Refined.html">Consensus Refined</a></h5>
<br>
by <a href="./authors/maric">Ognjen Marić</a> and <a href="./authors/sprenger">Christoph Sprenger</a>
</div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deriving.html">Deriving class instances for datatypes</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Call_Arity.html">The Safety of Call Arity</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QR_Decomposition.html">QR Decomposition</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a>
</div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Echelon_Form.html">Echelon Form</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a>
</div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5>
<br>
by <a href="./authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">
Jan 28
</span>
</article>
</div>
<div>
<h2 class="year">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF.html">The Unified Policy Framework (UPF)</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5>
<br>
by <a href="./authors/bourke">Timothy Bourke</a> and <a href="./authors/hoefner">Peter Höfner</a>
</div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maximova">Alexandra Maximova</a>
</div>
<span class="date">
Oct 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5>
<br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/XML.html">XML</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Certification_Monads.html">Certification Monads</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Tarski.html">The Sturm–Tarski Theorem</a></h5>
<br>
by <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5>
<br>
by <a href="./authors/adelsberger">Stephan Adelsberger</a>, <a href="./authors/hetzl">Stefan Hetzl</a> and <a href="./authors/pollak">Florian Pollak</a>
</div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5>
<br>
by <a href="./authors/raumer">Jakob von Raumer</a>
</div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a>
</div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VectorSpace.html">Vector Spaces</a></h5>
<br>
by <a href="./authors/lee">Holden Lee</a>
</div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skew_Heap.html">Skew Heap</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Splay_Tree.html">Splay Tree</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5>
<br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/tverdyshev">Sergey Tverdyshev</a>, <a href="./authors/havle">Oto Havle</a>, <a href="./authors/blasum">Holger Blasum</a>, <a href="./authors/langenstein">Bruno Langenstein</a>, <a href="./authors/stephan">Werner Stephan</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/schmaltz">Julien Schmaltz</a>
</div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/pGCL.html">pGCL for Isabelle</a></h5>
<br>
by <a href="./authors/cock">David Cock</a>
</div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5>
<br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>
</div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pop_Refinement.html">Pop-Refinement</a></h5>
<br>
by <a href="./authors/coglio">Alessandro Coglio</a>
</div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5>
<br>
by <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_Automata.html">The CAVA Automata Library</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Promela.html">Promela Formalization</a></h5>
<br>
by <a href="./authors/neumann">René Neumann</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5>
<br>
by <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5>
<br>
by <a href="./authors/esparza">Javier Esparza</a>, <a href="./authors/lammich">Peter Lammich</a>, <a href="./authors/neumann">René Neumann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/smaus">Jan-Georg Smaus</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5>
<br>
by <a href="./authors/wenzel">Makarius Wenzel</a>
</div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Algebras.html">Regular Algebras</a></h5>
<br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5>
<br>
by <a href="./authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Strong_Security.html">A Formalization of Strong Security</a></h5>
<br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a>
</div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5>
<br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a>
</div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5>
<br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/schoepe">Daniel Schoepe</a>
</div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a>
</div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Completeness.html">Abstract Completeness</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5>
<br>
by <a href="./authors/rabe">Markus N. Rabe</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Discrete_Summation.html">Discrete Summation</a></h5>
<br>
by <a href="./authors/haftmann">Florian Haftmann</a>
</div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5>
<br>
by <a href="./authors/wickerson">John Wickerson</a>
</div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5>
<br>
by <a href="./authors/bourke">Timothy Bourke</a>
</div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5>
<br>
by <a href="./authors/hupel">Lars Hupel</a>
</div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5>
<br>
by <a href="./authors/petrovic">Danijela Petrovic</a>
</div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a>
</div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5>
<br>
by <a href="./authors/raumer">Jakob von Raumer</a>
</div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relation_Algebra.html">Relation Algebra</a></h5>
<br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a>
</div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5>
<br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a>
</div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5>
<br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5>
<br>
by <a href="./authors/eberl">Manuel Eberl</a>
</div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5>
<br>
by <a href="./authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">
Jan 11
</span>
</article>
</div>
<div>
<h2 class="year">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5>
<br>
by <a href="./authors/noce">Pasquale Noce</a>
</div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5>
<br>
by <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5>
<br>
by <a href="./authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">
Nov 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5>
<br>
by <a href="./authors/spichkova">Maria Spichkova</a>
</div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/paleo">Bruno Woltzenlogel Paleo</a>
</div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5>
<br>
by <a href="./authors/zankl">Harald Zankl</a>
</div>
<span class="date">
Nov 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Native_Word.html">Native Word</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5>
<br>
by <a href="./authors/yu">Lei Yu</a>
</div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5>
<br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5>
<br>
by <a href="./authors/li">Wenda Li</a>
</div>
<span class="date">
Jul 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5>
<br>
by <a href="./authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Theory.html">Graph Theory</a></h5>
<br>
by <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Containers.html">Light-weight Containers</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nominal2.html">Nominal 2</a></h5>
<br>
by <a href="./authors/urban">Christian Urban</a>, <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5>
<br>
by <a href="./authors/wickerson">John Wickerson</a>
</div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5>
<br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a>
</div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kleene_Algebra.html">Kleene Algebra</a></h5>
<br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a>
</div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jan 03
</span>
</article>
</div>
<div>
<h2 class="year">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/meis">Rene Meis</a>
</div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Open_Induction.html">Open Induction</a></h5>
<br>
by <a href="./authors/ogawa">Mizuhito Ogawa</a> and <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5>
<br>
by <a href="./authors/makarios">T. J. M. Makarios</a>
</div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bondy.html">Bondy&#39;s Theorem</a></h5>
<br>
by <a href="./authors/avigad">Jeremy Avigad</a> and <a href="./authors/hetzl">Stefan Hetzl</a>
</div>
<span class="date">
Oct 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5>
<br>
by <a href="./authors/romanos">Ralph Romanos</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5>
<br>
by <a href="./authors/debrat">Henri Debrat</a> and <a href="./authors/merz">Stephan Merz</a>
</div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PCF.html">Logical Relations for PCF</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5>
<br>
by <a href="./authors/huffman">Brian Huffman</a>
</div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5>
<br>
by <a href="./authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5>
<br>
by <a href="./authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CCS.html">CCS in nominal logic</a></h5>
<br>
by <a href="./authors/bengtson">Jesper Bengtson</a>
</div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Circus.html">Isabelle/Circus</a></h5>
<br>
by <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/gaudel">Marie-Claude Gaudel</a>
</div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Algebra.html">Separation Algebra</a></h5>
<br>
by <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a> and <a href="./authors/boyton">Andrew Boyton</a>
</div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5>
<br>
by <a href="./authors/merz">Stephan Merz</a>
</div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5>
<br>
by <a href="./authors/bella">Giampaolo Bella</a>
</div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5>
<br>
by <a href="./authors/guerraoui">Rachid Guerraoui</a>, <a href="./authors/kuncak">Viktor Kuncak</a> and <a href="./authors/losa">Giuliano Losa</a>
</div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5>
<br>
by <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5>
<br>
by <a href="./authors/noschinski">Lars Noschinski</a>
</div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5>
<br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Markov_Models.html">Markov Models</a></h5>
<br>
by <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jan 03
</span>
</article>
</div>
<div>
<h2 class="year">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/grov">Gudmund Grov</a> and <a href="./authors/merz">Stephan Merz</a>
</div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a>
</div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PseudoHoops.html">Pseudo Hoops</a></h5>
<br>
by <a href="./authors/georgescu">George Georgescu</a>, <a href="./authors/leustean">Laurentiu Leustean</a> and <a href="./authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LatticeProperties.html">Lattice Properties</a></h5>
<br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5>
<br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5>
<br>
by <a href="./authors/wu">Chunhan Wu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a> and <a href="./authors/urban">Christian Urban</a>
</div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5>
<br>
by <a href="./authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KBPs.html">Knowledge-based programs</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
May 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/General-Triangle.html">The General Triangle Is Unique</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Mar 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5>
<br>
by <a href="./authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Infinite.html">Infinite Lists</a></h5>
<br>
by <a href="./authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5>
<br>
by <a href="./authors/trachtenherz">David Trachtenherz</a>
</div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LightweightJava.html">Lightweight Java</a></h5>
<br>
by <a href="./authors/strnisa">Rok Strniša</a> and <a href="./authors/parkinson">Matthew Parkinson</a>
</div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5>
<br>
by <a href="./authors/immler">Fabian Immler</a>
</div>
<span class="date">
Jan 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5>
<br>
by <a href="./authors/grechuk">Bogdan Grechuk</a>
</div>
<span class="date">
Jan 08
</span>
</article>
</div>
<div>
<h2 class="year">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5>
<br>
by <a href="./authors/jiangd">Dongchen Jiang</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Queues.html">Functional Binomial Queues</a></h5>
<br>
by <a href="./authors/neumann">René Neumann</a>
</div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finger-Trees.html">Finger Trees</a></h5>
<br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a>, <a href="./authors/koerner">Stefan Körner</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5>
<br>
by <a href="./authors/meis">Rene Meis</a>, <a href="./authors/nielsen">Finn Nielsen</a> and <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5>
<br>
by <a href="./authors/doczkal">Christian Doczkal</a>
</div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomials.html">Executable Multivariate Polynomials</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/maletzky">Alexander Maletzky</a>, <a href="./authors/immler">Fabian Immler</a>, <a href="./authors/haftmann">Florian Haftmann</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5>
<br>
by <a href="./authors/helke">Steffen Helke</a> and <a href="./authors/kammueller">Florian Kammüller</a>
</div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Groups.html">Free Groups</a></h5>
<br>
by <a href="./authors/breitner">Joachim Breitner</a>
</div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category2.html">Category Theory</a></h5>
<br>
by <a href="./authors/katovsky">Alexander Katovsky</a>
</div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5>
<br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a>
</div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5>
<br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5>
<br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a>
</div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5>
<br>
by <a href="./authors/doty">Matthew Doty</a>
</div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular-Sets.html">Regular Sets and Expressions</a></h5>
<br>
by <a href="./authors/krauss">Alexander Krauss</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5>
<br>
by <a href="./authors/henrio">Ludovic Henrio</a>, <a href="./authors/kammueller">Florian Kammüller</a>, <a href="./authors/lutz">Bianca Lutz</a> and <a href="./authors/sudhof">Henry Sudhof</a>
</div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5>
<br>
by <a href="./authors/huffman">Brian Huffman</a>
</div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5>
<br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5>
<br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Index.html">List Index</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive.html">Coinductive</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Feb 12
</span>
</article>
</div>
<div>
<h2 class="year">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5>
<br>
by <a href="./authors/heller">Armin Heller</a>
</div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5>
<br>
by <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/reiter">Markus Reiter</a>
</div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree-Automata.html">Tree Automata</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Collections.html">Collections Framework</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a>
</div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5>
<br>
by <a href="./authors/ijbema">Mark Ijbema</a>
</div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5>
<br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
Nov 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5>
<br>
by <a href="./authors/popescu">Andrei Popescu</a>
</div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5>
<br>
by <a href="./authors/chapman">Peter Chapman</a>
</div>
<span class="date">
Aug 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/kastermans">Bart Kastermans</a>
</div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FinFun.html">Code Generation for Functions as Data</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream-Fusion.html">Stream Fusion</a></h5>
<br>
by <a href="./authors/huffman">Brian Huffman</a>
</div>
<span class="date">
Apr 29
</span>
</article>
</div>
<div>
<h2 class="year">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5>
<br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a>
</div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFPL.html">Secure information flow and program logics</a></h5>
<br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a>
</div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5>
<br>
by <a href="./authors/gammie">Peter Gammie</a>
</div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithTilings.html">Fun With Tilings</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">
Nov 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5>
<br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>
</div>
<span class="date">
Oct 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Slicing.html">Towards Certified Slicing</a></h5>
<br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5>
<br>
by <a href="./authors/snelting">Gregor Snelting</a> and <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithFunctions.html">Fun With Functions</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5>
<br>
by <a href="./authors/maricf">Filip Marić</a>
</div>
<span class="date">
Jul 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Theory-I.html">Recursion Theory I</a></h5>
<br>
by <a href="./authors/nedzelsky">Michael Nedzelsky</a>
</div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BDD.html">BDD Normalisation</a></h5>
<br>
by <a href="./authors/ortner">Veronika Ortner</a> and <a href="./authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5>
<br>
by <a href="./authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/NormByEval.html">Normalization by Evaluation</a></h5>
<br>
by <a href="./authors/aehlig">Klaus Aehlig</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jan 11
</span>
</article>
</div>
<div>
<h2 class="year">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5>
<br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/olm">Markus Müller-Olm</a>
</div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaThreads.html">Jinja with Threads</a></h5>
<br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5>
<br>
by <a href="./authors/boehme">Sascha Böhme</a>
</div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SumSquares.html">Sums of Two and Four Squares</a></h5>
<br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a>
</div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5>
<br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a>
</div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5>
<br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a>
</div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5>
<br>
by <a href="./authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">
Aug 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5>
<br>
by <a href="./authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">
Aug 02
</span>
</article>
</div>
<div>
<h2 class="year">2006</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HotelKeyCards.html">Hotel Key Card System</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5>
<br>
by <a href="./authors/bauer">Gertrud Bauer</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5>
<br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5>
<br>
by <a href="./authors/fosterj">J. Nathan Foster</a> and <a href="./authors/vytiniotis">Dimitrios Vytiniotis</a>
</div>
<span class="date">
Mar 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5>
<br>
by <a href="./authors/barsotti">Damián Barsotti</a>
</div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5>
<br>
by <a href="./authors/porter">Benjamin Porter</a>
</div>
<span class="date">
Mar 14
</span>
</article>
</div>
<div>
<h2 class="year">2005</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal.html">Countable Ordinals</a></h5>
<br>
by <a href="./authors/huffman">Brian Huffman</a>
</div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FFT.html">Fast Fourier Transform</a></h5>
<br>
by <a href="./authors/ballarin">Clemens Ballarin</a>
</div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5>
<br>
by <a href="./authors/tiu">Alwen Tiu</a>
</div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5>
<br>
by <a href="./authors/jaskelioff">Mauro Jaskelioff</a> and <a href="./authors/merz">Stephan Merz</a>
</div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5>
<br>
by <a href="./authors/rauch">Nicole Rauch</a> and <a href="./authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jinja.html">Jinja is not Java</a></h5>
<br>
by <a href="./authors/klein">Gerwin Klein</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5>
<br>
by <a href="./authors/lindenberg">Christina Lindenberg</a> and <a href="./authors/wirt">Kai Wirt</a>
</div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5>
<br>
by <a href="./authors/keefe">Greg O&rsquo;Keefe</a>
</div>
<span class="date">
Apr 21
</span>
</article>
</div>
<div>
<h2 class="year">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FileRefinement.html">File Refinement</a></h5>
<br>
by <a href="./authors/zee">Karen Zee</a> and <a href="./authors/kuncak">Viktor Kuncak</a>
</div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Integration.html">Integration theory and random variables</a></h5>
<br>
by <a href="./authors/richter">Stefan Richter</a>
</div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5>
<br>
by <a href="./authors/ridge">Tom Ridge</a>
</div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5>
<br>
by <a href="./authors/ridge">Tom Ridge</a>
</div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Completeness.html">Completeness theorem</a></h5>
<br>
by <a href="./authors/margetson">James Margetson</a> and <a href="./authors/ridge">Tom Ridge</a>
</div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Depth-First-Search.html">Depth First Search</a></h5>
<br>
by <a href="./authors/nishihara">Toshiaki Nishihara</a> and <a href="./authors/minamide">Yasuhiko Minamide</a>
</div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5>
<br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a>, <a href="./authors/chen">L. Chen</a> and <a href="./authors/murao">H. Murao</a>
</div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topology.html">Topology</a></h5>
<br>
by <a href="./authors/friedrich">Stefan Friedrich</a>
</div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy-Lists-II.html">Lazy Lists II</a></h5>
<br>
by <a href="./authors/friedrich">Stefan Friedrich</a>
</div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BinarySearchTree.html">Binary Search Trees</a></h5>
<br>
by <a href="./authors/kuncak">Viktor Kuncak</a>
</div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional-Automata.html">Functional Automata</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniML.html">Mini ML</a></h5>
<br>
by <a href="./authors/naraschewski">Wolfgang Naraschewski</a> and <a href="./authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">
Mar 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AVL-Trees.html">AVL Trees</a></h5>
<br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/pusch">Cornelia Pusch</a>
</div>
<span class="date">
Mar 19
</span>
</article>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/index.json b/web/index.json
--- a/web/index.json
+++ b/web/index.json
@@ -1,15574 +1,15687 @@
[
{
+ "abstract": "This entry contains the accompanying formalisation of the paper \u003ca href=\"https://conf.researchr.org/details/aplas-2023/aplas-2023-research-papers/15/Transport-via-Partial-Galois-Connections-and-Equivalences\"\u003e\"Transport via Partial Galois Connections and Equivalences\" (APLAS 2023)\u003c/a\u003e. It contains a theoretical framework to transport programs via equivalences, subsuming the theory of \u003ca href=\"https://doi.org/10.1007/978-3-319-03545-1_9\"\u003eIsabelle's Lifting package\u003c/a\u003e. It also contains a prototype to automate transports using this framework in Isabelle/HOL, but this prototype is not yet ready for production. Finally, it contains a library on top of Isabelle/HOL's axioms, including various relativised concepts on orders, functions, binary relations, and Galois connections and equivalences.",
+ "authors": [
+ "Kevin Kappelmann"
+ ],
+ "date": "2023-10-11",
+ "id": 0,
+ "link": "/entries/Transport.html",
+ "permalink": "/entries/Transport.html",
+ "shortname": "Transport",
+ "title": "Transport via Partial Galois Connections and Equivalences",
+ "topic_links": [
+ "computer-science/programming-languages/lambda-calculi",
+ "computer-science/programming-languages/type-systems",
+ "computer-science/semantics-and-reasoning",
+ "mathematics/order"
+ ],
+ "topics": [
+ "Computer science/Programming languages/Lambda calculi",
+ "Computer science/Programming languages/Type systems",
+ "Computer science/Semantics and reasoning",
+ "Mathematics/Order"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "In relation algebras, which model unweighted graphs, the cardinality operation counts the number of edges of a graph. We generalise the cardinality axioms to Stone relation algebras, which model weighted graphs, and study the relationships between various axioms for cardinality. We also give a representation theorem for Stone relation algebras.",
"authors": [
"Walter Guttmann"
],
"date": "2023-09-22",
- "id": 0,
+ "id": 1,
"link": "/entries/Relational_Cardinality.html",
"permalink": "/entries/Relational_Cardinality.html",
"shortname": "Relational_Cardinality",
"title": "Cardinality and Representation of Stone Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry aims to formalise several useful general techniques for using the probabilistic method for combinatorial structures (or discrete spaces more generally). In particular, it focuses on bounding tools for combinatorics, such as the union and complete independence bounds, and the first formalisation of the pivotal Lov\u0026aacutesz local lemma. The formalisation focuses on the general lemma, however also proves several useful variations, including the more well-known symmetric version. Both the original formalisation and several of the variations used dependency graphs, which were formalised using Noschinski's general directed graph library. Additionally, the entry provides several useful existence lemmas, required at the end of most probabilistic proofs on combinatorial structures. Finally, the entry includes several significant extensions to the existing probability libraries, particularly for conditional probability (such as Bayes theorem) and independent events. The formalisation is primarily based on Alon and Spencer's textbook \"The Probabilistic Method\", as well as Zhao's course notes on the subject.",
"authors": [
"Chelsea Edmonds"
],
"date": "2023-09-20",
- "id": 1,
+ "id": 2,
"link": "/entries/Lovasz_Local.html",
"permalink": "/entries/Lovasz_Local.html",
"shortname": "Lovasz_Local",
"title": "General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma",
"topic_links": [
"mathematics/probability-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "This entry is a simple extension of the Combinatorial design theory library, which presents new and existing concepts using hypergraph language. Both designs and hypergraphs are types of incidence set systems and hence have the same underlying foundation. However, they are often used in different contexts, and some definitions are unique. This library uses locales to rewrite equivalent definitions and build a basic hypergraph hierarchy with direct links to equivalent design theory concepts to avoid repetition, further demonstrating the power of the \"locale-centric\" approach. The library includes all standard definitions (order, degree etc.), as well as some extensions on hypergraph decompositions and spanning subhypergraphs.",
"authors": [
"Chelsea Edmonds"
],
"date": "2023-09-20",
- "id": 2,
+ "id": 3,
"link": "/entries/Hypergraph_Basics.html",
"permalink": "/entries/Hypergraph_Basics.html",
"shortname": "Hypergraph_Basics",
"title": "Hypergraphs",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "This article provides various unification utilities for Isabelle/ML, most prominently: \u003col\u003e \u003cli\u003eFirst-order and higher-order pattern \u003ca href=\"https://en.wikipedia.org/wiki/Unification_(computer_science)#E-unification\"\u003eE-unification\u003c/a\u003e and E-matching. While unifiers in Isabelle/ML only consider the $\\alpha\\beta\\eta$-equational theory of the $\\lambda$-calculus, unifiers in this article may take an extra background theory, in the form of an equational prover, into account. For example, the unification problem $n + 1 \\equiv {}?m + Suc\\; 0$ may be solved by providing a prover for the background theory $\\forall n.\\ n + 1 \\equiv n + Suc\\; 0$.\u003c/li\u003e \u003cli\u003eTactics, methods, and attributes with adjustable unifiers (e.g.\\ resolution, fact, assumption, OF).\u003c/li\u003e \u003cli\u003eA generalisation of \u003ca href=\"https://doi.org/10.1007/978-3-642-03359-9_8\"\u003eunification hints\u003c/a\u003e. Unification hints are a flexible extension for unifiers. Among other things, they can be used for reflective tactics, to provide canonical unification instances, or to simply strengthen the background theory of a unifier in a controlled manner.\u003c/li\u003e \u003cli\u003eSimplifier integration for e-unifiers.\u003c/li\u003e \u003cli\u003ePractical combinations of unification algorithms, e.g. a combination of first-order and higher-order pattern unification.\u003c/li\u003e \u003cli\u003eA hierarchical logger for Isabelle/ML, including per logger configurations with log levels, output channels, message filters.\u003c/li\u003e \u003c/ol\u003e While this entry works with every object logic, some extra setup for Isabelle/HOL and application examples are provided. All unifiers are tested with \u003ca href=\"https://isa-afp.org/entries/SpecCheck.html\"\u003eSpecCheck\u003c/a\u003e.",
"authors": [
"Kevin Kappelmann"
],
"date": "2023-09-19",
- "id": 3,
+ "id": 4,
"link": "/entries/ML_Unification.html",
"permalink": "/entries/ML_Unification.html",
"shortname": "ML_Unification",
"title": "Unification Utilities for Isabelle/ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
- "used_by": 0
+ "used_by": 1
},
{
"abstract": "Euler stated in 1752 that every convex polyhedron satisfied the formula $V - E + F = 2$ where $V$, $E$ and $F$ are the numbers of its vertices, edges, and faces. For three dimensions, the well-known proof involves removing one face and then flattening the remainder to form a planar graph, which then is iteratively transformed to leave a single triangle. The history of that proof is extensively discussed and elaborated by Imre Lakatos, leaving one finally wondering whether the theorem even holds. The formal proof provided here has been ported from HOL Light, where it is credited to Lawrence. The proof generalises Euler's observation from solid polyhedra to convex polytopes of arbitrary dimension.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2023-09-16",
- "id": 4,
+ "id": 5,
"link": "/entries/Euler_Polyhedron_Formula.html",
"permalink": "/entries/Euler_Polyhedron_Formula.html",
"shortname": "Euler_Polyhedron_Formula",
"title": "Euler's Polyhedron Formula",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
+ "abstract": "This entry formalises the paper of the same name by Huang et al. and presents a unifying characterisation of well-known conformance relations such as equivalence and language inclusion (reduction) on languages over input/output pairs. This characterisation simplifies comparisons between conformance relations and from it a fundamental necessary and sufficient criterion for conformance testing is developed.",
+ "authors": [
+ "Robert Sachtleben"
+ ],
+ "date": "2023-09-01",
+ "id": 6,
+ "link": "/entries/IO_Language_Conformance.html",
+ "permalink": "/entries/IO_Language_Conformance.html",
+ "shortname": "IO_Language_Conformance",
+ "title": "Conformance Relations between Input/Output Languages",
+ "topic_links": [
+ "computer-science/automata-and-formal-languages"
+ ],
+ "topics": [
+ "Computer science/Automata and formal languages"
+ ],
+ "used_by": 0
+ },
+ {
+ "abstract": "\u003cp\u003eWe survey and extend characterizations of \u003cem\u003ecoupled similarity\u003c/em\u003e and \u003cem\u003econtrasimilarity\u003c/em\u003e and prove properties relevant for algorithms computing their simulation preorders and equivalences.\u003c/p\u003e \u003cp\u003eCoupled similarity and contrasimilarity are two weak forms of bisimilarity for systems with internal behavior. They have outstanding applications in contexts where internal choices must transparently be distributed in time or space, for example, in process calculi encodings or in action refinements.\u003c/p\u003e \u003cp\u003eOur key contribution is to characterize the coupled simulation and contrasimulation preorders by \u003cem\u003ereachability games\u003c/em\u003e. We also show how preexisting definitions coincide and that they can be reformulated using \u003cem\u003ecoupled delay simulations\u003c/em\u003e. We moreover verify a polynomial-time coinductive fixed-point algorithm computing the coupled simulation preorder. Through reduction proofs, we establish that deciding coupled similarity is at least as complex as computing weak similarity; and that contrasimilarity checking is at least as hard as trace inclusion checking.\u003c/p\u003e",
+ "authors": [
+ "Benjamin Bisping",
+ "Luisa Montanari"
+ ],
+ "date": "2023-08-18",
+ "id": 7,
+ "link": "/entries/Coupledsim_Contrasim.html",
+ "permalink": "/entries/Coupledsim_Contrasim.html",
+ "shortname": "Coupledsim_Contrasim",
+ "title": "Coupled Similarity and Contrasimilarity, and How to Compute Them",
+ "topic_links": [
+ "computer-science/concurrency",
+ "mathematics/games-and-economics",
+ "logic/general-logic/modal-logic"
+ ],
+ "topics": [
+ "Computer science/Concurrency",
+ "Mathematics/Games and economics",
+ "Logic/General logic/Modal logic"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "This entry contains a definition of the area the triangle constructed by three points. Building on this, some basic geometric properties about the area of a triangle are derived. These properties are used to prove Ceva's theorem.",
"authors": [
"Mathias Schack Rabing"
],
"date": "2023-08-16",
- "id": 5,
+ "id": 8,
"link": "/entries/Ceva.html",
"permalink": "/entries/Ceva.html",
"shortname": "Ceva",
"title": "Ceva's Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This AFP entry formalises catoids, which are generalisations of single-set categories, and groupoids. More specifically, in catoids, the partial composition of arrows in a category is generalised to a multioperation, which sends pairs of elements to sets of elements, and the definedness condition of arrow composition -- two arrows can be composed if and only the target of the first matches the source of the second -- is relaxed. Beyond a library of basic laws for catoids, single-set categories and groupoids, I formalise the facts that every catoid can be lifted to a modal powerset quantale, that every groupoid can be lifted to a Dedekind quantale and to power set relation algebras, a special case of a famous result of Jónsson and Tarski. Finally, I show that single-set categories are equivalent to a standard axiomatisation of categories based on a set of objects and a set of arrows, and compare catoids with related structures such as multimonoid and relational monoids (monoids in the monoidal category Rel).",
"authors": [
"Georg Struth"
],
"date": "2023-08-14",
- "id": 6,
+ "id": 9,
"link": "/entries/Catoids.html",
"permalink": "/entries/Catoids.html",
"shortname": "Catoids",
"title": "Catoids, Categories, Groupoids",
"topic_links": [
"mathematics/algebra",
"mathematics/category-theory"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "This theory introduces a type constructor for lists with known length, also known as \"vectors\". Those vectors are indexed with a numeral type that represent their length. This can be employed to avoid carrying around length constraints on lists. Instead, those constraints are discharged by the type checker. As compared to the vectors defined in the distribution, this definition can easily work with unit vectors. We exploit the fact that the cardinality of an infinite type is defined to be 0: thus any infinite length index type represents a unit vector. Furthermore, we set up automation and BNF support.",
"authors": [
"Lars Hupel"
],
"date": "2023-08-14",
- "id": 7,
+ "id": 10,
"link": "/entries/Fixed_Length_Vector.html",
"permalink": "/entries/Fixed_Length_Vector.html",
"shortname": "Fixed_Length_Vector",
"title": "Fixed-length vectors",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize the proofs of Cauchy's and Legendre's Polygonal Number Theorems given in Melvyn B. Nathanson's book \"Additive Number Theory: The Classical Bases\".\u003c/p\u003e \u003cp\u003eFor $m \\geq 1$, the $k$-th polygonal number of order $m+2$ is defined to be $p_m(k)=\\frac{mk(k-1)}{2}+k$. The theorems state that:\u003c/p\u003e \u003cp\u003e1. If $m \\ge 4$ and $N \\geq 108m$, then $N$ can be written as the sum of $m+1$ polygonal numbers of order $m+2$, at most four of which are different from $0$ or $1$. If $N \\geq 324$, then $N$ can be written as the sum of five pentagonal numbers, at least one of which is $0$ or $1$.\u003c/p\u003e \u003cp\u003e2. Let $m \\geq 3$ and $N \\geq 28m^3$. If $m$ is odd, then $N$ is the sum of four polygonal numbers of order $m+2$. If $m$ is even, then $N$ is the sum of five polygonal numbers of order $m+2$, at least one of which is $0$ or $1$.\u003c/p\u003e \u003cp\u003eWe also formalize the proof of Gauss's theorem which states that every non-negative integer is the sum of three triangular numbers.\u003c/p\u003e",
"authors": [
"Kevin Lee",
"Zhengkun Ye",
"Angeliki Koutsoukou-Argyraki"
],
"date": "2023-08-10",
- "id": 8,
+ "id": 11,
"link": "/entries/Polygonal_Number_Theorem.html",
"permalink": "/entries/Polygonal_Number_Theorem.html",
"shortname": "Polygonal_Number_Theorem",
"title": "Polygonal Number Theorem",
"topic_links": [
"mathematics/number-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
+ "abstract": "The s-finite measure monad on quasi-Borel spaces provides a suitable denotational model for higher-order probabilistic programs with conditioning. This entry is a formalization of the s-finite measure monad and related notions, including s-finite measures, s-finite kernels, and a proof automation for quasi-Borel spaces which is an extension of our previous entry \u003ca href=\"https://www.isa-afp.org/entries/Quasi_Borel_Spaces.html\"\u003e\u003ci\u003eQuasi-Borel Spaces\u003c/i\u003e\u003c/a\u003e. We also implement several examples of probabilistic programs in previous works and prove their property. This work is a part of the work by Hirata, Minamide, and Sato, \u003ci\u003eSemantic Foundations of Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e presented at the 14th Conference on Interactive Theorem Proving (ITP2023).",
+ "authors": [
+ "Michikazu Hirata",
+ "Yasuhiko Minamide"
+ ],
+ "date": "2023-08-08",
+ "id": 12,
+ "link": "/entries/S_Finite_Measure_Monad.html",
+ "permalink": "/entries/S_Finite_Measure_Monad.html",
+ "shortname": "S_Finite_Measure_Monad",
+ "title": "S-Finite Measure Monad on Quasi-Borel Spaces",
+ "topic_links": [
+ "computer-science/semantics-and-reasoning",
+ "mathematics/measure-and-integration",
+ "mathematics/probability-theory"
+ ],
+ "topics": [
+ "Computer science/Semantics and reasoning",
+ "Mathematics/Measure and integration",
+ "Mathematics/Probability theory"
+ ],
+ "used_by": 0
+ },
+ {
+ "abstract": "This entry includes a formalization of standard Borel spaces and (a variant of) the Borel isomorphism theorem. A separable complete metrizable topological space is called a polish space and a measurable space generated from a polish space is called a standard Borel space. We formalize the notion of standard Borel spaces by establishing set-based metric spaces, and then prove (a variant of) the Borel isomorphism theorem. The theorem states that a standard Borel spaces is either a countable discrete space or isomorphic to $\\mathbb{R}$.",
+ "authors": [
+ "Michikazu Hirata"
+ ],
+ "date": "2023-08-08",
+ "id": 13,
+ "link": "/entries/Standard_Borel_Spaces.html",
+ "permalink": "/entries/Standard_Borel_Spaces.html",
+ "shortname": "Standard_Borel_Spaces",
+ "title": "Standard Borel Spaces",
+ "topic_links": [
+ "mathematics/analysis",
+ "mathematics/topology"
+ ],
+ "topics": [
+ "Mathematics/Analysis",
+ "Mathematics/Topology"
+ ],
+ "used_by": 1
+ },
+ {
"abstract": "This AFP entry provides mathematical components for modal quantales, involutive quantales and Dedekind quantales. Modal quantales are simple extensions of modal Kleene algebras useful for the verification of recursive programs. Involutive quantales appear in the study of C*-algebras. Dedekind quantales are relatives of Tarski's relation algebras, hence relevant to program verification and beyond that to higher rewriting. We also provide components for weaker variants such as Kleene algebras with converse and modal Kleene algebras with converse.",
"authors": [
"Georg Struth",
"Cameron Calk"
],
"date": "2023-07-25",
- "id": 9,
+ "id": 14,
"link": "/entries/Quantales_Converse.html",
"permalink": "/entries/Quantales_Converse.html",
"shortname": "Quantales_Converse",
"title": "Modal quantales, involutive quantales, Dedekind Quantales",
"topic_links": [
"computer-science/semantics-and-reasoning",
"mathematics/algebra",
"mathematics/order"
],
"topics": [
"Computer science/Semantics and reasoning",
"Mathematics/Algebra",
"Mathematics/Order"
],
"used_by": 1
},
{
"abstract": "In 1968, Earley introduced his parsing algorithm, capable of parsing all context-free grammars in cubic space and time. This entry contains a formalization of an executable Earley parser. We base our development on Jones' extensive paper proof of Earley's recognizer and Obua's formalization of context-free grammars and derivations. We implement and prove correct a functional recognizer modeling Earley's original imperative implementation and extend it with the necessary data structures to enable the construction of parse trees, following the work of Scott. We then develop a functional algorithm that builds a single parse tree, and we prove its correctness. Finally, we generalize this approach to an algorithm for a complete parse forest and prove soundness.",
"authors": [
"Martin Rau"
],
"date": "2023-07-16",
- "id": 10,
+ "id": 15,
"link": "/entries/Earley_Parser.html",
"permalink": "/entries/Earley_Parser.html",
"shortname": "Earley_Parser",
"title": "Earley Parser",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "The original Gray code after Frank Gray, also known as reflected binary code (RBC), is an ordering of the binary numeral system such that two successive values differ only in one bit. We provide a theory for a non-Boolean Gray code, which is a generalisation of the idea for an arbitrary base. Contained is the necessary theoretical environment to express and reason about the respective properties.",
"authors": [
"Maximilian Spitz"
],
"date": "2023-07-11",
- "id": 11,
+ "id": 16,
"link": "/entries/Gray_Codes.html",
"permalink": "/entries/Gray_Codes.html",
"shortname": "Gray_Codes",
"title": "Gray Codes for Arbitrary Numeral Systems",
"topic_links": [
"mathematics/combinatorics",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Combinatorics",
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "In Isabelle, randomized algorithms are usually represented using probability mass functions (PMFs), with which it is possible to verify their correctness, particularly properties about the distribution of their result. However, that approach does not provide a way to generate executable code for such algorithms. In this entry, we introduce a new monad for randomized algorithms, for which it is possible to generate code and simultaneously reason about the correctness of randomized algorithms. The latter works by a Scott-continuous monad morphism between the newly introduced random monad and PMFs. On the other hand, when supplied with an external source of random coin flips, the randomized algorithms can be executed.",
"authors": [
"Emin Karayel",
"Manuel Eberl"
],
"date": "2023-06-19",
- "id": 12,
+ "id": 17,
"link": "/entries/Executable_Randomized_Algorithms.html",
"permalink": "/entries/Executable_Randomized_Algorithms.html",
"shortname": "Executable_Randomized_Algorithms",
"title": "Executable Randomized Algorithms",
"topic_links": [
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Randomized"
],
"used_by": 0
},
{
"abstract": "We present an Isabelle formalization of the basics of Dynamic Condition Response (DCR) graphs before defining Execution Equivalent markings. We then prove that execution equivalent markings are perfectly interchangeable during process execution, yielding significant state-space reduction for execution-based model-checking of DCR graphs.",
"authors": [
"Axel Christfort",
"Søren Debois"
],
"date": "2023-06-16",
- "id": 13,
+ "id": 18,
"link": "/entries/DCR-ExecutionEquivalence.html",
"permalink": "/entries/DCR-ExecutionEquivalence.html",
"shortname": "DCR-ExecutionEquivalence",
"title": "DCR Syntax and Execution Equivalent Markings",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "This work formalizes Zeckendorf's theorem. The theorem states that every positive integer can be uniquely represented as a sum of one or more non-consecutive Fibonacci numbers. More precisely, if $N$ is a positive integer, there exist unique positive integers $c_i \\ge 2$ with $c_{i+1} \u003e c_i + 1$, such that \\[ N = \\sum_{i=0}^k F_{c_i} \\] where $F_n$ is the $n$-th Fibonacci number.",
"authors": [
"Christian Dalvit"
],
"date": "2023-06-12",
- "id": 14,
+ "id": 19,
"link": "/entries/Zeckendorf.html",
"permalink": "/entries/Zeckendorf.html",
"shortname": "Zeckendorf",
"title": "Zeckendorf’s Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003chtml\u003e \u003chead\u003e \u003cmeta http-equiv=Content-Type content=\"text/html; charset=utf-8\"\u003e \u003cstyle\u003e \u003c!-- /* Font Definitions */ @font-face \t{font-family:\"Cambria Math\"; \tpanose-1:2 4 5 3 5 4 6 3 2 4;} @font-face \t{font-family:Calibri; \tpanose-1:2 15 5 2 2 2 4 3 2 4;} @font-face \t{font-family:Cambria; \tpanose-1:2 4 5 3 5 4 6 3 2 4;} @font-face \t{font-family:Menlo; \tpanose-1:2 11 6 9 3 8 4 2 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal \t{margin:0in; \tfont-size:12.0pt; \tfont-family:\"Calibri\",sans-serif;} @page WordSection1 \t{size:8.5in 11.0in; \tmargin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 \t{page:WordSection1;} --\u003e \u003c/style\u003e \u003c/head\u003e \u003cbody lang=EN-US style='word-wrap:break-word'\u003e \u003cdiv class=WordSection1\u003e \u003cp class=MsoNormal\u003eIn this set of theories, we express well-known crytographic standards in the language of Isabelle.  The standards we have translated so far are:\u003c/p\u003e \u003cp class=MsoNormal\u003e\u0026nbsp;\u003c/p\u003e \u003ctable class=MsoTableGrid border=1 cellspacing=0 cellpadding=0 style='border-collapse:collapse;border:none'\u003e \u003ctr\u003e \u003ctd width=143 valign=top style='width:107.5pt;border:solid windowtext 1.0pt; padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003e   FIPS 180-4\u003c/p\u003e \u003c/td\u003e \u003ctd width=618 valign=top style='width:463.5pt;border:solid windowtext 1.0pt; border-left:none;padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003eNIST's Secure Hash Standard, rev 4.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd width=143 valign=top style='width:107.5pt;border:solid windowtext 1.0pt; border-top:none;padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003e   FIPS 186-4\u003c/p\u003e \u003c/td\u003e \u003ctd width=618 valign=top style='width:463.5pt;border-top:none;border-left: none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt; padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003eOnly the elliptic curves over prime fields, i.e. NIST's \u0026quot;P-\u0026quot; curves\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd width=143 valign=top style='width:107.5pt;border:solid windowtext 1.0pt; border-top:none;padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003e   FIPS 198-1\u003c/p\u003e \u003c/td\u003e \u003ctd width=618 valign=top style='width:463.5pt;border-top:none;border-left: none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt; padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003eNIST's The Keyed-Hash Message Authentication Code (HMAC Standard)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd width=143 valign=top style='width:107.5pt;border:solid windowtext 1.0pt; border-top:none;padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003e   PKCS #1 v2.2\u003c/p\u003e \u003c/td\u003e \u003ctd width=618 valign=top style='width:463.5pt;border-top:none;border-left: none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt; padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003eRSA Laboratories' RSA Cryptography Standard, version 2.2\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd width=143 valign=top style='width:107.5pt;border:solid windowtext 1.0pt; border-top:none;padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003e   SEC1 v2.0\u003c/p\u003e \u003c/td\u003e \u003ctd width=618 valign=top style='width:463.5pt;border-top:none;border-left: none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt; padding:2.9pt 5.75pt 2.9pt 5.75pt'\u003e \u003cp class=MsoNormal\u003eSEC's Elliptic Curve Cryptography, version 2.0   \u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/table\u003e \u003cp class=MsoNormal\u003e\u0026nbsp;\u003c/p\u003e \u003cp class=MsoNormal\u003eThe intention is that these translations will be used to prove that any particular implementation matches the relevant standard.  With that in mind, the overriding principle is to adhere as closely as possible, given the syntax of HOL, to the written standard.  It should be obvious to any reader, regardless of their past experience with Isabelle, that these translations exactly match the  standards.  Thus we use the same function and variable names as in the written standards whenever possible and explain in the comments the few times when that is not possible.  \u003c/p\u003e \u003cp class=MsoNormal\u003e\u0026nbsp;\u003c/p\u003e \u003cp class=MsoNormal\u003eWe want the users of these theories to have faith that errors were not made in the translations. We do two things to achieve this.  First, in addition to translating a standard, we provide a robust supporting theory that proves anything that one might wish to know about the primitives that the standard defines.  For example, we prove that encryption and decryption are inverse  operations.  We prove when RSA keys are equivalent.  We prove that if a message is signed, then that signature and message will pass the verification operation.  Any fact that you may need in using these standards, we hope and believe we have already proved for you.  \u003c/p\u003e \u003cp class=MsoNormal\u003e\u0026nbsp;\u003c/p\u003e \u003cp class=MsoNormal\u003eSecond, we prove (by evaluation) that the test vectors provided by NIST, et al, check as intended (whether a passing or failing test case.)  The test vectors may be found in theories named *_Test_Vectors.thy.  These files can be large and take time for Isabelle to process.  Thus, they are not imported by this main Crypto_Standards theory.  Users may open those separately.  As an aside, Isabelle must be told how to compute certain operations efficiently.  For example, modular exponentiation or scalar multiplication of a point on an elliptic curve.  The Efficient*.thy files are necessary to check the test vectors.  \u003c/p\u003e \u003cp class=MsoNormal\u003e\u0026nbsp;\u003c/p\u003e \u003cp class=MsoNormal\u003eWe attempt to be as agnostic to implementation details as possible.  For example, we do not  assume any particular data type has been used as input or output.  Many standards operate on octets, or 8-bit values.  For these theories, an octet string is modeled as a list of natural numbers.  Then a nat x is a \u0026quot;valid octet\u0026quot; exactly when x \u0026lt; 256.  Words.thy contains all the  operations needed to convert natural number to a string of n-bit values and back to a natural number.  There you will also find definitions for handling padding and bit manipulations that are found in the above standards.  Again, we believe that we have proved anything you may need to apply these theories.  We have erred on the side of including lemmas that may be of practical use as opposed to proving a minimal set of lemmas required.  \u003c/p\u003e \u003c/div\u003e \u003c/body\u003e \u003c/html\u003e",
"authors": [
"A Whitley"
],
"date": "2023-06-06",
- "id": 15,
+ "id": 20,
"link": "/entries/Crypto_Standards.html",
"permalink": "/entries/Crypto_Standards.html",
"shortname": "Crypto_Standards",
"title": "Cryptographic Standards",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Weighted Path Order (WPO) of Yamada is a powerful technique for proving termination. In a previous AFP entry, the WPO was defined and properties of WPO have been formally verified. However, the implementation of WPO was naive, leading to an exponential runtime in the worst case. \u003c/p\u003e\u003cp\u003e Therefore, in this AFP entry we provide a poly-time implementation of WPO. The implementation is based on memoization. Since WPO generalizes the recursive path order (RPO), we also easily derive an efficient implementation of RPO. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Elias Wenninger"
],
"date": "2023-06-01",
- "id": 16,
+ "id": 21,
"link": "/entries/Efficient_Weighted_Path_Order.html",
"permalink": "/entries/Efficient_Weighted_Path_Order.html",
"shortname": "Efficient_Weighted_Path_Order",
"title": "A Verified Efficient Implementation of the Weighted Path Order",
"topic_links": [
"logic/rewriting",
"computer-science/algorithms"
],
"topics": [
"Logic/Rewriting",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eDirected sets are of fundamental interest in domain theory and topology. In this paper, we formalize some results on directed sets in Isabelle/HOL, most notably: under the axiom of choice, a poset has a supremum for every directed set if and only if it does so for every chain; and a function between such posets preserves suprema of directed sets if and only if it preserves suprema of chains. The known pen-and-paper proofs of these results crucially use uncountable transfinite sequences, which are not directly implementable in Isabelle/HOL. We show how to emulate such proofs by utilizing Isabelle/HOL's ordinal and cardinal library. Thanks to the formalization, we relax some conditions for the above results.\u003c/p\u003e",
"authors": [
"Akihisa Yamada",
"Jérémy Dubut"
],
"date": "2023-05-24",
- "id": 17,
+ "id": 22,
"link": "/entries/Directed_Sets.html",
"permalink": "/entries/Directed_Sets.html",
"shortname": "Directed_Sets",
"title": "Formalizing Results on Directed Sets",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "Binary multirelations form a model of alternating nondeterminism useful for analysing games, interactions of computing systems with their environments or abstract interpretations of probabilistic programs. We investigate this alternating structure in a relational language based on power allegories extended with specific operations on multirelations. We develop algebras of modal operators over multirelations, related to concurrent dynamic logics, in this language.",
"authors": [
"Walter Guttmann",
"Georg Struth"
],
"date": "2023-05-22",
- "id": 18,
+ "id": 23,
"link": "/entries/Multirelations_Heterogeneous.html",
"permalink": "/entries/Multirelations_Heterogeneous.html",
"shortname": "Multirelations_Heterogeneous",
"title": "Inner Structure, Determinism and Modal Algebra of Multirelations",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This thesis presents the verification of enumeration algorithms for trees. The first algorithm is based on the well known Prüfer-correspondence and allows the enumeration of all possible labeled trees over a fixed finite set of vertices. The second algorithm enumerates rooted, unlabeled trees of a specified size up to graph isomorphism. It allows for the efficient enumeration without the use of an intermediate encoding of the trees with level sequences, unlike the \u003ca href=\"https://doi.org/10.1137/0209055\"\u003ealgorithm\u003c/a\u003e by Beyer and Hedetniemi it is based on. Both algorithms are formalized and verified in Isabelle/HOL. The formalization of trees and other graph theoretic results is also presented.",
"authors": [
"Nils Cremer"
],
"date": "2023-05-09",
- "id": 19,
+ "id": 24,
"link": "/entries/Tree_Enumeration.html",
"permalink": "/entries/Tree_Enumeration.html",
"shortname": "Tree_Enumeration",
"title": "Tree Enumeration",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "This formalization verifies a decision procedure due to Cantone and Zarba for a quantifier-free fragment of set theory. The fragment is called multi-level syllogistic with singleton, or MLSS for short. Its syntax syntax includes the usual set operations union, intersection, difference, membership, equality as well as the construction of a set containing a single element. We specify the semantics of MLSS in terms of hereditarily finite sets and provide a sound and complete tableau calculus for it. We also provide an executable specification of a decision procedure that applies the rules of the calculus exhaustively and prove its termination. Furthermore, we extend the calculus with a light-weight type system that paves the way for an integration of the procedure into Isabelle/HOL.",
"authors": [
"Lukas Stevens"
],
"date": "2023-05-05",
- "id": 20,
+ "id": 25,
"link": "/entries/MLSS_Decision_Proc.html",
"permalink": "/entries/MLSS_Decision_Proc.html",
"shortname": "MLSS_Decision_Proc",
"title": "MLSS Decision Procedure",
"topic_links": [
"logic/general-logic/classical-propositional-logic",
"logic/set-theory",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Logic/General logic/Classical propositional logic",
"Logic/Set theory",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "We formalize the Legendre's three squares theorem and its consequences, in particular the following results: \u003col\u003e \u003cli\u003e A natural number can be represented as the sum of three squares of natural numbers if and only if it is not of the form $4^a (8 k + 7)$, where $a$ and $k$ are natural numbers. \u003c/li\u003e \u003cli\u003e If $n$ is a natural number such that $n \\equiv 3 \\pmod{8}$, then $n$ can be be represented as the sum of three squares of odd natural numbers. \u003c/li\u003e \u003c/ol\u003e Consequences include the following: \u003col\u003e \u003cli\u003e An integer $n$ can be written as $n = x^2 + y^2 + z^2 + z$, where $x$, $y$, $z$ are integers, if and only if $n \\geq 0$. \u003c/li\u003e \u003cli\u003e The Legendre's four squares theorem: any natural number can be represented as the sum of four squares of natural numbers. \u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Anton Danilkin",
"Loïc Chevalier"
],
"date": "2023-05-03",
- "id": 21,
+ "id": 26,
"link": "/entries/Three_Squares.html",
"permalink": "/entries/Three_Squares.html",
"shortname": "Three_Squares",
"title": "Three Squares Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We provide an Isabelle verification that the Halting Problem can be solved in Malament-Hogarth (MH) spacetimes. Our proof is quite general -- rather than assume the full machinery of general relativity, we only assume the existence of a reachability relation defined on an abstract space of locations. An MH spacetime can then be described as a space in which there exists an unboundedly long path together with a location which is reachable from all points on that path. Likewise, we use a very general notion of computation - the current state of a computation is assumed to be representable as a machine configuration containing all the information required to determine how the system changes with the execution of each ensuing instruction. The program is deemed to halt if the system enters a stable configuration. Since this situation is generally detectable by an operating system, we can use its occurrence to trigger events that exploit the nature of MH spacetimes, thereby enabling us to detect whether or not halting will eventually have occurred. Our verification follows existing arguments in the literature, albeit translated into this more general setting.",
"authors": [
"Mike Stannett"
],
"date": "2023-04-29",
- "id": 22,
+ "id": 27,
"link": "/entries/MHComputation.html",
"permalink": "/entries/MHComputation.html",
"shortname": "MHComputation",
"title": "The Halting Problem is Soluble in Malament-Hogarth Spacetimes",
"topic_links": [
"computer-science",
"logic/computability",
"mathematics/physics"
],
"topics": [
"Computer science",
"Logic/Computability",
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "This short entry formalizes a version of the Schwartz-Zippel lemma for probabilistic (multivariate) polynomial identity testing. The entry includes a textbook example using the lemma to test for perfect matchings in a bipartite graph. The lemma is attributed to several independent authors, including Schwartz, Zippel, and DeMillo and Lipton; a historical perspective is given by Lipton.",
"authors": [
"Sunpill Kim",
"Yong Kiam Tan"
],
"date": "2023-04-27",
- "id": 23,
+ "id": 28,
"link": "/entries/Schwartz_Zippel.html",
"permalink": "/entries/Schwartz_Zippel.html",
"shortname": "Schwartz_Zippel",
"title": "The Schwartz-Zippel Lemma",
"topic_links": [
"computer-science/algorithms/randomized",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Randomized",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization covers the unexecutable specification of Simple Clause Learning for first-order logic without equality: SCL(FOL). The main results are formal proofs of soundness, non-redundancy of learned clauses, termination, and refutational completeness. Compared to the unformalized version, the formalized calculus is simpler, a number of results were generalized, and the non-redundancy statement was strengthened. We found and corrected one bug in a previously published version of the SCL Backtrack rule. Compared to related formalizations, we introduce a new technique for showing termination based on non-redundant clause learning.",
"authors": [
"Martin Desharnais"
],
"date": "2023-04-20",
- "id": 24,
+ "id": 29,
"link": "/entries/Simple_Clause_Learning.html",
"permalink": "/entries/Simple_Clause_Learning.html",
"shortname": "Simple_Clause_Learning",
"title": "A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The CHSH inequality, named after Clauser, Horne, Shimony and Holt, was used by Alain Aspect to prove experimentally that Einstein's hypothesis stating that quantum mechanics could be defined using local hidden variables was incorrect. The CHSH inequality is based on a setting in which an experiment consisting of two separate parties performing joint measurements is run several times, and a score is derived from these runs. If the local hidden variable hypothesis had been correct, this score would have been bounded by $2$, but a suitable choice of observables in a quantum setting permits to violate this inequality when measuring the Bell state; this is the result that Aspect obtained experimentally. Tsirelson answered the question of how large this violation could be by proving that in the quantum setting, the highest score that can be obtained when running this experiment is $2\\sqrt{2}$. Along with elementary results on density matrices which represent quantum states in the finite dimensional setting, we formalize Tsirelson's result and summarize the main results on the CHSH score: \u003col\u003e \u003cli\u003eUnder the local hidden variable hypothesis, this score admits 2 as an upper-bound.\u003c/li\u003e \u003cli\u003eWhen the density matrix under consideration is separable, the upper-bound cannot be violated.\u003c/li\u003e \u003cli\u003eWhen one of the parties in the experiment performs measures using commuting observables, this upper-bound remains valid.\u003c/li\u003e \u003cli\u003eOtherwise, the upper-bound of this score is $2\\sqrt{2}$, regardless of the observables that are used and the quantum state that is measured, and\u003c/li\u003e \u003cli\u003eThis upper-bound is reached for a suitable choice of observables when measuring the Bell state.\u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Mnacho Echenim",
"Mehdi Mhalla",
"Coraline Mori"
],
"date": "2023-04-18",
- "id": 25,
+ "id": 30,
"link": "/entries/TsirelsonBound.html",
"permalink": "/entries/TsirelsonBound.html",
"shortname": "TsirelsonBound",
"title": "The CHSH inequality: Tsirelson's upper-bound and other results",
"topic_links": [
"mathematics/algebra",
"mathematics/physics/quantum-information"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Physics/Quantum information"
],
"used_by": 0
},
{
"abstract": "This entry formalizes a randomized cardinality estimation data structure with asymptotically optimal space usage. It is inspired by the streaming algorithm presented by \u003ca href=\"https://doi.org/10.1145/3309193\"\u003eB\u0026lstrok;asiok\u003c/a\u003e in 2018. His work closed the gap between the best-known lower bound and upper bound after a long line of research started by \u003ca href=\"https://doi.org/10.1016/0022-0000(85)90041-8\"\u003eFlajolet and Martin\u003c/a\u003e in 1984 and was to first to apply expander graphs (in addition to hash families) to the problem. The formalized algorithm has two improvements compared to the algorithm by B\u0026lstrok;asiok. It supports operation in parallel mode, and it relies on a simpler pseudo-random construction avoiding the use of code based extractors.",
"authors": [
"Emin Karayel"
],
"date": "2023-04-03",
- "id": 26,
+ "id": 31,
"link": "/entries/Distributed_Distinct_Elements.html",
"permalink": "/entries/Distributed_Distinct_Elements.html",
"shortname": "Distributed_Distinct_Elements",
"title": "Distributed Distinct Elements",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/algorithms/approximation",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Algorithms/Approximation",
"Computer science/Algorithms/Randomized"
],
"used_by": 0
},
{
"abstract": "Hoare logics are proof systems that allow one to formally establish properties of computer programs. Traditional Hoare logics prove properties of individual program executions (so-called trace properties, such as functional correctness). On the one hand, Hoare logic has been generalized to prove properties of multiple executions of a program (so-called hyperproperties, such as determinism or non-interference). These program logics prove the absence of (bad combinations of) executions. On the other hand, program logics similar to Hoare logic have been proposed to disprove program properties (e.g., Incorrectness Logic [8]), by proving the existence of (bad combinations of) executions. All of these logics have in common that they specify program properties using assertions over a fixed number of states, for instance, a single pre- and post-state for functional properties or pairs of pre- and post-states for non-interference. In this entry, we formalize Hyper Hoare Logic, a generalization of Hoare logic that lifts assertions to properties of arbitrary sets of states. The resulting logic is simple yet expressive: its judgments can express arbitrary trace- and hyperproperties over the terminating executions of a program. By allowing assertions to reason about sets of states, Hyper Hoare Logic can reason about both the absence and the existence of (combinations of) executions, and, thereby, supports both proving and disproving program (hyper-)properties within the same logic. In fact, we prove that Hyper Hoare Logic subsumes the properties handled by numerous existing correctness and incorrectness logics, and can express hyperproperties that no existing Hoare logic can. We also prove that Hyper Hoare Logic is sound and complete.",
"authors": [
"Thibault Dardinier"
],
"date": "2023-04-03",
- "id": 27,
+ "id": 32,
"link": "/entries/HyperHoareLogic.html",
"permalink": "/entries/HyperHoareLogic.html",
"shortname": "HyperHoareLogic",
"title": "Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We demonstrate the existence and uniqueness of the base-$n$ representation of a natural number, where $n$ is any natural number greater than 1. This comes up when trying to translate mathematical contest problems and solutions into Isabelle/HOL.",
"authors": [
"Charles Staats"
],
"date": "2023-04-03",
- "id": 28,
+ "id": 33,
"link": "/entries/DigitsInBase.html",
"permalink": "/entries/DigitsInBase.html",
"shortname": "DigitsInBase",
"title": "Positional Notation for Natural Numbers in an Arbitrary Base",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eInformation flow security ensures that the secret data manipulated by a program does not influence its observable output. Proving information flow security is especially challenging for concurrent programs, where operations on secret data may influence the execution time of a thread and, thereby, the interleaving between threads. Such internal timing channels may affect the observable outcome of a program even if an attacker does not observe execution times. Existing verification techniques for information flow security in concurrent programs attempt to prove that secret data does not influence the relative timing of threads. However, these techniques are often restrictive (for instance because they disallow branching on secret data) and make strong assumptions about the execution platform (ignoring caching, processor instructions with data-dependent execution time, and other common features that affect execution time). \u003c/p\u003e\u003cp\u003e In this entry, we formalize and prove the soundness of CommCSL, a novel relational concurrent separation logic for proving secure information flow in concurrent programs that lifts these restrictions and does not make any assumptions about timing behavior. The key idea is to prove that all mutating operations performed on shared data commute, such that different thread interleavings do not influence its final value. Crucially, commutativity is required only for an abstraction of the shared data that contains the information that will be leaked to a public output. Abstract commutativity is satisfied by many more operations than standard commutativity, which makes our technique widely applicable.\u003c/p\u003e",
"authors": [
"Thibault Dardinier"
],
"date": "2023-03-15",
- "id": 29,
+ "id": 34,
"link": "/entries/CommCSL.html",
"permalink": "/entries/CommCSL.html",
"shortname": "CommCSL",
"title": "Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/concurrency",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Concurrency",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We have \u003ca href=\"https://www.isa-afp.org/entries/No_FTL_observers.html\"\u003epreviously verified\u003c/a\u003e, in the first order theory SpecRel of Special Relativity, that inertial observers cannot travel faster than light. We now prove the corresponding result for GenRel, the first-order theory of General Relativity. Specifically, we prove that whenever an observer \u003ci\u003em\u003c/i\u003e encounters another observer \u003ci\u003ek\u003c/i\u003e (so that \u003ci\u003em\u003c/i\u003e and \u003ci\u003ek\u003c/i\u003e are both present at some spacetime location \u003ci\u003ex\u003c/i\u003e), \u003ci\u003ek\u003c/i\u003e will necessarily be observed by \u003ci\u003em\u003c/i\u003e to be traveling at less than light speed.",
"authors": [
"Mike Stannett",
"Edward Higgins",
"Hajnal Andreka",
"Judit Madarasz",
"István Németi",
"Gergely Szekely"
],
"date": "2023-03-05",
- "id": 30,
+ "id": 35,
"link": "/entries/No_FTL_observers_Gen_Rel.html",
"permalink": "/entries/No_FTL_observers_Gen_Rel.html",
"shortname": "No_FTL_observers_Gen_Rel",
"title": "No Faster-Than-Light Observers (GenRel)",
"topic_links": [
"mathematics/physics"
],
"topics": [
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "Expander Graphs are low-degree graphs that are highly connected. They have diverse applications, for example in derandomization and pseudo-randomness, error-correcting codes, as well as pure mathematical subjects such as metric embeddings. This entry formalizes the concept and derives main theorems about them such as Cheeger's inequality or tail bounds on distribution of random walks on them. It includes a strongly explicit construction for every size and spectral gap. The latter is based on the Margulis-Gabber-Galil graphs and several graph operations that preserve spectral properties. The proofs are based on the survey papers/monographs by \u003ca href=\"http://dx.doi.org/10.1090/S0273-0979-06-01126-8\"\u003eHoory et al.\u003c/a\u003e and \u003ca href=\"http://dx.doi.org/10.1561/0400000010\"\u003eVadhan\u003c/a\u003e, as well as results from \u003ca href=\"https://doi.org/10.1007/978-3-642-15369-3_46\"\u003eImpagliazzo and Kabanets\u003c/a\u003e and \u003ca href=\"http://dx.doi.org/10.4230/LIPIcs.APPROX-RANDOM.2019.42\"\u003eMurtagh et al.\u003c/a\u003e",
"authors": [
"Emin Karayel"
],
"date": "2023-03-03",
- "id": 31,
+ "id": 36,
"link": "/entries/Expander_Graphs.html",
"permalink": "/entries/Expander_Graphs.html",
"shortname": "Expander_Graphs",
"title": "Expander Graphs",
"topic_links": [
"computer-science/algorithms/graph",
"computer-science/algorithms/randomized",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Computer science/Algorithms/Randomized",
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "I formalize the notion of \u003ci\u003erenaming-enriched sets\u003c/i\u003e (\u003ci\u003erensets\u003c/i\u003e for short) and renaming-based recursion introduced in my \u003ca href=\"https://link.springer.com/book/10.1007/978-3-031-10769-6\"\u003eIJCAR 2022\u003c/a\u003e paper \u003ca href=\"https://link.springer.com/chapter/10.1007/978-3-031-10769-6_36\"\u003e“Rensets and Renaming-Based Recursion for Syntax with Bindings”\u003c/a\u003e. Rensets are an algebraic axiomatization of renaming (variable-for-variable substitution). The formalization includes a connection with nominal sets, showing that any renset naturally gives rise to a nominal set. It also includes examples of deploying the renaming-based recursor: semantic interpretation, counting functions for free and bound occurrences, unary and parallel substitution, etc. Finally, it includes a variation of rensets that axiomatize term-for-variable substitution, called \u003ci\u003esubstitutive sets\u003c/i\u003e, which yields a corresponding recursion principle.",
"authors": [
"Andrei Popescu"
],
"date": "2023-02-28",
- "id": 32,
+ "id": 37,
"link": "/entries/Rensets.html",
"permalink": "/entries/Rensets.html",
"shortname": "Rensets",
"title": "Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We give a sound an complete multiple-conclusion calculus \\(\\$\\vdash\\) for finitely additive probability inequalities. In particular, we show $$\\mathbf{\\sim} \\Gamma \\$\\vdash \\mathbf{\\sim} \\Phi \\equiv \\forall \\mathcal{P} \\in probabilities. \\sum \\phi \\leftarrow \\Phi.\\ \\mathcal{P} \\phi \\leq \\sum \\gamma \\leftarrow \\Gamma.\\ \\mathcal{P} \\gamma $$ ... where $\\sim \\Gamma$ is the negation of all of the formulae in $\\Gamma$ (and similarly for $\\sim\\Phi$). We prove this by using an abstract form of \u003cem\u003eMaxSAT\u003c/em\u003e. We also show $$MaxSAT (\\mathbf{\\sim} \\Gamma\\ @\\ \\Phi) + c\\leq length\\ \\Gamma \\equiv \\forall \\mathcal{P} \\in probabilities. \\left(\\sum \\phi \\leftarrow \\Phi.\\ \\mathcal{P} \\phi\\right) + c \\leq \\sum \\gamma \\leftarrow \\Gamma.\\ \\mathcal{P} \\gamma $$ Finally, we establish a \u003cem\u003ecollapse theorem\u003c/em\u003e, which asserts that $\\left(\\sum \\phi \\leftarrow \\Phi.\\ \\mathcal{P} \\phi\\right) + c \\leq \\sum \\gamma \\leftarrow \\Gamma.\\ \\mathcal{P} \\gamma$ holds for all probabilities $\\mathcal{P}$ if and only if $\\left(\\sum \\phi \\leftarrow \\Phi.\\ \\delta \\phi\\right) + c \\leq \\sum \\gamma \\leftarrow \\Gamma.\\ \\delta \\gamma$ holds for all binary-valued probabilities $\\delta$.",
"authors": [
"Matthew Doty"
],
"date": "2023-02-20",
- "id": 33,
+ "id": 38,
"link": "/entries/Probability_Inequality_Completeness.html",
"permalink": "/entries/Probability_Inequality_Completeness.html",
"shortname": "Probability_Inequality_Completeness",
"title": "A Sound and Complete Calculus for Probability Inequalities",
"topic_links": [
"mathematics/probability-theory",
"logic/general-logic/classical-propositional-logic",
"logic/general-logic"
],
"topics": [
"Mathematics/Probability theory",
"Logic/General logic/Classical propositional logic",
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "This article gives an elementary computational proof of the group law for Edwards elliptic curves. The associative law is expressed as a polynomial identity over the integers that is directly checked by polynomial division. Unlike other proofs, no preliminaries such as intersection numbers, B́ezout’s theorem, projective geometry, divisors, or Riemann Roch are required.",
"authors": [
"Rodrigo Raya"
],
"date": "2023-02-16",
- "id": 34,
+ "id": 39,
"link": "/entries/Edwards_Elliptic_Curves_Group.html",
"permalink": "/entries/Edwards_Elliptic_Curves_Group.html",
"shortname": "Edwards_Elliptic_Curves_Group",
"title": "Group Law of Edwards Elliptic Curves",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This article formalizes the NP-hardness proofs of the Closest Vector Problem (CVP) and the Shortest Vector Problem (SVP) in maximum norm as well as the CVP in any p-norm for p\u003e=1. CVP and SVP are two fundamental problems in lattice theory. Lattices are a discrete, additive subgroup of R^n and are used for lattice-based cryptography. The CVP asks to find the nearest lattice vector to a target. The SVP asks to find the shortest non-zero lattice vector. This entry formalizes the basic properties of lattices, the reduction from CVP to Subset Sum in both maximum and p-norm for a finite p with 1\u003c= p and the reduction of SVP to Partition using the Bounded Homogeneous Linear Equations problem (BHLE) as an intermediate step. The formalization uncovered a number of problems with the existing proofs in the literature.",
"authors": [
"Katharina Kreuzer"
],
"date": "2023-02-02",
- "id": 35,
+ "id": 40,
"link": "/entries/CVP_Hardness.html",
"permalink": "/entries/CVP_Hardness.html",
"shortname": "CVP_Hardness",
"title": "Hardness of Lattice Problems",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/misc"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "We formalizes two protocols from a privacy-preserving machine-learning framework based on ABY3, a particular three-party computation framework where inputs are systematically ‘reshared’ without being considered as privacy leakage. In particular, we consider the multiplication protocol and the array shuffling protocol, both based on ABY3's additive secret sharing scheme. We proved their security in the semi-honest setting under the ideal/real simulation paradigm. These two proof-of-concept opens the door to further verification of more protocols within the framework.",
"authors": [
"Shuwei Hu"
],
"date": "2023-01-27",
- "id": 36,
+ "id": 41,
"link": "/entries/ABY3_Protocols.html",
"permalink": "/entries/ABY3_Protocols.html",
"shortname": "ABY3_Protocols",
"title": "ABY3 Multiplication and Array Shuffling",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization extends the Saturation_Framework and Saturation_Framework_Extensions entries of the Archive of Formal Proofs with the specification and verification of four semiabstract given clause procedures, or \"loops\": the DISCOUNT, Otter, iProver, and Zipperposition loops. For each loop, (dynamic) refutational completeness is proved under the assumption that the underlying calculus is (statically) refutationally complete and that the used queue data structures are fair. The formalization is inspired by the proof sketches found in the article \"A comprehensive framework for saturation theorem proving\" by Uwe Waldmann, Sophie Tourret, Simon Robillard, and Jasmin Blanchette (Journal of Automated Reasoning 66(4): 499-539, 2022). A paper titled \"Verified given clause procedures\" about the present formalization is in the works.",
"authors": [
"Jasmin Christian Blanchette",
"Qi Qiu",
"Sophie Tourret"
],
"date": "2023-01-25",
- "id": 37,
+ "id": 42,
"link": "/entries/Given_Clause_Loops.html",
"permalink": "/entries/Given_Clause_Loops.html",
"shortname": "Given_Clause_Loops",
"title": "Given Clause Loops",
"topic_links": [
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "We develop finitely additive probability logic and prove a theorem of Patrick Suppes that asserts that $\\Psi \\vdash \\phi$ in classical propositional logic if and only if $(\\sum \\psi \\leftarrow \\Psi.\\; 1 - \\mathcal{P} \\psi) \\geq 1 - \\mathcal{P} \\phi$ holds for all probabilities $\\mathcal{P}$. We also provide a novel \u003cem\u003edual\u003c/em\u003e form of Suppes' Theorem, which holds that $(\\sum \\phi \\leftarrow \\Phi.\\; \\mathcal{P} \\phi) \\leq \\mathcal{P} \\psi$ for all probabilities $\\mathcal{P}$ if and only $\\left(\\bigvee \\Phi\\right) \\vdash \\psi$ and all of the formulae in $\\Phi$ are logically exclusive from one another. Our proofs use \u003cem\u003eMaximally Consistent Sets\u003c/em\u003e, and as a consequence, we obtain two \u003cem\u003ecollapse\u003c/em\u003e theorems. In particular, we show $(\\sum \\phi \\leftarrow \\Phi.\\; \\mathcal{P} \\phi) \\geq \\mathcal{P} \\psi$ holds for all probabilities $\\mathcal{P}$ if and only if $(\\sum \\phi \\leftarrow \\Phi.\\; \\delta\\; \\phi) \\geq \\delta\\; \\psi$ holds for all binary-valued probabilities $\\delta$, along with the dual assertion that $(\\sum \\phi \\leftarrow \\Phi. \\;\\mathcal{P} \\phi) \\leq \\mathcal{P} \\psi$ holds for all probabilities $\\mathcal{P}$ if and only if $(\\sum \\phi \\leftarrow \\Phi.\\; \\delta\\; \\phi) \\leq \\delta\\; \\psi$ holds for all binary-valued probabilities $\\delta$.",
"authors": [
"Matthew Doty"
],
"date": "2023-01-22",
- "id": 38,
+ "id": 43,
"link": "/entries/Suppes_Theorem.html",
"permalink": "/entries/Suppes_Theorem.html",
"shortname": "Suppes_Theorem",
"title": "Suppes' Theorem For Probability Logic",
"topic_links": [
"logic/general-logic/classical-propositional-logic",
"mathematics/probability-theory"
],
"topics": [
"Logic/General logic/Classical propositional logic",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "This submission contains: \u003col\u003e \u003cli\u003e a formalisation of a small While language with support for output;\u003c/li\u003e \u003cli\u003e a standard total-correctness Hoare logic that has been proved sound and complete; and\u003c/li\u003e \u003cli\u003e a new Hoare logic for proofs about programs that diverge: this new logic has also been proved sound and complete.\u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Johannes Åman Pohjola",
"Magnus O. Myreen",
"Miki Tanaka"
],
"date": "2023-01-20",
- "id": 39,
+ "id": 44,
"link": "/entries/HoareForDivergence.html",
"permalink": "/entries/HoareForDivergence.html",
"shortname": "HoareForDivergence",
"title": "A Hoare Logic for Diverging Programs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This theory formalises a definition of strict $\\omega$-categories and the strict $\\omega$-category of pasting diagrams. It is the first step towards a formalisation of weak infinity categories à la Batanin\u0026ndash;Leinster.",
"authors": [
"Anthony Bordg",
"Adrián Doña Mateo"
],
"date": "2023-01-14",
- "id": 40,
+ "id": 45,
"link": "/entries/StrictOmegaCategories.html",
"permalink": "/entries/StrictOmegaCategories.html",
"shortname": "StrictOmegaCategories",
"title": "Strict Omega Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn this work, I provide an abstract framework for proving the completeness of a logical calculus using the synthetic method. The synthetic method is based on maximal consistent saturated sets (MCSs). A set of formulas is consistent (with respect to the calculus) when we cannot derive a contradiction from it. It is maximally consistent when it contains every formula that is consistent with it. For logics where it is relevant, it is saturated when it contains a witness for every existential formula. To prove completeness using these maximal consistent saturated sets, we prove a truth lemma: every formula in an MCS has a satisfying model. Here, Hintikka sets provide a useful stepping stone. These can be seen as characterizations of the MCSs based on simple subformula conditions rather than via the calculus. We then prove that every Hintikka set gives rise to a satisfying model and that MCSs are Hintikka sets. Now, assume a valid formula cannot be derived. Then its negation must be consistent and therefore satisfiable. This contradicts validity and the original formula must be derivable.\u003c/p\u003e \u003cp\u003eTo start, I build maximal consistent saturated sets for any logic that satisfies a small set of assumptions. I do this using a transfinite version of Lindenbaum's lemma, which allows me to support languages of any cardinality. I then prove useful abstract results about derivations and refutations as they relate to MCSs. Finally, I show how Hintikka sets can be derived from the logic's semantics, outlining one way to prove the required truth lemma.\u003c/p\u003e \u003cp\u003eTo demonstrate the versatility of the framework, I instantiate it with five different examples. The formalization contains soundness and completeness results for: a propositional tableau calculus, a propositional sequent calculus, an axiomatic system for modal logic, a labelled natural deduction system for hybrid logic and a natural deduction system for first-order logic. The tableau example uses custom Hintikka sets based on the calculus, but the other four examples derive them from the semantics in the style of the framework. The hybrid and first-order logic examples rely on saturated MCSs. This places requirements on the cardinalities of their languages to ensure that there are enough witnesses available. In both cases, the type of witnesses must be infinite and have cardinality at least that of the type of propositional/predicate symbols.\u003c/p\u003e",
"authors": [
"Asta Halkjær From"
],
"date": "2023-01-09",
- "id": 41,
+ "id": 46,
"link": "/entries/Synthetic_Completeness.html",
"permalink": "/entries/Synthetic_Completeness.html",
"shortname": "Synthetic_Completeness",
"title": "Synthetic Completeness",
"topic_links": [
"logic/general-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "The Cook-Levin theorem states that deciding the satisfiability of Boolean formulas in conjunctive normal form is $\\mathcal{NP}$-complete. This entry formalizes a proof of this theorem based on the textbook \u003cem\u003eComputational Complexity: A Modern Approach\u003c/em\u003e by Arora and Barak. It contains definitions of deterministic multi-tape Turing machines, the complexity classes $\\mathcal{P}$ and $\\mathcal{NP}$, polynomial-time many-one reduction, and the decision problem $\\mathtt{SAT}$. For the $\\mathcal{NP}$-hardness of $\\mathtt{SAT}$, the proof first shows that every polynomial-time computation can be performed by a two-tape oblivious Turing machine. An $\\mathcal{NP}$ problem can then be reduced to $\\mathtt{SAT}$ by a polynomial-time Turing machine that encodes computations of the problem's oblivious two-tape verifier Turing machine as formulas in conjunctive normal form.",
"authors": [
"Frank J. Balbach"
],
"date": "2023-01-08",
- "id": 42,
+ "id": 47,
"link": "/entries/Cook_Levin.html",
"permalink": "/entries/Cook_Levin.html",
"shortname": "Cook_Levin",
"title": "The Cook-Levin theorem",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/computability"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "A code $X$ is not primitivity preserving if there is a primitive list $\\mathtt{ws} \\in \\mathtt{lists} \\ X$ whose concatenation is imprimitive. We formalize a full characterization of such codes in the binary case in the proof assistant Isabelle/HOL. Part of the formalization, interesting on its own, is a description of $\\{x,y\\}$-interpretations of the square $xx$ if $\\mathtt{length}\\ y \\leq \\mathtt{length} \\ x$. We also provide a formalized parametric solution of the related equation $x^jy^k = z^\\ell$. The core of the theory is an investigation of imprimitive words which are concatenations of copies of two noncommuting words (such a pair of words is called a binary code). We follow the article \u003ca href=\"https://dx.doi.org/10.1016/0304-3975(85)90060-X\"\u003e[Barbin-Le Rest, Le Rest, 85]\u003c/a\u003e (mainly Théorème 2.1 and Lemme 3.1), while substantially optimizing the proof. See also [J.-C. Spehner. Quelques problèmes d’extension, de conjugaison et de présentation des sous-monoïdes d’un monoïde libre. PhD thesis, Université Paris VII, 1976] for an earlier result on this question, and \u003ca href=\"https://dx.doi.org/10.46298/dmtcs.279\"\u003e[Maňuch, 01]\u003c/a\u003e for another proof.",
"authors": [
"Štěpán Holub",
"Martin Raška"
],
"date": "2023-01-03",
- "id": 43,
+ "id": 48,
"link": "/entries/Binary_Code_Imprimitive.html",
"permalink": "/entries/Binary_Code_Imprimitive.html",
"shortname": "Binary_Code_Imprimitive",
"title": "Binary codes that do not preserve primitivity",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This article provides a formalization of the classification of intersection \\( \\{x,y\\}^* \\cap \\{u,v\\}^*\\) of two monoids generated by two element codes. Namely, the intersection has one of the following forms \\( \\{\\beta,\\gamma\\}^* \\quad \\text{ or } \\quad \\left(\\beta_0 + \\beta(\\gamma(1+\\delta+ \\cdots + \\delta^t))^*\\epsilon\\right)^*.\\) Note that it can be infinitely generated. The result is due to \u003ca href=\"https://doi.org/10.1007/BFb0036924\"\u003e[Karhumäki, 84]\u003c/a\u003e. Our proof uses the terminology of morphisms which allows us to formulate the result in a shorter and more transparent way.",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2023-01-03",
- "id": 44,
+ "id": 49,
"link": "/entries/Two_Generated_Word_Monoids_Intersection.html",
"permalink": "/entries/Two_Generated_Word_Monoids_Intersection.html",
"shortname": "Two_Generated_Word_Monoids_Intersection",
"title": "Intersection of two monoids generated by two element codes",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We formalize a multivariate quantifier elimination (QE) algorithm in the theorem prover Isabelle/HOL. Our algorithm is complete, in that it is able to reduce \u003ci\u003eany\u003c/i\u003e quantified formula in the first-order logic of real arithmetic to a logically equivalent quantifier-free formula. The algorithm we formalize is a hybrid mixture of Tarski's original QE algorithm and the Ben-Or, Kozen, and Reif algorithm, and it is the first complete multivariate QE algorithm formalized in Isabelle/HOL.",
"authors": [
"Katherine Kosaian",
"Yong Kiam Tan",
"André Platzer"
],
"date": "2022-12-15",
- "id": 45,
+ "id": 50,
"link": "/entries/Quantifier_Elimination_Hybrid.html",
"permalink": "/entries/Quantifier_Elimination_Hybrid.html",
"shortname": "Quantifier_Elimination_Hybrid",
"title": "A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We formulate classical propositional logic as an axiom class. Our class represents a Hilbert-style proof system with the axioms \\(\\vdash \\varphi \\to \\psi \\to \\varphi\\), \\(\\vdash (\\varphi \\to \\psi \\to \\chi) \\to (\\varphi \\to \\psi) \\to \\varphi \\to \\chi\\), and \\(\\vdash ((\\varphi \\to \\bot) \\to \\bot) \\to \\varphi\\) along with the rule \u003cem\u003emodus ponens\u003c/em\u003e \\(\\vdash \\varphi \\to \\psi \\Longrightarrow \\; \\vdash \\varphi \\Longrightarrow \\; \\vdash \\psi\\). In this axiom class we provide lemmas to obtain \u003cem\u003eMaximally Consistent Sets\u003c/em\u003e via Zorn's lemma. We define the concrete classical propositional calculus inductively and show it instantiates our axiom class. We formulate the usual semantics for the propositional calculus and show strong soundness and completeness. We provide conventional definitions of the other logical connectives and prove various common identities. Finally, we show that the propositional calculus \u003cem\u003eembeds\u003c/em\u003e into any logic in our axiom class.",
"authors": [
"Matthew Doty"
],
"date": "2022-12-15",
- "id": 46,
+ "id": 51,
"link": "/entries/Propositional_Logic_Class.html",
"permalink": "/entries/Propositional_Logic_Class.html",
"shortname": "Propositional_Logic_Class",
"title": "Class-based Classical Propositional Logic",
"topic_links": [
"logic/general-logic/classical-propositional-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical propositional logic",
"Logic/Proof theory"
],
"used_by": 1
},
{
"abstract": "This theory proves a theorem of Birkhoff that asserts that any finite distributive lattice is isomorphic to the set of \u003cem\u003edown-sets\u003c/em\u003e of that lattice's join-irreducible elements. The isomorphism preserves order, meets and joins as well as complementation in the case the lattice is a Boolean algebra. A consequence of this representation theorem is that every finite Boolean algebra is isomorphic to a powerset algebra.",
"authors": [
"Matthew Doty"
],
"date": "2022-12-06",
- "id": 47,
+ "id": 52,
"link": "/entries/Birkhoff_Finite_Distributive_Lattices.html",
"permalink": "/entries/Birkhoff_Finite_Distributive_Lattices.html",
"shortname": "Birkhoff_Finite_Distributive_Lattices",
"title": "Birkhoff's Representation Theorem For Finite Distributive Lattices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Boolos’ Curious Inference is automated in Isabelle/HOL after interactive speculation of a suitable shorthand notation (one or two definitions).",
"authors": [
"Christoph Benzmüller",
"David Fuenmayor",
"Alexander Steen",
"Geoff Sutcliffe"
],
"date": "2022-12-05",
- "id": 48,
+ "id": 53,
"link": "/entries/Boolos_Curious_Inference_Automated.html",
"permalink": "/entries/Boolos_Curious_Inference_Automated.html",
"shortname": "Boolos_Curious_Inference_Automated",
"title": "Automation of Boolos' Curious Inference in Isabelle/HOL",
"topic_links": [
"logic",
"logic/philosophical-aspects",
"logic/computability",
"logic/proof-theory",
"logic/general-logic",
"computer-science/artificial-intelligence",
"tools"
],
"topics": [
"Logic",
"Logic/Philosophical aspects",
"Logic/Computability",
"Logic/Proof theory",
"Logic/General logic",
"Computer science/Artificial intelligence",
"Tools"
],
"used_by": 0
},
{
"abstract": "We define single- and multitape Turing machines (TMs) and verify a translation from multitape TMs to singletape TMs. In particular, the following results have been formalized: the accepted languages coincide, and whenever the multitape TM runs in $\\mathcal{O}(f(n))$ time, then the singletape TM has a worst-time complexity of $\\mathcal{O}(f(n)^2 + n)$. The translation is applicable both on deterministic and non-deterministic TMs.",
"authors": [
"Christian Dalvit",
"René Thiemann"
],
"date": "2022-11-30",
- "id": 49,
+ "id": 54,
"link": "/entries/Multitape_To_Singletape_TM.html",
"permalink": "/entries/Multitape_To_Singletape_TM.html",
"shortname": "Multitape_To_Singletape_TM",
"title": "A Verified Translation of Multitape Turing Machines into Singletape Turing Machines",
"topic_links": [
"logic/computability",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/Computability",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We utilize and extend the method of shallow semantic embeddings (SSEs) in classical higher-order logic (HOL) to construct a custom theorem proving environment for abstract objects theory (AOT) on the basis of Isabelle/HOL. SSEs are a means for universal logical reasoning by translating a target logic to HOL using a representation of its semantics. AOT is a foundational metaphysical theory, developed by Edward Zalta, that explains the objects presupposed by the sciences as abstract objects that reify property patterns. In particular, AOT aspires to provide a philosphically grounded basis for the construction and analysis of the objects of mathematics. We can support this claim by verifying Uri Nodelman's and Edward Zalta's reconstruction of Frege's theorem: we can confirm that the Dedekind-Peano postulates for natural numbers are consistently derivable in AOT using Frege's method. Furthermore, we can suggest and discuss generalizations and variants of the construction and can thereby provide theoretical insights into, and contribute to the philosophical justification of, the construction. In the process, we can demonstrate that our method allows for a nearly transparent exchange of results between traditional pen-and-paper-based reasoning and the computerized implementation, which in turn can retain the automation mechanisms available for Isabelle/HOL. During our work, we could significantly contribute to the evolution of our target theory itself, while simultaneously solving the technical challenge of using an SSE to implement a theory that is based on logical foundations that significantly differ from the meta-logic HOL. In general, our results demonstrate the fruitfulness of the practice of Computational Metaphysics, i.e. the application of computational methods to metaphysical questions and theories.",
"authors": [
"Daniel Kirchner"
],
"date": "2022-11-28",
- "id": 50,
+ "id": 55,
"link": "/entries/AOT.html",
"permalink": "/entries/AOT.html",
"shortname": "AOT",
"title": "Abstract Object Theory",
"topic_links": [
"logic/general-logic",
"mathematics"
],
"topics": [
"Logic/General logic",
"Mathematics"
],
"used_by": 0
},
{
"abstract": "In this work, we present a formal memory model that provides a memory semantics for CHERI-C programs with uncompressed capabilities in a 'purecap' environment. We present a CHERI-C memory model theory with properties suitable for verification and potentially other types of analyses. Our theory generates an OCaml executable instance of the memory model, which is then used to instantiate the parametric Gillian program analysis framework, enabling concrete execution of CHERI-C programs. The tool can run a CHERI-C test suite, demonstrating the correctness of our tool, and catch a good class of safety violations that the CHERI hardware might miss.",
"authors": [
"Seung Hoon Park"
],
"date": "2022-11-25",
- "id": 51,
+ "id": 56,
"link": "/entries/CHERI-C_Memory_Model.html",
"permalink": "/entries/CHERI-C_Memory_Model.html",
"shortname": "CHERI-C_Memory_Model",
"title": "A Formal CHERI-C Memory Model",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The Sauer-Shelah Lemma is a fundamental result in extremal set theory and combinatorics. It guarantees the existence of a set $T$ of size $k$ that is shattered by a family of sets $\\mathcal{F}$ if the cardinality of the family is greater than some bound dependent on $k$. A set $T$ is said to be \u003cem\u003eshattered\u003c/em\u003e by a family $\\mathcal{F}$ if every subset of $T$ can be obtained as an intersection of $T$ with some set $S \\in \\mathcal{F}$. The Sauer-Shelah Lemma has found use in diverse fields such as computational geometry, approximation algorithms and machine learning. In this entry we formalize the notion of shattering and prove the generalized and standard versions of the Sauer-Shelah Lemma.",
"authors": [
"Ata Keskin"
],
"date": "2022-11-24",
- "id": 52,
+ "id": 57,
"link": "/entries/Sauer_Shelah_Lemma.html",
"permalink": "/entries/Sauer_Shelah_Lemma.html",
"shortname": "Sauer_Shelah_Lemma",
"title": "Sauer-Shelah Lemma",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalise Kneser's Theorem in combinatorics following the proof from the 2014 paper \u003ca href=\"https://link.springer.com/chapter/10.1007/978-1-4939-1601-6_3\"\u003eA short proof of Kneser’s addition theorem for abelian groups\u003c/a\u003e by Matt DeVos. We also show a strict version of Kneser's Theorem as well as the Cauchy–Davenport Theorem as a corollary of Kneser's Theorem.",
"authors": [
"Mantas Bakšys",
"Angeliki Koutsoukou-Argyraki"
],
"date": "2022-11-21",
- "id": 53,
+ "id": 58,
"link": "/entries/Kneser_Cauchy_Davenport.html",
"permalink": "/entries/Kneser_Cauchy_Davenport.html",
"shortname": "Kneser_Cauchy_Davenport",
"title": "Kneser's Theorem and the Cauchy–Davenport Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/Tur%C3%A1n%27s_theorem\"\u003eTurán's Graph Theorem\u003c/a\u003e states that any undirected, simple graph with $n$ vertices that does not contain a $p$-clique, contains at most $\\left( 1 - \\frac{1}{p-1} \\right) \\frac{n^2}{2}$ edges. The theorem is an important result in graph theory and the foundation of the field of extremal graph theory. The formalisation follows Aigner and Ziegler's presentation in \u003ci\u003eProofs from THE BOOK\u003c/i\u003e of Turán's initial proof. Besides a direct adaptation of the textbook proof, a simplified, second proof is presented which decreases the size of the formalised proof significantly.",
"authors": [
"Nils Lauermann"
],
"date": "2022-11-14",
- "id": 54,
+ "id": 59,
"link": "/entries/Turans_Graph_Theorem.html",
"permalink": "/entries/Turans_Graph_Theorem.html",
"shortname": "Turans_Graph_Theorem",
"title": "Turán's Graph Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Combinatorial objects have configurations which can be enumerated by algorithms, but especially for imperative programs, it is difficult to find out if they produce the correct output and don’t generate duplicates. Therefore, for some of the most common combinatorial objects, namely n_Sequences, n_Permutations, n_Subsets, Powerset, Integer_Compositions, Integer_Partitions, Weak_Integer_Compositions, Derangements and Trees, this entry formalizes efficient functional programs and verifies their correctness. In addition, it provides cardinality proofs for those combinatorial objects. Some cardinalities are verified using the enumeration functions and others are shown using existing libraries including other AFP entries.",
"authors": [
"Paul Hofmeier",
"Emin Karayel"
],
"date": "2022-11-11",
- "id": 55,
+ "id": 60,
"link": "/entries/Combinatorial_Enumeration_Algorithms.html",
"permalink": "/entries/Combinatorial_Enumeration_Algorithms.html",
"shortname": "Combinatorial_Enumeration_Algorithms",
"title": "Combinatorial Enumeration Algorithms",
"topic_links": [
"mathematics/combinatorics",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Combinatorics",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalise the Balog–Szemerédi–Gowers Theorem, a profound result in additive combinatorics which played a central role in \u003ca href=\"https://link.springer.com/article/10.1007/s00039-001-0332-9\"\u003eGowers's proof deriving the first effective bounds for Szemerédi's Theorem\u003c/a\u003e. The proof is of great mathematical interest given that it involves an interplay between different mathematical areas, namely applications of graph theory and probability theory to additive combinatorics involving algebraic objects. This interplay is what made the process of the formalisation, for which we had to develop formalisations of new background material in the aforementioned areas, more rich and technically challenging. We demonstrate how locales, Isabelle’s module system, can be employed to handle such interplays. To treat the graph-theoretic aspects of the proof, we make use of a new, more general \u003ca href=\"https://www.isa-afp.org/entries/Undirected_Graph_Theory.html\"\u003eundirected graph theory library\u003c/a\u003e developed recently by Chelsea Edmonds, which is both flexible and extensible. For the formalisation we followed a proof presented in the 2022 lecture notes by Timothy Gowers \u003ca href=\"https://drive.google.com/file/d/1ut0mUqSyPMweoxoDTfhXverEONyFgcuO/view\"\u003eIntroduction to Additive Combinatorics \u003c/a\u003e for Part III of the Mathematical Tripos taught at the University of Cambridge. In addition to the main theorem, which, following our source, is formulated for difference sets, we also give an alternative version for sumsets which required a formalisation of an auxiliary triangle inequality following a proof by Yufei Zhao from his book \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003eGraph Theory and Additive Combinatorics \u003c/a\u003e. We moreover formalise a few additional results in additive combinatorics that are not used in the proof of the main theorem. This is the first formalisation of the Balog–Szemerédi–Gowers Theorem in any proof assistant to our knowledge.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Mantas Bakšys",
"Chelsea Edmonds"
],
"date": "2022-11-11",
- "id": 56,
+ "id": 61,
"link": "/entries/Balog_Szemeredi_Gowers.html",
"permalink": "/entries/Balog_Szemeredi_Gowers.html",
"shortname": "Balog_Szemeredi_Gowers",
"title": "The Balog–Szemerédi–Gowers Theorem",
"topic_links": [
"mathematics/combinatorics",
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In party-approval multi-winner elections, the goal is to allocate the seats of a fixed-size committee to parties based on approval ballots of the voters over the parties. In particular, each can approve multiple parties and each party can be assigned multiple seats. \u003c/p\u003e \u003cp\u003eThree central requirements in this settings are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eAnonymity: The result is invariant under renaming the voters.\u003c/li\u003e \u003cli\u003eRepresentation:Every sufficiently large group of voters with similar preferences is represented by some committee members.\u003c/li\u003e \u003cli\u003eStrategy-proofness: No voter can benefit by misreporting her true preferences.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e We show that these three basic axioms are incompatible for party-approval multi-winner voting rules, thus proving a far-reaching impossibility theorem.\u003c/p\u003e \u003cp\u003eThe proof of this result is obtained by formulating the problem in propositional logic and then letting a SAT solver show that the formula is unsatisfiable. The DRUP proof output by the SAT solver is then converted into \u003ca href=\"https://www21.in.tum.de/~lammich/grat/\"\u003eLammich's GRAT format\u003c/a\u003e and imported into Isabelle/HOL with some custom-written ML code.\u003c/p\u003e \u003cp\u003eThis transformation is proof-producing, so the final Isabelle/HOL theorem does not rely on any oracles or other trusted external trusted components.\u003c/p\u003e",
"authors": [
"Théo Delemazure",
"Tom Demeulemeester",
"Manuel Eberl",
"Jonas Israel",
"Patrick Lederer"
],
"date": "2022-11-10",
- "id": 57,
+ "id": 62,
"link": "/entries/PAPP_Impossibility.html",
"permalink": "/entries/PAPP_Impossibility.html",
"shortname": "PAPP_Impossibility",
"title": "The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This formalization includes a general framework for query optimization consisting of the definitions of selectivities, query graphs, join trees, and cost functions. Furthermore, it implements the join ordering algorithm IKKBZ using these definitions. It verifies the correctness of these definitions and proves that IKKBZ produces an optimal solution within a restricted solution space.",
"authors": [
"Lukas Stevens",
"Bernhard Stöckl"
],
"date": "2022-10-04",
- "id": 58,
+ "id": 63,
"link": "/entries/Query_Optimization.html",
"permalink": "/entries/Query_Optimization.html",
"shortname": "Query_Optimization",
"title": "Verification of Query Optimization Algorithms",
"topic_links": [
"computer-science/data-management-systems"
],
"topics": [
"Computer science/Data management systems"
],
"used_by": 0
},
{
"abstract": "In this work we consider the \u003ca href=\"https://en.wikipedia.org/wiki/Maximum_subarray_problem\"\u003emaximum segment sum\u003c/a\u003e problem, that is to compute, given a list of numbers, the largest of the sums of the contiguous segments of that list. We assume that the elements of the list are not necessarily numbers but just elements of some linearly ordered group. Both a naive algorithm ($\\mathcal{O}(n^2)$) and \u003ca href=\"https://en.wikipedia.org/wiki/Maximum_subarray_problem#Kadane's_algorithm\"\u003eKadane's algorithm\u003c/a\u003e ($\\mathcal{O}(n)$) are given and their correctness is proved.",
"authors": [
"Nils Cremer"
],
"date": "2022-09-29",
- "id": 59,
+ "id": 64,
"link": "/entries/Maximum_Segment_Sum.html",
"permalink": "/entries/Maximum_Segment_Sum.html",
"shortname": "Maximum_Segment_Sum",
"title": "Maximum Segment Sum",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This entry presents a general library for undirected graph theory - enabling reasoning on simple graphs and undirected graphs with loops. It primarily is inspired by Noschinski's basic ugraph definition in the \u003ca href=\"/entries/Girth_Chromatic.html\"\u003eGirth Chromatic Entry\u003c/a\u003e, however generalises it in a number of ways and significantly expands on the range of basic graph theory definitions formalised. Notably, this library removes the constraint of vertices being a type synonym with the natural numbers which causes issues in more complex mathematical reasoning using graphs, such as the Balog Szemeredi Gowers theorem which this library is used for. Secondly this library also presents a locale-centric approach, enabling more concise, flexible, and reusable modelling of different types of graphs. Using this approach enables easy links to be made with more expansive formalisations of other combinatorial structures, such as incidence systems, as well as various types of formal representations of graphs. Further inspiration is also taken from Noschinski's Directed Graph library for some proofs and definitions on walks, paths and cycles, however these are much simplified using the set based representation of graphs, and also extended on in this formalisation.",
"authors": [
"Chelsea Edmonds"
],
"date": "2022-09-29",
- "id": 60,
+ "id": 65,
"link": "/entries/Undirected_Graph_Theory.html",
"permalink": "/entries/Undirected_Graph_Theory.html",
"shortname": "Undirected_Graph_Theory",
"title": "Undirected Graph Theory",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 3
},
{
"abstract": "The relational calculus (RC), i.e., first-order logic with equality but without function symbols, is a concise, declarative database query language. In contrast to relational algebra or SQL, which are the traditional query languages of choice in the database community, RC queries can evaluate to an infinite relation. Moreover, even in cases where the evaluation result of an RC query would be finite it is not clear how to efficiently compute it. Safe-range RC is an interesting syntactic subclass of RC, because all safe-range queries evaluate to a finite result and it is \u003ca href=\"http://webdam.inria.fr/Alice/pdfs/Chapter-5.pdf\"\u003ewell-known\u003c/a\u003e how to evaluate such queries by translating them to relational algebra. We formalize and prove correct \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour recent translation\u003c/a\u003e of an arbitrary RC query into a pair of safe-range queries. Assuming an infinite domain, the two queries have the following meaning: The first is closed and characterizes the original query's relative safety, i.e., whether given a fixed database (interpretation of atomic predicates with finite relations), the original query evaluates to a finite relation. The second safe-range query is equivalent to the original query, if the latter is relatively safe. The formalization uses the Refinement Framework to go from the non-deterministic algorithm described in the paper to a deterministic, executable query translation. Our executable query translation is a first step towards a verified tool that efficiently evaluates arbitrary RC queries. This very problem is also solved by the AFP entry \u003ca href=\"https://isa-afp.org/entries/Eval_FO.html\"\u003eEval_FO\u003c/a\u003e with a theoretically incomparable but practically worse time complexity. (The latter is demonstrated by \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour empirical evaluation\u003c/a\u003e.)",
"authors": [
"Martin Raszyk",
"Dmitriy Traytel"
],
"date": "2022-09-28",
- "id": 61,
+ "id": 66,
"link": "/entries/Safe_Range_RC.html",
"permalink": "/entries/Safe_Range_RC.html",
"shortname": "Safe_Range_RC",
"title": "Making Arbitrary Relational Calculus Queries Safe-Range",
"topic_links": [
"computer-science/data-management-systems",
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Computer science/Data management systems",
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of Stalnaker's epistemic logic and its soundness and completeness theorems, as well as the equivalence between the axiomatization of S4 available in the Epistemic Logic theory and the topological one. It builds on the Epistemic Logic theory.",
"authors": [
"Laura P. Gamboa Guzman"
],
"date": "2022-09-23",
- "id": 62,
+ "id": 67,
"link": "/entries/Stalnaker_Logic.html",
"permalink": "/entries/Stalnaker_Logic.html",
"shortname": "Stalnaker_Logic",
"title": "Stalnaker's Epistemic Logic",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "The field of p-adic numbers for a prime integer p is constructed. Basic facts about p-adic topology including Hensel's Lemma are proved, building on a prior submission by the author. The theory of semialgebraic sets and semialgebraic functions on cartesian powers of p-adic fields is also developed, following a formalization of these concepts due to Denef. This is done towards a formalization of Denef's proof of Macintyre's quantifier elimination theorem for p-adic fields. Theories developing general multivariable polynomial rings over a commutative ring are developed, as well as some general theory of cartesian powers of an arbitrary ring.",
"authors": [
"Aaron Crighton"
],
"date": "2022-09-22",
- "id": 63,
+ "id": 68,
"link": "/entries/Padic_Field.html",
"permalink": "/entries/Padic_Field.html",
"shortname": "Padic_Field",
"title": "p-adic Fields and p-adic Semialgebraic Sets",
"topic_links": [
"mathematics/number-theory",
"mathematics/algebra"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We construct an abstract ledger supporting the \u003cem\u003erisk-free lending\u003c/em\u003e protocol. The risk-free lending protocol is a system for issuing and exchanging novel financial products we call \u003cem\u003erisk-free loans\u003c/em\u003e. The system allows one party to lend money at 0\u0026percnt; APY to another party in exchange for a good or service. On every update of the ledger, accounts have interest distributed to them. Holders of lent assets keep interest accrued by those assets. After distributing interest, the system returns a fixed fraction of each loan. These fixed fractions determine \u003cem\u003eloan periods\u003c/em\u003e. Loans for longer periods have a smaller fixed fraction returned. Loans may be re-lent or used as collateral for other loans. We give a sufficient criterion to enforce that all accounts will forever be solvent. We give a protocol for maintaining this invariant when transferring or lending funds. We also show that this invariant holds after an update. Even though the system does not track counter-party obligations, we show that all credited and debited loans cancel, and the monetary supply grows at a specified interest rate.",
"authors": [
"Matthew Doty"
],
"date": "2022-09-18",
- "id": 64,
+ "id": 69,
"link": "/entries/Risk_Free_Lending.html",
"permalink": "/entries/Risk_Free_Lending.html",
"shortname": "Risk_Free_Lending",
"title": "Risk-Free Lending",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by László Kalmár, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood. ",
"authors": [
"Asta Halkjær From",
"Jørgen Villadsen"
],
"date": "2022-09-13",
- "id": 65,
+ "id": 70,
"link": "/entries/Implicational_Logic.html",
"permalink": "/entries/Implicational_Logic.html",
"shortname": "Implicational_Logic",
"title": "Soundness and Completeness of Implicational Logic",
"topic_links": [
"logic/general-logic/classical-propositional-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical propositional logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This article formalizes the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER with multiplication using the Number Theoretic Transform and verifies its (1-δ)-correctness proof. CRYSTALS-KYBER is a key encapsulation mechanism in lattice-based post-quantum cryptography. This entry formalizes the key generation, encryption and decryption algorithms and shows that the algorithm decodes correctly under a highly probable assumption ((1-δ)-correctness). Moreover, the Number Theoretic Transform (NTT) in the case of Kyber and the convolution theorem thereon is formalized.",
"authors": [
"Katharina Kreuzer"
],
"date": "2022-09-08",
- "id": 66,
+ "id": 71,
"link": "/entries/CRYSTALS-Kyber.html",
"permalink": "/entries/CRYSTALS-Kyber.html",
"shortname": "CRYSTALS-Kyber",
"title": "CRYSTALS-Kyber",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction. Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions. In this entry (which accompanies an \u003ca href=\"https://dardinier.me/papers/multiplication.pdf\"\u003eOOPSLA'22 paper\u003c/a\u003e), we present and formalize an unbounded version of separation logic, a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion. By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds. We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-09-05",
- "id": 67,
+ "id": 72,
"link": "/entries/Separation_Logic_Unbounded.html",
"permalink": "/entries/Separation_Logic_Unbounded.html",
"shortname": "Separation_Logic_Unbounded",
"title": "Unbounded Separation Logic",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We formalise the proof of an important theorem in additive combinatorics due to Khovanskii, attesting that the cardinality of the set of all sums of $n$ many elements of $A$, where $A$ is a finite subset of an abelian group, is a polynomial in $n$ for all sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa as presented in the notes “Introduction to Additive Combinatorics” by Timothy Gowers for the University of Cambridge.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-09-02",
- "id": 68,
+ "id": 73,
"link": "/entries/Khovanskii_Theorem.html",
"permalink": "/entries/Khovanskii_Theorem.html",
"shortname": "Khovanskii_Theorem",
"title": "Khovanskii\u0026#x27;s Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article is a formalisation of a proof of the Hales–Jewett theorem presented in the textbook \u003cem\u003eRamsey Theory\u003c/em\u003e by Graham et al.\u003c/p\u003e \u003cp\u003eThe Hales–Jewett theorem is a result in Ramsey Theory which states that, for any non-negative integers $r$ and $t$, there exists a minimal dimension $N$, such that any $r$-coloured $N'$-dimensional cube over $t$ elements (with $N' \\geq N$) contains a monochromatic line. This theorem generalises Van der Waerden's Theorem, which has already been formalised in another \u003ca href=\"https://www.isa-afp.org/entries/Van_der_Waerden.html\"\u003eAFP entry\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Ujkan Sulejmani",
"Manuel Eberl",
"Katharina Kreuzer"
],
"date": "2022-09-02",
- "id": 69,
+ "id": 74,
"link": "/entries/Hales_Jewett.html",
"permalink": "/entries/Hales_Jewett.html",
"shortname": "Hales_Jewett",
"title": "The Hales–Jewett Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains an Isabelle formalization of the \u003cem\u003eNumber Theoretic Transform (NTT)\u003c/em\u003e which is the analogue to a \u003cem\u003eDiscrete Fourier Transform (DFT)\u003c/em\u003e over a finite field. Roots of unity in the complex numbers are replaced by those in a finite field. \u003c/p\u003e\u003cp\u003eFirst, we define both \u003cem\u003eNTT\u003c/em\u003e and the inverse transform \u003cem\u003eINTT\u003c/em\u003e in Isabelle and prove them to be mutually inverse. \u003c/p\u003e\u003cp\u003e\u003cem\u003eDFT\u003c/em\u003e can be efficiently computed by the recursive \u003cem\u003eFast Fourier Transform (FFT)\u003c/em\u003e. In our formalization, this algorithm is adapted to the setting of the \u003cem\u003eNTT\u003c/em\u003e: We implement a \u003cem\u003eFast Number Theoretic Transform (FNTT)\u003c/em\u003e based on the Butterfly scheme by Cooley and Tukey. Additionally, we provide an inverse transform \u003cem\u003eIFNTT\u003c/em\u003e and prove it mutually inverse to \u003cem\u003eFNTT\u003c/em\u003e. \u003c/p\u003e\u003cp\u003e Afterwards, a recursive formalization of the \u003cem\u003eFNTT\u003c/em\u003e running time is examined and the famous $O(n \\log n)$ bounds are proven.\u003c/p\u003e",
"authors": [
"Thomas Ammer",
"Katharina Kreuzer"
],
"date": "2022-08-18",
- "id": 70,
+ "id": 75,
"link": "/entries/Number_Theoretic_Transform.html",
"permalink": "/entries/Number_Theoretic_Transform.html",
"shortname": "Number_Theoretic_Transform",
"title": "Number Theoretic Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "We prove the correctness of a sequential algorithm for computing maximal strongly connected components (SCCs) of a graph due to Vincent Bloemen.",
"authors": [
"Stephan Merz",
"Vincent Trélat"
],
"date": "2022-08-17",
- "id": 71,
+ "id": 76,
"link": "/entries/SCC_Bloemen_Sequential.html",
"permalink": "/entries/SCC_Bloemen_Sequential.html",
"shortname": "SCC_Bloemen_Sequential",
"title": "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This theory contains the involution-based proof of the two squares theorem from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e.",
"authors": [
"Maksym Bortin"
],
"date": "2022-08-15",
- "id": 72,
+ "id": 77,
"link": "/entries/Involutions2Squares.html",
"permalink": "/entries/Involutions2Squares.html",
"shortname": "Involutions2Squares",
"title": "From THE BOOK: Two Squares via Involutions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This entry provides executable formalisations of complete test generation algorithms for finite state machines. It covers testing for the language-equivalence and reduction conformance relations, supporting the former via the W, Wp, HSI, H, SPY and SPYH-methods, and the latter via adaptive state counting. The test strategies are implemented using generic frameworks, allowing for reuse of shared components between related strategies. This work is described in the author\u0026#x27;s \u003ca href=\"https://doi.org/10.26092/elib/1665\"\u003edoctoral thesis\u003c/a\u003e.",
"authors": [
"Robert Sachtleben"
],
"date": "2022-08-09",
- "id": 73,
+ "id": 78,
"link": "/entries/FSM_Tests.html",
"permalink": "/entries/FSM_Tests.html",
"shortname": "FSM_Tests",
"title": "Verified Complete Test Strategies for Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "JSON (JavaScript Object Notation) is a common format for exchanging data, based on a collection of key/value-pairs (the JSON objects) and lists. Its syntax is inspired by JavaScript with the aim of being easy to read and write for humans and easy to parse and generate for machines. Despite its origin in the JavaScript world, JSON is language-independent and many programming languages support working with JSON-encoded data. This makes JSON an interesting format for exchanging data with Isabelle/HOL. This AFP entry provides a JSON-like import-expert format for both Isabelle/ML and Isabelle/HOL. On the one hand, this AFP entry provides means for Isabelle/HOL users to work with JSON encoded data without the need using Isabelle/ML. On the other and, the provided Isabelle/ML interfaces allow additional extensions or integration into Isabelle extensions written in Isabelle/ML. While format is not fully JSON compliant (e.g., due to limitations in the range of supported Unicode characters), it works in most situations: the provided implementation in Isabelle/ML and its representation in Isabelle/HOL have been used successfully in several projects for exchanging data sets of several hundredths of megabyte between Isabelle and external tools.",
"authors": [
"Achim D. Brucker"
],
"date": "2022-07-29",
- "id": 74,
+ "id": 79,
"link": "/entries/Nano_JSON.html",
"permalink": "/entries/Nano_JSON.html",
"shortname": "Nano_JSON",
"title": "Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML",
"topic_links": [
"tools",
"computer-science/data-structures"
],
"topics": [
"Tools",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Smart contracts are automatically executed programs, usually representing legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that saw $280M worth of Ether destroyed. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts. We address this problem by formalizing an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting them by (symbolic) execution. We combine the latter with grammar based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and a simple verified token.",
"authors": [
"Diego Marmsoler",
"Achim D. Brucker"
],
"date": "2022-07-18",
- "id": 75,
+ "id": 80,
"link": "/entries/Solidity.html",
"permalink": "/entries/Solidity.html",
"shortname": "Solidity",
"title": "Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "A Hermitian matrix is a square complex matrix that is equal to its conjugate transpose. The (finite-dimensional) spectral theorem states that any such matrix can be decomposed into a product of a unitary matrix and a diagonal matrix containing only real elements. We formalize the generalization of this result, which states that any finite set of Hermitian and pairwise commuting matrices can be decomposed as previously, using the same unitary matrix; in other words, they are simultaneously diagonalizable. Sets of pairwise commuting Hermitian matrices are called \u003cem\u003eComplete Sets of Commuting Observables\u003c/em\u003e in Quantum Mechanics, where they represent physical quantities that can be simultaneously measured to uniquely distinguish quantum states.",
"authors": [
"Mnacho Echenim"
],
"date": "2022-07-18",
- "id": 76,
+ "id": 81,
"link": "/entries/Commuting_Hermitian.html",
"permalink": "/entries/Commuting_Hermitian.html",
"shortname": "Commuting_Hermitian",
"title": "Simultaneous diagonalization of pairwise commuting Hermitian matrices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Weighted Arithmetic–Geometric Mean Inequality: given non-negative reals $a_1, \\ldots, a_n$ and non-negative weights $w_1, \\ldots, w_n$ such that $w_1 + \\ldots + w_n = 1$, we have \\[\\prod\\limits_{i=1}^n a_i^{w_i} \\leq \\sum\\limits_{i=1}^n w_i a_i\\ .\\] If the weights are additionally all non-zero, equality holds if and only if $a_1 = \\ldots = a_n$.\u003c/p\u003e \u003cp\u003eAs a corollary with $w_1 = \\ldots = w_n = 1/n$, the regular arithmetic–geometric mean inequality follows, namely that \\[\\sqrt[n]{a_1\\,\\cdots\\, a_n} \\leq \\tfrac{1}{n}(a_1 + \\ldots + a_n)\\ .\\]\u003c/p\u003e \u003cp\u003eI follow Pólya's elegant proof, which uses the inequality $1 + x \\leq e^x$ as a starting point. Pólya claims that this proof came to him in a dream, and that it was “the best mathematics he had ever dreamt.”\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-07-11",
- "id": 77,
+ "id": 82,
"link": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"permalink": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"shortname": "Weighted_Arithmetic_Geometric_Mean",
"title": "Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "After introducing the didactic imperative programming language IMP, Nipkow and Klein's book on formal programming language semantics (version of March 2021) specifies compilation of IMP commands into a lower-level language based on a stack machine, and expounds a formal verification of that compiler. Exercise 8.4 asks the reader to adjust such proof for a new compilation target, consisting of a machine language that (i) accesses memory locations through their addresses instead of variable names, and (ii) maintains a stack in memory via a stack pointer rather than relying upon a built-in stack. A natural strategy to maximize reuse of the original proof is keeping the original language as an assembly one and splitting compilation into multiple steps, namely a source-to-assembly step matching the original compilation process followed by an assembly-to-machine step. In this way, proving assembly code-machine code equivalence is the only extant task. A previous paper by the present author introduces a reasoning toolbox that allows for a compiler correctness proof shorter than the book's one, as such promising to constitute a further enhanced reference for the formal verification of real-world compilers. This paper in turn shows that such toolbox can be reused to accomplish the aforesaid task as well, which demonstrates that the proposed approach also promotes proof reuse in multi-stage compiler verifications.",
"authors": [
"Pasquale Noce"
],
"date": "2022-07-10",
- "id": 78,
+ "id": 83,
"link": "/entries/IMP_Compiler_Reuse.html",
"permalink": "/entries/IMP_Compiler_Reuse.html",
"shortname": "IMP_Compiler_Reuse",
"title": "A Reuse-Based Multi-Stage Compiler Verification for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "A double-ended queue (\u003cem\u003edeque\u003c/em\u003e) is a queue where one can enqueue and dequeue at both ends. We define and verify the \u003ca href=\"https://doi.org/10.1145/165180.165225\"\u003edeque implementation by Chuang and Goldberg\u003c/a\u003e. It is purely functional and all operations run in constant time.",
"authors": [
"Balazs Toth",
"Tobias Nipkow"
],
"date": "2022-06-23",
- "id": 79,
+ "id": 84,
"link": "/entries/Real_Time_Deque.html",
"permalink": "/entries/Real_Time_Deque.html",
"shortname": "Real_Time_Deque",
"title": "Real-Time Double-Ended Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In 1987, George Boolos gave an interesting and vivid concrete example of the considerable speed-up afforded by higher-order logic over first-order logic. (A phenomenon first noted by Kurt Gödel in 1936.) Boolos's example concerned an inference $I$ with five premises, and a conclusion, such that the shortest derivation of the conclusion from the premises in a standard system for first-order logic is astronomically huge; while there exists a second-order derivation whose length is of the order of a page or two. Boolos gave a short sketch of that second-order derivation, which relies on the comprehension principle of second-order logic. Here, Boolos's inference is formalized into fourteen lemmas, each quickly verified by the automated-theorem-proving assistant Isabelle/HOL.",
"authors": [
"Jeffrey Ketland"
],
"date": "2022-06-20",
- "id": 80,
+ "id": 85,
"link": "/entries/Boolos_Curious_Inference.html",
"permalink": "/entries/Boolos_Curious_Inference.html",
"shortname": "Boolos_Curious_Inference",
"title": "Boolos's Curious Inference in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the classification of the finite fields (also called Galois fields): For each prime power $p^n$ there exists exactly one (up to isomorphisms) finite field of that size and there are no other finite fields. The derivation includes a formalization of the characteristic of rings, the Frobenius endomorphism, formal differentiation for polynomials in HOL-Algebra and Gauss' formula for the number of monic irreducible polynomials over finite fields: \\[ \\frac{1}{n} \\sum_{d | n} \\mu(d) p^{n/d} \\textrm{.} \\] The proofs are based on the books from \u003ca href=\"https://doi.org/10.1007/978-1-4757-2103-4\"\u003eIreland and Rosen\u003c/a\u003e, as well as, \u003ca href=\"https://doi.org/10.1017/CBO9781139172769\"\u003eLidl and Niederreiter\u003c/a\u003e.",
"authors": [
"Emin Karayel"
],
"date": "2022-06-08",
- "id": 81,
+ "id": 86,
"link": "/entries/Finite_Fields.html",
"permalink": "/entries/Finite_Fields.html",
"shortname": "Finite_Fields",
"title": "Finite Fields",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Today's Internet is built on decades-old networking protocols that lack scalability, reliability and security. In response, the networking community has developed \u003cem\u003epath-aware\u003c/em\u003e Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems authorize forwarding paths in accordance with their routing policies, and protect paths using cryptographic authenticators. For each packet, the sending end host selects an authorized path and embeds it and its authenticators in the packet header. This allows routers to efficiently determine how to forward the packet. The central security property of the data plane, i.e., of forwarding, is that packets can only travel along authorized paths. This property, which we call \u003cem\u003epath authorization\u003c/em\u003e, protects the routing policies of autonomous systems from malicious senders. The fundamental role of packet forwarding in the Internet's ecosystem and the complexity of the authentication mechanisms employed call for a formal analysis. We develop IsaNet, a parameterized verification framework for data plane protocols in Isabelle/HOL. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing a Dolev--Yao attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parametrized by the path authorization mechanism and assumes five simple verification conditions. We propose novel attacker models and different sets of assumptions on the underlying routing protocol. We validate our framework by instantiating it with nine concrete protocols variants and prove that they each satisfy the verification conditions (and hence path authorization). The invariants needed for the security proof are proven in the parametrized model instead of the instance models. Our framework thus supports low-effort security proofs for data plane protocols. In contrast to what could be achieved with state-of-the-art automated protocol verifiers, our results hold for arbitrary network topologies and sets of authorized paths.",
"authors": [
"Tobias Klenze",
"Christoph Sprenger"
],
"date": "2022-06-08",
- "id": 82,
+ "id": 87,
"link": "/entries/IsaNet.html",
"permalink": "/entries/IsaNet.html",
"shortname": "IsaNet",
"title": "IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Matiyasevich's proof of the DPRM theorem, which states that every recursively enumerable set of natural numbers is Diophantine. This result from 1970 yields a negative solution to Hilbert's 10th problem over the integers. To represent recursively enumerable sets in equations, we implement and arithmetize register machines. We formalize a general theory of Diophantine sets and relations to reason about them abstractly. Using several number-theoretic lemmas, we prove that exponentiation has a Diophantine representation.",
"authors": [
"Jonas Bayer",
"Marco David",
"Benedikt Stock",
"Abhik Pal",
"Yuri Matiyasevich",
"Dierk Schleicher"
],
"date": "2022-06-06",
- "id": 83,
+ "id": 88,
"link": "/entries/DPRM_Theorem.html",
"permalink": "/entries/DPRM_Theorem.html",
"shortname": "DPRM_Theorem",
"title": "Diophantine Equations and the DPRM Theorem",
"topic_links": [
"logic/computability",
"mathematics/number-theory"
],
"topics": [
"Logic/Computability",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This AFP entry relates important rewriting properties between the set of terms and the set of ground terms induced by a given signature. The properties considered are confluence, strong/local confluence, the normal form property, unique normal forms with respect to reduction and conversion, commutation, conversion equivalence, and normalization equivalence.",
"authors": [
"Alexander Lochmann"
],
"date": "2022-06-02",
- "id": 84,
+ "id": 89,
"link": "/entries/Rewrite_Properties_Reduction.html",
"permalink": "/entries/Rewrite_Properties_Reduction.html",
"shortname": "Rewrite_Properties_Reduction",
"title": "Reducing Rewrite Properties to Properties on Ground Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "Many separation logics support \u003cem\u003efractional permissions\u003c/em\u003e to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. The concept has been generalized to fractional assertions. $A^p$ (where $A$ is a separation logic assertion and $p$ a fraction between $0$ and $1$) represents a fraction $p$ of $A$. $A^p$ holds in a state $\\sigma$ iff there exists a state $\\sigma_A$ in which $A$ holds and $\\sigma$ is obtained from $\\sigma_A$ by multiplying all permission amounts held by $p$. While $A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p * A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is \u003cem\u003ecombinable\u003c/em\u003e iff the entailment $A^p * A^q \\models A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p + q \\le 1$. Combinable assertions are particularly useful to reason about concurrent programs, for instance, to combine the postconditions of parallel branches when they terminate. Unfortunately, the magic wand assertion $A \\mathbin{-\\!\\!*} B$, commonly used to specify properties of partial data structures, is typically \u003cem\u003enot\u003c/em\u003e combinable. In this entry, we formalize a novel, restricted definition of the magic wand, described in \u003ca href=\"https://arxiv.org/abs/2205.11325\"\u003ea paper at CAV 22\u003c/a\u003e, which we call the \u003cem\u003ecombinable wand\u003c/em\u003e. We prove some key properties of the combinable wand; in particular, a combinable wand is combinable if its right-hand side is combinable.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-30",
- "id": 85,
+ "id": 90,
"link": "/entries/Combinable_Wands.html",
"permalink": "/entries/Combinable_Wands.html",
"shortname": "Combinable_Wands",
"title": "A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We formalise Plünnecke's inequality and the Plünnecke-Ruzsa inequality, following the notes by Timothy Gowers: \"Introduction to Additive Combinatorics\" (2022) for the University of Cambridge. To this end, we first introduce basic definitions and prove elementary facts on sumsets and difference sets. Then, we show two versions of the Ruzsa triangle inequality. We follow with a proof due to Petridis.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-05-26",
- "id": 86,
+ "id": 91,
"link": "/entries/Pluennecke_Ruzsa_Inequality.html",
"permalink": "/entries/Pluennecke_Ruzsa_Inequality.html",
"shortname": "Pluennecke_Ruzsa_Inequality",
"title": "The Plünnecke-Ruzsa Inequality",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 3
},
{
"abstract": "The magic wand $\\mathbin{-\\!\\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A \u003cem\u003efootprint\u003c/em\u003e of a magic wand formula $$A \\mathbin{-\\!\\!*} B$$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called \u003cem\u003epackaging\u003c/em\u003e a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or are unsound. In this entry, we formally define a framework for the sound automation of magic wands, described in an \u003ca href=\"https://www.cs.ubc.ca/~alexsumm/papers/DardinierParthasarathyWeeksMuellerSummers22.pdf\"\u003eupcoming paper at CAV 2022\u003c/a\u003e, and prove that it is sound and complete. This framework, called the \u003cem\u003epackage logic\u003c/em\u003e, precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-18",
- "id": 87,
+ "id": 92,
"link": "/entries/Package_logic.html",
"permalink": "/entries/Package_logic.html",
"shortname": "Package_logic",
"title": "Formalization of a Framework for the Sound Automation of Magic Wands",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Given a graph $G$ with $n$ vertices and a number $s$, the decision problem Clique asks whether $G$ contains a fully connected subgraph with $s$ vertices. For this NP-complete problem there exists a non-trivial lower bound: no monotone circuit of a size that is polynomial in $n$ can solve Clique. \u003c/p\u003e\u003cp\u003e This entry provides an Isabelle/HOL formalization of a concrete lower bound (the bound is $\\sqrt[7]{n}^{\\sqrt[8]{n}}$ for the fixed choice of $s = \\sqrt[4]{n}$), following a proof by Gordeev. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2022-05-08",
- "id": 88,
+ "id": 93,
"link": "/entries/Clique_and_Monotone_Circuits.html",
"permalink": "/entries/Clique_and_Monotone_Circuits.html",
"shortname": "Clique_and_Monotone_Circuits",
"title": "Clique is not solvable by monotone circuits of polynomial size",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Linear algebraic techniques are powerful, yet often underrated tools in combinatorial proofs. This formalisation provides a library including matrix representations of incidence set systems, general formal proof techniques for the rank argument and linear bound argument, and finally a formalisation of a number of variations of the well-known Fisher's inequality. We build on our prior work formalising combinatorial design theory using a locale-centric approach, including extensions such as constant intersect designs and dual incidence systems. In addition to Fisher's inequality, we also formalise proofs on other incidence system properties using the incidence matrix representation, such as design existence, dual system relationships and incidence system isomorphisms. This formalisation is presented in the paper \"Formalising Fisher's Inequality: Formal Linear Algebraic Techniques in Combinatorics\", accepted to ITP 2022.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2022-04-21",
- "id": 89,
+ "id": 94,
"link": "/entries/Fishers_Inequality.html",
"permalink": "/entries/Fishers_Inequality.html",
"shortname": "Fishers_Inequality",
"title": "Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics",
"topic_links": [
"mathematics/combinatorics",
"mathematics/algebra"
],
"topics": [
"Mathematics/Combinatorics",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We formalize how a natural number can be expanded into its digits in some base and prove properties about functions that operate on digit expansions. This includes the formalization of concepts such as digit shifts and carries. For a base that is a power of 2 we formalize the binary AND, binary orthogonality and binary masking of two natural numbers. This library on digit expansions builds the basis for the formalization of the DPRM theorem.",
"authors": [
"Jonas Bayer",
"Marco David",
"Abhik Pal",
"Benedikt Stock"
],
"date": "2022-04-20",
- "id": 90,
+ "id": 95,
"link": "/entries/Digit_Expansions.html",
"permalink": "/entries/Digit_Expansions.html",
"shortname": "Digit_Expansions",
"title": "Digit Expansions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We consider the problem of comparing two multisets via the generalized multiset ordering. We show that the corresponding decision problem is NP-complete. To be more precise, we encode multiset-comparisons into propositional formulas or into conjunctive normal forms of quadratic size; we further prove that satisfiability of conjunctive normal forms can be encoded as multiset-comparison problems of linear size. As a corollary, we also show that the problem of deciding whether two terms are related by a recursive path order is NP-hard, provided the recursive path order is based on the generalized multiset ordering.",
"authors": [
"René Thiemann",
"Lukas Schmidinger"
],
"date": "2022-04-20",
- "id": 91,
+ "id": 96,
"link": "/entries/Multiset_Ordering_NPC.html",
"permalink": "/entries/Multiset_Ordering_NPC.html",
"shortname": "Multiset_Ordering_NPC",
"title": "The Generalized Multiset Ordering is NP-Complete",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a brief formalisation of the two equations known as the \u003cem\u003eSophomore's Dream\u003c/em\u003e, first discovered by Johann Bernoulli in 1697:\u003c/p\u003e \\[\\int_0^1 x^{-x}\\,\\text{d}x = \\sum_{n=1}^\\infty n^{-n} \\quad\\text{and}\\quad \\int_0^1 x^x\\,\\text{d}x = -\\sum_{n=1}^\\infty (-n)^{-n}\\]",
"authors": [
"Manuel Eberl"
],
"date": "2022-04-10",
- "id": 92,
+ "id": 97,
"link": "/entries/Sophomores_Dream.html",
"permalink": "/entries/Sophomores_Dream.html",
"shortname": "Sophomores_Dream",
"title": "The Sophomore's Dream",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains a set of binary encodings for primitive data types, such as natural numbers, integers, floating-point numbers as well as combinators to construct encodings for products, lists, sets or functions of/between such types. For natural numbers and integers, the entry contains various encodings, such as Elias-Gamma-Codes and exponential Golomb Codes, which are efficient variable-length codes in use by current compression formats. A use-case for this library is measuring the persisted size of a complex data structure without having to hand-craft a dedicated encoding for it, independent of Isabelle's internal representation.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 93,
+ "id": 98,
"link": "/entries/Prefix_Free_Code_Combinators.html",
"permalink": "/entries/Prefix_Free_Code_Combinators.html",
"shortname": "Prefix_Free_Code_Combinators",
"title": "A Combinator Library for Prefix-Free Codes",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In 1999 Alon et. al. introduced the still active research topic of approximating the frequency moments of a data stream using randomized algorithms with minimal space usage. This includes the problem of estimating the cardinality of the stream elements - the zeroth frequency moment. But, also higher-order frequency moments that provide information about the skew of the data stream. (The \u003ci\u003ek\u003c/i\u003e-th frequency moment of a data stream is the sum of the \u003ci\u003ek\u003c/i\u003e-th powers of the occurrence counts of each element in the stream.) This entry formalizes three randomized algorithms for the approximation of \u003ci\u003eF\u003csub\u003e0\u003c/sub\u003e\u003c/i\u003e, \u003ci\u003eF\u003csub\u003e2\u003c/sub\u003e\u003c/i\u003e and \u003ci\u003eF\u003csub\u003ek\u003c/sub\u003e\u003c/i\u003e for \u003ci\u003ek ≥ 3\u003c/i\u003e based on [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/3-540-45726-7_1\"\u003e2\u003c/a\u003e] and verifies their expected accuracy, success probability and space usage.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 94,
+ "id": 99,
"link": "/entries/Frequency_Moments.html",
"permalink": "/entries/Frequency_Moments.html",
"shortname": "Frequency_Moments",
"title": "Formalization of Randomized Approximation Algorithms for Frequency Moments",
"topic_links": [
"computer-science/algorithms/approximation",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Approximation",
"Computer science/Algorithms/Randomized"
],
"used_by": 1
},
{
"abstract": "The type of real numbers is constructed from the positive rationals using the method of Dedekind cuts. This development, briefly described in papers by the authors, follows the textbook presentation by Gleason. It's notable that the first formalisation of a significant piece of mathematics, by Jutting in 1977, involved a similar construction.",
"authors": [
"Jacques D. Fleuriot",
"Lawrence C. Paulson"
],
"date": "2022-03-24",
- "id": 95,
+ "id": 100,
"link": "/entries/Dedekind_Real.html",
"permalink": "/entries/Dedekind_Real.html",
"shortname": "Dedekind_Real",
"title": "Constructing the Reals as Dedekind Cuts of Rationals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Ackermann's function is defined in the usual way and a number of its elementary properties are proved. Then, the primitive recursive functions are defined inductively: as a predicate on the functions that map lists of numbers to numbers. It is shown that every primitive recursive function is strictly dominated by Ackermann's function. The formalisation follows an earlier one by Nora Szasz.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-03-23",
- "id": 96,
+ "id": 101,
"link": "/entries/Ackermanns_not_PR.html",
"permalink": "/entries/Ackermanns_not_PR.html",
"shortname": "Ackermanns_not_PR",
"title": "Ackermann's Function Is Not Primitive Recursive",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Abstract_Completeness.html\"\u003eAbstract Completeness\u003c/a\u003e by Blanchette, Popescu and Traytel formalizes the core of Beth/Hintikka-style completeness proofs for first-order logic and can be used to formalize executable sequent calculus provers. In the Journal of Automated Reasoning, the authors instantiate the framework with a sequent calculus for first-order logic and prove its completeness. Their use of an infinite set of proof rules indexed by formulas yields very direct arguments. A fair stream of these rules controls the prover, making its definition remarkably simple. The AFP entry, however, only contains a toy example for propositional logic. The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/FOL_Seq_Calc2.html\"\u003eA Sequent Calculus Prover for First-Order Logic with Functions\u003c/a\u003e by From and Jacobsen also uses the framework, but uses a finite set of generic rules resulting in a more sophisticated prover with more complicated proofs. \u003c/p\u003e \u003cp\u003e This entry contains an executable sequent calculus prover for first-order logic with functions in the style presented by Blanchette et al. The prover can be exported to Haskell and this entry includes formalized proofs of its soundness and completeness. The proofs are simpler than those for the prover by From and Jacobsen but the performance of the prover is significantly worse. \u003c/p\u003e \u003cp\u003e The included theory \u003cem\u003eFair-Stream\u003c/em\u003e first proves that the sequence of natural numbers 0, 0, 1, 0, 1, 2, etc. is fair. It then proves that mapping any surjective function across the sequence preserves fairness. This method of obtaining a fair stream of rules is similar to the one given by Blanchette et al. The concrete functions from natural numbers to terms, formulas and rules are defined using the \u003cem\u003eNat-Bijection\u003c/em\u003e theory in the HOL-Library. \u003c/p\u003e",
"authors": [
"Asta Halkjær From"
],
"date": "2022-03-22",
- "id": 97,
+ "id": 102,
"link": "/entries/FOL_Seq_Calc3.html",
"permalink": "/entries/FOL_Seq_Calc3.html",
"shortname": "FOL_Seq_Calc3",
"title": "A Naive Prover for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn this article, I formalise a proof from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e; namely a formula that was called ‘one of the most beautiful formulas involving elementary functions’:\u003c/p\u003e \\[\\pi \\cot(\\pi z) = \\frac{1}{z} + \\sum_{n=1}^\\infty\\left(\\frac{1}{z+n} + \\frac{1}{z-n}\\right)\\] \u003cp\u003eThe proof uses Herglotz's trick to show the real case and analytic continuation for the complex case.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-03-15",
- "id": 98,
+ "id": 103,
"link": "/entries/Cotangent_PFD_Formula.html",
"permalink": "/entries/Cotangent_PFD_Formula.html",
"shortname": "Cotangent_PFD_Formula",
"title": "A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We redeveloped our formalization of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct proper generic extensions that satisfy the Continuum Hypothesis and its negation.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-06",
- "id": 99,
+ "id": 104,
"link": "/entries/Independence_CH.html",
"permalink": "/entries/Independence_CH.html",
"shortname": "Independence_CH",
"title": "The Independence of the Continuum Hypothesis in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We extend the ZF-Constructibility library by relativizing theories of the Isabelle/ZF and Delta System Lemma sessions to a transitive class. We also relativize Paulson's work on Aleph and our former treatment of the Axiom of Dependent Choices. This work is a prerrequisite to our formalization of the independence of the Continuum Hypothesis.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-03",
- "id": 100,
+ "id": 105,
"link": "/entries/Transitive_Models.html",
"permalink": "/entries/Transitive_Models.html",
"shortname": "Transitive_Models",
"title": "Transitive Models of Fragments of ZFC",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003eresiduated transition system\u003c/em\u003e (RTS) is a transition system that is equipped with a certain partial binary operation, called \u003cem\u003eresiduation\u003c/em\u003e, on transitions. Using the residuation operation, one can express nuances, such as a distinction between nondeterministic and concurrent choice, as well as partial commutativity relationships between transitions, which are not captured by ordinary transition systems. A version of residuated transition systems was introduced in previous work by the author, in which they were called “concurrent transition systems” in view of the original motivation for their definition from the study of concurrency. In the first part of the present article, we give a formal development that generalizes and subsumes the original presentation. We give an axiomatic definition of residuated transition systems that assumes only a single partial binary operation as given structure. From the axioms, we derive notions of “arrow“ (transition), “source”, “target”, “identity”, as well as “composition” and “join” of transitions; thereby recovering structure that in the previous work was assumed as given. We formalize and generalize the result, that residuation extends from transitions to transition paths, and we systematically develop the properties of this extension. A significant generalization made in the present work is the identification of a general notion of congruence on RTS’s, along with an associated quotient construction. \u003c/p\u003e \u003cp\u003e In the second part of this article, we use the RTS framework to formalize several results in the theory of reduction in Church’s λ-calculus. Using a de Bruijn index-based syntax in which terms represent parallel reduction steps, we define residuation on terms and show that it satisfies the axioms for an RTS. An application of the results on paths from the first part of the article allows us to prove the classical Church-Rosser Theorem with little additional effort. We then use residuation to define the notion of “development” and we prove the Finite Developments Theorem, that every development is finite, formalizing and adapting to de Bruijn indices a proof by de Vrijer. We also use residuation to define the notion of a “standard reduction path”, and we prove the Standardization Theorem: that every reduction path is congruent to a standard one. As a corollary of the Standardization Theorem, we obtain the Leftmost Reduction Theorem: that leftmost reduction is a normalizing strategy. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2022-02-28",
- "id": 101,
+ "id": 106,
"link": "/entries/ResiduatedTransitionSystem.html",
"permalink": "/entries/ResiduatedTransitionSystem.html",
"shortname": "ResiduatedTransitionSystem",
"title": "Residuated Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/concurrency",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Concurrency",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "A \u003ci\u003ek\u003c/i\u003e-universal hash family is a probability space of functions, which have uniform distribution and form \u003ci\u003ek\u003c/i\u003e-wise independent random variables. They can often be used in place of classic (or cryptographic) hash functions and allow the rigorous analysis of the performance of randomized algorithms and data structures that rely on hash functions. In 1981 \u003ca href=\"https://doi.org/10.1016/0022-0000(81)90033-7\"\u003eWegman and Carter\u003c/a\u003e introduced a generic construction for such families with arbitrary \u003ci\u003ek\u003c/i\u003e using polynomials over a finite field. This entry contains a formalization of them and establishes the property of \u003ci\u003ek\u003c/i\u003e-universality. To be useful the formalization also provides an explicit construction of finite fields using the factor ring of integers modulo a prime. Additionally, some generic results about independent families are shown that might be of independent interest.",
"authors": [
"Emin Karayel"
],
"date": "2022-02-20",
- "id": 102,
+ "id": 107,
"link": "/entries/Universal_Hash_Families.html",
"permalink": "/entries/Universal_Hash_Families.html",
"shortname": "Universal_Hash_Families",
"title": "Universal Hash Families",
"topic_links": [
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Randomized"
],
"used_by": 2
},
{
"abstract": "Let $F$ be a set of analytic functions on the complex plane such that, for each $z\\in\\mathbb{C}$, the set $\\{f(z) \\mid f\\in F\\}$ is countable; must then $F$ itself be countable? The answer is yes if the Continuum Hypothesis is false, i.e., if the cardinality of $\\mathbb{R}$ exceeds $\\aleph_1$. But if CH is true then such an $F$, of cardinality $\\aleph_1$, can be constructed by transfinite recursion. The formal proof illustrates reasoning about complex analysis (analytic and homomorphic functions) and set theory (transfinite cardinalities) in a single setting. The mathematical text comes from \u003cem\u003eProofs from THE BOOK\u003c/em\u003e by Aigner and Ziegler.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-02-18",
- "id": 103,
+ "id": 108,
"link": "/entries/Wetzels_Problem.html",
"permalink": "/entries/Wetzels_Problem.html",
"shortname": "Wetzels_Problem",
"title": "Wetzel's Problem and the Continuum Hypothesis",
"topic_links": [
"mathematics/analysis",
"logic/set-theory"
],
"topics": [
"Mathematics/Analysis",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function \u003ci\u003eeval\u003c/i\u003e checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding \u003ci\u003erelative safety\u003c/i\u003e) and computing the set of satisfying tuples if it is finite. Altogether the function \u003ci\u003eeval\u003c/i\u003e solves \u003ci\u003ecapturability\u003c/i\u003e (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function \u003ci\u003eeval\u003c/i\u003e to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.\u003cbr/\u003e We provide an interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an \u003ci\u003eexecutable\u003c/i\u003e function \u003ci\u003eeval\u003c/i\u003e. The time complexity of \u003ci\u003eeval\u003c/i\u003e on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-15",
- "id": 104,
+ "id": 109,
"link": "/entries/Eval_FO.html",
"permalink": "/entries/Eval_FO.html",
"shortname": "Eval_FO",
"title": "First-Order Query Evaluation",
"topic_links": [
"computer-science/data-management-systems",
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Computer science/Data management systems",
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eRuntime monitoring (or runtime verification) is an approach to checking compliance of a system's execution with a specification (e.g., a temporal formula). The system's execution is logged into a \u003ci\u003etrace\u003c/i\u003e\u0026mdash;a sequence of time-points, each consisting of a time-stamp and observed events. A \u003ci\u003emonitor\u003c/i\u003e is an algorithm that produces \u003ci\u003everdicts\u003c/i\u003e on the satisfaction of a temporal formula on a trace.\u003c/p\u003e \u003cp\u003eWe formalize the time-stamps as an abstract algebraic structure satisfying certain assumptions. Instances of this structure include natural numbers, real numbers, and lexicographic combinations of them. We also include the formalization of a conversion from the abstract time domain introduced by Koymans (1990) to our time-stamps.\u003c/p\u003e \u003cp\u003eWe formalize a monitoring algorithm for metric dynamic logic, an extension of metric temporal logic with regular expressions. The monitor computes whether a given formula is satisfied at every position in an input trace of time-stamped events. Our monitor follows the multi-head paradigm: it reads the input simultaneously at multiple positions and moves its reading heads asynchronously. This mode of operation results in unprecedented time and space complexity guarantees for metric dynamic logic: The monitor's amortized time complexity to process a time-point and the monitor's space complexity neither depends on the event-rate, i.e., the number of events within a fixed time-unit, nor on the numeric constants occurring in the quantitative temporal constraints in the given formula.\u003c/p\u003e \u003cp\u003eThe multi-head monitoring algorithm for metric dynamic logic is reported in our paper “Multi-Head Monitoring of Metric Dynamic Logic” published at ATVA 2020. We have also formalized unpublished specialized algorithms for the temporal operators of metric temporal logic.\u003c/p\u003e",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-13",
- "id": 105,
+ "id": 110,
"link": "/entries/VYDRA_MDL.html",
"permalink": "/entries/VYDRA_MDL.html",
"shortname": "VYDRA_MDL",
"title": "Multi-Head Monitoring of Metric Dynamic Logic",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains a formalization of an algorithm enumerating all equivalence relations on an initial segment of the natural numbers. The approach follows the method described by Stanton and White \u003ca href=\"https://doi.org/10.1007/978-1-4612-4968-9\"\u003e[5,§ 1.5]\u003c/a\u003e using restricted growth functions.\u003c/p\u003e \u003cp\u003eThe algorithm internally enumerates restricted growth functions (as lists), whose equivalence kernels then form the equivalence relations. This has the advantage that the representation is compact and lookup of the relation reduces to a list lookup operation.\u003c/p\u003e \u003cp\u003eThe algorithm can also be used within a proof and an example application is included, where a sequence of variables is split by the possible partitions they can form.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-02-04",
- "id": 106,
+ "id": 111,
"link": "/entries/Equivalence_Relation_Enumeration.html",
"permalink": "/entries/Equivalence_Relation_Enumeration.html",
"shortname": "Equivalence_Relation_Enumeration",
"title": "Enumeration of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Combinatorics",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "We formalize the weak and strong duality theorems of linear programming. For the strong duality theorem we provide three sufficient preconditions: both the primal problem and the dual problem are satisfiable, the primal problem is satisfiable and bounded, or the dual problem is satisfiable and bounded. The proofs are based on an existing formalization of Farkas' Lemma.",
"authors": [
"René Thiemann"
],
"date": "2022-02-03",
- "id": 107,
+ "id": 112,
"link": "/entries/LP_Duality.html",
"permalink": "/entries/LP_Duality.html",
"shortname": "LP_Duality",
"title": "Duality of Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "The notion of quasi-Borel spaces was introduced by \u003ca href=\"https://dl.acm.org/doi/10.5555/3329995.3330072\"\u003e Heunen et al\u003c/a\u003e. The theory provides a suitable denotational model for higher-order probabilistic programming languages with continuous distributions. This entry is a formalization of the theory of quasi-Borel spaces, including construction of quasi-Borel spaces (product, coproduct, function spaces), the adjunction between the category of measurable spaces and the category of quasi-Borel spaces, and the probability monad on quasi-Borel spaces. This entry also contains the formalization of the Bayesian regression presented in the work of Heunen et al. This work is a part of the work by same authors, \u003ci\u003eProgram Logic for Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e, which will be published in the proceedings of the 16th International Symposium on Functional and Logic Programming (FLOPS 2022).",
"authors": [
"Michikazu Hirata",
"Yasuhiko Minamide",
"Tetsuya Sato"
],
"date": "2022-02-03",
- "id": 108,
+ "id": 113,
"link": "/entries/Quasi_Borel_Spaces.html",
"permalink": "/entries/Quasi_Borel_Spaces.html",
"shortname": "Quasi_Borel_Spaces",
"title": "Quasi-Borel Spaces",
"topic_links": [
"mathematics/probability-theory",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The first-order theory of rewriting (FORT) is a decidable theory for linear variable-separated rewrite systems. The decision procedure is based on tree automata technique and an inference system presented in \"Certifying Proofs in the First-Order Theory of Rewriting\". This AFP entry provides a formalization of the underlying decision procedure. Moreover it allows to generate a function that can verify each inference step via the code generation facility of Isabelle/HOL. Additionally it contains the specification of a certificate language (that allows to state proofs in FORT) and a formalized function that allows to verify the validity of the proof. This gives software tool authors, that implement the decision procedure, the possibility to verify their output.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer"
],
"date": "2022-02-02",
- "id": 109,
+ "id": 114,
"link": "/entries/FO_Theory_Rewriting.html",
"permalink": "/entries/FO_Theory_Rewriting.html",
"shortname": "FO_Theory_Rewriting",
"title": "First-Order Theory of Rewriting",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/rewriting",
"logic/proof-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/Rewriting",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2022.13\"\u003edoi.org/10.4230/LIPIcs.ITP.2022.13\u003c/a\u003e.",
"authors": [
"Asta Halkjær From",
"Frederik Krogsdal Jacobsen"
],
"date": "2022-01-31",
- "id": 110,
+ "id": 115,
"link": "/entries/FOL_Seq_Calc2.html",
"permalink": "/entries/FOL_Seq_Calc2.html",
"shortname": "FOL_Seq_Calc2",
"title": "A Sequent Calculus Prover for First-Order Logic with Functions",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "Young's inequality states that $$ ab \\leq \\int_0^a f(x)dx + \\int_0^b f^{-1}(y) dy $$ where $a\\geq 0$, $b\\geq 0$ and $f$ is strictly increasing and continuous. Its proof is formalised following \u003ca href=\"https://www.jstor.org/stable/2318018\"\u003ethe development\u003c/a\u003e by Cunningham and Grossman. Their idea is to make the intuitive, geometric folklore proof rigorous by reasoning about step functions. The lack of the Riemann integral makes the development longer than one would like, but their argument is reproduced faithfully.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-31",
- "id": 111,
+ "id": 116,
"link": "/entries/Youngs_Inequality.html",
"permalink": "/entries/Youngs_Inequality.html",
"shortname": "Youngs_Inequality",
"title": "Young's Inequality for Increasing Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eA well known result from algebra is that, on any field, there is exactly one polynomial of degree less than n interpolating n points [\u003ca href=\"https://doi.org/10.1017/CBO9780511814549\"\u003e1\u003c/a\u003e, §7].\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the above result, as well as the following generalization in the case of finite fields \u003ci\u003eF\u003c/i\u003e: There are \u003ci\u003e|F|\u003csup\u003em-n\u003c/sup\u003e\u003c/i\u003e polynomials of degree less than \u003ci\u003em ≥ n\u003c/i\u003e interpolating the same n points, where \u003ci\u003e|F|\u003c/i\u003e denotes the size of the domain of the field. To establish the result the entry also includes a formalization of Lagrange interpolation, which might be of independent interest.\u003c/p\u003e \u003cp\u003eThe formalized results are defined on the algebraic structures from HOL-Algebra, which are distinct from the type-class based structures defined in HOL. Note that there is an existing formalization for polynomial interpolation and, in particular, Lagrange interpolation by Thiemann and Yamada [\u003ca href=\"https://www.isa-afp.org/entries/Polynomial_Interpolation.html\"\u003e2\u003c/a\u003e] on the type-class based structures in HOL.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-29",
- "id": 112,
+ "id": 117,
"link": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"permalink": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"shortname": "Interpolation_Polynomials_HOL_Algebra",
"title": "Interpolation Polynomials (in HOL-Algebra)",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThe median method is an amplification result for randomized approximation algorithms described in [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e]. Given an algorithm whose result is in a desired interval with a probability larger than \u003ci\u003e1/2\u003c/i\u003e, it is possible to improve the success probability, by running the algorithm multiple times independently and using the median. In contrast to using the mean, the amplification of the success probability grows exponentially with the number of independent runs.\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the underlying theorem: Given a sequence of n independent random variables, which are in a desired interval with a probability \u003ci\u003e1/2 + a\u003c/i\u003e. Then their median will be in the desired interval with a probability of \u003ci\u003e1 − exp(−2a\u003csup\u003e2\u003c/sup\u003e n)\u003c/i\u003e. In particular, the success probability approaches \u003ci\u003e1\u003c/i\u003e exponentially with the number of variables.\u003c/p\u003e \u003cp\u003eIn addition to that, this entry also contains a proof that order-statistics of Borel-measurable random variables are themselves measurable and that generalized intervals in linearly ordered Borel-spaces are measurable.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-25",
- "id": 113,
+ "id": 118,
"link": "/entries/Median_Method.html",
"permalink": "/entries/Median_Method.html",
"shortname": "Median_Method",
"title": "Median Method",
"topic_links": [
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Randomized"
],
"used_by": 1
},
{
"abstract": "Actuarial Mathematics is a theory in applied mathematics, which is mainly used for determining the prices of insurance products and evaluating the liability of a company associating with insurance contracts. It is related to calculus, probability theory and financial theory, etc. In this entry, I formalize the very basic part of Actuarial Mathematics in Isabelle/HOL. It includes the theory of interest, survival model, and life table. The theory of interest deals with interest rates, present value factors, an annuity certain, etc. The survival model is a probabilistic model that represents the human mortality. The life table is based on the survival model and used for practical calculations. I have already formalized the basic part of Actuarial Mathematics in Coq (https://github.com/Yosuke-Ito-345/Actuary) in a purely axiomatic manner. In contrast, Isabelle formalization is based on the probability theory and the survival model is developed as generally as possible. Such rigorous and general formulation seems very rare; at least I cannot find any similar documentation on the web. This formalization in Isabelle is still at an early stage, and I cannot guarantee the backward compatibility in the future development. If you heavily depend on this entry, please let me know. (Updated July 8th, 2023.) ",
"authors": [
"Yosuke Ito"
],
"date": "2022-01-23",
- "id": 114,
+ "id": 119,
"link": "/entries/Actuarial_Mathematics.html",
"permalink": "/entries/Actuarial_Mathematics.html",
"shortname": "Actuarial_Mathematics",
"title": "Actuarial Mathematics",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "An elementary proof is formalised: that \u003cem\u003eexp r\u003c/em\u003e is irrational for every nonzero rational number \u003cem\u003er\u003c/em\u003e. The mathematical development comes from the well-known volume \u003cem\u003eProofs from THE BOOK\u003c/em\u003e, by Aigner and Ziegler, who credit the idea to Hermite. The development illustrates a number of basic Isabelle techniques: the manipulation of summations, the calculation of quite complicated derivatives and the estimation of integrals. We also see how to import another AFP entry (Stirling's formula). As for the theorem itself, note that a much stronger and more general result (the Hermite--Lindemann--Weierstraß transcendence theorem) is already available in the AFP.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-08",
- "id": 115,
+ "id": 120,
"link": "/entries/Irrationals_From_THEBOOK.html",
"permalink": "/entries/Irrationals_From_THEBOOK.html",
"shortname": "Irrationals_From_THEBOOK",
"title": "Irrational numbers from THE BOOK",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the article \u003ci\u003eKnight's Tour Revisited\u003c/i\u003e by Cull and De Curtins where they prove the existence of a Knight's path for arbitrary \u003ci\u003en \u0026times; m\u003c/i\u003e-boards with \u003ci\u003emin(n,m) \u0026ge; 5\u003c/i\u003e. If \u003ci\u003en \u0026middot; m\u003c/i\u003e is even, then there exists a Knight's circuit. A Knight's Path is a sequence of moves of a Knight on a chessboard s.t. the Knight visits every square of a chessboard exactly once. Finding a Knight's path is a an instance of the Hamiltonian path problem. A Knight's circuit is a Knight's path, where additionally the Knight can move from the last square to the first square of the path, forming a loop. During the formalization two mistakes in the original proof were discovered. These mistakes are corrected in this formalization.",
"authors": [
"Lukas Koller"
],
"date": "2022-01-04",
- "id": 116,
+ "id": 121,
"link": "/entries/Knights_Tour.html",
"permalink": "/entries/Knights_Tour.html",
"shortname": "Knights_Tour",
"title": "Knight's Tour Revisited Revisited",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eHyperdual numbers are ones with a real component and a number of infinitesimal components, usually written as $a_0 + a_1 \\cdot \\epsilon_1 + a_2 \\cdot \\epsilon_2 + a_3 \\cdot \\epsilon_1\\epsilon_2$. They have been proposed by \u003ca href=\"https://doi.org/10.2514/6.2011-886\"\u003eFike and Alonso\u003c/a\u003e in an approach to automatic differentiation.\u003c/p\u003e \u003cp\u003eIn this entry we formalise hyperdual numbers and their application to forward differentiation. We show them to be an instance of multiple algebraic structures and then, along with facts about twice-differentiability, we define what we call the hyperdual extensions of functions on real-normed fields. This extension formally represents the proposed way that the first and second derivatives of a function can be automatically calculated. We demonstrate it on the standard logistic function $f(x) = \\frac{1}{1 + e^{-x}}$ and also reproduce the example analytic function $f(x) = \\frac{e^x}{\\sqrt{sin(x)^3 + cos(x)^3}}$ used for demonstration by Fike and Alonso.\u003c/p\u003e",
"authors": [
"Filip Smola",
"Jacques D. Fleuriot"
],
"date": "2021-12-31",
- "id": 117,
+ "id": 122,
"link": "/entries/Hyperdual.html",
"permalink": "/entries/Hyperdual.html",
"shortname": "Hyperdual",
"title": "Hyperdual Numbers and Forward Differentiation",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This is a stepwise refinement and proof of the Gale-Shapley stable matching (or marriage) algorithm down to executable code. Both a purely functional implementation based on lists and a functional implementation based on efficient arrays (provided by the Collections Framework in the AFP) are developed. The latter implementation runs in time \u003ci\u003eO(n\u003csup\u003e2\u003c/sup\u003e)\u003c/i\u003e where \u003ci\u003en\u003c/i\u003e is the cardinality of the two sets to be matched.",
"authors": [
"Tobias Nipkow"
],
"date": "2021-12-29",
- "id": 118,
+ "id": 123,
"link": "/entries/Gale_Shapley.html",
"permalink": "/entries/Gale_Shapley.html",
"shortname": "Gale_Shapley",
"title": "Gale-Shapley Algorithm",
"topic_links": [
"computer-science/algorithms",
"mathematics/games-and-economics"
],
"topics": [
"Computer science/Algorithms",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We formalise a proof of Roth's Theorem on Arithmetic Progressions, a major result in additive combinatorics on the existence of 3-term arithmetic progressions in subsets of natural numbers. To this end, we follow a proof using graph regularity. We employ our recent formalisation of Szemerédi's Regularity Lemma, a major result in extremal graph theory, which we use here to prove the Triangle Counting Lemma and the Triangle Removal Lemma. Our sources are Yufei Zhao's MIT lecture notes \"\u003ca href=\"https://yufeizhao.com/gtac/gtac.pdf\"\u003eGraph Theory and Additive Combinatorics\u003c/a\u003e\" (latest version \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003ehere\u003c/a\u003e) and W.T. Gowers's Cambridge lecture notes \"\u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTopics in Combinatorics\u003c/a\u003e\". We also refer to the University of Georgia notes by Stephanie Bell and Will Grodzicki, \"\u003ca href=\"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.432.327\"\u003eUsing Szemerédi's Regularity Lemma to Prove Roth's Theorem\u003c/a\u003e\".",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-12-28",
- "id": 119,
+ "id": 124,
"link": "/entries/Roth_Arithmetic_Progressions.html",
"permalink": "/entries/Roth_Arithmetic_Progressions.html",
"shortname": "Roth_Arithmetic_Progressions",
"title": "Roth's Theorem on Arithmetic Progressions",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Markov Decision Processes with rewards. In particular we first build on Hölzl's formalization of MDPs (AFP entry: Markov_Models) and extend them with rewards. We proceed with an analysis of the expected total discounted reward criterion for infinite horizon MDPs. The central result is the construction of the iteration rule for the Bellman operator. We prove the optimality equations for this operator and show the existence of an optimal stationary deterministic solution. The analysis can be used to obtain dynamic programming algorithms such as value iteration and policy iteration to solve MDPs with formal guarantees. Our formalization is based on chapters 5 and 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 120,
+ "id": 125,
"link": "/entries/MDP-Rewards.html",
"permalink": "/entries/MDP-Rewards.html",
"shortname": "MDP-Rewards",
"title": "Markov Decision Processes with Rewards",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "We present a formalization of algorithms for solving Markov Decision Processes (MDPs) with formal guarantees on the optimality of their solutions. In particular we build on our analysis of the Bellman operator for discounted infinite horizon MDPs. From the iterator rule on the Bellman operator we directly derive executable value iteration and policy iteration algorithms to iteratively solve finite MDPs. We also prove correct optimized versions of value iteration that use matrix splittings to improve the convergence rate. In particular, we formally verify Gauss-Seidel value iteration and modified policy iteration. The algorithms are evaluated on two standard examples from the literature, namely, inventory management and gridworld. Our formalization covers most of chapter 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 121,
+ "id": 126,
"link": "/entries/MDP-Algorithms.html",
"permalink": "/entries/MDP-Algorithms.html",
"shortname": "MDP-Algorithms",
"title": "Verified Algorithms for Solving Markov Decision Processes",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Tree automata have good closure properties and therefore a commonly used to prove/disprove properties. This formalization contains among other things the proofs of many closure properties of tree automata (anchored) ground tree transducers and regular relations. Additionally it includes the well known pumping lemma and a lifting of the Myhill Nerode theorem for regular languages to tree languages. We want to mention the existence of a \u003ca href=\"https://www.isa-afp.org/entries/Tree-Automata.html\"\u003etree automata APF-entry\u003c/a\u003e developed by Peter Lammich. His work is based on epsilon free top-down tree automata, while this entry builds on bottom-up tree auotamta with epsilon transitions. Moreover our formalization relies on the \u003ca href=\"https://www.isa-afp.org/entries/Collections.html\"\u003eCollections Framework\u003c/a\u003e, also by Peter Lammich, to obtain efficient code. All proven constructions of the closure properties are exportable using the Isabelle/HOL code generation facilities.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer",
"Christian Sternagel",
"René Thiemann",
"Thomas Sternagel"
],
"date": "2021-12-15",
- "id": 122,
+ "id": 127,
"link": "/entries/Regular_Tree_Relations.html",
"permalink": "/entries/Regular_Tree_Relations.html",
"shortname": "Regular_Tree_Relations",
"title": "Regular Tree Relations",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "In this work we formalise the isomorphism between simplicial complexes of dimension $n$ and monotone Boolean functions in $n$ variables, mainly following the definitions and results as introduced by N. A. Scoville. We also take advantage of the AFP representation of \u003ca href=\"https://www.isa-afp.org/entries/ROBDD.html\"\u003eROBDD\u003c/a\u003e (Reduced Ordered Binary Decision Diagrams) to compute the ROBDD representation of a given simplicial complex (by means of the isomorphism to Boolean functions). Some examples of simplicial complexes and associated Boolean functions are also presented.",
"authors": [
"Jesús Aransay",
"Alejandro del Campo",
"Julius Michaelis"
],
"date": "2021-11-29",
- "id": 123,
+ "id": 128,
"link": "/entries/Simplicial_complexes_and_boolean_functions.html",
"permalink": "/entries/Simplicial_complexes_and_boolean_functions.html",
"shortname": "Simplicial_complexes_and_boolean_functions",
"title": "Simplicial Complexes and Boolean functions",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The \u003cem\u003evan Emde Boas tree\u003c/em\u003e or \u003cem\u003evan Emde Boas priority queue\u003c/em\u003e is a data structure supporting membership test, insertion, predecessor and successor search, minimum and maximum determination and deletion in \u003cem\u003eO(log log U)\u003c/em\u003e time, where \u003cem\u003eU = 0,...,2\u003csup\u003en-1\u003c/sup\u003e\u003c/em\u003e is the overall range to be considered. \u003cp/\u003e The presented formalization follows Chapter 20 of the popular \u003cem\u003eIntroduction to Algorithms (3rd ed.)\u003c/em\u003e by Cormen, Leiserson, Rivest and Stein (CLRS), extending the list of formally verified CLRS algorithms. Our current formalization is based on the first author's bachelor's thesis. \u003cp/\u003e First, we prove correct a \u003cem\u003efunctional\u003c/em\u003e implementation, w.r.t. an abstract data type for sets. Apart from functional correctness, we show a resource bound, and runtime bounds w.r.t. manually defined timing functions for the operations. \u003cp/\u003e Next, we refine the operations to Imperative HOL with time, and show correctness and complexity. This yields a practically more efficient implementation, and eliminates the manually defined timing functions from the trusted base of the proof.",
"authors": [
"Thomas Ammer",
"Peter Lammich"
],
"date": "2021-11-23",
- "id": 124,
+ "id": 129,
"link": "/entries/Van_Emde_Boas_Trees.html",
"permalink": "/entries/Van_Emde_Boas_Trees.html",
"shortname": "Van_Emde_Boas_Trees",
"title": "van Emde Boas Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\"Foundations of Geometry\" is a mathematical book written by Hilbert in 1899. This entry is a complete formalization of \"Incidence\" (excluding cubic axioms), \"Order\" and \"Congruence\" (excluding point sequences) of the axioms constructed in this book. In addition, the theorem of the problem about the part that is treated implicitly and is not clearly stated in it is being carried out in parallel.",
"authors": [
"Fumiya Iwama"
],
"date": "2021-11-22",
- "id": 125,
+ "id": 130,
"link": "/entries/Foundation_of_geometry.html",
"permalink": "/entries/Foundation_of_geometry.html",
"shortname": "Foundation_of_geometry",
"title": "Foundation of geometry in planes, and some complements: Excluding the parallel axioms",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In this work we formalize the Hahn decomposition theorem for signed measures, namely that any measure space for a signed measure can be decomposed into a positive and a negative set, where every measurable subset of the positive one has a positive measure, and every measurable subset of the negative one has a negative measure. We also formalize the Jordan decomposition theorem as a corollary, which states that the signed measure under consideration admits a unique decomposition into a difference of two positive measures, at least one of which is finite.",
"authors": [
"Marie Cousin",
"Mnacho Echenim",
"Hervé Guiol"
],
"date": "2021-11-19",
- "id": 126,
+ "id": 131,
"link": "/entries/Hahn_Jordan_Decomposition.html",
"permalink": "/entries/Hahn_Jordan_Decomposition.html",
"shortname": "Hahn_Jordan_Decomposition",
"title": "The Hahn and Jordan Decomposition Theorems",
"topic_links": [
"mathematics/measure-and-integration"
],
"topics": [
"Mathematics/Measure and integration"
],
"used_by": 0
},
{
"abstract": "We present a shallow embedding of public announcement logic (PAL) with relativized general knowledge in HOL. We then use PAL to obtain an elegant encoding of the wise men puzzle, which we solve automatically using sledgehammer.",
"authors": [
"Christoph Benzmüller",
"Sebastian Reiche"
],
"date": "2021-11-08",
- "id": 127,
+ "id": 132,
"link": "/entries/PAL.html",
"permalink": "/entries/PAL.html",
"shortname": "PAL",
"title": "Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSimplified variants of Gödel's ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already in basic modal logics K or KT, (ii) which does not suffer from modal collapse, and (iii) which avoids the rather complex predicates of essence (Ess.) and necessary existence (NE) as used by Gödel. \u003c/p\u003e\u003cp\u003e Whether the presented variants increase or decrease the attractiveness and persuasiveness of the ontological argument is a question I would like to pass on to philosophy and theology. \u003c/p\u003e",
"authors": [
"Christoph Benzmüller"
],
"date": "2021-11-08",
- "id": 128,
+ "id": 133,
"link": "/entries/SimplifiedOntologicalArgument.html",
"permalink": "/entries/SimplifiedOntologicalArgument.html",
"shortname": "SimplifiedOntologicalArgument",
"title": "Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects",
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/Philosophical aspects",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The AFP already contains a verified implementation of algebraic numbers. However, it is has a severe limitation in its factorization algorithm of real and complex polynomials: the factorization is only guaranteed to succeed if the coefficients of the polynomial are rational numbers. In this work, we verify an algorithm to factor all real and complex polynomials whose coefficients are algebraic. The existence of such an algorithm proves in a constructive way that the set of complex algebraic numbers is algebraically closed. Internally, the algorithm is based on resultants of multivariate polynomials and an approximation algorithm using interval arithmetic.",
"authors": [
"Manuel Eberl",
"René Thiemann"
],
"date": "2021-11-08",
- "id": 129,
+ "id": 134,
"link": "/entries/Factor_Algebraic_Polynomial.html",
"permalink": "/entries/Factor_Algebraic_Polynomial.html",
"shortname": "Factor_Algebraic_Polynomial",
"title": "Factorization of Polynomials with Algebraic Coefficients",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "In this formalisation, we construct real exponents as the limits of sequences of rational exponents. In particular, if $a \\ge 1$ and $x \\in \\mathbb{R}$, we choose an increasing rational sequence $r_n$ such that $\\lim_{n\\to\\infty} {r_n} = x$. Then the sequence $a^{r_n}$ is increasing and if $r$ is any rational number such that $r \u003e x$, $a^{r_n}$ is bounded above by $a^r$. By the convergence criterion for monotone sequences, $a^{r_n}$ converges. We define $a^ x = \\lim_{n\\to\\infty} a^{r_n}$ and show that it has the expected properties (for $a \\ge 0$). This particular construction of real exponents is needed instead of the usual one using the natural logarithm and exponential functions (which already exists in Isabelle) to support our mechanical derivation of Euler's exponential series as an “infinite polynomial”. Aside from helping us avoid circular reasoning, this is, as far as we are aware, the first time real exponents are mechanised in this way within a proof assistant.",
"authors": [
"Jacques D. Fleuriot"
],
"date": "2021-11-08",
- "id": 130,
+ "id": 135,
"link": "/entries/Real_Power.html",
"permalink": "/entries/Real_Power.html",
"shortname": "Real_Power",
"title": "Real Exponents as the Limits of Sequences of Rational Exponents",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/Szemerédi_regularity_lemma\"\u003eSzemerédi's regularity lemma\u003c/a\u003e is a key result in the study of large graphs. It asserts the existence of an upper bound on the number of parts the vertices of a graph need to be partitioned into such that the edges between the parts are random in a certain sense. This bound depends only on the desired precision and not on the graph itself, in the spirit of Ramsey's theorem. The formalisation follows online course notes by \u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTim Gowers\u003c/a\u003e and \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003eYufei Zhao\u003c/a\u003e.",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-11-05",
- "id": 131,
+ "id": 136,
"link": "/entries/Szemeredi_Regularity.html",
"permalink": "/entries/Szemeredi_Regularity.html",
"shortname": "Szemeredi_Regularity",
"title": "Szemerédi's Regularity Lemma",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "A formalization of the theory of quantum and classical registers as developed by (Unruh, Quantum and Classical Registers). In a nutshell, a register refers to a part of a larger memory or system that can be accessed independently. Registers can be constructed from other registers and several (compatible) registers can be composed. This formalization develops both the generic theory of registers as well as specific instantiations for classical and quantum registers.",
"authors": [
"Dominique Unruh"
],
"date": "2021-10-28",
- "id": 132,
+ "id": 137,
"link": "/entries/Registers.html",
"permalink": "/entries/Registers.html",
"shortname": "Registers",
"title": "Quantum and Classical Registers",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled \"AGM 25 Years: Twenty-Five Years of Research in Belief Change\" was edited to summarize the first twenty five years of works based on AGM. This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established.",
"authors": [
"Valentin Fouillard",
"Safouan Taha",
"Frédéric Boulanger",
"Nicolas Sabouret"
],
"date": "2021-10-19",
- "id": 133,
+ "id": 138,
"link": "/entries/Belief_Revision.html",
"permalink": "/entries/Belief_Revision.html",
"shortname": "Belief_Revision",
"title": "Belief Revision Theory",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This AFP entry provides semantics for roughly 120 different X86-64 assembly instructions. These instructions include various moves, arithmetic/logical operations, jumps, call/return, SIMD extensions and others. External functions are supported by allowing a user to provide custom semantics for these calls. Floating-point operations are mapped to uninterpreted functions. The model provides semantics for register aliasing and a byte-level little-endian memory model. The semantics are purposefully incomplete, but overapproximative. For example, the precise effect of flags may be undefined for certain instructions, or instructions may simply have no semantics at all. In those cases, the semantics are mapped to universally quantified uninterpreted terms from a locale. Second, this entry provides a method to symbolic execution of basic blocks. The method, called “\u003ctt\u003ese_step\u003c/tt\u003e” (for: symbolic execution step) fetches an instruction and updates the current symbolic state while keeping track of assumptions made over the memory model. A key component is a set of theorems that prove how reads from memory resolve after writes have occurred. Thirdly, this entry provides a parser that allows the user to copy-paste the output of the standard disassembly tool objdump into Isabelle/HOL. A couple small and explanatory examples are included, including functions from the word count program. Several examples can be supplied upon request (they are not included due to the running time of verification): functions from the floating-point modulo function from FDLIBM, the GLIBC strlen function and the CoreUtils SHA256 implementation.",
"authors": [
"Freek Verbeek",
"Abhijith Bharadwaj",
"Joshua Bockenek",
"Ian Roessle",
"Timmy Weerwag",
"Binoy Ravindran"
],
"date": "2021-10-13",
- "id": 134,
+ "id": 139,
"link": "/entries/X86_Semantics.html",
"permalink": "/entries/X86_Semantics.html",
"shortname": "X86_Semantics",
"title": "X86 instruction semantics and basic block symbolic execution",
"topic_links": [
"computer-science/hardware",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Hardware",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "We study models of state-based non-deterministic sequential computations and describe them using algebras. We propose algebras that describe iteration for strict and non-strict computations. They unify computation models which differ in the fixpoints used to represent iteration. We propose algebras that describe the infinite executions of a computation. They lead to a unified approximation order and results that connect fixpoints in the approximation and refinement orders. This unifies the semantics of recursion for a range of computation models. We propose algebras that describe preconditions and the effect of while-programs under postconditions. They unify correctness statements in two dimensions: one statement applies in various computation models to various correctness claims.",
"authors": [
"Walter Guttmann"
],
"date": "2021-10-12",
- "id": 135,
+ "id": 140,
"link": "/entries/Correctness_Algebras.html",
"permalink": "/entries/Correctness_Algebras.html",
"shortname": "Correctness_Algebras",
"title": "Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This paper presents a formally verified quantifier elimination (QE) algorithm for first-order real arithmetic by linear and quadratic virtual substitution (VS) in Isabelle/HOL. The Tarski-Seidenberg theorem established that the first-order logic of real arithmetic is decidable by QE. However, in practice, QE algorithms are highly complicated and often combine multiple methods for performance. VS is a practically successful method for QE that targets formulas with low-degree polynomials. To our knowledge, this is the first work to formalize VS for quadratic real arithmetic including inequalities. The proofs necessitate various contributions to the existing multivariate polynomial libraries in Isabelle/HOL. Our framework is modularized and easily expandable (to facilitate integrating future optimizations), and could serve as a basis for developing practical general-purpose QE algorithms. Further, as our formalization is designed with practicality in mind, we export our development to SML and test the resulting code on 378 benchmarks from the literature, comparing to Redlog, Z3, Wolfram Engine, and SMT-RAT. This identified inconsistencies in some tools, underscoring the significance of a verified approach for the intricacies of real arithmetic.",
"authors": [
"Matias Scharager",
"Katherine Kosaian",
"Stefan Mitsch",
"André Platzer"
],
"date": "2021-10-02",
- "id": 136,
+ "id": 141,
"link": "/entries/Virtual_Substitution.html",
"permalink": "/entries/Virtual_Substitution.html",
"shortname": "Virtual_Substitution",
"title": "Verified Quadratic Virtual Substitution for Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2021.8\"\u003edoi.org/10.4230/LIPIcs.TYPES.2021.8\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-09-24",
- "id": 137,
+ "id": 142,
"link": "/entries/FOL_Axiomatic.html",
"permalink": "/entries/FOL_Axiomatic.html",
"shortname": "FOL_Axiomatic",
"title": "Soundness and Completeness of an Axiomatic System for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of bounded operators on complex vector spaces. Our formalization contains material on complex vector spaces (normed spaces, Banach spaces, Hilbert spaces) that complements and goes beyond the developments of real vectors spaces in the Isabelle/HOL standard library. We define the type of bounded operators between complex vector spaces (\u003cem\u003ecblinfun\u003c/em\u003e) and develop the theory of unitaries, projectors, extension of bounded linear functions (BLT theorem), adjoints, Loewner order, closed subspaces and more. For the finite-dimensional case, we provide code generation support by identifying finite-dimensional operators with matrices as formalized in the \u003ca href=\"Jordan_Normal_Form.html\"\u003eJordan_Normal_Form\u003c/a\u003e AFP entry.",
"authors": [
"José Manuel Rodríguez Caballero",
"Dominique Unruh"
],
"date": "2021-09-18",
- "id": 138,
+ "id": 143,
"link": "/entries/Complex_Bounded_Operators.html",
"permalink": "/entries/Complex_Bounded_Operators.html",
"shortname": "Complex_Bounded_Operators",
"title": "Complex Bounded Operators",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We define the weighted path order (WPO) and formalize several properties such as strong normalization, the subterm property, and closure properties under substitutions and contexts. Our definition of WPO extends the original definition by also permitting multiset comparisons of arguments instead of just lexicographic extensions. Therefore, our WPO not only subsumes lexicographic path orders (LPO), but also recursive path orders (RPO). We formally prove these subsumptions and therefore all of the mentioned properties of WPO are automatically transferable to LPO and RPO as well. Such a transformation is not required for Knuth\u0026ndash;Bendix orders (KBO), since they have already been formalized. Nevertheless, we still provide a proof that WPO subsumes KBO and thereby underline the generality of WPO.",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2021-09-16",
- "id": 139,
+ "id": 144,
"link": "/entries/Weighted_Path_Order.html",
"permalink": "/entries/Weighted_Path_Order.html",
"shortname": "Weighted_Path_Order",
"title": "A Formalization of Weighted Path Orders and Recursive Path Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "This article provides a foundational framework for the formalization of category theory in the object logic ZFC in HOL of the formal proof assistant Isabelle. More specifically, this article provides a formalization of canonical set-theoretic constructions internalized in the type \u003ci\u003eV\u003c/i\u003e associated with the ZFC in HOL, establishes a design pattern for the formalization of mathematical structures using sequences and locales, and showcases the developed infrastructure by providing formalizations of the elementary theories of digraphs and semicategories. The methodology chosen for the formalization of the theories of digraphs and semicategories (and categories in future articles) rests on the ideas that were originally expressed in the article \u003ci\u003eSet-Theoretical Foundations of Category Theory\u003c/i\u003e written by Solomon Feferman and Georg Kreisel. Thus, in the context of this work, each of the aforementioned mathematical structures is represented as a term of the type \u003ci\u003eV\u003c/i\u003e embedded into a stage of the von Neumann hierarchy.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 140,
+ "id": 145,
"link": "/entries/CZH_Foundations.html",
"permalink": "/entries/CZH_Foundations.html",
"shortname": "CZH_Foundations",
"title": "Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories",
"topic_links": [
"mathematics/category-theory",
"logic/set-theory"
],
"topics": [
"Mathematics/Category theory",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the foundations of the theory of 1-categories in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations that were established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 141,
+ "id": 146,
"link": "/entries/CZH_Elementary_Categories.html",
"permalink": "/entries/CZH_Elementary_Categories.html",
"shortname": "CZH_Elementary_Categories",
"title": "Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The article provides a formalization of elements of the theory of universal constructions for 1-categories (such as limits, adjoints and Kan extensions) in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL II: Elementary Theory of 1-Categories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 142,
+ "id": 147,
"link": "/entries/CZH_Universal_Constructions.html",
"permalink": "/entries/CZH_Universal_Constructions.html",
"shortname": "CZH_Universal_Constructions",
"title": "Category Theory for ZFC in HOL III: Universal Constructions",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "The article provides a collection of experimental general-purpose proof methods for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The methods in the collection offer functionality that is similar to certain aspects of the functionality provided by the standard proof methods of Isabelle that combine classical reasoning and rewriting, such as the method \u003ci\u003eauto\u003c/i\u003e, but use a different approach for rewriting. More specifically, these methods allow for the side conditions of the rewrite rules to be solved via intro-resolution.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 143,
+ "id": 148,
"link": "/entries/Conditional_Simplification.html",
"permalink": "/entries/Conditional_Simplification.html",
"shortname": "Conditional_Simplification",
"title": "Conditional Simplification",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This article provides a collection of experimental utilities for unoverloading of definitions and synthesis of conditional transfer rules for the object logic Isabelle/HOL of the formal proof assistant Isabelle written in Isabelle/ML.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 144,
+ "id": 149,
"link": "/entries/Conditional_Transfer_Rule.html",
"permalink": "/entries/Conditional_Transfer_Rule.html",
"shortname": "Conditional_Transfer_Rule",
"title": "Conditional Transfer Rule",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "In their article titled \u003ci\u003eFrom Types to Sets by Local Type Definitions in Higher-Order Logic\u003c/i\u003e and published in the proceedings of the conference \u003ci\u003eInteractive Theorem Proving\u003c/i\u003e in 2016, Ondřej Kunčar and Andrei Popescu propose an extension of the logic Isabelle/HOL and an associated algorithm for the relativization of the \u003ci\u003etype-based theorems\u003c/i\u003e to more flexible \u003ci\u003eset-based theorems\u003c/i\u003e, collectively referred to as \u003ci\u003eTypes-To-Sets\u003c/i\u003e. One of the aims of their work was to open an opportunity for the development of a software tool for applied relativization in the implementation of the logic Isabelle/HOL of the proof assistant Isabelle. In this article, we provide a prototype of a software framework for the interactive automated relativization of theorems in Isabelle/HOL, developed as an extension of the proof language Isabelle/Isar. The software framework incorporates the implementation of the proposed extension of the logic, and builds upon some of the ideas for further work expressed in the original article on Types-To-Sets by Ondřej Kunčar and Andrei Popescu and the subsequent article \u003ci\u003eSmooth Manifolds and Types to Sets for Linear Algebra in Isabelle/HOL\u003c/i\u003e that was written by Fabian Immler and Bohua Zhan and published in the proceedings of the \u003ci\u003eInternational Conference on Certified Programs and Proofs\u003c/i\u003e in 2019.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 145,
+ "id": 150,
"link": "/entries/Types_To_Sets_Extension.html",
"permalink": "/entries/Types_To_Sets_Extension.html",
"shortname": "Types_To_Sets_Extension",
"title": "Extension of Types-To-Sets",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The article provides the command \u003cb\u003emk_ide\u003c/b\u003e for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The command \u003cb\u003emk_ide\u003c/b\u003e enables the automated synthesis of the introduction, destruction and elimination rules from arbitrary definitions of constant predicates stated in Isabelle/HOL.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 146,
+ "id": 151,
"link": "/entries/Intro_Dest_Elim.html",
"permalink": "/entries/Intro_Dest_Elim.html",
"shortname": "Intro_Dest_Elim",
"title": "IDE: Introduction, Destruction, Elimination",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This entry formalises the fast iterative algorithm for computing dominators due to Cooper, Harvey and Kennedy. It gives a specification of computing dominators on a control flow graph where each node refers to its reverse post order number. A semilattice of reversed-ordered list which represents dominators is built and a Kildall-style algorithm on the semilattice is defined for computing dominators. Finally the soundness and completeness of the algorithm are proved w.r.t. the specification.",
"authors": [
"Nan Jiang"
],
"date": "2021-09-05",
- "id": 147,
+ "id": 152,
"link": "/entries/Dominance_CHK.html",
"permalink": "/entries/Dominance_CHK.html",
"shortname": "Dominance_CHK",
"title": "A data flow analysis algorithm for computing dominators",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize Cardano's formula to solve a cubic equation $$ax^3 + bx^2 + cx + d = 0,$$ as well as Ferrari's formula to solve a quartic equation. We further turn both formulas into executable algorithms based on the algebraic number implementation in the AFP. To this end we also slightly extended this library, namely by making the minimal polynomial of an algebraic number executable, and by defining and implementing $n$-th roots of complex numbers.\u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2021-09-03",
- "id": 148,
+ "id": 153,
"link": "/entries/Cubic_Quartic_Equations.html",
"permalink": "/entries/Cubic_Quartic_Equations.html",
"shortname": "Cubic_Quartic_Equations",
"title": "Solving Cubic and Quartic Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.",
"authors": [
"Pasquale Noce"
],
"date": "2021-08-26",
- "id": 149,
+ "id": 154,
"link": "/entries/Logging_Independent_Anonymity.html",
"permalink": "/entries/Logging_Independent_Anonymity.html",
"shortname": "Logging_Independent_Anonymity",
"title": "Logging-independent Message Anonymity in the Relational Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "The Descartes test based on Bernstein coefficients and Descartes’ rule of signs effectively (over-)approximates the number of real roots of a univariate polynomial over an interval. In this entry we formalise the theorem of three circles, which gives sufficient conditions for when the Descartes test returns 0 or 1. This is the first step for efficient root isolation.",
"authors": [
"Fox Thomson",
"Wenda Li"
],
"date": "2021-08-21",
- "id": 150,
+ "id": 155,
"link": "/entries/Three_Circles.html",
"permalink": "/entries/Three_Circles.html",
"shortname": "Three_Circles",
"title": "The Theorem of Three Circles",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system [\u003ca href=\"https://doi.org/10.1007/978-3-319-08867-9_11\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-020-09566-9\"\u003e2\u003c/a\u003e]. The confidentiality properties refer to the documents managed by the system, namely papers, reviews, discussion logs and acceptance/rejection decisions, and also to the assignment of reviewers to papers. They have all been formulated as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e4\u003c/a\u003e] and verified using the BD Security unwinding technique.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 151,
+ "id": 156,
"link": "/entries/CoCon.html",
"permalink": "/entries/CoCon.html",
"shortname": "CoCon",
"title": "CoCon: A Confidentiality-Verified Conference Management System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Building on a previous \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003eAFP entry\u003c/a\u003e that formalizes the Bounded-Deducibility Security (BD Security) framework \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e, we formalize compositionality and transport theorems for information flow security. These results allow lifting BD Security properties from individual components specified as transition systems, to a composition of systems specified as communicating products of transition systems. The underlying ideas of these results are presented in the papers \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e[2]\u003c/a\u003e. The latter paper also describes a major case study where these results have been used: on verifying the CoSMeDis distributed social media platform (itself formalized as an \u003ca href=\"https://www.isa-afp.org/entries/CoSMeDis.html\"\u003eAFP entry\u003c/a\u003e that builds on this entry).",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 152,
+ "id": 157,
"link": "/entries/BD_Security_Compositional.html",
"permalink": "/entries/BD_Security_Compositional.html",
"shortname": "BD_Security_Compositional",
"title": "Compositional BD Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMed social media platform. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e1\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e2\u003c/a\u003e]. An innovation in the deployment of BD Security compared to previous work is the use of dynamic declassification triggers, incorporated as part of inductive bounds, for providing stronger guarantees that account for the repeated opening and closing of access windows. To further strengthen the confidentiality guarantees, we also prove \"traceback\" properties about the accessibility decisions affecting the information managed by the system.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 153,
+ "id": 158,
"link": "/entries/CoSMed.html",
"permalink": "/entries/CoSMed.html",
"shortname": "CoSMed",
"title": "CoSMed: A confidentiality-verified social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMeDis distributed social media platform presented in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e]. CoSMeDis is a multi-node extension the CoSMed prototype social media platform [\u003ca href=\"https://doi.org/10.1007/978-3-319-43144-4_6\"\u003e2\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-017-9443-3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/CoSMed.html\"\u003e4\u003c/a\u003e]. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e5\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e6\u003c/a\u003e]. The lifting of confidentiality properties from single nodes to the entire CoSMeDis network is performed using compositionality and transport theorems for BD Security, which are described in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e] and formalized in a separate \u003ca href=\"https://www.isa-afp.org/entries/BD_Security_Compositional.html\"\u003eAFP entry\u003c/a\u003e.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 154,
+ "id": 159,
"link": "/entries/CoSMeDis.html",
"permalink": "/entries/CoSMeDis.html",
"shortname": "CoSMeDis",
"title": "CoSMeDis: A confidentiality-verified distributed social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry defines a type class with an operator returning a fresh identifier, given a set of already used identifiers and a preferred identifier. The entry provides a default instantiation for any infinite type, as well as executable instantiations for natural numbers and strings.",
"authors": [
"Andrei Popescu",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 155,
+ "id": 160,
"link": "/entries/Fresh_Identifiers.html",
"permalink": "/entries/Fresh_Identifiers.html",
"shortname": "Fresh_Identifiers",
"title": "Fresh identifiers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "Combinatorial design theory studies incidence set systems with certain balance and symmetry properties. It is closely related to hypergraph theory. This formalisation presents a general library for formal reasoning on incidence set systems, designs and their applications, including formal definitions and proofs for many key properties, operations, and theorems on the construction and existence of designs. Notably, this includes formalising t-designs, balanced incomplete block designs (BIBD), group divisible designs (GDD), pairwise balanced designs (PBD), design isomorphisms, and the relationship between graphs and designs. A locale-centric approach has been used to manage the relationships between the many different types of designs. Theorems of particular interest include the necessary conditions for existence of a BIBD, Wilson's construction on GDDs, and Bose's inequality on resolvable designs. Parts of this formalisation are explored in the paper \"A Modular First Formalisation of Combinatorial Design Theory\", presented at CICM 2021.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2021-08-13",
- "id": 156,
+ "id": 161,
"link": "/entries/Design_Theory.html",
"permalink": "/entries/Design_Theory.html",
"shortname": "Design_Theory",
"title": "Combinatorial Design Theory",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "We study second-order formalisations of graph properties expressed as first-order formulas in relation algebras extended with a Kleene star. The formulas quantify over relations while still avoiding quantification over elements of the base set. We formalise the property of undirected graphs being acyclic this way. This involves a study of various kinds of orientation of graphs. We also verify basic algorithms to constructively prove several second-order properties.",
"authors": [
"Walter Guttmann"
],
"date": "2021-08-03",
- "id": 157,
+ "id": 162,
"link": "/entries/Relational_Forests.html",
"permalink": "/entries/Relational_Forests.html",
"shortname": "Relational_Forests",
"title": "Relational Forests",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Schutz' system of axioms for Minkowski spacetime published under the name \"Independent axioms for Minkowski space-time\" in 1997, as well as most of the results in the third chapter (\"Temporal Order on a Path\") of the above monograph. Many results are proven here that cannot be found in Schutz, either preceding the theorem they are needed for, or within their own thematic section.",
"authors": [
"Richard Schmoetten",
"Jake Palmer",
"Jacques D. Fleuriot"
],
"date": "2021-07-27",
- "id": 158,
+ "id": 163,
"link": "/entries/Schutz_Spacetime.html",
"permalink": "/entries/Schutz_Spacetime.html",
"shortname": "Schutz_Spacetime",
"title": "Schutz' Independent Axioms for Minkowski Spacetime",
"topic_links": [
"mathematics/physics",
"mathematics/geometry"
],
"topics": [
"Mathematics/Physics",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This article deals with the formalisation of some group-theoretic results including the fundamental theorem of finitely generated abelian groups characterising the structure of these groups as a uniquely determined product of cyclic groups. Both the invariant factor decomposition and the primary decomposition are covered. Additional work includes results about the direct product, the internal direct product and more group-theoretic lemmas.",
"authors": [
"Joseph Thommes",
"Manuel Eberl"
],
"date": "2021-07-07",
- "id": 159,
+ "id": 164,
"link": "/entries/Finitely_Generated_Abelian_Groups.html",
"permalink": "/entries/Finitely_Generated_Abelian_Groups.html",
"shortname": "Finitely_Generated_Abelian_Groups",
"title": "Finitely Generated Abelian Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "SpecCheck is a \u003ca href=\"https://en.wikipedia.org/wiki/QuickCheck\"\u003eQuickCheck\u003c/a\u003e-like testing framework for Isabelle/ML. You can use it to write specifications for ML functions. SpecCheck then checks whether your specification holds by testing your function against a given number of generated inputs. It helps you to identify bugs by printing counterexamples on failure and provides you timing information. SpecCheck is customisable and allows you to specify your own input generators, test output formats, as well as pretty printers and shrinking functions for counterexamples among other things.",
"authors": [
"Kevin Kappelmann",
"Lukas Bulwahn",
"Sebastian Willenbrink"
],
"date": "2021-07-01",
- "id": 160,
+ "id": 165,
"link": "/entries/SpecCheck.html",
"permalink": "/entries/SpecCheck.html",
"shortname": "SpecCheck",
"title": "SpecCheck - Specification-Based Testing for Isabelle/ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 4
},
{
"abstract": "This article formalises the proof of Van der Waerden's Theorem from Ramsey theory. Van der Waerden's Theorem states that for integers $k$ and $l$ there exists a number $N$ which guarantees that if an integer interval of length at least $N$ is coloured with $k$ colours, there will always be an arithmetic progression of length $l$ of the same colour in said interval. The proof goes along the lines of \\cite{Swan}. The smallest number $N_{k,l}$ fulfilling Van der Waerden's Theorem is then called the Van der Waerden Number. Finding the Van der Waerden Number is still an open problem for most values of $k$ and $l$.",
"authors": [
"Katharina Kreuzer",
"Manuel Eberl"
],
"date": "2021-06-22",
- "id": 161,
+ "id": 166,
"link": "/entries/Van_der_Waerden.html",
"permalink": "/entries/Van_der_Waerden.html",
"shortname": "Van_der_Waerden",
"title": "Van der Waerden's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "MiniSail is a kernel language for Sail, an instruction set architecture (ISA) specification language. Sail is an imperative language with a light-weight dependent type system similar to refinement type systems. From an ISA specification, the Sail compiler can generate theorem prover code and C (or OCaml) to give an executable emulator for an architecture. The idea behind MiniSail is to capture the key and novel features of Sail in terms of their syntax, typing rules and operational semantics, and to confirm that they work together by proving progress and preservation lemmas. We use the Nominal2 library to handle binding.",
"authors": [
"Mark Wassell"
],
"date": "2021-06-18",
- "id": 162,
+ "id": 167,
"link": "/entries/MiniSail.html",
"permalink": "/entries/MiniSail.html",
"shortname": "MiniSail",
"title": "MiniSail - A kernel language for the ISA specification language SAIL",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of public announcement logic. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-06-17",
- "id": 163,
+ "id": 168,
"link": "/entries/Public_Announcement_Logic.html",
"permalink": "/entries/Public_Announcement_Logic.html",
"shortname": "Public_Announcement_Logic",
"title": "Public Announcement Logic",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This paper presents a compiler correctness proof for the didactic imperative programming language IMP, introduced in Nipkow and Klein's book on formal programming language semantics (version of March 2021), whose size is just two thirds of the book's proof in the number of formal text lines. As such, it promises to constitute a further enhanced reference for the formal verification of compilers meant for larger, real-world programming languages. The presented proof does not depend on language determinism, so that the proposed approach can be applied to non-deterministic languages as well. As a confirmation, this paper extends IMP with an additional non-deterministic choice command, and proves compiler correctness, viz. the simulation of compiled code execution by source code, for such extended language.",
"authors": [
"Pasquale Noce"
],
"date": "2021-06-04",
- "id": 164,
+ "id": 169,
"link": "/entries/IMP_Compiler.html",
"permalink": "/entries/IMP_Compiler.html",
"shortname": "IMP_Compiler",
"title": "A Shorter Compiler Correctness Proof for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We formalize basics of Combinatorics on Words. This is an extension of existing theories on lists. We provide additional properties related to prefix, suffix, factor, length and rotation. The topics include prefix and suffix comparability, mismatch, word power, total and reversed morphisms, border, periods, primitivity and roots. We also formalize basic, mostly folklore results related to word equations: equidivisibility, commutation and conjugation. Slightly advanced properties include the Periodicity lemma (often cited as the Fine and Wilf theorem) and the variant of the Lyndon-Schützenberger theorem for words, including its full parametric solution. We support the algebraic point of view which sees words as generators of submonoids of a free monoid. This leads to the concepts of the (free) hull, the (free) basis (or code). We also provide relevant proof methods and a tool to generate reverse-symmetric claims.",
"authors": [
"Štěpán Holub",
"Martin Raška",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 165,
+ "id": 170,
"link": "/entries/Combinatorics_Words.html",
"permalink": "/entries/Combinatorics_Words.html",
"shortname": "Combinatorics_Words",
"title": "Combinatorics on Words Basics",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "Graph lemma quantifies the defect effect of a system of word equations. That is, it provides an upper bound on the rank of the system. We formalize the proof based on the decomposition of a solution into its free basis. A direct application is an alternative proof of the fact that two noncommuting words form a code.",
"authors": [
"Štěpán Holub",
"Martin Raška",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 166,
+ "id": 171,
"link": "/entries/Combinatorics_Words_Graph_Lemma.html",
"permalink": "/entries/Combinatorics_Words_Graph_Lemma.html",
"shortname": "Combinatorics_Words_Graph_Lemma",
"title": "Graph Lemma",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "Lyndon words are words lexicographically minimal in their conjugacy class. We formalize their basic properties and characterizations, in particular the concepts of the longest Lyndon suffix and the Lyndon factorization. Most of the work assumes a fixed lexicographical order. Nevertheless we also define the smallest relation guaranteeing lexicographical minimality of a given word (in its conjugacy class).",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 167,
+ "id": 172,
"link": "/entries/Combinatorics_Words_Lyndon.html",
"permalink": "/entries/Combinatorics_Words_Lyndon.html",
"shortname": "Combinatorics_Words_Lyndon",
"title": "Lyndon words",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This development provides a general definition for safe Regression Test Selection (RTS) algorithms. RTS algorithms select which tests to rerun on revised code, reducing the time required to check for newly introduced errors. An RTS algorithm is considered safe if and only if all deselected tests would have unchanged results. This definition is instantiated with two class-collection-based RTS algorithms run over the JVM as modeled by JinjaDCI. This is achieved with a general definition for Collection Semantics, small-step semantics instrumented to collect information during execution. As the RTS definition mandates safety, these instantiations include proofs of safety. This work is described in Mansky and Gunter's LSFA 2020 paper and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-04-30",
- "id": 168,
+ "id": 173,
"link": "/entries/Regression_Test_Selection.html",
"permalink": "/entries/Regression_Test_Selection.html",
"shortname": "Regression_Test_Selection",
"title": "Regression Test Selection",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "In this entry we formalize Isabelle's metalogic in Isabelle/HOL. Furthermore, we define a language of proof terms and an executable proof checker and prove its soundness wrt. the metalogic. The formalization is intentionally kept close to the Isabelle implementation(for example using de Brujin indices) to enable easy integration of generated code with the Isabelle system without a complicated translation layer. The formalization is described in our \u003ca href=\"https://arxiv.org/pdf/2104.12224.pdf\"\u003eCADE 28 paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow",
"Simon Roßkopf"
],
"date": "2021-04-27",
- "id": 169,
+ "id": 174,
"link": "/entries/Metalogic_ProofChecker.html",
"permalink": "/entries/Metalogic_ProofChecker.html",
"shortname": "Metalogic_ProofChecker",
"title": "Isabelle's Metalogic: Formalization and Proof Checker",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We formalize the \u003ci\u003eLifting the Exponent Lemma\u003c/i\u003e, which shows how to find the largest power of $p$ dividing $a^n \\pm b^n$, for a prime $p$ and positive integers $a$ and $b$. The proof follows \u003ca href=\"https://s3.amazonaws.com/aops-cdn.artofproblemsolving.com/resources/articles/lifting-the-exponent.pdf\"\u003eAmir Hossein Parvardi's\u003c/a\u003e.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-04-27",
- "id": 170,
+ "id": 175,
"link": "/entries/Lifting_the_Exponent.html",
"permalink": "/entries/Lifting_the_Exponent.html",
"shortname": "Lifting_the_Exponent",
"title": "Lifting the Exponent",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize the univariate case of Ben-Or, Kozen, and Reif's decision procedure for first-order real arithmetic (the BKR algorithm). We also formalize the univariate case of Renegar's variation of the BKR algorithm. The two formalizations differ mathematically in minor ways (that have significant impact on the multivariate case), but are quite similar in proof structure. Both rely on sign-determination (finding the set of consistent sign assignments for a set of polynomials). The method used for sign-determination is similar to Tarski's original quantifier elimination algorithm (it stores key information in a matrix equation), but with a reduction step to keep complexity low.",
"authors": [
"Katherine Kosaian",
"Yong Kiam Tan",
"André Platzer"
],
"date": "2021-04-24",
- "id": 171,
+ "id": 176,
"link": "/entries/BenOr_Kozen_Reif.html",
"permalink": "/entries/BenOr_Kozen_Reif.html",
"shortname": "BenOr_Kozen_Reif",
"title": "The BKR Decision Procedure for Univariate Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 3
},
{
"abstract": "This is a formalisation of the main result of Gale and Stewart from 1953, showing that closed finite games are determined. This property is now known as the Gale Stewart Theorem. While the original paper shows some additional theorems as well, we only formalize this main result, but do so in a somewhat general way. We formalize games of a fixed arbitrary length, including infinite length, using co-inductive lists, and show that defensive strategies exist unless the other player is winning. For closed games, defensive strategies are winning for the closed player, proving that such games are determined. For finite games, which are a special case in our formalisation, all games are closed.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2021-04-23",
- "id": 172,
+ "id": 177,
"link": "/entries/GaleStewart_Games.html",
"permalink": "/entries/GaleStewart_Games.html",
"shortname": "GaleStewart_Games",
"title": "Gale-Stewart Games",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Large-scale stream processing systems often follow the dataflow paradigm, which enforces a program structure that exposes a high degree of parallelism. The Timely Dataflow distributed system supports expressive cyclic dataflows for which it offers low-latency data- and pipeline-parallel stream processing. To achieve high expressiveness and performance, Timely Dataflow uses an intricate distributed protocol for tracking the computation’s progress. We formalize this progress tracking protocol and verify its safety. Our formalization is described in detail in our forthcoming \u003ca href=\"https://traytel.bitbucket.io/papers/itp21-progress_tracking/safe.pdf\"\u003eITP'21 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Sára Decova",
"Andrea Lattuada",
"Dmitriy Traytel"
],
"date": "2021-04-13",
- "id": 173,
+ "id": 178,
"link": "/entries/Progress_Tracking.html",
"permalink": "/entries/Progress_Tracking.html",
"shortname": "Progress_Tracking",
"title": "Formalization of Timely Dataflow's Progress Tracking Protocol",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "We provide a characterisation of how information is propagated by program executions based on the tracking data and control dependencies within executions themselves. The characterisation might be used for deriving approximative safety properties to be targeted by static analyses or checked at runtime. We utilise a simple yet versatile control flow graph model as a program representation. As our model is not assumed to be finite it can be instantiated for a broad class of programs. The targeted security property is indistinguishable security where executions produce sequences of observations and only non-terminating executions are allowed to drop a tail of those. A very crude approximation of our characterisation is slicing based on program dependence graphs, which we use as a minimal example and derive a corresponding soundness result. For further details and applications refer to the authors upcoming dissertation.",
"authors": [
"Benedikt Nordhoff"
],
"date": "2021-04-01",
- "id": 174,
+ "id": 179,
"link": "/entries/IFC_Tracking.html",
"permalink": "/entries/IFC_Tracking.html",
"shortname": "IFC_Tracking",
"title": "Information Flow Control via Dependency Tracking",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We formalize mainstream structures in algebraic geometry culminating in Grothendieck's schemes: presheaves of rings, sheaves of rings, ringed spaces, locally ringed spaces, affine schemes and schemes. We prove that the spectrum of a ring is a locally ringed space, hence an affine scheme. Finally, we prove that any affine scheme is a scheme.",
"authors": [
"Anthony Bordg",
"Lawrence C. Paulson",
"Wenda Li"
],
"date": "2021-03-29",
- "id": 175,
+ "id": 180,
"link": "/entries/Grothendieck_Schemes.html",
"permalink": "/entries/Grothendieck_Schemes.html",
"shortname": "Grothendieck_Schemes",
"title": "Grothendieck's Schemes in Algebraic Geometry",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the ring of \u003cem\u003ep\u003c/em\u003e-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of quotients of the integers by powers of a fixed prime \u003cem\u003ep\u003c/em\u003e. We define an integer-valued valuation, as well as an extended-integer valued valuation which sends 0 to the infinite element. Basic topological facts about the \u003cem\u003ep\u003c/em\u003e-adic integers are formalized, including completeness and sequential compactness. Taylor expansions of polynomials over a commutative ring are defined, culminating in the formalization of Hensel's Lemma based on a proof due to Keith Conrad.",
"authors": [
"Aaron Crighton"
],
"date": "2021-03-23",
- "id": 176,
+ "id": 181,
"link": "/entries/Padic_Ints.html",
"permalink": "/entries/Padic_Ints.html",
"shortname": "Padic_Ints",
"title": "Hensel's Lemma for the p-adic Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "Constructive Cryptography (CC) [\u003ca href=\"https://conference.iiis.tsinghua.edu.cn/ICS2011/content/papers/14.html\"\u003eICS 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-642-27375-9_3\"\u003eTOSCA 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-53641-4_1\"\u003eTCC 2016\u003c/a\u003e] introduces an abstract approach to composable security statements that allows one to focus on a particular aspect of security proofs at a time. Instead of proving the properties of concrete systems, CC studies system classes, i.e., the shared behavior of similar systems, and their transformations. Modeling of systems communication plays a crucial role in composability and reusability of security statements; yet, this aspect has not been studied in any of the existing CC results. We extend our previous CC formalization [\u003ca href=\"https://isa-afp.org/entries/Constructive_Cryptography.html\"\u003eConstructive_Cryptography\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1109/CSF.2019.00018\"\u003eCSF 2019\u003c/a\u003e] with a new semantic domain called Fused Resource Templates (FRT) that abstracts over the systems communication patterns in CC proofs. This widens the scope of cryptography proof formalizations in the CryptHOL library [\u003ca href=\"https://isa-afp.org/entries/CryptHOL.html\"\u003eCryptHOL\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-49498-1_20\"\u003eESOP 2016\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s00145-019-09341-z\"\u003eJ Cryptol 2020\u003c/a\u003e]. This formalization is described in \u003ca href=\"http://www.andreas-lochbihler.de/pub/basin2021.pdf\"\u003eAbstract Modeling of Systems Communication in Constructive Cryptography using CryptHOL\u003c/a\u003e.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2021-03-17",
- "id": 177,
+ "id": 182,
"link": "/entries/Constructive_Cryptography_CM.html",
"permalink": "/entries/Constructive_Cryptography_CM.html",
"shortname": "Constructive_Cryptography_CM",
"title": "Constructive Cryptography in HOL: the Communication Modeling Aspect",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "We verify two algorithms for which modular arithmetic plays an essential role: Storjohann's variant of the LLL lattice basis reduction algorithm and Kopparty's algorithm for computing the Hermite normal form of a matrix. To do this, we also formalize some facts about the modulo operation with symmetric range. Our implementations are based on the original papers, but are otherwise efficient. For basis reduction we formalize two versions: one that includes all of the optimizations/heuristics from Storjohann's paper, and one excluding a heuristic that we observed to often decrease efficiency. We also provide a fast, self-contained certifier for basis reduction, based on the efficient Hermite normal form algorithm.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"René Thiemann"
],
"date": "2021-03-12",
- "id": 178,
+ "id": 183,
"link": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"permalink": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"shortname": "Modular_arithmetic_LLL_and_HNF_algorithms",
"title": "Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "This work contains a formalization of quantum projective measurements, also known as von Neumann measurements, which are based on elements of spectral theory. We also formalized the CHSH inequality, an inequality involving expectations in a probability space that is violated by quantum measurements, thus proving that quantum mechanics cannot be modeled with an underlying local hidden-variable theory.",
"authors": [
"Mnacho Echenim"
],
"date": "2021-03-03",
- "id": 179,
+ "id": 184,
"link": "/entries/Projective_Measurements.html",
"permalink": "/entries/Projective_Measurements.html",
"shortname": "Projective_Measurements",
"title": "Quantum projective measurements and the CHSH inequality",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Hermite-Lindemann-Weierstraß Theorem (also known as simply Hermite-Lindemann or Lindemann-Weierstraß). This theorem is one of the crowning achievements of 19th century number theory.\u003c/p\u003e \u003cp\u003eThe theorem states that if $\\alpha_1, \\ldots, \\alpha_n\\in\\mathbb{C}$ are algebraic numbers that are linearly independent over $\\mathbb{Z}$, then $e^{\\alpha_1},\\ldots,e^{\\alpha_n}$ are algebraically independent over $\\mathbb{Q}$.\u003c/p\u003e \u003cp\u003eLike the \u003ca href=\"https://doi.org/10.1007/978-3-319-66107-0_5\"\u003eprevious formalisation in Coq by Bernard\u003c/a\u003e, I proceeded by formalising \u003ca href=\"https://doi.org/10.1017/CBO9780511565977\"\u003eBaker's version of the theorem and proof\u003c/a\u003e and then deriving the original one from that. Baker's version states that for any algebraic numbers $\\beta_1, \\ldots, \\beta_n\\in\\mathbb{C}$ and distinct algebraic numbers $\\alpha_i, \\ldots, \\alpha_n\\in\\mathbb{C}$, we have $\\beta_1 e^{\\alpha_1} + \\ldots + \\beta_n e^{\\alpha_n} = 0$ if and only if all the $\\beta_i$ are zero.\u003c/p\u003e \u003cp\u003eThis has a number of direct corollaries, e.g.:\u003c/p\u003e \u003cul\u003e \u003cli\u003e$e$ and $\\pi$ are transcendental\u003c/li\u003e \u003cli\u003e$e^z$, $\\sin z$, $\\tan z$, etc. are transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0\\}$\u003c/li\u003e \u003cli\u003e$\\ln z$ is transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0, 1\\}$\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-03-03",
- "id": 180,
+ "id": 185,
"link": "/entries/Hermite_Lindemann.html",
"permalink": "/entries/Hermite_Lindemann.html",
"shortname": "Hermite_Lindemann",
"title": "The Hermite–Lindemann–Weierstraß Transcendence Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We use Isabelle/HOL to verify elementary theorems and alternative axiomatizations of classical extensional mereology.",
"authors": [
"Ben Blumson"
],
"date": "2021-03-01",
- "id": 181,
+ "id": 186,
"link": "/entries/Mereology.html",
"permalink": "/entries/Mereology.html",
"shortname": "Mereology",
"title": "Mereology",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We formally define sunflowers and provide a formalization of the sunflower lemma of Erd\u0026odblac;s and Rado: whenever a set of size-\u003ci\u003ek\u003c/i\u003e-sets has a larger cardinality than \u003ci\u003e(r - 1)\u003csup\u003ek\u003c/sup\u003e \u0026middot; k!\u003c/i\u003e, then it contains a sunflower of cardinality \u003ci\u003er\u003c/i\u003e.",
"authors": [
"René Thiemann"
],
"date": "2021-02-25",
- "id": 182,
+ "id": 187,
"link": "/entries/Sunflowers.html",
"permalink": "/entries/Sunflowers.html",
"shortname": "Sunflowers",
"title": "The Sunflower Lemma of Erdős and Rado",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion, deletion, iteration and range queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the \u003ca href=\"https://www.isa-afp.org/entries/Refine_Imperative_HOL.html\"\u003e Isabelle Refinement Framework \u003c/a\u003e . The code can be exported to the programming languages SML, OCaml and Scala. This entry contains two developments: \u003cdl\u003e \u003cdt\u003eB-Trees\u003c/dt\u003e \u003cdd\u003eThis formalisation is discussed in greater detail in the corresponding \u003ca href=\"https://mediatum.ub.tum.de/1596550\"\u003eBachelor's Thesis\u003c/a\u003e.\u003c/dd\u003e \u003cdt\u003eB+-Trees:\u003c/dt\u003e \u003cdd\u003eThis formalisation also supports range queries and is discussed in a paper published at ICTAC 2022.\u003c/dd\u003e \u003c/dl\u003e Change history: [2022-08-16]: Added formalisations of B+-Trees ",
"authors": [
"Niels Mündler"
],
"date": "2021-02-24",
- "id": 183,
+ "id": 188,
"link": "/entries/BTree.html",
"permalink": "/entries/BTree.html",
"shortname": "BTree",
"title": "A Verified Imperative Implementation of B-Trees",
"topic_links": [
"computer-science/data-management-systems",
"computer-science/data-structures"
],
"topics": [
"Computer science/Data management systems",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eFormal Puiseux series are generalisations of formal power series and formal Laurent series that also allow for fractional exponents. They have the following general form: \\[\\sum_{i=N}^\\infty a_{i/d} X^{i/d}\\] where \u003cem\u003eN\u003c/em\u003e is an integer and \u003cem\u003ed\u003c/em\u003e is a positive integer.\u003c/p\u003e \u003cp\u003eThis entry defines these series including their basic algebraic properties. Furthermore, it proves the Newton–Puiseux Theorem, namely that the Puiseux series over an algebraically closed field of characteristic 0 are also algebraically closed.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-17",
- "id": 184,
+ "id": 189,
"link": "/entries/Formal_Puiseux_Series.html",
"permalink": "/entries/Formal_Puiseux_Series.html",
"shortname": "Formal_Puiseux_Series",
"title": "Formal Puiseux Series",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Law of Large Numbers states that, informally, if one performs a random experiment $X$ many times and takes the average of the results, that average will be very close to the expected value $E[X]$.\u003c/p\u003e \u003cp\u003e More formally, let $(X_i)_{i\\in\\mathbb{N}}$ be a sequence of independently identically distributed random variables whose expected value $E[X_1]$ exists. Denote the running average of $X_1, \\ldots, X_n$ as $\\overline{X}_n$. Then:\u003c/p\u003e \u003cul\u003e \u003cli\u003eThe Weak Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ in probability for $n\\to\\infty$, i.e. $\\mathcal{P}(|\\overline{X}_{n} - E[X_1]| \u003e \\varepsilon) \\longrightarrow 0$ as $n\\to\\infty$ for any $\\varepsilon \u003e 0$.\u003c/li\u003e \u003cli\u003eThe Strong Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ almost surely for $n\\to\\infty$, i.e. $\\mathcal{P}(\\overline{X}_{n} \\longrightarrow E[X_1]) = 1$.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIn this entry, I formally prove the strong law and from it the weak law. The approach used for the proof of the strong law is a particularly quick and slick one based on ergodic theory, which was formalised by Gouëzel in another AFP entry.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-10",
- "id": 185,
+ "id": 190,
"link": "/entries/Laws_of_Large_Numbers.html",
"permalink": "/entries/Laws_of_Large_Numbers.html",
"shortname": "Laws_of_Large_Numbers",
"title": "The Laws of Large Numbers",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe \u003ca href=\"https://geocoq.github.io/GeoCoq/\"\u003eGeoCoq library\u003c/a\u003e contains a formalization of geometry using the Coq proof assistant. It contains both proofs about the foundations of geometry and high-level proofs in the same style as in high school. We port a part of the GeoCoq 2.4.0 library to Isabelle/HOL: more precisely, the files Chap02.v to Chap13_3.v, suma.v as well as the associated definitions and some useful files for the demonstration of certain parallel postulates. The synthetic approach of the demonstrations is directly inspired by those contained in GeoCoq. The names of the lemmas and theorems used are kept as far as possible as well as the definitions. \u003c/p\u003e \u003cp\u003eIt should be noted that T.J.M. Makarios has done \u003ca href=\"https://www.isa-afp.org/entries/Tarskis_Geometry.html\"\u003esome proofs in Tarski's Geometry\u003c/a\u003e. It uses a definition that does not quite coincide with the definition used in Geocoq and here. Furthermore, corresponding definitions in the \u003ca href=\"https://www.isa-afp.org/entries/Poincare_Disc.html\"\u003ePoincaré Disc Model development\u003c/a\u003e are not identical to those defined in GeoCoq. \u003c/p\u003e \u003cp\u003eIn the last part, it is formalized that, in the neutral/absolute space, the axiom of the parallels of Tarski's system implies the Playfair axiom, the 5th postulate of Euclid and Euclid's original parallel postulate. These proofs, which are not constructive, are directly inspired by Pierre Boutry, Charly Gries, Julien Narboux and Pascal Schreck. \u003c/p\u003e",
"authors": [
"Roland Coghetto"
],
"date": "2021-01-31",
- "id": 186,
+ "id": 191,
"link": "/entries/IsaGeoCoq.html",
"permalink": "/entries/IsaGeoCoq.html",
"shortname": "IsaGeoCoq",
"title": "Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In a \u003ca href=\"https://xkcd.com/blue_eyes.html\"\u003epuzzle published by Randall Munroe\u003c/a\u003e, perfect logicians forbidden from communicating are stranded on an island, and may only leave once they have figured out their own eye color. We present a method of modeling the behavior of perfect logicians and formalize a solution of the puzzle.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-01-30",
- "id": 187,
+ "id": 192,
"link": "/entries/Blue_Eyes.html",
"permalink": "/entries/Blue_Eyes.html",
"shortname": "Blue_Eyes",
"title": "Solution to the xkcd Blue Eyes puzzle",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This is a verified implementation of a constant time queue. The original design is due to \u003ca href=\"https://doi.org/10.1016/0020-0190(81)90030-2\"\u003eHood and Melville\u003c/a\u003e. This formalization follows the presentation in \u003cem\u003ePurely Functional Data Structures\u003c/em\u003eby Okasaki.",
"authors": [
"Alejandro Gómez-Londoño"
],
"date": "2021-01-18",
- "id": 188,
+ "id": 193,
"link": "/entries/Hood_Melville_Queue.html",
"permalink": "/entries/Hood_Melville_Queue.html",
"shortname": "Hood_Melville_Queue",
"title": "Hood-Melville Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We extend Jinja to include static fields, methods, and instructions, and dynamic class initialization, based on the Java SE 8 specification. This includes extension of definitions and proofs. This work is partially described in Mansky and Gunter's paper at CPP 2019 and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-01-11",
- "id": 189,
+ "id": 194,
"link": "/entries/JinjaDCI.html",
"permalink": "/entries/JinjaDCI.html",
"shortname": "JinjaDCI",
"title": "JinjaDCI: a Java semantics with dynamic class initialization",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "We formalize the basic results on cofinality of linearly ordered sets and ordinals and Šanin’s Lemma for uncountable families of finite sets. This last result is used to prove the countable chain condition for Cohen posets. We work in the set theory framework of Isabelle/ZF, using the Axiom of Choice as needed.",
"authors": [
"Pedro Sánchez Terraf"
],
"date": "2020-12-27",
- "id": 190,
+ "id": 195,
"link": "/entries/Delta_System_Lemma.html",
"permalink": "/entries/Delta_System_Lemma.html",
"shortname": "Delta_System_Lemma",
"title": "Cofinality and the Delta System Lemma",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We investigate mathematical structures that provide natural semantics for families of (quantified) non-classical logics featuring special unary connectives, known as recovery operators, that allow us to 'recover' the properties of classical logic in a controlled manner. These structures are known as topological Boolean algebras, which are Boolean algebras extended with additional operations subject to specific conditions of a topological nature. In this study we focus on the paradigmatic case of negation. We demonstrate how these algebras are well-suited to provide a semantics for some families of paraconsistent Logics of Formal Inconsistency and paracomplete Logics of Formal Undeterminedness. These logics feature recovery operators used to earmark propositions that behave 'classically' when interacting with non-classical negations. We refer to the \u003ca href=\"https://arxiv.org/abs/2104.04284\"\u003ecompanion paper\u003c/a\u003e for more information. ",
"authors": [
"David Fuenmayor"
],
"date": "2020-12-17",
- "id": 191,
+ "id": 196,
"link": "/entries/Topological_Semantics.html",
"permalink": "/entries/Topological_Semantics.html",
"shortname": "Topological_Semantics",
"title": "Topological semantics for paraconsistent and paracomplete logics",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We verify the correctness of Prim's, Kruskal's and Borůvka's minimum spanning tree algorithms based on algebras for aggregation and minimisation.",
"authors": [
"Walter Guttmann",
"Nicolas Robinson-O'Brien"
],
"date": "2020-12-08",
- "id": 192,
+ "id": 197,
"link": "/entries/Relational_Minimum_Spanning_Trees.html",
"permalink": "/entries/Relational_Minimum_Spanning_Trees.html",
"shortname": "Relational_Minimum_Spanning_Trees",
"title": "Relational Minimum Spanning Tree Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization builds on the \u003cem\u003eVeriComp\u003c/em\u003e entry of the \u003cem\u003eArchive of Formal Proofs\u003c/em\u003e to provide the following contributions: \u003cul\u003e \u003cli\u003ean operational semantics for a realistic virtual machine (Std) for dynamically typed programming languages;\u003c/li\u003e \u003cli\u003ethe formalization of an inline caching optimization (Inca), a proof of bisimulation with (Std), and a compilation function;\u003c/li\u003e \u003cli\u003ethe formalization of an unboxing optimization (Ubx), a proof of bisimulation with (Inca), and a simple compilation function.\u003c/li\u003e \u003c/ul\u003e This formalization was described in the CPP 2021 paper \u003cem\u003eTowards Efficient and Verified Virtual Machines for Dynamic Languages\u003c/em\u003e",
"authors": [
"Martin Desharnais"
],
"date": "2020-12-07",
- "id": 193,
+ "id": 198,
"link": "/entries/Interpreter_Optimizations.html",
"permalink": "/entries/Interpreter_Optimizations.html",
"shortname": "Interpreter_Optimizations",
"title": "Inline Caching and Unboxing Optimization for Interpreters",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "This paper introduces a new method for the formal verification of cryptographic protocols, the relational method, derived from Paulson's inductive method by means of some enhancements aimed at streamlining formal definitions and proofs, specially for protocols using public key cryptography. Moreover, this paper proposes a method to formalize a further security property, message anonymity, in addition to message confidentiality and authenticity. The relational method, including message anonymity, is then applied to the verification of a sample authentication protocol, comprising Password Authenticated Connection Establishment (PACE) with Chip Authentication Mapping followed by the explicit verification of an additional password over the PACE secure channel.",
"authors": [
"Pasquale Noce"
],
"date": "2020-12-05",
- "id": 194,
+ "id": 199,
"link": "/entries/Relational_Method.html",
"permalink": "/entries/Relational_Method.html",
"shortname": "Relational_Method",
"title": "The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This work is an effort to formalise some quantum algorithms and results in quantum information theory. Formal methods being critical for the safety and security of algorithms and protocols, we foresee their widespread use for quantum computing in the future. We have developed a large library for quantum computing in Isabelle based on a matrix representation for quantum circuits, successfully formalising the no-cloning theorem, quantum teleportation, Deutsch's algorithm, the Deutsch-Jozsa algorithm and the quantum Prisoner's Dilemma.",
"authors": [
"Anthony Bordg",
"Hanna Lachnitt",
"Yijun He"
],
"date": "2020-11-22",
- "id": 195,
+ "id": 200,
"link": "/entries/Isabelle_Marries_Dirac.html",
"permalink": "/entries/Isabelle_Marries_Dirac.html",
"shortname": "Isabelle_Marries_Dirac",
"title": "Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "We use a formal development for CSP, called HOL-CSP2.0, to analyse a family of refinement notions, comprising classic and new ones. This analysis enables to derive a number of properties that allow to deepen the understanding of these notions, in particular with respect to specification decomposition principles for the case of infinite sets of events. The established relations between the refinement relations help to clarify some obscure points in the CSP literature, but also provide a weapon for shorter refinement proofs. Furthermore, we provide a framework for state-normalisation allowing to formally reason on parameterised process architectures. As a result, we have a modern environment for formal proofs of concurrent systems that allow for the combination of general infinite processes with locally finite ones in a logically safe way. We demonstrate these verification-techniques for classical, generalised examples: The CopyBuffer for arbitrary data and the Dijkstra's Dining Philosopher Problem of arbitrary size.",
"authors": [
"Safouan Taha",
"Burkhart Wolff",
"Lina Ye"
],
"date": "2020-11-19",
- "id": 196,
+ "id": 201,
"link": "/entries/CSP_RefTK.html",
"permalink": "/entries/CSP_RefTK.html",
"shortname": "CSP_RefTK",
"title": "The HOL-CSP Refinement Toolkit",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "This is an Isabelle/HOL formalisation of the semantics of the multi-valued planning tasks language that is used by the planning system Fast-Downward, the STRIPS fragment of the Planning Domain Definition Language (PDDL), and the STRIPS soundness meta-theory developed by Vladimir Lifschitz. It also contains formally verified checkers for checking the well-formedness of problems specified in either language as well the correctness of potential solutions. The formalisation in this entry was described in an earlier publication.",
"authors": [
"Mohammad Abdulaziz",
"Peter Lammich"
],
"date": "2020-10-29",
- "id": 197,
+ "id": 202,
"link": "/entries/AI_Planning_Languages_Semantics.html",
"permalink": "/entries/AI_Planning_Languages_Semantics.html",
"shortname": "AI_Planning_Languages_Semantics",
"title": "AI Planning Languages Semantics",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 1
},
{
"abstract": "We present an executable formally verified SAT encoding of classical AI planning that is based on the encodings by Kautz and Selman and the one by Rintanen et al. The encoding was experimentally tested and shown to be usable for reasonably sized standard AI planning benchmarks. We also use it as a reference to test a state-of-the-art SAT-based planner, showing that it sometimes falsely claims that problems have no solutions of certain lengths. The formalisation in this submission was described in an independent publication.",
"authors": [
"Mohammad Abdulaziz",
"Friedrich Kurz"
],
"date": "2020-10-29",
- "id": 198,
+ "id": 203,
"link": "/entries/Verified_SAT_Based_AI_Planning.html",
"permalink": "/entries/Verified_SAT_Based_AI_Planning.html",
"shortname": "Verified_SAT_Based_AI_Planning",
"title": "Verified SAT-Based AI Planning",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 0
},
{
"abstract": "The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering. Both the ISQ and the SI are deeply integrated into Isabelle's type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying \"algebra of quantities\" induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).",
"authors": [
"Simon Foster",
"Burkhart Wolff"
],
"date": "2020-10-20",
- "id": 199,
+ "id": 204,
"link": "/entries/Physical_Quantities.html",
"permalink": "/entries/Physical_Quantities.html",
"shortname": "Physical_Quantities",
"title": "A Sound Type System for Physical Quantities, Units, and Measurements",
"topic_links": [
"mathematics/physics",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Mathematics/Physics",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "This entry includes useful syntactic sugar, new operators and functions, and their associated lemmas for finite maps which currently are not present in the standard Finite_Map theory.",
"authors": [
"Javier Díaz"
],
"date": "2020-10-12",
- "id": 200,
+ "id": 205,
"link": "/entries/Finite-Map-Extras.html",
"permalink": "/entries/Finite-Map-Extras.html",
"shortname": "Finite-Map-Extras",
"title": "Finite Map Extras",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we extend our formalization of the core DOM with Shadow Roots. Shadow roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 201,
+ "id": 206,
"link": "/entries/Shadow_DOM.html",
"permalink": "/entries/Shadow_DOM.html",
"shortname": "Shadow_DOM",
"title": "A Formal Model of the Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we extend our formalization of the safely composable DOM with Shadow Roots. This is a proposal for Shadow Roots with stricter safety guarantess than the standard compliant formalization (see \"Shadow DOM\"). Shadow Roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 202,
+ "id": 207,
"link": "/entries/Shadow_SC_DOM.html",
"permalink": "/entries/Shadow_SC_DOM.html",
"shortname": "Shadow_SC_DOM",
"title": "A Formal Model of the Safely Composable Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "While the (safely composable) DOM with shadow trees provide the technical basis for defining web components, it does neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of safely composable web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components. In comparison to the strict standard compliance formalization of Web Components in the AFP entry \"DOM_Components\", the notion of components in this entry (based on \"SC_DOM\" and \"Shadow_SC_DOM\") provides much stronger safety guarantees.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 203,
+ "id": 208,
"link": "/entries/SC_DOM_Components.html",
"permalink": "/entries/SC_DOM_Components.html",
"shortname": "SC_DOM_Components",
"title": "A Formalization of Safely Composable Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "While the DOM with shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 204,
+ "id": 209,
"link": "/entries/DOM_Components.html",
"permalink": "/entries/DOM_Components.html",
"shortname": "DOM_Components",
"title": "A Formalization of Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Safely Composable Document Object Model (SC DOM). The SC DOM improve the standard DOM (as formalized in the AFP entry “Core DOM”) by strengthening the tree boundaries set by shadow roots: in the SC DOM, the shadow root is a sub-class of the document class (instead of a base class). This modifications also results in changes to some API methods (e.g., getOwnerDocument) to return the nearest shadow root rather than the document root. As a result, many API methods that, when called on a node inside a shadow tree, would previously “break out” and return or modify nodes that are possibly outside the shadow tree, now stay within its boundaries. This change in behavior makes programs that operate on shadow trees more predictable for the developer and allows them to make more assumptions about other code accessing the DOM.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 205,
+ "id": 210,
"link": "/entries/Core_SC_DOM.html",
"permalink": "/entries/Core_SC_DOM.html",
"shortname": "Core_SC_DOM",
"title": "The Safely Composable DOM",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We present an abstract formalization of G\u0026ouml;del's incompleteness theorems. We analyze sufficient conditions for the theorems' applicability to a partially specified logic. Our abstract perspective enables a comparison between alternative approaches from the literature. These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, and the Swierczkowski\u0026ndash;Paulson semantics-based approach. This AFP entry is the main entry point to the results described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e. As part of our abstract formalization's validation, we instantiate our locales twice in the separate AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 206,
+ "id": 211,
"link": "/entries/Goedel_Incompleteness.html",
"permalink": "/entries/Goedel_Incompleteness.html",
"shortname": "Goedel_Incompleteness",
"title": "An Abstract Formalization of G\u0026ouml;del's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's First and Second Incompleteness Theorems from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating them to the case of \u003ci\u003efinite sound extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., FOL theories extending the HF Set theory with a finite set of axioms that are sound in the standard model. The concrete results had been previously formalised in an \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eAFP entry by Larry Paulson\u003c/a\u003e; our instantiation reuses the infrastructure developed in that entry.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 207,
+ "id": 212,
"link": "/entries/Goedel_HFSet_Semantic.html",
"permalink": "/entries/Goedel_HFSet_Semantic.html",
"shortname": "Goedel_HFSet_Semantic",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part I",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's Second Incompleteness Theorem from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating it to the case of \u003ci\u003efinite consistent extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., consistent FOL theories extending the HF Set theory with a finite set of axioms. The instantiation draws heavily on infrastructure previously developed by Larry Paulson in his \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003edirect formalisation of the concrete result\u003c/a\u003e. It strengthens Paulson's formalization of G\u0026ouml;del's Second from that entry by \u003ci\u003enot\u003c/i\u003e assuming soundness, and in fact not relying on any notion of model or semantic interpretation. The strengthening was obtained by first replacing some of Paulson’s semantic arguments with proofs within his HF calculus, and then plugging in some of Paulson's (modified) lemmas to instantiate our soundness-free G\u0026ouml;del's Second locale.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 208,
+ "id": 213,
"link": "/entries/Goedel_HFSet_Semanticless.html",
"permalink": "/entries/Goedel_HFSet_Semanticless.html",
"shortname": "Goedel_HFSet_Semanticless",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part II",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We instantiate our syntax-independent logic infrastructure developed in \u003ca href=\"https://www.isa-afp.org/entries/Syntax_Independent_Logic.html\"\u003ea separate AFP entry\u003c/a\u003e to the FOL theory of Robinson arithmetic (also known as Q). The latter was formalised using Nominal Isabelle by adapting \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eLarry Paulson’s formalization of the Hereditarily Finite Set theory\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 209,
+ "id": 214,
"link": "/entries/Robinson_Arithmetic.html",
"permalink": "/entries/Robinson_Arithmetic.html",
"shortname": "Robinson_Arithmetic",
"title": "Robinson Arithmetic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize a notion of logic whose terms and formulas are kept abstract. In particular, logical connectives, substitution, free variables, and provability are not defined, but characterized by their general properties as locale assumptions. Based on this abstract characterization, we develop further reusable reasoning infrastructure. For example, we define parallel substitution (along with proving its characterizing theorems) from single-point substitution. Similarly, we develop a natural deduction style proof system starting from the abstract Hilbert-style one. These one-time efforts benefit different concrete logics satisfying our locales' assumptions. We instantiate the syntax-independent logic infrastructure to Robinson arithmetic (also known as Q) in the AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Robinson_Arithmetic.html\"\u003eRobinson_Arithmetic\u003c/a\u003e and to hereditarily finite set theory in the AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e, which are part of our formalization of G\u0026ouml;del's Incompleteness Theorems described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 210,
+ "id": 215,
"link": "/entries/Syntax_Independent_Logic.html",
"permalink": "/entries/Syntax_Independent_Logic.html",
"shortname": "Syntax_Independent_Logic",
"title": "Syntax-Independent Logic Infrastructure",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 211,
+ "id": 216,
"link": "/entries/Extended_Finite_State_Machines.html",
"permalink": "/entries/Extended_Finite_State_Machines.html",
"shortname": "Extended_Finite_State_Machines",
"title": "A Formal Model of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we provide a formal implementation of a state-merging technique to infer extended finite state machines (EFSMs), complete with output and update functions, from black-box traces. In particular, we define the subsumption in context relation as a means of determining whether one transition is able to account for the behaviour of another. Building on this, we define the direct subsumption relation, which lifts the subsumption in context relation to EFSM level such that we can use it to determine whether it is safe to merge a given pair of transitions. Key proofs include the conditions necessary for subsumption to occur and that subsumption and direct subsumption are preorder relations. We also provide a number of different heuristics which can be used to abstract away concrete values into registers so that more states and transitions can be merged and provide proofs of the various conditions which must hold for these abstractions to subsume their ungeneralised counterparts. A Code Generator setup to create executable Scala code is also defined.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 212,
+ "id": 217,
"link": "/entries/Extended_Finite_State_Machine_Inference.html",
"permalink": "/entries/Extended_Finite_State_Machine_Inference.html",
"shortname": "Extended_Finite_State_Machine_Inference",
"title": "Inference of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Generating and checking proof certificates is important to increase the trust in automated reasoning tools. In recent years formal verification using computer algebra became more important and is heavily used in automated circuit verification. An existing proof format which covers algebraic reasoning and allows efficient proof checking is the practical algebraic calculus (PAC). In this development, we present the verified checker Pastèque that is obtained by synthesis via the Refinement Framework. This is the formalization going with our FMCAD'20 tool presentation.",
"authors": [
"Mathias Fleury",
"Daniela Kaufmann"
],
"date": "2020-08-31",
- "id": 213,
+ "id": 218,
"link": "/entries/PAC_Checker.html",
"permalink": "/entries/PAC_Checker.html",
"shortname": "PAC_Checker",
"title": "Practical Algebraic Calculus Checker",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This entry formalizes some classical concepts and results from inductive inference of recursive functions. In the basic setting a partial recursive function (\"strategy\") must identify (\"learn\") all functions from a set (\"class\") of recursive functions. To that end the strategy receives more and more values $f(0), f(1), f(2), \\ldots$ of some function $f$ from the given class and in turn outputs descriptions of partial recursive functions, for example, Gödel numbers. The strategy is considered successful if the sequence of outputs (\"hypotheses\") converges to a description of $f$. A class of functions learnable in this sense is called \"learnable in the limit\". The set of all these classes is denoted by LIM. \u003c/p\u003e \u003cp\u003e Other types of inference considered are finite learning (FIN), behaviorally correct learning in the limit (BC), and some variants of LIM with restrictions on the hypotheses: total learning (TOTAL), consistent learning (CONS), and class-preserving learning (CP). The main results formalized are the proper inclusions $\\mathrm{FIN} \\subset \\mathrm{CP} \\subset \\mathrm{TOTAL} \\subset \\mathrm{CONS} \\subset \\mathrm{LIM} \\subset \\mathrm{BC} \\subset 2^{\\mathcal{R}}$, where $\\mathcal{R}$ is the set of all total recursive functions. Further results show that for all these inference types except CONS, strategies can be assumed to be total recursive functions; that all inference types but CP are closed under the subset relation between classes; and that no inference type is closed under the union of classes. \u003c/p\u003e \u003cp\u003e The above is based on a formalization of recursive functions heavily inspired by the \u003ca href=\"https://www.isa-afp.org/entries/Universal_Turing_Machine.html\"\u003eUniversal Turing Machine\u003c/a\u003e entry by Xu et al., but different in that it models partial functions with codomain \u003cem\u003enat option\u003c/em\u003e. The formalization contains a construction of a universal partial recursive function, without resorting to Turing machines, introduces decidability and recursive enumerability, and proves some standard results: existence of a Kleene normal form, the \u003cem\u003es-m-n\u003c/em\u003e theorem, Rice's theorem, and assorted fixed-point theorems (recursion theorems) by Kleene, Rogers, and Smullyan. \u003c/p\u003e",
"authors": [
"Frank J. Balbach"
],
"date": "2020-08-31",
- "id": 214,
+ "id": 219,
"link": "/entries/Inductive_Inference.html",
"permalink": "/entries/Inductive_Inference.html",
"shortname": "Inductive_Inference",
"title": "Some classical results in inductive inference of recursive functions",
"topic_links": [
"logic/computability",
"computer-science/machine-learning"
],
"topics": [
"Logic/Computability",
"Computer science/Machine learning"
],
"used_by": 0
},
{
"abstract": "We give a simple relation-algebraic semantics of read and write operations on associative arrays. The array operations seamlessly integrate with assignments in the Hoare-logic library. Using relation algebras and Kleene algebras we verify the correctness of an array-based implementation of disjoint-set forests with a naive union operation and a find operation with path compression.",
"authors": [
"Walter Guttmann"
],
"date": "2020-08-26",
- "id": 215,
+ "id": 220,
"link": "/entries/Relational_Disjoint_Set_Forests.html",
"permalink": "/entries/Relational_Disjoint_Set_Forests.html",
"shortname": "Relational_Disjoint_Set_Forests",
"title": "Relational Disjoint-Set Forests",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization extends the AFP entry \u003cem\u003eSaturation_Framework\u003c/em\u003e with the following contributions: \u003cul\u003e \u003cli\u003ean application of the framework to prove Bachmair and Ganzinger's resolution prover RP refutationally complete, which was formalized in a more ad hoc fashion by Schlichtkrull et al. in the AFP entry \u003cem\u003eOrdered_Resultion_Prover\u003c/em\u003e;\u003c/li\u003e \u003cli\u003egeneralizations of various basic concepts formalized by Schlichtkrull et al., which were needed to verify RP and could be useful to formalize other calculi, such as superposition;\u003c/li\u003e \u003cli\u003ealternative proofs of fairness (and hence saturation and ultimately refutational completeness) for the given clause procedures GC and LGC, based on invariance.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Jasmin Christian Blanchette",
"Sophie Tourret"
],
"date": "2020-08-25",
- "id": 216,
+ "id": 221,
"link": "/entries/Saturation_Framework_Extensions.html",
"permalink": "/entries/Saturation_Framework_Extensions.html",
"shortname": "Saturation_Framework_Extensions",
"title": "Extensions to the Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 1
},
{
"abstract": "Richard Bird and collaborators have proposed a derivation of an intricate cyclic program that implements the Morris-Pratt string matching algorithm. Here we provide a proof of total correctness for Bird's derivation and complete it by adding Knuth's optimisation.",
"authors": [
"Peter Gammie"
],
"date": "2020-08-25",
- "id": 217,
+ "id": 222,
"link": "/entries/BirdKMP.html",
"permalink": "/entries/BirdKMP.html",
"shortname": "BirdKMP",
"title": "Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Amicable Numbers, involving some relevant material including Euler's sigma function, some relevant definitions, results and examples as well as rules such as Th\u0026#257;bit ibn Qurra's Rule, Euler's Rule, te Riele's Rule and Borho's Rule with breeders.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2020-08-04",
- "id": 218,
+ "id": 223,
"link": "/entries/Amicable_Numbers.html",
"permalink": "/entries/Amicable_Numbers.html",
"shortname": "Amicable_Numbers",
"title": "Amicable Numbers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory of partition relations concerns generalisations of Ramsey's theorem. For any ordinal $\\alpha$, write $\\alpha \\to (\\alpha, m)^2$ if for each function $f$ from unordered pairs of elements of $\\alpha$ into $\\{0,1\\}$, either there is a subset $X\\subseteq \\alpha$ order-isomorphic to $\\alpha$ such that $f\\{x,y\\}=0$ for all $\\{x,y\\}\\subseteq X$, or there is an $m$ element set $Y\\subseteq \\alpha$ such that $f\\{x,y\\}=1$ for all $\\{x,y\\}\\subseteq Y$. (In both cases, with $\\{x,y\\}$ we require $x\\not=y$.) In particular, the infinite Ramsey theorem can be written in this notation as $\\omega \\to (\\omega, \\omega)^2$, or if we restrict $m$ to the positive integers as above, then $\\omega \\to (\\omega, m)^2$ for all $m$. This entry formalises Larson's proof of $\\omega^\\omega \\to (\\omega^\\omega, m)^2$ along with a similar proof of a result due to Specker: $\\omega^2 \\to (\\omega^2, m)^2$. Also proved is a necessary result by Erdős and Milner: $\\omega^{1+\\alpha\\cdot n} \\to (\\omega^{1+\\alpha}, 2^n)^2$.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-08-03",
- "id": 219,
+ "id": 224,
"link": "/entries/Ordinal_Partitions.html",
"permalink": "/entries/Ordinal_Partitions.html",
"shortname": "Ordinal_Partitions",
"title": "Ordinal Partitions",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We provide a suitable distributed system model and implementation of the Chandy--Lamport distributed snapshot algorithm [ACM Transactions on Computer Systems, 3, 63-75, 1985]. Our main result is a formal termination and correctness proof of the Chandy--Lamport algorithm and its use in stable property detection.",
"authors": [
"Ben Fiedler",
"Dmitriy Traytel"
],
"date": "2020-07-21",
- "id": 220,
+ "id": 225,
"link": "/entries/Chandy_Lamport.html",
"permalink": "/entries/Chandy_Lamport.html",
"shortname": "Chandy_Lamport",
"title": "A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Binary relations are one of the standard ways to encode, characterise and reason about graphs. Relation algebras provide equational axioms for a large fragment of the calculus of binary relations. Although relations are standard tools in many areas of mathematics and computing, researchers usually fall back to point-wise reasoning when it comes to arguments about paths in a graph. We present a purely algebraic way to specify different kinds of paths in Kleene relation algebras, which are relation algebras equipped with an operation for reflexive transitive closure. We study the relationship between paths with a designated root vertex and paths without such a vertex. Since we stay in first-order logic this development helps with mechanising proofs. To demonstrate the applicability of the algebraic framework we verify the correctness of three basic graph algorithms.",
"authors": [
"Walter Guttmann",
"Peter Höfner"
],
"date": "2020-07-13",
- "id": 221,
+ "id": 226,
"link": "/entries/Relational_Paths.html",
"permalink": "/entries/Relational_Paths.html",
"shortname": "Relational_Paths",
"title": "Relational Characterisations of Paths",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "The Vienna Convention on Road Traffic defines the safe distance traffic rules informally. This could make autonomous vehicle liable for safe-distance-related accidents because there is no clear definition of how large a safe distance is. We provide a formally proven prescriptive definition of a safe distance, and checkers which can decide whether an autonomous vehicle is obeying the safe distance rule. Not only does our work apply to the domain of law, but it also serves as a specification for autonomous vehicle manufacturers and for online verification of path planners.",
"authors": [
"Albert Rizaldi",
"Fabian Immler"
],
"date": "2020-06-01",
- "id": 222,
+ "id": 227,
"link": "/entries/Safe_Distance.html",
"permalink": "/entries/Safe_Distance.html",
"shortname": "Safe_Distance",
"title": "A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/physics"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "This work presents a formal proof in Isabelle/HOL of an algorithm to transform a matrix into its Smith normal form, a canonical matrix form, in a general setting: the algorithm is parameterized by operations to prove its existence over elementary divisor rings, while execution is guaranteed over Euclidean domains. We also provide a formal proof on some results about the generality of this algorithm as well as the uniqueness of the Smith normal form. Since Isabelle/HOL does not feature dependent types, the development is carried out switching conveniently between two different existing libraries: the Hermite normal form (based on HOL Analysis) and the Jordan normal form AFP entries. This permits to reuse results from both developments and it is done by means of the lifting and transfer package together with the use of local type definitions.",
"authors": [
"Jose Divasón"
],
"date": "2020-05-23",
- "id": 223,
+ "id": 228,
"link": "/entries/Smith_Normal_Form.html",
"permalink": "/entries/Smith_Normal_Form.html",
"shortname": "Smith_Normal_Form",
"title": "A verified algorithm for computing the Smith normal form of a matrix",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "In 1965, Nash-Williams discovered a generalisation of the infinite form of Ramsey's theorem. Where the latter concerns infinite sets of n-element sets for some fixed n, the Nash-Williams theorem concerns infinite sets of finite sets (or lists) subject to a “no initial segment” condition. The present formalisation follows a monograph on Ramsey Spaces by Todorčević.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-05-16",
- "id": 224,
+ "id": 229,
"link": "/entries/Nash_Williams.html",
"permalink": "/entries/Nash_Williams.html",
"shortname": "Nash_Williams",
"title": "The Nash-Williams Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "We define a generalized version of Knuth\u0026ndash;Bendix orders, including subterm coefficient functions. For these orders we formalize several properties such as strong normalization, the subterm property, closure properties under substitutions and contexts, as well as ground totality.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2020-05-13",
- "id": 225,
+ "id": 230,
"link": "/entries/Knuth_Bendix_Order.html",
"permalink": "/entries/Knuth_Bendix_Order.html",
"shortname": "Knuth_Bendix_Order",
"title": "A Formalization of Knuth–Bendix Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "We formalise certain irrationality criteria for infinite series of the form: \\[\\sum_{n=1}^\\infty \\frac{b_n}{\\prod_{i=1}^n a_i} \\] where $\\{b_n\\}$ is a sequence of integers and $\\{a_n\\}$ a sequence of positive integers with $a_n \u003e1$ for all large n. The results are due to P. Erdős and E. G. Straus \u003ca href=\"https://projecteuclid.org/euclid.pjm/1102911140\"\u003e[1]\u003c/a\u003e. In particular, we formalise Theorem 2.1, Corollary 2.10 and Theorem 3.1. The latter is an application of Theorem 2.1 involving the prime numbers.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2020-05-12",
- "id": 226,
+ "id": 231,
"link": "/entries/Irrational_Series_Erdos_Straus.html",
"permalink": "/entries/Irrational_Series_Erdos_Straus.html",
"shortname": "Irrational_Series_Erdos_Straus",
"title": "Irrationality Criteria for Series by Erdős and Straus",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the recursion theorem. This is a mechanization of the proof of the recursion theorem from the text \u003ci\u003eIntroduction to Set Theory\u003c/i\u003e, by Karel Hrbacek and Thomas Jech. This implementation may be used as the basis for a model of Peano arithmetic in ZF. While recursion and the natural numbers are already available in Isabelle/ZF, this clean development is much easier to follow.",
"authors": [
"Georgy Dunaev"
],
"date": "2020-05-11",
- "id": 227,
+ "id": 232,
"link": "/entries/Recursion-Addition.html",
"permalink": "/entries/Recursion-Addition.html",
"shortname": "Recursion-Addition",
"title": "Recursion Theorem in ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "In the mid 80s, Lichtenstein, Pnueli, and Zuck proved a classical theorem stating that every formula of Past LTL (the extension of LTL with past operators) is equivalent to a formula of the form $\\bigwedge_{i=1}^n \\mathbf{G}\\mathbf{F} \\varphi_i \\vee \\mathbf{F}\\mathbf{G} \\psi_i$, where $\\varphi_i$ and $\\psi_i$ contain only past operators. Some years later, Chang, Manna, and Pnueli built on this result to derive a similar normal form for LTL. Both normalisation procedures have a non-elementary worst-case blow-up, and follow an involved path from formulas to counter-free automata to star-free regular expressions and back to formulas. We improve on both points. We present an executable formalisation of a direct and purely syntactic normalisation procedure for LTL yielding a normal form, comparable to the one by Chang, Manna, and Pnueli, that has only a single exponential blow-up.",
"authors": [
"Salomon Sickert"
],
"date": "2020-05-08",
- "id": 228,
+ "id": 233,
"link": "/entries/LTL_Normal_Form.html",
"permalink": "/entries/LTL_Normal_Form.html",
"shortname": "LTL_Normal_Form",
"title": "An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "We formalize the theory of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct a proper generic extension and show that the latter also satisfies ZFC.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf"
],
"date": "2020-05-06",
- "id": 229,
+ "id": 234,
"link": "/entries/Forcing.html",
"permalink": "/entries/Forcing.html",
"shortname": "Forcing",
"title": "Formalization of Forcing in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize in Isabelle/HOL a result due to S. Banach and H. Steinhaus known as the Banach-Steinhaus theorem or Uniform boundedness principle: a pointwise-bounded family of continuous linear operators from a Banach space to a normed space is uniformly bounded. Our approach is an adaptation to Isabelle/HOL of a proof due to A. Sokal.",
"authors": [
"Dominique Unruh",
"José Manuel Rodríguez Caballero"
],
"date": "2020-05-02",
- "id": 230,
+ "id": 235,
"link": "/entries/Banach_Steinhaus.html",
"permalink": "/entries/Banach_Steinhaus.html",
"shortname": "Banach_Steinhaus",
"title": "Banach-Steinhaus Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we develop a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.",
"authors": [
"Florian Kammüller"
],
"date": "2020-04-27",
- "id": 231,
+ "id": 236,
"link": "/entries/Attack_Trees.html",
"permalink": "/entries/Attack_Trees.html",
"shortname": "Attack_Trees",
"title": "Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Gaussian integers are the subring \u0026#8484;[i] of the complex numbers, i. e. the ring of all complex numbers with integral real and imaginary part. This article provides a definition of this ring as well as proofs of various basic properties, such as that they form a Euclidean ring and a full classification of their primes. An executable (albeit not very efficient) factorisation algorithm is also provided.\u003c/p\u003e \u003cp\u003eLastly, this Gaussian integer formalisation is used in two short applications:\u003c/p\u003e \u003col\u003e \u003cli\u003e The characterisation of all positive integers that can be written as sums of two squares\u003c/li\u003e \u003cli\u003e Euclid's formula for primitive Pythagorean triples\u003c/li\u003e \u003c/ol\u003e \u003cp\u003eWhile elementary proofs for both of these are already available in the AFP, the theory of Gaussian integers provides more concise proofs and a more high-level view.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 232,
+ "id": 237,
"link": "/entries/Gaussian_Integers.html",
"permalink": "/entries/Gaussian_Integers.html",
"shortname": "Gaussian_Integers",
"title": "Gaussian Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the symmetric multivariate polynomials known as \u003cem\u003epower sum polynomials\u003c/em\u003e. These are of the form p\u003csub\u003en\u003c/sub\u003e(\u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;, \u003cem\u003eX\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e) = \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e + \u0026hellip; + X\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e. A formal proof of the Girard–Newton Theorem is also given. This theorem relates the power sum polynomials to the elementary symmetric polynomials s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e in the form of a recurrence relation (-1)\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e \u003cem\u003ek\u003c/em\u003e s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = \u0026sum;\u003csub\u003ei\u0026isinv;[0,\u003cem\u003ek\u003c/em\u003e)\u003c/sub\u003e (-1)\u003csup\u003ei\u003c/sup\u003e s\u003csub\u003ei\u003c/sub\u003e p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e-\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e\u0026thinsp;.\u003c/p\u003e \u003cp\u003eAs an application, this is then used to solve a generalised form of a puzzle given as an exercise in Dummit and Foote's \u003cem\u003eAbstract Algebra\u003c/em\u003e: For \u003cem\u003ek\u003c/em\u003e complex unknowns \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e, define p\u003csub\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sub\u003e := \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e + \u0026hellip; + \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e. Then for each vector \u003cem\u003ea\u003c/em\u003e \u0026isinv; \u0026#x2102;\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e, show that there is exactly one solution to the system p\u003csub\u003e1\u003c/sub\u003e = a\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = a\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e up to permutation of the \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e and determine the value of p\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e for i\u0026gt;k.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 233,
+ "id": 238,
"link": "/entries/Power_Sum_Polynomials.html",
"permalink": "/entries/Power_Sum_Polynomials.html",
"shortname": "Power_Sum_Polynomials",
"title": "Power Sum Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Lambert \u003cem\u003eW\u003c/em\u003e function is a multi-valued function defined as the inverse function of \u003cem\u003ex\u003c/em\u003e \u0026#x21A6; \u003cem\u003ex\u003c/em\u003e e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e. Besides numerous applications in combinatorics, physics, and engineering, it also frequently occurs when solving equations containing both e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e and \u003cem\u003ex\u003c/em\u003e, or both \u003cem\u003ex\u003c/em\u003e and log \u003cem\u003ex\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis article provides a definition of the two real-valued branches \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and \u003cem\u003eW\u003c/em\u003e\u003csub\u003e-1\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and proves various properties such as basic identities and inequalities, monotonicity, differentiability, asymptotic expansions, and the MacLaurin series of \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) at \u003cem\u003ex\u003c/em\u003e = 0.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 234,
+ "id": 239,
"link": "/entries/Lambert_W.html",
"permalink": "/entries/Lambert_W.html",
"shortname": "Lambert_W",
"title": "The Lambert W Function on the Reals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Our theories formalise various matrix properties that serve to establish existence, uniqueness and characterisation of the solution to affine systems of ordinary differential equations (ODEs). In particular, we formalise the operator and maximum norm of matrices. Then we use them to prove that square matrices form a Banach space, and in this setting, we show an instance of Picard-Lindelöf’s theorem for affine systems of ODEs. Finally, we use this formalisation to verify three simple hybrid programs.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2020-04-19",
- "id": 235,
+ "id": 240,
"link": "/entries/Matrices_for_ODEs.html",
"permalink": "/entries/Matrices_for_ODEs.html",
"shortname": "Matrices_for_ODEs",
"title": "Matrices for ODEs",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures allow several systems to convince each other that they are referring to the same data structure, even if each of them knows only a part of the data structure. Using inclusion proofs, knowledgeable systems can selectively share their knowledge with other systems and the latter can verify the authenticity of what is being shared. In this article, we show how to modularly define authenticated data structures, their inclusion proofs, and operations thereon as datatypes in Isabelle/HOL, using a shallow embedding. Modularity allows us to construct complicated trees from reusable building blocks, which we call Merkle functors. Merkle functors include sums, products, and function spaces and are closed under composition and least fixpoints. As a practical application, we model the hierarchical transactions of \u003ca href=\"https://www.canton.io\"\u003eCanton\u003c/a\u003e, a practical interoperability protocol for distributed ledgers, as authenticated data structures. This is a first step towards formalizing the Canton protocol and verifying its integrity and security guarantees.",
"authors": [
"Andreas Lochbihler",
"Ognjen Marić"
],
"date": "2020-04-16",
- "id": 236,
+ "id": 241,
"link": "/entries/ADS_Functor.html",
"permalink": "/entries/ADS_Functor.html",
"shortname": "ADS_Functor",
"title": "Authenticated Data Structures As Functors",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Basin et al.'s \u003ca href=\"https://doi.org/10.1016/j.ipl.2014.09.009\"\u003esliding window algorithm (SWA)\u003c/a\u003e is an algorithm for combining the elements of subsequences of a sequence with an associative operator. It is greedy and minimizes the number of operator applications. We formalize the algorithm and verify its functional correctness. We extend the algorithm with additional operations and provide an alternative interface to the slide operation that does not require the entire input sequence.",
"authors": [
"Lukas Heimes",
"Dmitriy Traytel",
"Joshua Schneider"
],
"date": "2020-04-10",
- "id": 237,
+ "id": 242,
"link": "/entries/Sliding_Window_Algorithm.html",
"permalink": "/entries/Sliding_Window_Algorithm.html",
"shortname": "Sliding_Window_Algorithm",
"title": "Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization is the companion of the technical report “A comprehensive framework for saturation theorem proving”, itself companion of the eponym IJCAR 2020 paper, written by Uwe Waldmann, Sophie Tourret, Simon Robillard and Jasmin Blanchette. It verifies a framework for formal refutational completeness proofs of abstract provers that implement saturation calculi, such as ordered resolution or superposition, and allows to model entire prover architectures in such a way that the static refutational completeness of a calculus immediately implies the dynamic refutational completeness of a prover implementing the calculus using a variant of the given clause loop. The technical report “A comprehensive framework for saturation theorem proving” is available \u003ca href=\"http://matryoshka.gforge.inria.fr/pubs/satur_report.pdf\"\u003eon the Matryoshka website\u003c/a\u003e. The names of the Isabelle lemmas and theorems corresponding to the results in the report are indicated in the margin of the report.",
"authors": [
"Sophie Tourret"
],
"date": "2020-04-09",
- "id": 238,
+ "id": 243,
"link": "/entries/Saturation_Framework.html",
"permalink": "/entries/Saturation_Framework.html",
"shortname": "Saturation_Framework",
"title": "A Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 3
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order dynamic logic (MFODL), which combines the features of metric first-order temporal logic (MFOTL) and metric dynamic logic. Thus, MFODL supports real-time constraints, first-order parameters, and regular expressions. Additionally, the monitor supports aggregation operations such as count and sum. This formalization, which is described in a \u003ca href=\"http://people.inf.ethz.ch/trayteld/papers/ijcar20-verimonplus/verimonplus.pdf\"\u003e forthcoming paper at IJCAR 2020\u003c/a\u003e, significantly extends \u003ca href=\"https://www.isa-afp.org/entries/MFOTL_Monitor.html\"\u003eprevious work on a verified monitor\u003c/a\u003e for MFOTL. Apart from the addition of regular expressions and aggregations, we implemented \u003ca href=\"https://www.isa-afp.org/entries/Generic_Join.html\"\u003emulti-way joins\u003c/a\u003e and a specialized sliding window algorithm to further optimize the monitor.",
"authors": [
"Thibault Dardinier",
"Lukas Heimes",
"Martin Raszyk",
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2020-04-09",
- "id": 239,
+ "id": 244,
"link": "/entries/MFODL_Monitor_Optimized.html",
"permalink": "/entries/MFODL_Monitor_Optimized.html",
"shortname": "MFODL_Monitor_Optimized",
"title": "Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/modal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Modal logic",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. In this AFP entry, we present a fully-automated approach for verifying stateful security protocols, i.e., protocols with mutable state that may span several sessions. The approach supports reachability goals like secrecy and authentication. We also include a simple user-friendly transaction-based protocol specification language that is embedded into Isabelle.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker",
"Anders Schlichtkrull"
],
"date": "2020-04-08",
- "id": 240,
+ "id": 245,
"link": "/entries/Automated_Stateful_Protocol_Verification.html",
"permalink": "/entries/Automated_Stateful_Protocol_Verification.html",
"shortname": "Automated_Stateful_Protocol_Verification",
"title": "Automated Stateful Protocol Verification",
"topic_links": [
"computer-science/security",
"tools"
],
"topics": [
"Computer science/Security",
"Tools"
],
"used_by": 0
},
{
"abstract": "We provide in this AFP entry several relative soundness results for security protocols. In particular, we prove typing and compositionality results for stateful protocols (i.e., protocols with mutable state that may span several sessions), and that focuses on reachability properties. Such results are useful to simplify protocol verification by reducing it to a simpler problem: Typing results give conditions under which it is safe to verify a protocol in a typed model where only \"well-typed\" attacks can occur whereas compositionality results allow us to verify a composed protocol by only verifying the component protocols in isolation. The conditions on the protocols under which the results hold are furthermore syntactic in nature allowing for full automation. The foundation presented here is used in another entry to provide fully automated and formalized security proofs of stateful protocols.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker"
],
"date": "2020-04-08",
- "id": 241,
+ "id": 246,
"link": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"permalink": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"shortname": "Stateful_Protocol_Composition_and_Typing",
"title": "Stateful Protocol Composition and Typing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This work presents a formalisation of a generating function proof for Lucas's theorem. We first outline extensions to the existing Formal Power Series (FPS) library, including an equivalence relation for coefficients modulo \u003cem\u003en\u003c/em\u003e, an alternate binomial theorem statement, and a formalised proof of the Freshman's dream (mod \u003cem\u003ep\u003c/em\u003e) lemma. The second part of the work presents the formal proof of Lucas's Theorem. Working backwards, the formalisation first proves a well known corollary of the theorem which is easier to formalise, and then applies induction to prove the original theorem statement. The proof of the corollary aims to provide a good example of a formalised generating function equivalence proof using the FPS library. The final theorem statement is intended to be integrated into the formalised proof of Hilbert's 10th Problem.",
"authors": [
"Chelsea Edmonds"
],
"date": "2020-04-07",
- "id": 242,
+ "id": 247,
"link": "/entries/Lucas_Theorem.html",
"permalink": "/entries/Lucas_Theorem.html",
"shortname": "Lucas_Theorem",
"title": "Lucas's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "Commutative Replicated Data Types (CRDTs) are a promising new class of data structures for large-scale shared mutable content in applications that only require eventual consistency. The WithOut Operational Transforms (WOOT) framework is a CRDT for collaborative text editing introduced by Oster et al. (CSCW 2006) for which the eventual consistency property was verified only for a bounded model to date. We contribute a formal proof for WOOTs strong eventual consistency.",
"authors": [
"Emin Karayel",
"Edgar Gonzàlez"
],
"date": "2020-03-25",
- "id": 243,
+ "id": 248,
"link": "/entries/WOOT_Strong_Eventual_Consistency.html",
"permalink": "/entries/WOOT_Strong_Eventual_Consistency.html",
"shortname": "WOOT_Strong_Eventual_Consistency",
"title": "Strong Eventual Consistency of the Collaborative Editing Framework WOOT",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article gives a formal version of Furstenberg's topological proof of the infinitude of primes. He defines a topology on the integers based on arithmetic progressions (or, equivalently, residue classes). Using some fairly obvious properties of this topology, the infinitude of primes is then easily obtained.\u003c/p\u003e \u003cp\u003eApart from this, this topology is also fairly ‘nice’ in general: it is second countable, metrizable, and perfect. All of these (well-known) facts are formally proven, including an explicit metric for the topology given by Zulfeqarr.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-03-22",
- "id": 244,
+ "id": 249,
"link": "/entries/Furstenberg_Topology.html",
"permalink": "/entries/Furstenberg_Topology.html",
"shortname": "Furstenberg_Topology",
"title": "Furstenberg's topology and his proof of the infinitude of primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Recently, authors have proposed under-approximate logics for reasoning about programs. So far, all such logics have been confined to reasoning about individual program behaviours. Yet there exist many over-approximate relational logics for reasoning about pairs of programs and relating their behaviours. We present the first under-approximate relational logic, for the simple imperative language IMP. We prove our logic is both sound and complete. Additionally, we show how reasoning in this logic can be decomposed into non-relational reasoning in an under-approximate Hoare logic, mirroring Beringer’s result for over-approximate relational logics. We illustrate the application of our logic on some small examples in which we provably demonstrate the presence of insecurity.",
"authors": [
"Toby Murray"
],
"date": "2020-03-12",
- "id": 245,
+ "id": 250,
"link": "/entries/Relational-Incorrectness-Logic.html",
"permalink": "/entries/Relational-Incorrectness-Logic.html",
"shortname": "Relational-Incorrectness-Logic",
"title": "An Under-Approximate Relational Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "In this article, we present a formalization of the well-known \"Hello, World!\" code, including a formal framework for reasoning about IO. Our model is inspired by the handling of IO in Haskell. We start by formalizing the 🌍 and embrace the IO monad afterwards. Then we present a sample main :: IO (), followed by its proof of correctness.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2020-03-07",
- "id": 246,
+ "id": 251,
"link": "/entries/Hello_World.html",
"permalink": "/entries/Hello_World.html",
"shortname": "Hello_World",
"title": "Hello World",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "In this formalization, we develop an implementation of the Goodstein function G in plain \u0026lambda;-calculus, linked to a concise, self-contained specification. The implementation works on a Church-encoded representation of countable ordinals. The initial conversion to hereditary base 2 is not covered, but the material is sufficient to compute the particular value G(16), and easily extends to other fixed arguments.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2020-02-21",
- "id": 247,
+ "id": 252,
"link": "/entries/Goodstein_Lambda.html",
"permalink": "/entries/Goodstein_Lambda.html",
"shortname": "Goodstein_Lambda",
"title": "Implementing the Goodstein Function in \u0026lambda;-Calculus",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This is a generic framework for formalizing compiler transformations. It leverages Isabelle/HOL’s locales to abstract over concrete languages and transformations. It states common definitions for language semantics, program behaviours, forward and backward simulations, and compilers. We provide generic operations, such as simulation and compiler composition, and prove general (partial) correctness theorems, resulting in reusable proof components.",
"authors": [
"Martin Desharnais"
],
"date": "2020-02-10",
- "id": 248,
+ "id": 253,
"link": "/entries/VeriComp.html",
"permalink": "/entries/VeriComp.html",
"shortname": "VeriComp",
"title": "A Generic Framework for Verified Compilers",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the solution obtained by the author of the Problem “ARITHMETIC PROGRESSIONS” from the \u003ca href=\"https://www.ocf.berkeley.edu/~wwu/riddles/putnam.shtml\"\u003e Putnam exam problems of 2002\u003c/a\u003e. The statement of the problem is as follows: For which integers \u003cem\u003en\u003c/em\u003e \u003e 1 does the set of positive integers less than and relatively prime to \u003cem\u003en\u003c/em\u003e constitute an arithmetic progression?",
"authors": [
"José Manuel Rodríguez Caballero"
],
"date": "2020-02-01",
- "id": 249,
+ "id": 254,
"link": "/entries/Arith_Prog_Rel_Primes.html",
"permalink": "/entries/Arith_Prog_Rel_Primes.html",
"shortname": "Arith_Prog_Rel_Primes",
"title": "Arithmetic progressions and relative primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present a collection of axiom systems for the construction of Boolean subalgebras of larger overall algebras. The subalgebras are defined as the range of a complement-like operation on a semilattice. This technique has been used, for example, with the antidomain operation, dynamic negation and Stone algebras. We present a common ground for these constructions based on a new equational axiomatisation of Boolean algebras.",
"authors": [
"Walter Guttmann",
"Bernhard Möller"
],
"date": "2020-01-31",
- "id": 250,
+ "id": 255,
"link": "/entries/Subset_Boolean_Algebras.html",
"permalink": "/entries/Subset_Boolean_Algebras.html",
"shortname": "Subset_Boolean_Algebras",
"title": "A Hierarchy of Algebras for Boolean Subsets",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides formal proofs of basic properties of Mersenne numbers, i. e. numbers of the form 2\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e - 1, and especially of Mersenne primes.\u003c/p\u003e \u003cp\u003eIn particular, an efficient, verified, and executable version of the Lucas\u0026ndash;Lehmer test is developed. This test decides primality for Mersenne numbers in time polynomial in \u003cem\u003en\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-01-17",
- "id": 251,
+ "id": 256,
"link": "/entries/Mersenne_Primes.html",
"permalink": "/entries/Mersenne_Primes.html",
"shortname": "Mersenne_Primes",
"title": "Mersenne primes and the Lucas–Lehmer test",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present the first formal verification of approximation algorithms for NP-complete optimization problems: vertex cover, set cover, independent set, center selection, load balancing, and bin packing. The proofs correct incompletenesses in existing proofs and improve the approximation ratio in one case.",
"authors": [
"Robin Eßmann",
"Tobias Nipkow",
"Simon Robillard",
"Ujkan Sulejmani"
],
"date": "2020-01-16",
- "id": 252,
+ "id": 257,
"link": "/entries/Approximation_Algorithms.html",
"permalink": "/entries/Approximation_Algorithms.html",
"shortname": "Approximation_Algorithms",
"title": "Verified Approximation Algorithms",
"topic_links": [
"computer-science/algorithms/approximation"
],
"topics": [
"Computer science/Algorithms/Approximation"
],
"used_by": 0
},
{
"abstract": "This entry provides two related verified divide-and-conquer algorithms solving the fundamental \u003cem\u003eClosest Pair of Points\u003c/em\u003e problem in Computational Geometry. Functional correctness and the optimal running time of \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en\u003c/em\u003e log \u003cem\u003en\u003c/em\u003e) are proved. Executable code is generated which is empirically competitive with handwritten reference implementations.",
"authors": [
"Martin Rau",
"Tobias Nipkow"
],
"date": "2020-01-13",
- "id": 253,
+ "id": 258,
"link": "/entries/Closest_Pair_Points.html",
"permalink": "/entries/Closest_Pair_Points.html",
"shortname": "Closest_Pair_Points",
"title": "Closest Pair of Points Algorithms",
"topic_links": [
"computer-science/algorithms/geometry"
],
"topics": [
"Computer science/Algorithms/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Skip lists are sorted linked lists enhanced with shortcuts and are an alternative to binary search trees. A skip lists consists of multiple levels of sorted linked lists where a list on level n is a subsequence of the list on level n − 1. In the ideal case, elements are skipped in such a way that a lookup in a skip lists takes O(log n) time. In a randomised skip list the skipped elements are choosen randomly. \u003c/p\u003e \u003cp\u003e This entry contains formalized proofs of the textbook results about the expected height and the expected length of a search path in a randomised skip list. \u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl"
],
"date": "2020-01-09",
- "id": 254,
+ "id": 259,
"link": "/entries/Skip_Lists.html",
"permalink": "/entries/Skip_Lists.html",
"shortname": "Skip_Lists",
"title": "Skip Lists",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms/Randomized"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Taking as a starting point the author's previous work on developing aspects of category theory in Isabelle/HOL, this article gives a compatible formalization of the notion of \"bicategory\" and develops a framework within which formal proofs of facts about bicategories can be given. The framework includes a number of basic results, including the Coherence Theorem, the Strictness Theorem, pseudofunctors and biequivalence, and facts about internal equivalences and adjunctions in a bicategory. As a driving application and demonstration of the utility of the framework, it is used to give a formal proof of a theorem, due to Carboni, Kasangian, and Street, that characterizes up to biequivalence the bicategories of spans in a category with pullbacks. The formalization effort necessitated the filling-in of many details that were not evident from the brief presentation in the original paper, as well as identifying a few minor corrections along the way. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added additional material on pseudofunctors, pseudonatural transformations, modifications, and equivalence of bicategories; the main thrust being to give a proof that a pseudofunctor is a biequivalence if and only if it can be extended to an equivalence of bicategories. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2020-01-06",
- "id": 255,
+ "id": 260,
"link": "/entries/Bicategory.html",
"permalink": "/entries/Bicategory.html",
"shortname": "Bicategory",
"title": "Bicategories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Beukers's straightforward analytic proof that ζ(3) is irrational. This was first proven by Apéry (which is why this result is also often called ‘Apéry's Theorem’) using a more algebraic approach. This formalisation follows \u003ca href=\"http://people.math.sc.edu/filaseta/gradcourses/Math785/Math785Notes4.pdf\"\u003eFilaseta's presentation\u003c/a\u003e of Beukers's proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-12-27",
- "id": 256,
+ "id": 261,
"link": "/entries/Zeta_3_Irrational.html",
"permalink": "/entries/Zeta_3_Irrational.html",
"shortname": "Zeta_3_Irrational",
"title": "The Irrationality of ζ(3)",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2020.5\"\u003edoi.org/10.4230/LIPIcs.TYPES.2020.5\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-12-20",
- "id": 257,
+ "id": 262,
"link": "/entries/Hybrid_Logic.html",
"permalink": "/entries/Hybrid_Logic.html",
"shortname": "Hybrid_Logic",
"title": "Formalizing a Seligman-Style Tableau System for Hybrid Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The Poincaré-Bendixson theorem is a classical result in the study of (continuous) dynamical systems. Colloquially, it restricts the possible behaviors of planar dynamical systems: such systems cannot be chaotic. In practice, it is a useful tool for proving the existence of (limiting) periodic behavior in planar systems. The theorem is an interesting and challenging benchmark for formalized mathematics because proofs in the literature rely on geometric sketches and only hint at symmetric cases. It also requires a substantial background of mathematical theories, e.g., the Jordan curve theorem, real analysis, ordinary differential equations, and limiting (long-term) behavior of dynamical systems.",
"authors": [
"Fabian Immler",
"Yong Kiam Tan"
],
"date": "2019-12-18",
- "id": 258,
+ "id": 263,
"link": "/entries/Poincare_Bendixson.html",
"permalink": "/entries/Poincare_Bendixson.html",
"shortname": "Poincare_Bendixson",
"title": "The Poincaré-Bendixson Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "A formalization of geometry of complex numbers is presented. Fundamental objects that are investigated are the complex plane extended by a single infinite point, its objects (points, lines and circles), and groups of transformations that act on them (e.g., inversions and Möbius transformations). Most objects are defined algebraically, but correspondence with classical geometric definitions is shown.",
"authors": [
"Filip Marić",
"Danijela Simić"
],
"date": "2019-12-16",
- "id": 259,
+ "id": 264,
"link": "/entries/Complex_Geometry.html",
"permalink": "/entries/Complex_Geometry.html",
"shortname": "Complex_Geometry",
"title": "Complex Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 2
},
{
"abstract": "We describe formalization of the Poincaré disc model of hyperbolic geometry within the Isabelle/HOL proof assistant. The model is defined within the extended complex plane (one dimensional complex projectives space \u0026#8450;P1), formalized in the AFP entry “Complex Geometry”. Points, lines, congruence of pairs of points, betweenness of triples of points, circles, and isometries are defined within the model. It is shown that the model satisfies all Tarski's axioms except the Euclid's axiom. It is shown that it satisfies its negation and the limiting parallels axiom (which proves it to be a model of hyperbolic geometry).",
"authors": [
"Danijela Simić",
"Filip Marić",
"Pierre Boutry"
],
"date": "2019-12-16",
- "id": 260,
+ "id": 265,
"link": "/entries/Poincare_Disc.html",
"permalink": "/entries/Poincare_Disc.html",
"shortname": "Poincare_Disc",
"title": "Poincaré Disc Model",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a full formalisation of Chapter 8 of Apostol's \u003cem\u003e\u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003eIntroduction to Analytic Number Theory\u003c/a\u003e\u003c/em\u003e. Subjects that are covered are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eperiodic arithmetic functions and their finite Fourier series\u003c/li\u003e \u003cli\u003e(generalised) Ramanujan sums\u003c/li\u003e \u003cli\u003eGauss sums and separable characters\u003c/li\u003e \u003cli\u003einduced moduli and primitive characters\u003c/li\u003e \u003cli\u003ethe Pólya\u0026mdash;Vinogradov inequality\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Rodrigo Raya",
"Manuel Eberl"
],
"date": "2019-12-10",
- "id": 261,
+ "id": 266,
"link": "/entries/Gauss_Sums.html",
"permalink": "/entries/Gauss_Sums.html",
"shortname": "Gauss_Sums",
"title": "Gauss Sums and the Pólya–Vinogradov Inequality",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Counting sort is a well-known algorithm that sorts objects of any kind mapped to integer keys, or else to keys in one-to-one correspondence with some subset of the integers (e.g. alphabet letters). However, it is suitable for direct use, viz. not just as a subroutine of another sorting algorithm (e.g. radix sort), only if the key range is not significantly larger than the number of the objects to be sorted. This paper describes a tail-recursive generalization of counting sort making use of a bounded number of counters, suitable for direct use in case of a large, or even infinite key range of any kind, subject to the only constraint of being a subset of an arbitrary linear order. After performing a pen-and-paper analysis of how such algorithm has to be designed to maximize its efficiency, this paper formalizes the resulting generalized counting sort (GCsort) algorithm and then formally proves its correctness properties, namely that (a) the counters' number is maximized never exceeding the fixed upper bound, (b) objects are conserved, (c) objects get sorted, and (d) the algorithm is stable.",
"authors": [
"Pasquale Noce"
],
"date": "2019-12-04",
- "id": 262,
+ "id": 267,
"link": "/entries/Generalized_Counting_Sort.html",
"permalink": "/entries/Generalized_Counting_Sort.html",
"shortname": "Generalized_Counting_Sort",
"title": "An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Interval_Arithmetic implements conservative interval arithmetic computations, then uses this interval arithmetic to implement a simple programming language where all terms have 32-bit signed word values, with explicit infinities for terms outside the representable bounds. Our target use case is interpreters for languages that must have a well-understood low-level behavior. We include a formalization of bounded-length strings which are used for the identifiers of our language. Bounded-length identifiers are useful in some applications, for example the \u003ca href=\"https://www.isa-afp.org/entries/Differential_Dynamic_Logic.html\"\u003eDifferential_Dynamic_Logic\u003c/a\u003e article, where a Euclidean space indexed by identifiers demands that identifiers are finitely many.",
"authors": [
"Rose Bohrer"
],
"date": "2019-11-27",
- "id": 263,
+ "id": 268,
"link": "/entries/Interval_Arithmetic_Word32.html",
"permalink": "/entries/Interval_Arithmetic_Word32.html",
"shortname": "Interval_Arithmetic_Word32",
"title": "Interval Arithmetic on 32-bit Words",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a new formalisation of ZFC set theory in Isabelle/HOL. It is logically equivalent to Obua's HOLZF; the point is to have the closest possible integration with the rest of Isabelle/HOL, minimising the amount of new notations and exploiting type classes.\u003c/p\u003e \u003cp\u003eThere is a type \u003cem\u003eV\u003c/em\u003e of sets and a function \u003cem\u003eelts :: V =\u0026gt; V set\u003c/em\u003e mapping a set to its elements. Classes simply have type \u003cem\u003eV set\u003c/em\u003e, and a predicate identifies the small classes: those that correspond to actual sets. Type classes connected with orders and lattices are used to minimise the amount of new notation for concepts such as the subset relation, union and intersection. Basic concepts — Cartesian products, disjoint sums, natural numbers, functions, etc. — are formalised.\u003c/p\u003e \u003cp\u003eMore advanced set-theoretic concepts, such as transfinite induction, ordinals, cardinals and the transitive closure of a set, are also provided. The definition of addition and multiplication for general sets (not just ordinals) follows Kirby.\u003c/p\u003e \u003cp\u003eThe theory provides two type classes with the aim of facilitating developments that combine \u003cem\u003eV\u003c/em\u003e with other Isabelle/HOL types: \u003cem\u003eembeddable\u003c/em\u003e, the class of types that can be injected into \u003cem\u003eV\u003c/em\u003e (including \u003cem\u003eV\u003c/em\u003e itself as well as \u003cem\u003eV*V\u003c/em\u003e, etc.), and \u003cem\u003esmall\u003c/em\u003e, the class of types that correspond to some ZF set.\u003c/p\u003e extra-history = Change history: [2020-01-28]: Generalisation of the \"small\" predicate and order types to arbitrary sets; ordinal exponentiation; introduction of the coercion ord_of_nat :: \"nat =\u003e V\"; numerous new lemmas. (revision 6081d5be8d08)",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-10-24",
- "id": 264,
+ "id": 269,
"link": "/entries/ZFC_in_HOL.html",
"permalink": "/entries/ZFC_in_HOL.html",
"shortname": "ZFC_in_HOL",
"title": "Zermelo Fraenkel Set Theory in Higher-Order Logic",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 4
},
{
"abstract": "We present a framework for C code in C11 syntax deeply integrated into the Isabelle/PIDE development environment. Our framework provides an abstract interface for verification back-ends to be plugged-in independently. Thus, various techniques such as deductive program verification or white-box testing can be applied to the same source, which is part of an integrated PIDE document model. Semantic back-ends are free to choose the supported C fragment and its semantics. In particular, they can differ on the chosen memory model or the specification mechanism for framing conditions. Our framework supports semantic annotations of C sources in the form of comments. Annotations serve to locally control back-end settings, and can express the term focus to which an annotation refers. Both the logical and the syntactic context are available when semantic annotations are evaluated. As a consequence, a formula in an annotation can refer both to HOL or C variables. Our approach demonstrates the degree of maturity and expressive power the Isabelle/PIDE sub-system has achieved in recent years. Our integration technique employs Lex and Yacc style grammars to ensure efficient deterministic parsing. This is the core-module of Isabelle/C; the AFP package for Clean and Clean_wrapper as well as AutoCorres and AutoCorres_wrapper (available via git) are applications of this front-end.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-22",
- "id": 265,
+ "id": 270,
"link": "/entries/Isabelle_C.html",
"permalink": "/entries/Isabelle_C.html",
"shortname": "Isabelle_C",
"title": "Isabelle/C",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/semantics-and-reasoning",
"tools"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Semantics and reasoning",
"Tools"
],
"used_by": 0
},
{
"abstract": "VerifyThis 2019 (http://www.pm.inf.ethz.ch/research/verifythis.html) was a program verification competition associated with ETAPS 2019. It was the 8th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-10-16",
- "id": 266,
+ "id": 271,
"link": "/entries/VerifyThis2019.html",
"permalink": "/entries/VerifyThis2019.html",
"shortname": "VerifyThis2019",
"title": "VerifyThis 2019 -- Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalise with Isabelle/HOL some basic elements of Aristotle's assertoric syllogistic following the \u003ca href=\"https://plato.stanford.edu/entries/aristotle-logic/\"\u003earticle from the Stanford Encyclopedia of Philosophy by Robin Smith.\u003c/a\u003e To this end, we use a set theoretic formulation (covering both individual and general predication). In particular, we formalise the deductions in the Figures and after that we present Aristotle's metatheoretical observation that all deductions in the Figures can in fact be reduced to either Barbara or Celarent. As the formal proofs prove to be straightforward, the interest of this entry lies in illustrating the functionality of Isabelle and high efficiency of Sledgehammer for simple exercises in philosophy.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2019-10-08",
- "id": 267,
+ "id": 272,
"link": "/entries/Aristotles_Assertoric_Syllogistic.html",
"permalink": "/entries/Aristotles_Assertoric_Syllogistic.html",
"shortname": "Aristotles_Assertoric_Syllogistic",
"title": "Aristotle's Assertoric Syllogistic",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to formalise commitment schemes and Sigma-protocols. Both are widely used fundamental two party cryptographic primitives. Security for commitment schemes is considered using game-based definitions whereas the security of Sigma-protocols is considered using both the game-based and simulation-based security paradigms. In this work, we first define security for both primitives and then prove secure multiple case studies: the Schnorr, Chaum-Pedersen and Okamoto Sigma-protocols as well as a construction that allows for compound (AND and OR statements) Sigma-protocols and the Pedersen and Rivest commitment schemes. We also prove that commitment schemes can be constructed from Sigma-protocols. We formalise this proof at an abstract level, only assuming the existence of a Sigma-protocol; consequently, the instantiations of this result for the concrete Sigma-protocols we consider come for free.",
"authors": [
"David Butler",
"Andreas Lochbihler"
],
"date": "2019-10-07",
- "id": 268,
+ "id": 273,
"link": "/entries/Sigma_Commit_Crypto.html",
"permalink": "/entries/Sigma_Commit_Crypto.html",
"shortname": "Sigma_Commit_Crypto",
"title": "Sigma Protocols and Commitment Schemes",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 1
},
{
"abstract": "Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood in contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notion of program-variables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this package, however, deliberately restrict themselves to the most elementary infrastructure for these tasks. The package is intended to serve as demonstrator semantic backend for Isabelle/C, or for the test-generation techniques.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-04",
- "id": 269,
+ "id": 274,
"link": "/entries/Clean.html",
"permalink": "/entries/Clean.html",
"shortname": "Clean",
"title": "Clean - An Abstract Imperative Programming Language and its Theory",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, \u003ca href=\"https://doi.org/10.1145/2590989.2590991\"\u003eNgo, Ré, and Rudra\u003c/a\u003e gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their \"Generic Join\" algorithm and extended it to support negative joins.",
"authors": [
"Thibault Dardinier"
],
"date": "2019-09-16",
- "id": 270,
+ "id": 275,
"link": "/entries/Generic_Join.html",
"permalink": "/entries/Generic_Join.html",
"shortname": "Generic_Join",
"title": "Formalization of Multiway-Join Algorithms",
"topic_links": [
"computer-science/data-management-systems",
"computer-science/algorithms"
],
"topics": [
"Computer science/Data management systems",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "These components formalise a semantic framework for the deductive verification of hybrid systems. They support reasoning about continuous evolutions of hybrid programs in the style of differential dynamics logic. Vector fields or flows model these evolutions, and their verification is done with invariants for the former or orbits for the latter. Laws of modal Kleene algebra or categorical predicate transformers implement the verification condition generation. Examples show the approach at work.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2019-09-10",
- "id": 271,
+ "id": 276,
"link": "/entries/Hybrid_Systems_VCs.html",
"permalink": "/entries/Hybrid_Systems_VCs.html",
"shortname": "Hybrid_Systems_VCs",
"title": "Verification Components for Hybrid Systems",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development formalises the square integrable functions over the reals and the basics of Fourier series. It culminates with a proof that every well-behaved periodic function can be approximated by a Fourier series. The material is ported from HOL Light: https://github.com/jrh13/hol-light/blob/master/100/fourier.ml",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-09-06",
- "id": 272,
+ "id": 277,
"link": "/entries/Fourier.html",
"permalink": "/entries/Fourier.html",
"shortname": "Fourier",
"title": "Fourier Series",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "The focus of this case study is re-use in abstract algebra. It contains locale-based formalisations of selected parts of set, group and ring theory from Jacobson's \u003ci\u003eBasic Algebra\u003c/i\u003e leading to the respective fundamental homomorphism theorems. The study is not intended as a library base for abstract algebra. It rather explores an approach towards abstract algebra in Isabelle.",
"authors": [
"Clemens Ballarin"
],
"date": "2019-08-30",
- "id": 273,
+ "id": 278,
"link": "/entries/Jacobson_Basic_Algebra.html",
"permalink": "/entries/Jacobson_Basic_Algebra.html",
"shortname": "Jacobson_Basic_Algebra",
"title": "A Case Study in Basic Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "This entry provides a formalisation of a refinement of an adaptive state counting algorithm, used to test for reduction between finite state machines. The algorithm has been originally presented by Hierons in the paper \u003ca href=\"https://doi.org/10.1109/TC.2004.85\"\u003eTesting from a Non-Deterministic Finite State Machine Using Adaptive State Counting\u003c/a\u003e. Definitions for finite state machines and adaptive test cases are given and many useful theorems are derived from these. The algorithm is formalised using mutually recursive functions, for which it is proven that the generated test suite is sufficient to test for reduction against finite state machines of a certain fault domain. Additionally, the algorithm is specified in a simple WHILE-language and its correctness is shown using Hoare-logic.",
"authors": [
"Robert Sachtleben"
],
"date": "2019-08-16",
- "id": 274,
+ "id": 279,
"link": "/entries/Adaptive_State_Counting.html",
"permalink": "/entries/Adaptive_State_Counting.html",
"shortname": "Adaptive_State_Counting",
"title": "Formalisation of an Adaptive State Counting Algorithm",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the Laplace transform and concrete Laplace transforms for arithmetic functions, frequency shift, integration and (higher) differentiation in the time domain. It proves Lerch's lemma and uniqueness of the Laplace transform for continuous functions. In order to formalize the foundational assumptions, this entry contains a formalization of piecewise continuous functions and functions of exponential order.",
"authors": [
"Fabian Immler"
],
"date": "2019-08-14",
- "id": 275,
+ "id": 280,
"link": "/entries/Laplace_Transform.html",
"permalink": "/entries/Laplace_Transform.html",
"shortname": "Laplace_Transform",
"title": "Laplace Transform",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Communicating Concurrent Kleene Algebra (C²KA) is a mathematical framework for capturing the communicating and concurrent behaviour of agents in distributed systems. It extends Hoare et al.'s Concurrent Kleene Algebra (CKA) with communication actions through the notions of stimuli and shared environments. C²KA has applications in studying system-level properties of distributed systems such as safety, security, and reliability. In this work, we formalize results about C²KA and its application for distributed systems specification. We first formalize the stimulus structure and behaviour structure (CKA). Next, we combine them to formalize C²KA and its properties. Then, we formalize notions and properties related to the topology of distributed systems and the potential for communication via stimuli and via shared environments of agents, all within the algebraic setting of C²KA.",
"authors": [
"Maxime Buyse",
"Jason Jaskolka"
],
"date": "2019-08-06",
- "id": 276,
+ "id": 281,
"link": "/entries/C2KA_DistributedSystems.html",
"permalink": "/entries/C2KA_DistributedSystems.html",
"shortname": "C2KA_DistributedSystems",
"title": "Communicating Concurrent Kleene Algebra for Distributed Systems Specification",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We use the previous formalization of the general simplex algorithm to formulate an algorithm for solving linear programs. We encode the linear programs using only linear constraints. Solving these constraints also solves the original linear program. This algorithm is proven to be sound by applying the weak duality theorem which is also part of this formalization.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2019-08-06",
- "id": 277,
+ "id": 282,
"link": "/entries/Linear_Programming.html",
"permalink": "/entries/Linear_Programming.html",
"shortname": "Linear_Programming",
"title": "Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains formalisations of the answers to three of the six problem of the International Mathematical Olympiad 2019, namely Q1, Q4, and Q5.\u003c/p\u003e \u003cp\u003eThe reason why these problems were chosen is that they are particularly amenable to formalisation: they can be solved with minimal use of libraries. The remaining three concern geometry and graph theory, which, in the author's opinion, are more difficult to formalise resp. require a more complex library.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-08-05",
- "id": 278,
+ "id": 283,
"link": "/entries/IMO2019.html",
"permalink": "/entries/IMO2019.html",
"shortname": "IMO2019",
"title": "Selected Problems from the International Mathematical Olympiad 2019",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "We formalize the static properties of personal Byzantine quorum systems (PBQSs) and Stellar quorum systems, as described in the paper “Stellar Consensus by Reduction” (to appear at DISC 2019).",
"authors": [
"Giuliano Losa"
],
"date": "2019-08-01",
- "id": 279,
+ "id": 284,
"link": "/entries/Stellar_Quorums.html",
"permalink": "/entries/Stellar_Quorums.html",
"shortname": "Stellar_Quorums",
"title": "Stellar Quorum Systems",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "The design of complex systems involves different formalisms for modeling their different parts or aspects. The global model of a system may therefore consist of a coordination of concurrent sub-models that use different paradigms. We develop here a theory for a language used to specify the timed coordination of such heterogeneous subsystems by addressing the following issues: \u003cul\u003e\u003cli\u003ethe behavior of the sub-systems is observed only at a series of discrete instants,\u003c/li\u003e\u003cli\u003eevents may occur in different sub-systems at unrelated times, leading to polychronous systems, which do not necessarily have a common base clock,\u003c/li\u003e\u003cli\u003ecoordination between subsystems involves causality, so the occurrence of an event may enforce the occurrence of other events, possibly after a certain duration has elapsed or an event has occurred a given number of times,\u003c/li\u003e\u003cli\u003ethe domain of time (discrete, rational, continuous...) may be different in the subsystems, leading to polytimed systems,\u003c/li\u003e\u003cli\u003ethe time frames of different sub-systems may be related (for instance, time in a GPS satellite and in a GPS receiver on Earth are related although they are not the same).\u003c/li\u003e\u003c/ul\u003e Firstly, a denotational semantics of the language is defined. Then, in order to be able to incrementally check the behavior of systems, an operational semantics is given, with proofs of progress, soundness and completeness with regard to the denotational semantics. These proofs are made according to a setup that can scale up when new operators are added to the language. In order for specifications to be composed in a clean way, the language should be invariant by stuttering (i.e., adding observation instants at which nothing happens). The proof of this invariance is also given.",
"authors": [
"Hai Nguyen Van",
"Frédéric Boulanger",
"Burkhart Wolff"
],
"date": "2019-07-30",
- "id": 280,
+ "id": 285,
"link": "/entries/TESL_Language.html",
"permalink": "/entries/TESL_Language.html",
"shortname": "TESL_Language",
"title": "A Formal Development of a Polychronous Polytimed Coordination Language",
"topic_links": [
"computer-science/system-description-languages",
"computer-science/semantics-and-reasoning",
"computer-science/concurrency"
],
"topics": [
"Computer science/System description languages",
"Computer science/Semantics and reasoning",
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry is concerned with the principle of order extension, i.e. the extension of an order relation to a total order relation. To this end, we prove a more general version of Szpilrajn's extension theorem employing terminology from the book \"Consistency, Choice, and Rationality\" by Bossert and Suzumura. We also formalize theorem 2.7 of their book.",
"authors": [
"Peter Zeller",
"Lukas Stevens"
],
"date": "2019-07-27",
- "id": 281,
+ "id": 286,
"link": "/entries/Szpilrajn.html",
"permalink": "/entries/Szpilrajn.html",
"shortname": "Szpilrajn",
"title": "Order Extension and Szpilrajn's Extension Theorem",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 1
},
{
"abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Papers: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003eceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1093/logcom/exad013\"\u003edoi.org/10.1093/logcom/exad013\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-07-18",
- "id": 282,
+ "id": 287,
"link": "/entries/FOL_Seq_Calc1.html",
"permalink": "/entries/FOL_Seq_Calc1.html",
"shortname": "FOL_Seq_Calc1",
"title": "A Sequent Calculus for First-Order Logic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 1
},
{
"abstract": "This entry contains the formalization that accompanies my PhD thesis (see https://lars.hupel.info/research/codegen/). I develop a verified compilation toolchain from executable specifications in Isabelle/HOL to CakeML abstract syntax trees. This improves over the state-of-the-art in Isabelle by providing a trustworthy procedure for code generation.",
"authors": [
"Lars Hupel"
],
"date": "2019-07-08",
- "id": 283,
+ "id": 288,
"link": "/entries/CakeML_Codegen.html",
"permalink": "/entries/CakeML_Codegen.html",
"shortname": "CakeML_Codegen",
"title": "A Verified Code Generator from Isabelle/HOL to CakeML",
"topic_links": [
"computer-science/programming-languages/compiling",
"logic/rewriting"
],
"topics": [
"Computer science/Programming languages/Compiling",
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order temporal logic (MFOTL), an expressive extension of linear temporal logic with real-time constraints and first-order quantification. The verified monitor implements a simplified variant of the algorithm used in the efficient MonPoly monitoring tool. The formalization is presented in a \u003ca href=\"https://doi.org/10.1007/978-3-030-32079-9_18\"\u003eRV 2019 paper\u003c/a\u003e, which also compares the output of the verified monitor to that of other monitoring tools on randomly generated inputs. This case study revealed several errors in the optimized but unverified tools.",
"authors": [
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2019-07-04",
- "id": 284,
+ "id": 289,
"link": "/entries/MFOTL_Monitor.html",
"permalink": "/entries/MFOTL_Monitor.html",
"shortname": "MFOTL_Monitor",
"title": "Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "We develop an Isabelle/HOL library of order-theoretic concepts, such as various completeness conditions and fixed-point theorems. We keep our formalization as general as possible: we reprove several well-known results about complete orders, often without any properties of ordering, thus complete non-orders. In particular, we generalize the Knaster–Tarski theorem so that we ensure the existence of a quasi-fixed point of monotone maps over complete non-orders, and show that the set of quasi-fixed points is complete under a mild condition—attractivity—which is implied by either antisymmetry or transitivity. This result generalizes and strengthens a result by Stauti and Maaden. Finally, we recover Kleene’s fixed-point theorem for omega-complete non-orders, again using attractivity to prove that Kleene’s fixed points are least quasi-fixed points.",
"authors": [
"Akihisa Yamada",
"Jérémy Dubut"
],
"date": "2019-06-27",
- "id": 285,
+ "id": 290,
"link": "/entries/Complete_Non_Orders.html",
"permalink": "/entries/Complete_Non_Orders.html",
"shortname": "Complete_Non_Orders",
"title": "Complete Non-Orders and Fixed Points",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 1
},
{
"abstract": "We present a new, purely functional, simple and efficient data structure combining a search tree and a priority queue, which we call a \u003cem\u003epriority search tree\u003c/em\u003e. The salient feature of priority search trees is that they offer a decrease-key operation, something that is missing from other simple, purely functional priority queue implementations. Priority search trees can be implemented on top of any search tree. This entry does the implementation for red-black trees. This entry formalizes the first part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 286,
+ "id": 291,
"link": "/entries/Priority_Search_Trees.html",
"permalink": "/entries/Priority_Search_Trees.html",
"shortname": "Priority_Search_Trees",
"title": "Priority Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We verify purely functional, simple and efficient implementations of Prim's and Dijkstra's algorithms. This constitutes the first verification of an executable and even efficient version of Prim's algorithm. This entry formalizes the second part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 287,
+ "id": 292,
"link": "/entries/Prim_Dijkstra_Simple.html",
"permalink": "/entries/Prim_Dijkstra_Simple.html",
"shortname": "Prim_Dijkstra_Simple",
"title": "Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "We formalize results about linear inqualities, mainly from Schrijver's book. The main results are the proof of the fundamental theorem on linear inequalities, Farkas' lemma, Carathéodory's theorem, the Farkas-Minkowsky-Weyl theorem, the decomposition theorem of polyhedra, and Meyer's result that the integer hull of a polyhedron is a polyhedron itself. Several theorems include bounds on the appearing numbers, and in particular we provide an a-priori bound on mixed-integer solutions of linear inequalities.",
"authors": [
"Ralph Bottesch",
"Alban Reynaud",
"René Thiemann"
],
"date": "2019-06-21",
- "id": 288,
+ "id": 293,
"link": "/entries/Linear_Inequalities.html",
"permalink": "/entries/Linear_Inequalities.html",
"shortname": "Linear_Inequalities",
"title": "Linear Inequalities",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry formalizes Hilbert's Nullstellensatz, an important theorem in algebraic geometry that can be viewed as the generalization of the Fundamental Theorem of Algebra to multivariate polynomials: If a set of (multivariate) polynomials over an algebraically closed field has no common zero, then the ideal it generates is the entire polynomial ring. The formalization proves several equivalent versions of this celebrated theorem: the weak Nullstellensatz, the strong Nullstellensatz (connecting algebraic varieties and radical ideals), and the field-theoretic Nullstellensatz. The formalization follows Chapter 4.1. of \u003ca href=\"https://link.springer.com/book/10.1007/978-0-387-35651-8\"\u003eIdeals, Varieties, and Algorithms\u003c/a\u003e by Cox, Little and O'Shea.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-16",
- "id": 289,
+ "id": 294,
"link": "/entries/Nullstellensatz.html",
"permalink": "/entries/Nullstellensatz.html",
"shortname": "Nullstellensatz",
"title": "Hilbert's Nullstellensatz",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the connection between Gröbner bases and Macaulay matrices (sometimes also referred to as `generalized Sylvester matrices'). In particular, it contains a method for computing Gröbner bases, which proceeds by first constructing some Macaulay matrix of the initial set of polynomials, then row-reducing this matrix, and finally converting the result back into a set of polynomials. The output is shown to be a Gröbner basis if the Macaulay matrix constructed in the first step is sufficiently large. In order to obtain concrete upper bounds on the size of the matrix (and hence turn the method into an effectively executable algorithm), Dubé's degree bounds on Gröbner bases are utilized; consequently, they are also part of the formalization.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-15",
- "id": 290,
+ "id": 295,
"link": "/entries/Groebner_Macaulay.html",
"permalink": "/entries/Groebner_Macaulay.html",
"shortname": "Groebner_Macaulay",
"title": "Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In this submission array-based binary minimum heaps are formalized. The correctness of the following heap operations is proved: insert, get-min, delete-min and make-heap. These are then used to verify an in-place heapsort. The formalization is based on IMP2, an imperative program verification framework implemented in Isabelle/HOL. The verified heap functions are iterative versions of the partly recursive functions found in \"Algorithms and Data Structures – The Basic Toolbox\" by K. Mehlhorn and P. Sanders and \"Introduction to Algorithms\" by T. H. Cormen, C. E. Leiserson, R. L. Rivest and C. Stein.",
"authors": [
"Simon Griebel"
],
"date": "2019-06-13",
- "id": 291,
+ "id": 296,
"link": "/entries/IMP2_Binary_Heap.html",
"permalink": "/entries/IMP2_Binary_Heap.html",
"shortname": "IMP2_Binary_Heap",
"title": "Binary Heaps for IMP2",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This formalization provides differential game logic (dGL), a logic for proving properties of hybrid game. In addition to the syntax and semantics, it formalizes a uniform substitution calculus for dGL. Church's uniform substitutions substitute a term or formula for a function or predicate symbol everywhere. The uniform substitutions for dGL also substitute hybrid games for a game symbol everywhere. We prove soundness of one-pass uniform substitutions and the axioms of differential game logic with respect to their denotational semantics. One-pass uniform substitutions are faster by postponing soundness-critical admissibility checks with a linear pass homomorphic application and regain soundness by a variable condition at the replacements. The formalization is based on prior non-mechanized soundness proofs for dGL.",
"authors": [
"André Platzer"
],
"date": "2019-06-03",
- "id": 292,
+ "id": 297,
"link": "/entries/Differential_Game_Logic.html",
"permalink": "/entries/Differential_Game_Logic.html",
"shortname": "Differential_Game_Logic",
"title": "Differential Game Logic",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides a formalization of multidimensional binary trees, also known as k-d trees. It includes a balanced build algorithm as well as the nearest neighbor algorithm and the range search algorithm. It is based on the papers \u003ca href=\"https://dl.acm.org/citation.cfm?doid=361002.361007\"\u003eMultidimensional binary search trees used for associative searching\u003c/a\u003e and \u003ca href=\"https://dl.acm.org/citation.cfm?doid=355744.355745\"\u003e An Algorithm for Finding Best Matches in Logarithmic Expected Time\u003c/a\u003e.",
"authors": [
"Martin Rau"
],
"date": "2019-05-30",
- "id": 293,
+ "id": 298,
"link": "/entries/KD_Tree.html",
"permalink": "/entries/KD_Tree.html",
"shortname": "KD_Tree",
"title": "Multidimensional Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures are a technique for outsourcing data storage and maintenance to an untrusted server. The server is required to produce an efficiently checkable and cryptographically secure proof that it carried out precisely the requested computation. \u003ca href=\"https://doi.org/10.1145/2535838.2535851\"\u003eMiller et al.\u003c/a\u003e introduced \u0026lambda;\u0026bull; (pronounced \u003ci\u003elambda auth\u003c/i\u003e)\u0026mdash;a functional programming language with a built-in primitive authentication construct, which supports a wide range of user-specified authenticated data structures while guaranteeing certain correctness and security properties for all well-typed programs. We formalize \u0026lambda;\u0026bull; and prove its correctness and security properties. With Isabelle's help, we uncover and repair several mistakes in the informal proofs and lemma statements. Our findings are summarized in an \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2019.10\"\u003eITP'19 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Dmitriy Traytel"
],
"date": "2019-05-14",
- "id": 294,
+ "id": 299,
"link": "/entries/LambdaAuth.html",
"permalink": "/entries/LambdaAuth.html",
"shortname": "LambdaAuth",
"title": "Formalization of Generic Authenticated Data Structures",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to consider Multi-Party Computation (MPC) protocols. MPC was first considered by Yao in 1983 and recent advances in efficiency and an increased demand mean it is now deployed in the real world. Security is considered using the real/ideal world paradigm. We first define security in the semi-honest security setting where parties are assumed not to deviate from the protocol transcript. In this setting we prove multiple Oblivious Transfer (OT) protocols secure and then show security for the gates of the GMW protocol. We then define malicious security, this is a stronger notion of security where parties are assumed to be fully corrupted by an adversary. In this setting we again consider OT, as it is a fundamental building block of almost all MPC protocols.",
"authors": [
"David Aspinall",
"David Butler"
],
"date": "2019-05-09",
- "id": 295,
+ "id": 300,
"link": "/entries/Multi_Party_Computation.html",
"permalink": "/entries/Multi_Party_Computation.html",
"shortname": "Multi_Party_Computation",
"title": "Multi-Party Computation",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a complete formalization of the work of Hoare and Roscoe on the denotational semantics of the Failure/Divergence Model of CSP. It follows essentially the presentation of CSP in Roscoe’s Book ”Theory and Practice of Concurrency” [8] and the semantic details in a joint Paper of Roscoe and Brooks ”An improved failures model for communicating processes\". The present work is based on a prior formalization attempt, called HOL-CSP 1.0, done in 1997 by H. Tej and B. Wolff with the Isabelle proof technology available at that time. This work revealed minor, but omnipresent foundational errors in key concepts like the process invariant. The present version HOL-CSP profits from substantially improved libraries (notably HOLCF), improved automated proof techniques, and structured proof techniques in Isar and is substantially shorter but more complete.",
"authors": [
"Safouan Taha",
"Lina Ye",
"Burkhart Wolff"
],
"date": "2019-04-26",
- "id": 296,
+ "id": 301,
"link": "/entries/HOL-CSP.html",
"permalink": "/entries/HOL-CSP.html",
"shortname": "HOL-CSP",
"title": "HOL-CSP Version 2.0",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "We present a formalisation of the unified translation approach of linear temporal logic (LTL) into ω-automata from [1]. This approach decomposes LTL formulas into “simple” languages and allows a clear separation of concerns: first, we formalise the purely logical result yielding this decomposition; second, we instantiate this generic theory to obtain a construction for deterministic (state-based) Rabin automata (DRA). We extract from this particular instantiation an executable tool translating LTL to DRAs. To the best of our knowledge this is the first verified translation from LTL to DRAs that is proven to be double exponential in the worst case which asymptotically matches the known lower bound. \u003cp\u003e [1] Javier Esparza, Jan Kretínský, Salomon Sickert. One Theorem to Rule Them All: A Unified Translation of LTL into ω-Automata. LICS 2018",
"authors": [
"Benedikt Seidl",
"Salomon Sickert"
],
"date": "2019-04-16",
- "id": 297,
+ "id": 302,
"link": "/entries/LTL_Master_Theorem.html",
"permalink": "/entries/LTL_Master_Theorem.html",
"shortname": "LTL_Master_Theorem",
"title": "A Compositional and Unified Translation of LTL into ω-Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We formalize a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes many properties of the standard operators on terms: substitution, swapping and freshness. It also includes bindings-aware induction and recursion principles and support for semantic interpretation. This work has been presented in the ITP 2017 paper “A Formalized General Theory of Syntax with Bindings”.",
"authors": [
"Lorenzo Gheri",
"Andrei Popescu"
],
"date": "2019-04-06",
- "id": 298,
+ "id": 303,
"link": "/entries/Binding_Syntax_Theory.html",
"permalink": "/entries/Binding_Syntax_Theory.html",
"shortname": "Binding_Syntax_Theory",
"title": "A General Theory of Syntax with Bindings",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/functional-programming",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Functional programming",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the proofs of two transcendence criteria by J. Hančl and P. Rucki that assert the transcendence of the sums of certain infinite series built up by sequences that fulfil certain properties. Both proofs make use of Roth's celebrated theorem on diophantine approximations to algebraic numbers from 1955 which we implement as an assumption without having formalised its proof.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2019-03-27",
- "id": 299,
+ "id": 304,
"link": "/entries/Transcendence_Series_Hancl_Rucki.html",
"permalink": "/entries/Transcendence_Series_Hancl_Rucki.html",
"shortname": "Transcendence_Series_Hancl_Rucki",
"title": "The Transcendence of Certain Infinite Series",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize quantum Hoare logic as given in [1]. In particular, we specify the syntax and denotational semantics of a simple model of quantum programs. Then, we write down the rules of quantum Hoare logic for partial correctness, and show the soundness and completeness of the resulting proof system. As an application, we verify the correctness of Grover’s algorithm.",
"authors": [
"Junyi Liu",
"Bohua Zhan",
"Shuling Wang",
"Shenggang Ying",
"Tao Liu",
"Yangjia Li",
"Mingsheng Ying",
"Naijun Zhan"
],
"date": "2019-03-24",
- "id": 300,
+ "id": 305,
"link": "/entries/QHLProver.html",
"permalink": "/entries/QHLProver.html",
"shortname": "QHLProver",
"title": "Quantum Hoare Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe theory is a formalization of the \u003ca href=\"https://www.omg.org/spec/OCL/\"\u003eOCL\u003c/a\u003e type system, its abstract syntax and expression typing rules. The theory does not define a concrete syntax and a semantics. In contrast to \u003ca href=\"https://www.isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e, it is based on a deep embedding approach. The type system is defined from scratch, it is not based on the Isabelle HOL type system.\u003c/p\u003e \u003cp\u003eThe Safe OCL distincts nullable and non-nullable types. Also the theory gives a formal definition of \u003ca href=\"http://ceur-ws.org/Vol-1512/paper07.pdf\"\u003esafe navigation operations\u003c/a\u003e. The Safe OCL typing rules are much stricter than rules given in the OCL specification. It allows one to catch more errors on a type checking phase.\u003c/p\u003e \u003cp\u003eThe type theory presented is four-layered: classes, basic types, generic types, errorable types. We introduce the following new types: non-nullable types (T[1]), nullable types (T[?]), OclSuper. OclSuper is a supertype of all other types (basic types, collections, tuples). This type allows us to define a total supremum function, so types form an upper semilattice. It allows us to define rich expression typing rules in an elegant manner.\u003c/p\u003e \u003cp\u003eThe Preliminaries Chapter of the theory defines a number of helper lemmas for transitive closures and tuples. It defines also a generic object model independent from OCL. It allows one to use the theory as a reference for formalization of analogous languages.\u003c/p\u003e",
"authors": [
"Denis Nikiforov"
],
"date": "2019-03-09",
- "id": 301,
+ "id": 306,
"link": "/entries/Safe_OCL.html",
"permalink": "/entries/Safe_OCL.html",
"shortname": "Safe_OCL",
"title": "Safe OCL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a formalisation of Chapter 4 (and parts of Chapter 3) of Apostol's \u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003e\u003cem\u003eIntroduction to Analytic Number Theory\u003c/em\u003e\u003c/a\u003e. The main topics that are addressed are properties of the distribution of prime numbers that can be shown in an elementary way (i.\u0026thinsp;e. without the Prime Number Theorem), the various equivalent forms of the PNT (which imply each other in elementary ways), and consequences that follow from the PNT in elementary ways. The latter include, most notably, asymptotic bounds for the number of distinct prime factors of \u003cem\u003en\u003c/em\u003e, the divisor function \u003cem\u003ed(n)\u003c/em\u003e, Euler's totient function \u003cem\u003e\u0026phi;(n)\u003c/em\u003e, and lcm(1,\u0026hellip;,\u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-21",
- "id": 302,
+ "id": 307,
"link": "/entries/Prime_Distribution_Elementary.html",
"permalink": "/entries/Prime_Distribution_Elementary.html",
"shortname": "Prime_Distribution_Elementary",
"title": "Elementary Facts About the Distribution of Primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 3
},
{
"abstract": "This Isabelle/HOL formalization defines a greedy algorithm for finding a minimum weight basis on a weighted matroid and proves its correctness. This algorithm is an abstract version of Kruskal's algorithm. We interpret the abstract algorithm for the cycle matroid (i.e. forests in a graph) and refine it to imperative executable code using an efficient union-find data structure. Our formalization can be instantiated for different graph representations. We provide instantiations for undirected graphs and symmetric directed graphs.",
"authors": [
"Maximilian P. L. Haslbeck",
"Peter Lammich",
"Julian Biendarra"
],
"date": "2019-02-14",
- "id": 303,
+ "id": 308,
"link": "/entries/Kruskal.html",
"permalink": "/entries/Kruskal.html",
"shortname": "Kruskal",
"title": "Kruskal's Algorithm for Minimum Spanning Forest",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe most efficient known primality tests are \u003cem\u003eprobabilistic\u003c/em\u003e in the sense that they use randomness and may, with some probability, mistakenly classify a composite number as prime \u0026ndash; but never a prime number as composite. Examples of this are the Miller\u0026ndash;Rabin test, the Solovay\u0026ndash;Strassen test, and (in most cases) Fermat's test.\u003c/p\u003e \u003cp\u003eThis entry defines these three tests and proves their correctness. It also develops some of the number-theoretic foundations, such as Carmichael numbers and the Jacobi symbol with an efficient executable algorithm to compute it.\u003c/p\u003e",
"authors": [
"Daniel Stüwe",
"Manuel Eberl"
],
"date": "2019-02-11",
- "id": 304,
+ "id": 309,
"link": "/entries/Probabilistic_Prime_Tests.html",
"permalink": "/entries/Probabilistic_Prime_Tests.html",
"shortname": "Probabilistic_Prime_Tests",
"title": "Probabilistic Primality Testing",
"topic_links": [
"computer-science/algorithms/randomized",
"mathematics/number-theory"
],
"topics": [
"Computer science/Algorithms/Randomized",
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry formalises results from computability theory, for example recursive functions, undecidability of the halting problem, the existence of a universal Turing machine and so on. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL from ITP 2013. The main book used for this formalisation is by Boolos, Burgess, and Jeffrey on \u003ci\u003eComputability and Logic\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eJoosten contributed by making the files ready for the AFP in 2019. His need for a formalisation of Turing Machines arose from realising that the current formalisation of saturation graphs (also in the AFP) was missing a key undecidability result present in his paper on \u003ci\u003eFinding models through graph saturation\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eRegensburger contributed in 2022 by adding definitions for concepts like Turing Decidability, Turing Computability and Turing Reducibility for problem reduction. He also enhanced the result about the undecidability of the General Halting Problem given in the original AFP entry by first proving the undecidability of the Special Halting Problem and then proving its reducibility to the general problem. The original version of this AFP entry did only prove a weak form of the undecidability theorem. The main motivation behind this contribution is to make the AFP entry accessible for bachelor and master students.\u003c/p\u003e ",
"authors": [
"Jian Xu",
"Xingyuan Zhang",
"Christian Urban",
"Sebastiaan J. C. Joosten",
"Franz Regensburger"
],
"date": "2019-02-08",
- "id": 305,
+ "id": 310,
"link": "/entries/Universal_Turing_Machine.html",
"permalink": "/entries/Universal_Turing_Machine.html",
"shortname": "Universal_Turing_Machine",
"title": "Universal Turing Machine",
"topic_links": [
"logic/computability",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/Computability",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.",
"authors": [
"Simon Foster",
"Frank Zeyda",
"Yakoub Nemouchi",
"Pedro Ribeiro",
"Burkhart Wolff"
],
"date": "2019-02-01",
- "id": 306,
+ "id": 311,
"link": "/entries/UTP.html",
"permalink": "/entries/UTP.html",
"shortname": "UTP",
"title": "Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry defines the set of \u003cem\u003einversions\u003c/em\u003e of a list, i.e. the pairs of indices that violate sortedness. It also proves the correctness of the well-known \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en log n\u003c/em\u003e) divide-and-conquer algorithm to compute the number of inversions.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-01",
- "id": 307,
+ "id": 312,
"link": "/entries/List_Inversions.html",
"permalink": "/entries/List_Inversions.html",
"shortname": "List_Inversions",
"title": "The Inversions of a List",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalize a proof of Motzkin's transposition theorem and Farkas' lemma in Isabelle/HOL. Our proof is based on the formalization of the simplex algorithm which, given a set of linear constraints, either returns a satisfying assignment to the problem or detects unsatisfiability. By reusing facts about the simplex algorithm we show that a set of linear constraints is unsatisfiable if and only if there is a linear combination of the constraints which evaluates to a trivially unsatisfiable inequality.",
"authors": [
"Ralph Bottesch",
"Max W. Haslbeck",
"René Thiemann"
],
"date": "2019-01-17",
- "id": 308,
+ "id": 313,
"link": "/entries/Farkas.html",
"permalink": "/entries/Farkas.html",
"shortname": "Farkas",
"title": "Farkas' Lemma and Motzkin's Transposition Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "In this formalization, I introduce a higher-order term algebra, generalizing the notions of free variables, matching, and substitution. The need arose from the work on a \u003ca href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\"\u003everified compiler from Isabelle to CakeML\u003c/a\u003e. Terms can be thought of as consisting of a generic (free variables, constants, application) and a specific part. As example applications, this entry provides instantiations for de-Bruijn terms, terms with named variables, and \u003ca href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\"\u003eBlanchette’s \u0026lambda;-free higher-order terms\u003c/a\u003e. Furthermore, I implement translation functions between de-Bruijn terms and named terms and prove their correctness.",
"authors": [
"Lars Hupel"
],
"date": "2019-01-15",
- "id": 309,
+ "id": 314,
"link": "/entries/Higher_Order_Terms.html",
"permalink": "/entries/Higher_Order_Terms.html",
"shortname": "Higher_Order_Terms",
"title": "An Algebra for Higher-Order Terms",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 1
},
{
"abstract": "IMP2 is a simple imperative language together with Isabelle tooling to create a program verification environment in Isabelle/HOL. The tools include a C-like syntax, a verification condition generator, and Isabelle commands for the specification of programs. The framework is modular, i.e., it allows easy reuse of already proved programs within larger programs. This entry comes with a quickstart guide and a large collection of examples, spanning basic algorithms with simple proofs to more advanced algorithms and proof techniques like data refinement. Some highlights from the examples are: \u003cul\u003e \u003cli\u003eBisection Square Root, \u003c/li\u003e \u003cli\u003eExtended Euclid, \u003c/li\u003e \u003cli\u003eExponentiation by Squaring, \u003c/li\u003e \u003cli\u003eBinary Search, \u003c/li\u003e \u003cli\u003eInsertion Sort, \u003c/li\u003e \u003cli\u003eQuicksort, \u003c/li\u003e \u003cli\u003eDepth First Search. \u003c/li\u003e \u003c/ul\u003e The abstract syntax and semantics are very simple and well-documented. They are suitable to be used in a course, as extension to the IMP language which comes with the Isabelle distribution. While this entry is limited to a simple imperative language, the ideas could be extended to more sophisticated languages.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-01-15",
- "id": 310,
+ "id": 315,
"link": "/entries/IMP2.html",
"permalink": "/entries/IMP2.html",
"shortname": "IMP2",
"title": "IMP2 – Simple Program Verification in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/algorithms"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, na\u0026iuml;ve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarse-grained concurrency (where data is protected by locks) as well as fine-grained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all.",
"authors": [
"Ernie Cohen",
"Norbert Schirmer"
],
"date": "2019-01-07",
- "id": 311,
+ "id": 316,
"link": "/entries/Store_Buffer_Reduction.html",
"permalink": "/entries/Store_Buffer_Reduction.html",
"shortname": "Store_Buffer_Reduction",
"title": "A Reduction Theorem for Store Buffers",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Document Object Model (DOM). At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers. We present a formalization of the core DOM, with focus on the node-tree and the operations defined on node-trees, in Isabelle/HOL. We use the formalization to verify the functional correctness of the most important functions defined in the DOM standard. Moreover, our formalization is 1) extensible, i.e., can be extended without the need of re-proving already proven properties and 2) executable, i.e., we can generate executable code from our specification.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2018-12-26",
- "id": 312,
+ "id": 317,
"link": "/entries/Core_DOM.html",
"permalink": "/entries/Core_DOM.html",
"shortname": "Core_DOM",
"title": "A Formal Model of the Document Object Model",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is \u003cem\u003edeterminacy\u003c/em\u003e: programs written within the model always produce the same outcome, independent of scheduling activity. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. This document contains an Isabelle/HOL formalization of this semantics and the proof of determinacy.",
"authors": [
"Roy Overbeek"
],
"date": "2018-12-25",
- "id": 313,
+ "id": 318,
"link": "/entries/Concurrent_Revisions.html",
"permalink": "/entries/Concurrent_Revisions.html",
"shortname": "Concurrent_Revisions",
"title": "Formalization of Concurrent Revisions",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry contains the application of auto2 to verifying functional and imperative programs. Algorithms and data structures that are verified include linked lists, binary search trees, red-black trees, interval trees, priority queue, quicksort, union-find, Dijkstra's algorithm, and a sweep-line algorithm for detecting rectangle intersection. The imperative verification is based on Imperative HOL and its separation logic framework. A major goal of this work is to set up automation in order to reduce the length of proof that the user needs to provide, both for verifying functional programs and for working with separation logic.",
"authors": [
"Bohua Zhan"
],
"date": "2018-12-21",
- "id": 314,
+ "id": 319,
"link": "/entries/Auto2_Imperative_HOL.html",
"permalink": "/entries/Auto2_Imperative_HOL.html",
"shortname": "Auto2_Imperative_HOL",
"title": "Verifying Imperative Programs using Auto2",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Inspired by Abstract Cryptography, we extend CryptHOL, a framework for formalizing game-based proofs, with an abstract model of Random Systems and provide proof rules about their composition and equality. This foundation facilitates the formalization of Constructive Cryptography proofs, where the security of a cryptographic scheme is realized as a special form of construction in which a complex random system is built from simpler ones. This is a first step towards a fully-featured compositional framework, similar to Universal Composability framework, that supports formalization of simulation-based proofs.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2018-12-17",
- "id": 315,
+ "id": 320,
"link": "/entries/Constructive_Cryptography.html",
"permalink": "/entries/Constructive_Cryptography.html",
"shortname": "Constructive_Cryptography",
"title": "Constructive Cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "These components add further fundamental order and lattice-theoretic concepts and properties to Isabelle's libraries. They follow by and large the introductory sections of the Compendium of Continuous Lattices, covering directed and filtered sets, down-closed and up-closed sets, ideals and filters, Galois connections, closure and co-closure operators. Some emphasis is on duality and morphisms between structures, as in the Compendium. To this end, three ad-hoc approaches to duality are compared.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 316,
+ "id": 321,
"link": "/entries/Order_Lattice_Props.html",
"permalink": "/entries/Order_Lattice_Props.html",
"shortname": "Order_Lattice_Props",
"title": "Properties of Orderings and Lattices",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "These mathematical components formalise basic properties of quantales, together with some important models, constructions, and concepts, including quantic nuclei and conuclei.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 317,
+ "id": 322,
"link": "/entries/Quantales.html",
"permalink": "/entries/Quantales.html",
"shortname": "Quantales",
"title": "Quantales",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "These mathematical components formalise predicate transformer semantics for programs, yet currently only for partial correctness and in the absence of faults. A first part for isotone (or monotone), Sup-preserving and Inf-preserving transformers follows Back and von Wright's approach, with additional emphasis on the quantalic structure of algebras of transformers. The second part develops Sup-preserving and Inf-preserving predicate transformers from the powerset monad, via its Kleisli category and Eilenberg-Moore algebras, with emphasis on adjunctions and dualities, as well as isomorphisms between relations, state transformers and predicate transformers.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 318,
+ "id": 323,
"link": "/entries/Transformer_Semantics.html",
"permalink": "/entries/Transformer_Semantics.html",
"shortname": "Transformer_Semantics",
"title": "Transformer Semantics",
"topic_links": [
"mathematics/algebra",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization refines the abstract ordered resolution prover presented in Section 4.3 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003ci\u003eHandbook of Automated Reasoning\u003c/i\u003e. The result is a functional implementation of a first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel"
],
"date": "2018-11-23",
- "id": 319,
+ "id": 324,
"link": "/entries/Functional_Ordered_Resolution_Prover.html",
"permalink": "/entries/Functional_Ordered_Resolution_Prover.html",
"shortname": "Functional_Ordered_Resolution_Prover",
"title": "A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 1
},
{
"abstract": "This is an Isabelle/HOL formalisation of graph saturation, closely following a \u003ca href=\"https://doi.org/10.1016/j.jlamp.2018.06.005\"\u003epaper by the author\u003c/a\u003e on graph saturation. Nine out of ten lemmas of the original paper are proven in this formalisation. The formalisation additionally includes two theorems that show the main premise of the paper: that consistency and entailment are decided through graph saturation. This formalisation does not give executable code, and it did not implement any of the optimisations suggested in the paper.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2018-11-23",
- "id": 320,
+ "id": 325,
"link": "/entries/Graph_Saturation.html",
"permalink": "/entries/Graph_Saturation.html",
"shortname": "Graph_Saturation",
"title": "Graph Saturation",
"topic_links": [
"logic/rewriting",
"mathematics/graph-theory"
],
"topics": [
"Logic/Rewriting",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Auto2 is a saturation-based heuristic prover for higher-order logic, implemented as a tactic in Isabelle. This entry contains the instantiation of auto2 for Isabelle/HOL, along with two basic examples: solutions to some of the Pelletier’s problems, and elementary number theory of primes.",
"authors": [
"Bohua Zhan"
],
"date": "2018-11-20",
- "id": 321,
+ "id": 326,
"link": "/entries/Auto2_HOL.html",
"permalink": "/entries/Auto2_HOL.html",
"shortname": "Auto2_HOL",
"title": "Auto2 Prover",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article defines the combinatorial structures known as \u003cem\u003eIndependence Systems\u003c/em\u003e and \u003cem\u003eMatroids\u003c/em\u003e and provides basic concepts and theorems related to them. These structures play an important role in combinatorial optimisation, e. g. greedy algorithms such as Kruskal's algorithm. The development is based on Oxley's \u003ca href=\"http://www.math.lsu.edu/~oxley/survey4.pdf\"\u003e`What is a Matroid?'\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Jonas Keinholz"
],
"date": "2018-11-16",
- "id": 322,
+ "id": 327,
"link": "/entries/Matroids.html",
"permalink": "/entries/Matroids.html",
"shortname": "Matroids",
"title": "Matroids",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eWe provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell's \u003ci\u003egeneric-deriving\u003c/i\u003e package and Scala's \u003ci\u003eshapeless\u003c/i\u003e library. In addition to generating the code for type class functions, we also attempt to automatically prove type class laws for these instances. As of now, however, some manual proofs are still required for recursive datatypes.\u003c/p\u003e \u003cp\u003eNote: There are already articles in the AFP that provide automatic instantiation for a number of classes. Concretely, \u003ca href=\"https://www.isa-afp.org/entries/Deriving.html\"\u003eDeriving\u003c/a\u003e allows the automatic instantiation of comparators, linear orders, equality, and hashing. \u003ca href=\"https://www.isa-afp.org/entries/Show.html\"\u003eShow\u003c/a\u003e instantiates a Haskell-style \u003ci\u003eshow\u003c/i\u003e class.\u003c/p\u003e\u003cp\u003eOur approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.\u003c/p\u003e",
"authors": [
"Jonas Rädle",
"Lars Hupel"
],
"date": "2018-11-06",
- "id": 323,
+ "id": 328,
"link": "/entries/Generic_Deriving.html",
"permalink": "/entries/Generic_Deriving.html",
"shortname": "Generic_Deriving",
"title": "Deriving generic class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "An ambitious ethical theory ---Alan Gewirth's \"Principle of Generic Consistency\"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2018-10-30",
- "id": 324,
+ "id": 329,
"link": "/entries/GewirthPGCProof.html",
"permalink": "/entries/GewirthPGCProof.html",
"shortname": "GewirthPGCProof",
"title": "Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of epistemic logic. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003edoi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2018-10-29",
- "id": 325,
+ "id": 330,
"link": "/entries/Epistemic_Logic.html",
"permalink": "/entries/Epistemic_Logic.html",
"shortname": "Epistemic_Logic",
"title": "Epistemic Logic: Completeness of Modal Logics",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 2
},
{
"abstract": "We formalize the definition and basic properties of smooth manifolds in Isabelle/HOL. Concepts covered include partition of unity, tangent and cotangent spaces, and the fundamental theorem of path integrals. We also examine some concrete manifolds such as spheres and projective spaces. The formalization makes extensive use of the analysis and linear algebra libraries in Isabelle/HOL, in particular its “types-to-sets” mechanism.",
"authors": [
"Fabian Immler",
"Bohua Zhan"
],
"date": "2018-10-22",
- "id": 326,
+ "id": 331,
"link": "/entries/Smooth_Manifolds.html",
"permalink": "/entries/Smooth_Manifolds.html",
"shortname": "Smooth_Manifolds",
"title": "Smooth Manifolds",
"topic_links": [
"mathematics/analysis",
"mathematics/topology"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines the Embedding Path Order (EPO) for higher-order terms without lambda-abstraction and proves many useful properties about it. In contrast to the lambda-free recursive path orders, it does not fully coincide with RPO on first-order terms, but it is compatible with arbitrary higher-order contexts.",
"authors": [
"Alexander Bentkamp"
],
"date": "2018-10-19",
- "id": 327,
+ "id": 332,
"link": "/entries/Lambda_Free_EPO.html",
"permalink": "/entries/Lambda_Free_EPO.html",
"shortname": "Lambda_Free_EPO",
"title": "Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work is a formalisation of the Randomised Binary Search Trees introduced by Martínez and Roura, including definitions and correctness proofs.\u003c/p\u003e \u003cp\u003eLike randomised treaps, they are a probabilistic data structure that behaves exactly as if elements were inserted into a non-balancing BST in random order. However, unlike treaps, they only use discrete probability distributions, but their use of randomness is more complicated.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-10-19",
- "id": 328,
+ "id": 333,
"link": "/entries/Randomised_BSTs.html",
"permalink": "/entries/Randomised_BSTs.html",
"shortname": "Randomised_BSTs",
"title": "Randomised Binary Search Trees",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms/Randomized"
],
"used_by": 0
},
{
"abstract": "A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. One valid completeness threshold is the diameter of the underlying transition system. The diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We port a HOL4 formalisation of a compositional algorithm for computing a relatively tight upper bound on the system diameter. This compositional algorithm exploits acyclicity in the state space to achieve compositionality, and it was introduced by Abdulaziz et. al. The formalisation that we port is described as a part of another paper by Abdulaziz et. al. As a part of this porting we developed a libray about transition systems, which shall be of use in future related mechanisation efforts.",
"authors": [
"Friedrich Kurz",
"Mohammad Abdulaziz"
],
"date": "2018-10-12",
- "id": 329,
+ "id": 334,
"link": "/entries/Factored_Transition_System_Bounding.html",
"permalink": "/entries/Factored_Transition_System_Bounding.html",
"shortname": "Factored_Transition_System_Bounding",
"title": "Upper Bounding Diameters of State Spaces of Factored Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry shows the transcendence of \u0026pi; based on the classic proof using the fundamental theorem of symmetric polynomials first given by von Lindemann in 1882, but the formalisation mostly follows the version by Niven. The proof reuses much of the machinery developed in the AFP entry on the transcendence of \u003cem\u003ee\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-28",
- "id": 330,
+ "id": 335,
"link": "/entries/Pi_Transcendental.html",
"permalink": "/entries/Pi_Transcendental.html",
"shortname": "Pi_Transcendental",
"title": "The Transcendence of π",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eA symmetric polynomial is a polynomial in variables \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003eX\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e that does not discriminate between its variables, i.\u0026thinsp;e. it is invariant under any permutation of them. These polynomials are important in the study of the relationship between the coefficients of a univariate polynomial and its roots in its algebraic closure.\u003c/p\u003e \u003cp\u003eThis article provides a definition of symmetric polynomials and the elementary symmetric polynomials e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,e\u003csub\u003en\u003c/sub\u003e and proofs of their basic properties, including three notable ones:\u003c/p\u003e \u003cul\u003e \u003cli\u003e Vieta's formula, which gives an explicit expression for the \u003cem\u003ek\u003c/em\u003e-th coefficient of a univariate monic polynomial in terms of its roots \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e, namely \u003cem\u003ec\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = (-1)\u003csup\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e\u0026thinsp;e\u003csub\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e).\u003c/li\u003e \u003cli\u003eSecond, the Fundamental Theorem of Symmetric Polynomials, which states that any symmetric polynomial is itself a uniquely determined polynomial combination of the elementary symmetric polynomials.\u003c/li\u003e \u003cli\u003eThird, as a corollary of the previous two, that given a polynomial over some ring \u003cem\u003eR\u003c/em\u003e, any symmetric polynomial combination of its roots is also in \u003cem\u003eR\u003c/em\u003e even when the roots are not. \u003c/ul\u003e \u003cp\u003e Both the symmetry property itself and the witness for the Fundamental Theorem are executable. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-25",
- "id": 331,
+ "id": 336,
"link": "/entries/Symmetric_Polynomials.html",
"permalink": "/entries/Symmetric_Polynomials.html",
"shortname": "Symmetric_Polynomials",
"title": "Symmetric Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article formalizes signature-based algorithms for computing Gr\u0026ouml;bner bases. Such algorithms are, in general, superior to other algorithms in terms of efficiency, and have not been formalized in any proof assistant so far. The present development is both generic, in the sense that most known variants of signature-based algorithms are covered by it, and effectively executable on concrete input thanks to Isabelle's code generator. Sample computations of benchmark problems show that the verified implementation of signature-based algorithms indeed outperforms the existing implementation of Buchberger's algorithm in Isabelle/HOL.\u003c/p\u003e \u003cp\u003eBesides total correctness of the algorithms, the article also proves that under certain conditions they a-priori detect and avoid all useless zero-reductions, and always return 'minimal' (in some sense) Gr\u0026ouml;bner bases if an input parameter is chosen in the right way.\u003c/p\u003e\u003cp\u003eThe formalization follows the recent survey article by Eder and Faug\u0026egrave;re.\u003c/p\u003e",
"authors": [
"Alexander Maletzky"
],
"date": "2018-09-20",
- "id": 332,
+ "id": 337,
"link": "/entries/Signature_Groebner.html",
"permalink": "/entries/Signature_Groebner.html",
"shortname": "Signature_Groebner",
"title": "Signature-Based Gröbner Basis Algorithms",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a short proof of the Prime Number Theorem in several equivalent forms, most notably \u0026pi;(\u003cem\u003ex\u003c/em\u003e) ~ \u003cem\u003ex\u003c/em\u003e/ln \u003cem\u003ex\u003c/em\u003e where \u0026pi;(\u003cem\u003ex\u003c/em\u003e) is the number of primes no larger than \u003cem\u003ex\u003c/em\u003e. It also defines other basic number-theoretic functions related to primes like Chebyshev's functions \u0026thetasym; and \u0026psi; and the \u0026ldquo;\u003cem\u003en\u003c/em\u003e-th prime number\u0026rdquo; function p\u003csub\u003e\u003cem\u003en\u003c/em\u003e\u003c/sub\u003e. We also show various bounds and relationship between these functions are shown. Lastly, we derive Mertens' First and Second Theorem, i.\u0026thinsp;e. \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + \u003cem\u003eO\u003c/em\u003e(1) and \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e 1/\u003cem\u003ep\u003c/em\u003e = ln ln \u003cem\u003ex\u003c/em\u003e + M + \u003cem\u003eO\u003c/em\u003e(1/ln \u003cem\u003ex\u003c/em\u003e). We also give explicit bounds for the remainder terms.\u003c/p\u003e \u003cp\u003eThe proof of the Prime Number Theorem builds on a library of Dirichlet series and analytic combinatorics. We essentially follow the presentation by Newman. The core part of the proof is a Tauberian theorem for Dirichlet series, which is proven using complex analysis and then used to strengthen Mertens' First Theorem to \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + c + \u003cem\u003eo\u003c/em\u003e(1).\u003c/p\u003e \u003cp\u003eA variant of this proof has been formalised before by Harrison in HOL Light, and formalisations of Selberg's elementary proof exist both by Avigad \u003cem\u003eet al.\u003c/em\u003e in Isabelle and by Carneiro in Metamath. The advantage of the analytic proof is that, while it requires more powerful mathematical tools, it is considerably shorter and clearer. This article attempts to provide a short and clear formalisation of all components of that proof using the full range of mathematical machinery available in Isabelle, staying as close as possible to Newman's simple paper proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl",
"Lawrence C. Paulson"
],
"date": "2018-09-19",
- "id": 333,
+ "id": 338,
"link": "/entries/Prime_Number_Theorem.html",
"permalink": "/entries/Prime_Number_Theorem.html",
"shortname": "Prime_Number_Theorem",
"title": "The Prime Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 3
},
{
"abstract": "We develop algebras for aggregation and minimisation for weight matrices and for edge weights in graphs. We verify the correctness of Prim's and Kruskal's minimum spanning tree algorithms based on these algebras. We also show numerous instances of these algebras based on linearly ordered commutative semigroups.",
"authors": [
"Walter Guttmann"
],
"date": "2018-09-15",
- "id": 334,
+ "id": 339,
"link": "/entries/Aggregation_Algebras.html",
"permalink": "/entries/Aggregation_Algebras.html",
"shortname": "Aggregation_Algebras",
"title": "Aggregation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We develop the basic theory of Octonions, including various identities and properties of the octonions and of the octonionic product, a description of 7D isometries and representations of orthogonal transformations. To this end we first develop the theory of the vector cross product in 7 dimensions. The development of the theory of Octonions is inspired by that of the theory of Quaternions by Lawrence Paulson. However, we do not work within the type class real_algebra_1 because the octonionic product is not associative.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2018-09-14",
- "id": 335,
+ "id": 340,
"link": "/entries/Octonions.html",
"permalink": "/entries/Octonions.html",
"shortname": "Octonions",
"title": "Octonions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is inspired by the HOL Light development of quaternions, but follows its own route. Quaternions are developed coinductively, as in the existing formalisation of the complex numbers. Quaternions are quickly shown to belong to the type classes of real normed division algebras and real inner product spaces. And therefore they inherit a great body of facts involving algebraic laws, limits, continuity, etc., which must be proved explicitly in the HOL Light version. The development concludes with the geometric interpretation of the product of imaginary quaternions.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2018-09-05",
- "id": 336,
+ "id": 341,
"link": "/entries/Quaternions.html",
"permalink": "/entries/Quaternions.html",
"shortname": "Quaternions",
"title": "Quaternions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry is mainly about counting and approximating real roots (of a polynomial) with multiplicity. We have first formalised the Budan–Fourier theorem: given a polynomial with real coefficients, we can calculate sign variations on Fourier sequences to over-approximate the number of real roots (counting multiplicity) within an interval. When all roots are known to be real, the over-approximation becomes tight: we can utilise this theorem to count real roots exactly. It is also worth noting that Descartes' rule of sign is a direct consequence of the Budan–Fourier theorem, and has been included in this entry. In addition, we have extended previous formalised Sturm's theorem to count real roots with multiplicity, while the original Sturm's theorem only counts distinct real roots. Compared to the Budan–Fourier theorem, our extended Sturm's theorem always counts roots exactly but may suffer from greater computational cost.",
"authors": [
"Wenda Li"
],
"date": "2018-09-02",
- "id": 337,
+ "id": 342,
"link": "/entries/Budan_Fourier.html",
"permalink": "/entries/Budan_Fourier.html",
"shortname": "Budan_Fourier",
"title": "The Budan–Fourier Theorem and Counting Real Roots with Multiplicity",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We present an Isabelle/HOL formalization and total correctness proof for the incremental version of the Simplex algorithm which is used in most state-of-the-art SMT solvers. It supports extraction of satisfying assignments, extraction of minimal unsatisfiable cores, incremental assertion of constraints and backtracking. The formalization relies on stepwise program refinement, starting from a simple specification, going through a number of refinement steps, and ending up in a fully executable functional implementation. Symmetries present in the algorithm are handled with special care.",
"authors": [
"Filip Marić",
"Mirko Spasić",
"René Thiemann"
],
"date": "2018-08-24",
- "id": 338,
+ "id": 343,
"link": "/entries/Simplex.html",
"permalink": "/entries/Simplex.html",
"shortname": "Simplex",
"title": "An Incremental Simplex Algorithm with Unsatisfiable Core Generation",
"topic_links": [
"computer-science/algorithms/optimization"
],
"topics": [
"Computer science/Algorithms/Optimization"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We formalize undecidablity results for Minsky machines. To this end, we also formalize recursive inseparability. \u003c/p\u003e\u003cp\u003e We start by proving that Minsky machines can compute arbitrary primitive recursive and recursive functions. We then show that there is a deterministic Minsky machine with one argument and two final states such that the set of inputs that are accepted in one state is recursively inseparable from the set of inputs that are accepted in the other state. \u003c/p\u003e\u003cp\u003e As a corollary, the set of Minsky configurations that reach the first state but not the second recursively inseparable from the set of Minsky configurations that reach the second state but not the first. In particular both these sets are undecidable. \u003c/p\u003e\u003cp\u003e We do \u003cem\u003enot\u003c/em\u003e prove that recursive functions can simulate Minsky machines. \u003c/p\u003e",
"authors": [
"Bertram Felgenhauer"
],
"date": "2018-08-14",
- "id": 339,
+ "id": 344,
"link": "/entries/Minsky_Machines.html",
"permalink": "/entries/Minsky_Machines.html",
"shortname": "Minsky_Machines",
"title": "Minsky Machines",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "We have formalized the computation of fair prices for derivative products in discrete financial models. As an application, we derive a way to compute fair prices of derivative products in the Cox-Ross-Rubinstein model of a financial market, thus completing the work that was presented in this \u003ca href=\"https://hal.archives-ouvertes.fr/hal-01562944\"\u003epaper\u003c/a\u003e.",
"authors": [
"Mnacho Echenim"
],
"date": "2018-07-16",
- "id": 340,
+ "id": 345,
"link": "/entries/DiscretePricing.html",
"permalink": "/entries/DiscretePricing.html",
"shortname": "DiscretePricing",
"title": "Pricing in discrete financial models",
"topic_links": [
"mathematics/probability-theory",
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Utility functions form an essential part of game theory and economics. In order to guarantee the existence of utility functions most of the time sufficient properties are assumed in an axiomatic manner. One famous and very common set of such assumptions is that of expected utility theory. Here, the rationality, continuity, and independence of preferences is assumed. The von-Neumann-Morgenstern Utility theorem shows that these assumptions are necessary and sufficient for an expected utility function to exists. This theorem was proven by Neumann and Morgenstern in “Theory of Games and Economic Behavior” which is regarded as one of the most influential works in game theory. The formalization includes formal definitions of the underlying concepts including continuity and independence of preferences.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2018-07-04",
- "id": 341,
+ "id": 346,
"link": "/entries/Neumann_Morgenstern_Utility.html",
"permalink": "/entries/Neumann_Morgenstern_Utility.html",
"shortname": "Neumann_Morgenstern_Utility",
"title": "Von-Neumann-Morgenstern Utility Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This article gives the basic theory of Pell's equation \u003cem\u003ex\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e = 1 + \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u003cem\u003ey\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e, where \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; is a parameter and \u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e are integer variables. \u003c/p\u003e \u003cp\u003e The main result that is proven is the following: If \u003cem\u003eD\u003c/em\u003e is not a perfect square, then there exists a \u003cem\u003efundamental solution\u003c/em\u003e (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e, \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e) that is not the trivial solution (1, 0) and which generates all other solutions (\u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e) in the sense that there exists some \u003cem\u003en\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; such that |\u003cem\u003ex\u003c/em\u003e| + |\u003cem\u003ey\u003c/em\u003e|\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e = (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e + \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e)\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e. This also implies that the set of solutions is infinite, and it gives us an explicit and executable characterisation of all the solutions. \u003c/p\u003e \u003cp\u003e Based on this, simple executable algorithms for computing the fundamental solution and the infinite sequence of all non-negative solutions are also provided. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-06-23",
- "id": 342,
+ "id": 347,
"link": "/entries/Pell.html",
"permalink": "/entries/Pell.html",
"shortname": "Pell",
"title": "Pell's Equation",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We formalize the basics of projective geometry. In particular, we give a proof of the so-called Hessenberg's theorem in projective plane geometry. We also provide a proof of the so-called Desargues's theorem based on an axiomatization of (higher) projective space geometry using the notion of rank of a matroid. This last approach allows to handle incidence relations in an homogeneous way dealing only with points and without the need of talking explicitly about lines, planes or any higher entity.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 343,
+ "id": 348,
"link": "/entries/Projective_Geometry.html",
"permalink": "/entries/Projective_Geometry.html",
"shortname": "Projective_Geometry",
"title": "Projective Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the localization of a commutative ring R with respect to a multiplicative subset (i.e. a submonoid of R seen as a multiplicative monoid). This localization is itself a commutative ring and we build the natural homomorphism of rings from R to its localization.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 344,
+ "id": 349,
"link": "/entries/Localization_Ring.html",
"permalink": "/entries/Localization_Ring.html",
"shortname": "Localization_Ring",
"title": "The Localization of a Commutative Ring",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This entry provides a formalization of the abstract theory of ample set partial order reduction. The formalization includes transition systems with actions, trace theory, as well as basics on finite, infinite, and lazy sequences. We also provide a basic framework for static analysis on concurrent systems with respect to the ample set condition.",
"authors": [
"Julian Brunner"
],
"date": "2018-06-05",
- "id": 345,
+ "id": 350,
"link": "/entries/Partial_Order_Reduction.html",
"permalink": "/entries/Partial_Order_Reduction.html",
"shortname": "Partial_Order_Reduction",
"title": "Partial Order Reduction",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This article formalizes recursive algorithms for the construction of optimal binary search trees given fixed access frequencies. We follow Knuth (1971), Yao (1980) and Mehlhorn (1984). The algorithms are memoized with the help of the AFP article \u003ca href=\"Monad_Memo_DP.html\"\u003eMonadification, Memoization and Dynamic Programming\u003c/a\u003e, thus yielding dynamic programming algorithms.",
"authors": [
"Tobias Nipkow",
"Dániel Somogyi"
],
"date": "2018-05-27",
- "id": 346,
+ "id": 351,
"link": "/entries/Optimal_BST.html",
"permalink": "/entries/Optimal_BST.html",
"shortname": "Optimal_BST",
"title": "Optimal Binary Search Trees",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This entry contains a formalization of hidden Markov models [3] based on Johannes Hölzl's formalization of discrete time Markov chains [1]. The basic definitions are provided and the correctness of two main (dynamic programming) algorithms for hidden Markov models is proved: the forward algorithm for computing the likelihood of an observed sequence, and the Viterbi algorithm for decoding the most probable hidden state sequence. The Viterbi algorithm is made executable including memoization. Hidden markov models have various applications in natural language processing. For an introduction see Jurafsky and Martin [2].",
"authors": [
"Simon Wimmer"
],
"date": "2018-05-25",
- "id": 347,
+ "id": 352,
"link": "/entries/Hidden_Markov_Models.html",
"permalink": "/entries/Hidden_Markov_Models.html",
"shortname": "Hidden_Markov_Models",
"title": "Hidden Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We present a formalization of probabilistic timed automata (PTA) for which we try to follow the formula MDP + TA = PTA as far as possible: our work starts from our existing formalizations of Markov decision processes (MDP) and timed automata (TA) and combines them modularly. We prove the fundamental result for probabilistic timed automata: the region construction that is known from timed automata carries over to the probabilistic setting. In particular, this allows us to prove that minimum and maximum reachability probabilities can be computed via a reduction to MDP model checking, including the case where one wants to disregard unrealizable behavior. Further information can be found in our ITP paper [2].",
"authors": [
"Simon Wimmer",
"Johannes Hölzl"
],
"date": "2018-05-24",
- "id": 348,
+ "id": 353,
"link": "/entries/Probabilistic_Timed_Automata.html",
"permalink": "/entries/Probabilistic_Timed_Automata.html",
"shortname": "Probabilistic_Timed_Automata",
"title": "Probabilistic Timed Automata",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This document provides a concise overview on the core results of our previous work on the exploration of axioms systems for category theory. Extending the previous studies (http://arxiv.org/abs/1609.01493) we include one further axiomatic theory in our experiments. This additional theory has been suggested by Mac Lane in 1948. We show that the axioms proposed by Mac Lane are equivalent to the ones we studied before, which includes an axioms set suggested by Scott in the 1970s and another axioms set proposed by Freyd and Scedrov in 1990, which we slightly modified to remedy a minor technical issue.",
"authors": [
"Christoph Benzmüller",
"Dana Scott"
],
"date": "2018-05-23",
- "id": 349,
+ "id": 354,
"link": "/entries/AxiomaticCategoryTheory.html",
"permalink": "/entries/AxiomaticCategoryTheory.html",
"shortname": "AxiomaticCategoryTheory",
"title": "Axiom Systems for Category Theory in Free Logic",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We formalize with Isabelle/HOL a proof of a theorem by J. Hancl asserting the irrationality of the sum of a series consisting of rational numbers, built up by sequences that fulfill certain properties. Even though the criterion is a number theoretic result, the proof makes use only of analytical arguments. We also formalize a corollary of the theorem for a specific series fulfilling the assumptions of the theorem.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2018-05-23",
- "id": 350,
+ "id": 355,
"link": "/entries/Irrationality_J_Hancl.html",
"permalink": "/entries/Irrationality_J_Hancl.html",
"shortname": "Irrationality_J_Hancl",
"title": "Irrational Rapidly Convergent Series",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a lightweight framework for the automatic verified (functional or imperative) memoization of recursive functions. Our tool can turn a pure Isabelle/HOL function definition into a monadified version in a state monad or the Imperative HOL heap monad, and prove a correspondence theorem. We provide a variety of memory implementations for the two types of monads. A number of simple techniques allow us to achieve bottom-up computation and space-efficient memoization. The framework’s utility is demonstrated on a number of representative dynamic programming problems. A detailed description of our work can be found in the accompanying paper [2].",
"authors": [
"Simon Wimmer",
"Shuwei Hu",
"Tobias Nipkow"
],
"date": "2018-05-22",
- "id": 351,
+ "id": 356,
"link": "/entries/Monad_Memo_DP.html",
"permalink": "/entries/Monad_Memo_DP.html",
"shortname": "Monad_Memo_DP",
"title": "Monadification, Memoization and Dynamic Programming",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not.",
"authors": [
"Martin Kleppmann",
"Victor B. F. Gomes",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2018-05-10",
- "id": 352,
+ "id": 357,
"link": "/entries/OpSets.html",
"permalink": "/entries/OpSets.html",
"shortname": "OpSets",
"title": "OpSets: Sequential Specifications for Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The \"Modular Assembly Kit for Security Properties\" (MAKS) is a framework for both the definition and verification of possibilistic information-flow security properties at the specification-level. MAKS supports the uniform representation of a wide range of possibilistic information-flow properties and provides support for the verification of such properties via unwinding results and compositionality results. We provide a formalization of this framework in Isabelle/HOL.",
"authors": [
"Oliver Bračevac",
"Richard Gay",
"Sylvia Grewe",
"Heiko Mantel",
"Henning Sudbrock",
"Markus Tasch"
],
"date": "2018-05-07",
- "id": 353,
+ "id": 358,
"link": "/entries/Modular_Assembly_Kit_Security.html",
"permalink": "/entries/Modular_Assembly_Kit_Security.html",
"shortname": "Modular_Assembly_Kit_Security",
"title": "An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a mechanised specification of the WebAssembly language, drawn mainly from the previously published paper formalisation of Haas et al. Also included is a full proof of soundness of the type system, together with a verified type checker and interpreter. We include only a partial procedure for the extraction of the type checker and interpreter here. For more details, please see our paper in CPP 2018.",
"authors": [
"Conrad Watt"
],
"date": "2018-04-29",
- "id": 354,
+ "id": 359,
"link": "/entries/WebAssembly.html",
"permalink": "/entries/WebAssembly.html",
"shortname": "WebAssembly",
"title": "WebAssembly",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"http://www.pm.inf.ethz.ch/research/verifythis.html\"\u003eVerifyThis 2018\u003c/a\u003e was a program verification competition associated with ETAPS 2018. It was the 7th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2018-04-27",
- "id": 355,
+ "id": 360,
"link": "/entries/VerifyThis2018.html",
"permalink": "/entries/VerifyThis2018.html",
"shortname": "VerifyThis2018",
"title": "VerifyThis 2018 - Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Bounded natural functors (BNFs) provide a modular framework for the construction of (co)datatypes in higher-order logic. Their functorial operations, the mapper and relator, are restricted to a subset of the parameters, namely those where recursion can take place. For certain applications, such as free theorems, data refinement, quotients, and generalised rewriting, it is desirable that these operations do not ignore the other parameters. In this article, we formalise the generalisation BNF\u003csub\u003eCC\u003c/sub\u003e that extends the mapper and relator to covariant and contravariant parameters. We show that \u003col\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es are closed under functor composition and least and greatest fixpoints,\u003c/li\u003e \u003cli\u003e subtypes inherit the BNF\u003csub\u003eCC\u003c/sub\u003e structure under conditions that generalise those for the BNF case, and\u003c/li\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es preserve quotients under mild conditions.\u003c/li\u003e \u003c/ol\u003e These proofs are carried out for abstract BNF\u003csub\u003eCC\u003c/sub\u003es similar to the AFP entry BNF Operations. In addition, we apply the BNF\u003csub\u003eCC\u003c/sub\u003e theory to several concrete functors.",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2018-04-24",
- "id": 356,
+ "id": 361,
"link": "/entries/BNF_CC.html",
"permalink": "/entries/BNF_CC.html",
"shortname": "BNF_CC",
"title": "Bounded Natural Functors with Covariance and Contravariance",
"topic_links": [
"computer-science/functional-programming",
"tools"
],
"topics": [
"Computer science/Functional programming",
"Tools"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis formalisation contains the proof that there is no anonymous Social Choice Function for at least three agents and alternatives that fulfils both Pareto-Efficiency and Fishburn-Strategyproofness. It was derived from a proof of \u003ca href=\"http://dss.in.tum.de/files/brandt-research/stratset.pdf\"\u003eBrandt \u003cem\u003eet al.\u003c/em\u003e\u003c/a\u003e, which relies on an unverified translation of a fixed finite instance of the original problem to SAT. This Isabelle proof contains a machine-checked version of both the statement for exactly three agents and alternatives and the lifting to the general case.\u003c/p\u003e",
"authors": [
"Felix Brandt",
"Manuel Eberl",
"Christian Saile",
"Christian Stricker"
],
"date": "2018-03-22",
- "id": 357,
+ "id": 362,
"link": "/entries/Fishburn_Impossibility.html",
"permalink": "/entries/Fishburn_Impossibility.html",
"shortname": "Fishburn_Impossibility",
"title": "The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This theory provides a verified implementation of weight-balanced trees following the work of \u003ca href=\"https://doi.org/10.1017/S0956796811000104\"\u003eHirai and Yamamoto\u003c/a\u003e who proved that all parameters in a certain range are valid, i.e. guarantee that insertion and deletion preserve weight-balance. Instead of a general theorem we provide parameterized proofs of preservation of the invariant that work for many (all?) valid parameters.",
"authors": [
"Tobias Nipkow",
"Stefan Dirix"
],
"date": "2018-03-13",
- "id": 358,
+ "id": 363,
"link": "/entries/Weight_Balanced_Trees.html",
"permalink": "/entries/Weight_Balanced_Trees.html",
"shortname": "Weight_Balanced_Trees",
"title": "Weight-Balanced Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "CakeML is a functional programming language with a proven-correct compiler and runtime system. This entry contains an unofficial version of the CakeML semantics that has been exported from the Lem specifications to Isabelle. Additionally, there are some hand-written theory files that adapt the exported code to Isabelle and port proofs from the HOL4 formalization, e.g. termination and equivalence proofs.",
"authors": [
"Lars Hupel",
"Yu Zhang"
],
"date": "2018-03-12",
- "id": 359,
+ "id": 364,
"link": "/entries/CakeML.html",
"permalink": "/entries/CakeML.html",
"shortname": "CakeML",
"title": "CakeML",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "The following document formalizes and verifies several architectural design patterns. Each pattern specification is formalized in terms of a locale where the locale assumptions correspond to the assumptions which a pattern poses on an architecture. Thus, pattern specifications may build on top of each other by interpreting the corresponding locale. A pattern is verified using the framework provided by the AFP entry Dynamic Architectures. Currently, the document consists of formalizations of 4 different patterns: the singleton, the publisher subscriber, the blackboard pattern, and the blockchain pattern. Thereby, the publisher component of the publisher subscriber pattern is modeled as an instance of the singleton pattern and the blackboard pattern is modeled as an instance of the publisher subscriber pattern. In general, this entry provides the first steps towards an overall theory of architectural design patterns.",
"authors": [
"Diego Marmsoler"
],
"date": "2018-03-01",
- "id": 360,
+ "id": 365,
"link": "/entries/Architectural_Design_Patterns.html",
"permalink": "/entries/Architectural_Design_Patterns.html",
"shortname": "Architectural_Design_Patterns",
"title": "A Theory of Architectural Design Patterns",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux \u003ci\u003eet al.\u003c/i\u003e and a \u003ci\u003eseparation logic\u003c/i\u003e following work by Atkey, Chaguérand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2018-02-26",
- "id": 361,
+ "id": 366,
"link": "/entries/Hoare_Time.html",
"permalink": "/entries/Hoare_Time.html",
"shortname": "Hoare_Time",
"title": "Hoare Logics for Time Bounds",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "Short vectors in lattices and factors of integer polynomials are related. Each factor of an integer polynomial belongs to a certain lattice. When factoring polynomials, the condition that we are looking for an irreducible polynomial means that we must look for a small element in a lattice, which can be done by a basis reduction algorithm. In this development we formalize this connection and thereby one main application of the LLL basis reduction algorithm: an algorithm to factor square-free integer polynomials which runs in polynomial time. The work is based on our previous Berlekamp–Zassenhaus development, where the exponential reconstruction phase has been replaced by the polynomial-time basis reduction algorithm. Thanks to this formalization we found a serious flaw in a textbook.",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-06",
- "id": 362,
+ "id": 367,
"link": "/entries/LLL_Factorization.html",
"permalink": "/entries/LLL_Factorization.html",
"shortname": "LLL_Factorization",
"title": "A verified factorization algorithm for integer polynomials with polynomial complexity",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We formalize basic results on first-order terms, including matching and a first-order unification algorithm, as well as well-foundedness of the subsumption order. This entry is part of the \u003ci\u003eIsabelle Formalization of Rewriting\u003c/i\u003e \u003ca href=\"http://cl-informatik.uibk.ac.at/isafor\"\u003eIsaFoR\u003c/a\u003e, where first-order terms are omni-present: the unification algorithm is used to certify several confluence and termination techniques, like critical-pair computation and dependency graph approximations; and the subsumption order is a crucial ingredient for completion.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2018-02-06",
- "id": 363,
+ "id": 368,
"link": "/entries/First_Order_Terms.html",
"permalink": "/entries/First_Order_Terms.html",
"shortname": "First_Order_Terms",
"title": "First-Order Terms",
"topic_links": [
"logic/rewriting",
"computer-science/algorithms"
],
"topics": [
"Logic/Rewriting",
"Computer science/Algorithms"
],
"used_by": 6
},
{
"abstract": "\u003cp\u003e This entry provides the definitions and basic properties of the complex and real error function erf and the complementary error function erfc. Additionally, it gives their full asymptotic expansions. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-02-06",
- "id": 364,
+ "id": 369,
"link": "/entries/Error_Function.html",
"permalink": "/entries/Error_Function.html",
"shortname": "Error_Function",
"title": "The Error Function",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e A Treap is a binary tree whose nodes contain pairs consisting of some payload and an associated priority. It must have the search-tree property w.r.t. the payloads and the heap property w.r.t. the priorities. Treaps are an interesting data structure that is related to binary search trees (BSTs) in the following way: if one forgets all the priorities of a treap, the resulting BST is exactly the same as if one had inserted the elements into an empty BST in order of ascending priority. This means that a treap behaves like a BST where we can pretend the elements were inserted in a different order from the one in which they were actually inserted. \u003c/p\u003e \u003cp\u003e In particular, by choosing these priorities at random upon insertion of an element, we can pretend that we inserted the elements in \u003cem\u003erandom order\u003c/em\u003e, so that the shape of the resulting tree is that of a random BST no matter in what order we insert the elements. This is the main result of this formalisation.\u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl",
"Tobias Nipkow"
],
"date": "2018-02-06",
- "id": 365,
+ "id": 370,
"link": "/entries/Treaps.html",
"permalink": "/entries/Treaps.html",
"shortname": "Treaps",
"title": "Treaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Lenstra-Lenstra-Lovász basis reduction algorithm, also known as LLL algorithm, is an algorithm to find a basis with short, nearly orthogonal vectors of an integer lattice. Thereby, it can also be seen as an approximation to solve the shortest vector problem (SVP), which is an NP-hard problem, where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm also possesses many applications in diverse fields of computer science, from cryptanalysis to number theory, but it is specially well-known since it was used to implement the first polynomial-time algorithm to factor polynomials. In this work we present the first mechanized soundness proof of the LLL algorithm to compute short vectors in lattices. The formalization follows a textbook by von zur Gathen and Gerhard.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"Max W. Haslbeck",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-02",
- "id": 366,
+ "id": 371,
"link": "/entries/LLL_Basis_Reduction.html",
"permalink": "/entries/LLL_Basis_Reduction.html",
"shortname": "LLL_Basis_Reduction",
"title": "A verified LLL algorithm",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "This Isabelle/HOL formalization covers Sections 2 to 4 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003cem\u003eHandbook of Automated Reasoning\u003c/em\u003e. This includes soundness and completeness of unordered and ordered variants of ground resolution with and without literal selection, the standard redundancy criterion, a general framework for refutational theorem proving, and soundness and completeness of an abstract first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel",
"Uwe Waldmann"
],
"date": "2018-01-18",
- "id": 367,
+ "id": 372,
"link": "/entries/Ordered_Resolution_Prover.html",
"permalink": "/entries/Ordered_Resolution_Prover.html",
"shortname": "Ordered_Resolution_Prover",
"title": "Formalization of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 5
},
{
"abstract": "A geodesic metric space is Gromov hyperbolic if all its geodesic triangles are thin, i.e., every side is contained in a fixed thickening of the two other sides. While this definition looks innocuous, it has proved extremely important and versatile in modern geometry since its introduction by Gromov. We formalize the basic classical properties of Gromov hyperbolic spaces, notably the Morse lemma asserting that quasigeodesics are close to geodesics, the invariance of hyperbolicity under quasi-isometries, we define and study the Gromov boundary and its associated distance, and prove that a quasi-isometry between Gromov hyperbolic spaces extends to a homeomorphism of the boundaries. We also prove a less classical theorem, by Bonk and Schramm, asserting that a Gromov hyperbolic space embeds isometrically in a geodesic Gromov-hyperbolic space. As the original proof uses a transfinite sequence of Cauchy completions, this is an interesting formalization exercise. Along the way, we introduce basic material on isometries, quasi-isometries, Lipschitz maps, geodesic spaces, the Hausdorff distance, the Cauchy completion of a metric space, and the exponential on extended real numbers.",
"authors": [
"Sebastien Gouezel"
],
"date": "2018-01-16",
- "id": 368,
+ "id": 373,
"link": "/entries/Gromov_Hyperbolicity.html",
"permalink": "/entries/Gromov_Hyperbolicity.html",
"shortname": "Gromov_Hyperbolicity",
"title": "Gromov Hyperbolicity",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalise a statement of Green’s theorem—the first formalisation to our knowledge—in Isabelle/HOL. The theorem statement that we formalise is enough for most applications, especially in physics and engineering. Our formalisation is made possible by a novel proof that avoids the ubiquitous line integral cancellation argument. This eliminates the need to formalise orientations and region boundaries explicitly with respect to the outwards-pointing normal vector. Instead we appeal to a homological argument about equivalences between paths.",
"authors": [
"Mohammad Abdulaziz",
"Lawrence C. Paulson"
],
"date": "2018-01-11",
- "id": 369,
+ "id": 374,
"link": "/entries/Green.html",
"permalink": "/entries/Green.html",
"shortname": "Green",
"title": "An Isabelle/HOL formalisation of Green's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a formally verified implementation of multivariate Taylor models. Taylor models are a form of rigorous polynomial approximation, consisting of an approximation polynomial based on Taylor expansions, combined with a rigorous bound on the approximation error. Taylor models were introduced as a tool to mitigate the dependency problem of interval arithmetic. Our implementation automatically computes Taylor models for the class of elementary functions, expressed by composition of arithmetic operations and basic functions like exp, sin, or square root.",
"authors": [
"Christoph Traut",
"Fabian Immler"
],
"date": "2018-01-08",
- "id": 370,
+ "id": 375,
"link": "/entries/Taylor_Models.html",
"permalink": "/entries/Taylor_Models.html",
"shortname": "Taylor_Models",
"title": "Taylor Models",
"topic_links": [
"computer-science/algorithms/mathematical",
"computer-science/data-structures",
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Computer science/Data structures",
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry shows that the falling factorial of a sum can be computed with an expression using binomial coefficients and the falling factorial of its summands. The entry provides three different proofs: a combinatorial proof, an induction proof and an algebraic proof using the Vandermonde identity. The three formalizations try to follow their informal presentations from a Mathematics Stack Exchange page as close as possible. The induction and algebraic formalization end up to be very close to their informal presentation, whereas the combinatorial proof first requires the introduction of list interleavings, and significant more detail than its informal presentation.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-12-22",
- "id": 371,
+ "id": 376,
"link": "/entries/Falling_Factorial_Sum.html",
"permalink": "/entries/Falling_Factorial_Sum.html",
"shortname": "Falling_Factorial_Sum",
"title": "The Falling Factorial of a Sum",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Dirichlet characters and Dirichlet \u003cem\u003eL\u003c/em\u003e-functions including proofs of their basic properties \u0026ndash; most notably their analyticity, their areas of convergence, and their non-vanishing for \u0026Re;(s) \u0026ge; 1. All of this is built in a very high-level style using Dirichlet series. The proof of the non-vanishing follows a very short and elegant proof by Newman, which we attempt to reproduce faithfully in a similar level of abstraction in Isabelle.\u003c/p\u003e \u003cp\u003eThis also leads to a relatively short proof of Dirichlet’s Theorem, which states that, if \u003cem\u003eh\u003c/em\u003e and \u003cem\u003en\u003c/em\u003e are coprime, there are infinitely many primes \u003cem\u003ep\u003c/em\u003e with \u003cem\u003ep\u003c/em\u003e \u0026equiv; \u003cem\u003eh\u003c/em\u003e (mod \u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 372,
+ "id": 377,
"link": "/entries/Dirichlet_L.html",
"permalink": "/entries/Dirichlet_L.html",
"shortname": "Dirichlet_L",
"title": "Dirichlet L-Functions and Dirichlet's Theorem",
"topic_links": [
"mathematics/number-theory",
"mathematics/algebra"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Snyder’s simple and elegant proof of the Mason\u0026ndash;Stothers theorem, which is the polynomial analogue of the famous abc Conjecture for integers. Remarkably, Snyder found this very elegant proof when he was still a high-school student.\u003c/p\u003e \u003cp\u003eIn short, the statement of the theorem is that three non-zero coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field which sum to 0 and do not all have vanishing derivatives fulfil max{deg(\u003cem\u003eA\u003c/em\u003e), deg(\u003cem\u003eB\u003c/em\u003e), deg(\u003cem\u003eC\u003c/em\u003e)} \u003c deg(rad(\u003cem\u003eABC\u003c/em\u003e)) where the rad(\u003cem\u003eP\u003c/em\u003e) denotes the \u003cem\u003eradical\u003c/em\u003e of \u003cem\u003eP\u003c/em\u003e, i.\u0026thinsp;e. the product of all unique irreducible factors of \u003cem\u003eP\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis theorem also implies a kind of polynomial analogue of Fermat’s Last Theorem for polynomials: except for trivial cases, \u003cem\u003eA\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eB\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eC\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e = 0 implies n\u0026nbsp;\u0026le;\u0026nbsp;2 for coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field.\u003c/em\u003e\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 373,
+ "id": 378,
"link": "/entries/Mason_Stothers.html",
"permalink": "/entries/Mason_Stothers.html",
"shortname": "Mason_Stothers",
"title": "The Mason–Stothers Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry provides an executable functional implementation of the Median-of-Medians algorithm for selecting the \u003cem\u003ek\u003c/em\u003e-th smallest element of an unsorted list deterministically in linear time. The size bounds for the recursive call that lead to the linear upper bound on the run-time of the algorithm are also proven. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 374,
+ "id": 379,
"link": "/entries/Median_Of_Medians_Selection.html",
"permalink": "/entries/Median_Of_Medians_Selection.html",
"shortname": "Median_Of_Medians_Selection",
"title": "The Median-of-Medians Selection Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "This entry formalizes the closure property of bounded natural functors (BNFs) under seven operations. These operations and the corresponding proofs constitute the core of Isabelle's (co)datatype package. To be close to the implemented tactics, the proofs are deliberately formulated as detailed apply scripts. The (co)datatypes together with (co)induction principles and (co)recursors are byproducts of the fixpoint operations LFP and GFP. Composition of BNFs is subdivided into four simpler operations: Compose, Kill, Lift, and Permute. The N2M operation provides mutual (co)induction principles and (co)recursors for nested (co)datatypes.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-12-19",
- "id": 375,
+ "id": 380,
"link": "/entries/BNF_Operations.html",
"permalink": "/entries/BNF_Operations.html",
"shortname": "BNF_Operations",
"title": "Operations on Bounded Natural Functors",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The Knuth-Morris-Pratt algorithm is often used to show that the problem of finding a string \u003ci\u003es\u003c/i\u003e in a text \u003ci\u003et\u003c/i\u003e can be solved deterministically in \u003ci\u003eO(|s| + |t|)\u003c/i\u003e time. We use the Isabelle Refinement Framework to formulate and verify the algorithm. Via refinement, we apply some optimisations and finally use the \u003cem\u003eSepref\u003c/em\u003e tool to obtain executable code in \u003cem\u003eImperative/HOL\u003c/em\u003e.",
"authors": [
"Fabian Hellauer",
"Peter Lammich"
],
"date": "2017-12-18",
- "id": 376,
+ "id": 381,
"link": "/entries/Knuth_Morris_Pratt.html",
"permalink": "/entries/Knuth_Morris_Pratt.html",
"shortname": "Knuth_Morris_Pratt",
"title": "The string search algorithm by Knuth, Morris and Pratt",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Stochastic matrices are a convenient way to model discrete-time and finite state Markov chains. The Perron\u0026ndash;Frobenius theorem tells us something about the existence and uniqueness of non-negative eigenvectors of a stochastic matrix. In this entry, we formalize stochastic matrices, link the formalization to the existing AFP-entry on Markov chains, and apply the Perron\u0026ndash;Frobenius theorem to prove that stationary distributions always exist, and they are unique if the stochastic matrix is irreducible.",
"authors": [
"René Thiemann"
],
"date": "2017-11-22",
- "id": 377,
+ "id": 382,
"link": "/entries/Stochastic_Matrices.html",
"permalink": "/entries/Stochastic_Matrices.html",
"shortname": "Stochastic_Matrices",
"title": "Stochastic Matrices and the Perron-Frobenius Theorem",
"topic_links": [
"mathematics/algebra",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We provide our Isabelle/HOL formalization of a Conflict-free Replicated Datatype for Internet Message Access Protocol commands. We show that Strong Eventual Consistency (SEC) is guaranteed by proving the commutativity of concurrent operations. We base our formalization on the recently proposed \"framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes\" (AFP.CRDT) from Gomes et al. Hence, we provide an additional example of how the recently proposed framework can be used to design and prove CRDTs.",
"authors": [
"Tim Jungnickel",
"Lennart Oldenburg",
"Matthias Loibl"
],
"date": "2017-11-09",
- "id": 378,
+ "id": 383,
"link": "/entries/IMAP-CRDT.html",
"permalink": "/entries/IMAP-CRDT.html",
"shortname": "IMAP-CRDT",
"title": "The IMAP CmRDT",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We present a semantic embedding of a spatio-temporal multi-modal logic, specifically defined to reason about motorway traffic, into Isabelle/HOL. The semantic model is an abstraction of a motorway, emphasising local spatial properties, and parameterised by the types of sensors deployed in the vehicles. We use the logic to define controller constraints to ensure safety, i.e., the absence of collisions on the motorway. After proving safety with a restrictive definition of sensors, we relax these assumptions and show how to amend the controller constraints to still guarantee safety.",
"authors": [
"Sven Linker"
],
"date": "2017-11-06",
- "id": 379,
+ "id": 384,
"link": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"permalink": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"shortname": "Hybrid_Multi_Lane_Spatial_Logic",
"title": "Hybrid Multi-Lane Spatial Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We discuss a topological curiosity discovered by Kuratowski (1922): the fact that the number of distinct operators on a topological space generated by compositions of closure and complement never exceeds 14, and is exactly 14 in the case of R. In addition, we prove a theorem due to Chagrov (1982) that classifies topological spaces according to the number of such operators they support.",
"authors": [
"Peter Gammie",
"Gianpaolo Gioiosa"
],
"date": "2017-10-26",
- "id": 380,
+ "id": 385,
"link": "/entries/Kuratowski_Closure_Complement.html",
"permalink": "/entries/Kuratowski_Closure_Complement.html",
"shortname": "Kuratowski_Closure_Complement",
"title": "The Kuratowski Closure-Complement Theorem",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This entry provides a verified implementation of rank-based Büchi Complementation. The verification is done in three steps: \u003col\u003e \u003cli\u003eDefinition of odd rankings and proof that an automaton rejects a word iff there exists an odd ranking for it.\u003c/li\u003e \u003cli\u003eDefinition of the complement automaton and proof that it accepts exactly those words for which there is an odd ranking.\u003c/li\u003e \u003cli\u003eVerified implementation of the complement automaton using the Isabelle Collections Framework.\u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 381,
+ "id": 386,
"link": "/entries/Buchi_Complementation.html",
"permalink": "/entries/Buchi_Complementation.html",
"shortname": "Buchi_Complementation",
"title": "Büchi Complementation",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This entry provides a very abstract theory of transition systems that can be instantiated to express various types of automata. A transition system is typically instantiated by providing a set of initial states, a predicate for enabled transitions, and a transition execution function. From this, it defines the concepts of finite and infinite paths as well as the set of reachable states, among other things. Many useful theorems, from basic path manipulation rules to coinduction and run construction rules, are proven in this abstract transition system context. The library comes with instantiations for DFAs, NFAs, and Büchi automata.",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 382,
+ "id": 387,
"link": "/entries/Transition_Systems_and_Automata.html",
"permalink": "/entries/Transition_Systems_and_Automata.html",
"shortname": "Transition_Systems_and_Automata",
"title": "Transition Systems and Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "Based on evaluating Cauchy indices through remainder sequences, this entry provides an effective procedure to count the number of complex roots (with multiplicity) of a polynomial within various shapes (e.g., rectangle, circle and half-plane). Potential applications of this entry include certified complex root isolation (of a polynomial) and testing the Routh-Hurwitz stability criterion (i.e., to check whether all the roots of some characteristic polynomial have negative real parts).",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 383,
+ "id": 388,
"link": "/entries/Count_Complex_Roots.html",
"permalink": "/entries/Count_Complex_Roots.html",
"shortname": "Count_Complex_Roots",
"title": "Count the Number of Complex Roots",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In complex analysis, the winding number measures the number of times a path (counterclockwise) winds around a point, while the Cauchy index can approximate how the path winds. This entry provides a formalisation of the Cauchy index, which is then shown to be related to the winding number. In addition, this entry also offers a tactic that enables users to evaluate the winding number by calculating Cauchy indices.",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 384,
+ "id": 389,
"link": "/entries/Winding_Number_Eval.html",
"permalink": "/entries/Winding_Number_Eval.html",
"shortname": "Winding_Number_Eval",
"title": "Evaluate Winding Numbers through Cauchy Indices",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Huet's lexicographic algorithm incorporating improved bounds due to Clausen and Fortenbacher. We proceed by proving its soundness and completeness. Finally, we employ code equations to obtain a reasonably efficient implementation. Thus, we provide a formally verified solver for homogeneous linear diophantine equations.",
"authors": [
"Florian Messner",
"Julian Parsert",
"Jonas Schöpf",
"Christian Sternagel"
],
"date": "2017-10-14",
- "id": 385,
+ "id": 390,
"link": "/entries/Diophantine_Eqns_Lin_Hom.html",
"permalink": "/entries/Diophantine_Eqns_Lin_Hom.html",
"shortname": "Diophantine_Eqns_Lin_Hom",
"title": "Homogeneous Linear Diophantine Equations",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/number-theory",
"tools"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Number theory",
"Tools"
],
"used_by": 0
},
{
"abstract": "This entry is a formalisation of much of Chapters 2, 3, and 11 of Apostol's \u0026ldquo;Introduction to Analytic Number Theory\u0026rdquo;. This includes: \u003cul\u003e \u003cli\u003eDefinitions and basic properties for several number-theoretic functions (Euler's \u0026phi;, M\u0026ouml;bius \u0026mu;, Liouville's \u0026lambda;, the divisor function \u0026sigma;, von Mangoldt's \u0026Lambda;)\u003c/li\u003e \u003cli\u003eExecutable code for most of these functions, the most efficient implementations using the factoring algorithm by Thiemann \u003ci\u003eet al.\u003c/i\u003e\u003c/li\u003e \u003cli\u003eDirichlet products and formal Dirichlet series\u003c/li\u003e \u003cli\u003eAnalytic results connecting convergent formal Dirichlet series to complex functions\u003c/li\u003e \u003cli\u003eEuler product expansions\u003c/li\u003e \u003cli\u003eAsymptotic estimates of number-theoretic functions including the density of squarefree integers and the average number of divisors of a natural number\u003c/li\u003e \u003c/ul\u003e These results are useful as a basis for developing more number-theoretic results, such as the Prime Number Theorem.",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 386,
+ "id": 391,
"link": "/entries/Dirichlet_Series.html",
"permalink": "/entries/Dirichlet_Series.html",
"shortname": "Dirichlet_Series",
"title": "Dirichlet Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Linear recurrences with constant coefficients are an interesting class of recurrence equations that can be solved explicitly. The most famous example are certainly the Fibonacci numbers with the equation \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e) = \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e-1) + \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e - 2) and the quite non-obvious closed form (\u003ci\u003e\u0026phi;\u003c/i\u003e\u003csup\u003e\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e - (-\u003ci\u003e\u0026phi;\u003c/i\u003e)\u003csup\u003e-\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e) / \u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e5\u003c/span\u003e where \u0026phi; is the golden ratio. \u003c/p\u003e \u003cp\u003e In this work, I build on existing tools in Isabelle \u0026ndash; such as formal power series and polynomial factorisation algorithms \u0026ndash; to develop a theory of these recurrences and derive a fully executable solver for them that can be exported to programming languages like Haskell. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 387,
+ "id": 392,
"link": "/entries/Linear_Recurrences.html",
"permalink": "/entries/Linear_Recurrences.html",
"shortname": "Linear_Recurrences",
"title": "Linear Recurrences",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry builds upon the results about formal and analytic Dirichlet series to define the Hurwitz \u0026zeta; function \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and, based on that, the Riemann \u0026zeta; function \u0026zeta;(\u003cem\u003es\u003c/em\u003e). This is done by first defining them for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u003e 1 and then successively extending the domain to the left using the Euler\u0026ndash;MacLaurin formula.\u003c/p\u003e \u003cp\u003eApart from the most basic facts such as analyticity, the following results are provided:\u003c/p\u003e \u003cul\u003e \u003cli\u003ethe Stieltjes constants and the Laurent expansion of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) at \u003cem\u003es\u003c/em\u003e = 1\u003c/li\u003e \u003cli\u003ethe non-vanishing of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u0026ge; 1\u003c/li\u003e \u003cli\u003ethe relationship between \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and \u0026Gamma;\u003c/li\u003e \u003cli\u003ethe special values at negative integers and positive even integers\u003c/li\u003e \u003cli\u003eHurwitz's formula and the reflection formula for \u0026zeta;(\u003cem\u003es\u003c/em\u003e)\u003c/li\u003e \u003cli\u003ethe \u003ca href=\"https://arxiv.org/abs/math/0405478\"\u003e Hadjicostas\u0026ndash;Chapman formula\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThe entry also contains Euler's analytic proof of the infinitude of primes, based on the fact that \u0026zeta;(\u003ci\u003es\u003c/i\u003e) has a pole at \u003ci\u003es\u003c/i\u003e = 1.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 388,
+ "id": 393,
"link": "/entries/Zeta_Function.html",
"permalink": "/entries/Zeta_Function.html",
"shortname": "Zeta_Function",
"title": "The Hurwitz and Riemann ζ Functions",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "Computers may help us to understand --not just verify-- philosophical arguments. By utilizing modern proof assistants in an iterative interpretive process, we can reconstruct and assess an argument by fully formal means. Through the mechanization of a variant of St. Anselm's ontological argument by E. J. Lowe, which is a paradigmatic example of a natural-language argument with strong ties to metaphysics and religion, we offer an ideal showcase for our computer-assisted interpretive method.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-09-21",
- "id": 389,
+ "id": 394,
"link": "/entries/Lowe_Ontological_Argument.html",
"permalink": "/entries/Lowe_Ontological_Argument.html",
"shortname": "Lowe_Ontological_Argument",
"title": "Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We present an embedding of the second-order fragment of the Theory of Abstract Objects as described in Edward Zalta's upcoming work \u003ca href=\"https://mally.stanford.edu/principia.pdf\"\u003ePrincipia Logico-Metaphysica (PLM)\u003c/a\u003e in the automated reasoning framework Isabelle/HOL. The Theory of Abstract Objects is a metaphysical theory that reifies property patterns, as they for example occur in the abstract reasoning of mathematics, as \u003cb\u003eabstract objects\u003c/b\u003e and provides an axiomatic framework that allows to reason about these objects. It thereby serves as a fundamental metaphysical theory that can be used to axiomatize and describe a wide range of philosophical objects, such as Platonic forms or Leibniz' concepts, and has the ambition to function as a foundational theory of mathematics. The target theory of our embedding as described in chapters 7-9 of PLM employs a modal relational type theory as logical foundation for which a representation in functional type theory is \u003ca href=\"https://mally.stanford.edu/Papers/rtt.pdf\"\u003eknown to be challenging\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e Nevertheless we arrive at a functioning representation of the theory in the functional logic of Isabelle/HOL based on a semantical representation of an Aczel-model of the theory. Based on this representation we construct an implementation of the deductive system of PLM which allows to automatically and interactively find and verify theorems of PLM. \u003c/p\u003e \u003cp\u003e Our work thereby supports the concept of shallow semantical embeddings of logical systems in HOL as a universal tool for logical reasoning \u003ca href=\"http://www.mi.fu-berlin.de/inf/groups/ag-ki/publications/Universal-Reasoning/1703_09620_pd.pdf\"\u003eas promoted by Christoph Benzm\u0026uuml;ller\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e The most notable result of the presented work is the discovery of a previously unknown paradox in the formulation of the Theory of Abstract Objects. The embedding of the theory in Isabelle/HOL played a vital part in this discovery. Furthermore it was possible to immediately offer several options to modify the theory to guarantee its consistency. Thereby our work could provide a significant contribution to the development of a proper grounding for object theory. \u003c/p\u003e",
"authors": [
"Daniel Kirchner"
],
"date": "2017-09-17",
- "id": 390,
+ "id": 395,
"link": "/entries/PLM.html",
"permalink": "/entries/PLM.html",
"shortname": "PLM",
"title": "Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Paul Oppenheimer and Edward Zalta's formalisation of Anselm's ontological argument for the existence of God is automated by embedding a free logic for definite descriptions within Isabelle/HOL.",
"authors": [
"Ben Blumson"
],
"date": "2017-09-06",
- "id": 391,
+ "id": 396,
"link": "/entries/AnselmGod.html",
"permalink": "/entries/AnselmGod.html",
"shortname": "AnselmGod",
"title": "Anselm's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Economic activity has always been a fundamental part of society. Due to modern day politics, economic theory has gained even more influence on our lives. Thus we want models and theories to be as precise as possible. This can be achieved using certification with the help of formal proof technology. Hence we will use Isabelle/HOL to construct two economic models, that of the the pure exchange economy and a version of the Arrow-Debreu Model. We will prove that the \u003ci\u003eFirst Theorem of Welfare Economics\u003c/i\u003e holds within both. The theorem is the mathematical formulation of Adam Smith's famous \u003ci\u003einvisible hand\u003c/i\u003e and states that a group of self-interested and rational actors will eventually achieve an efficient allocation of goods and services.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2017-09-01",
- "id": 392,
+ "id": 397,
"link": "/entries/First_Welfare_Theorem.html",
"permalink": "/entries/First_Welfare_Theorem.html",
"shortname": "First_Welfare_Theorem",
"title": "Microeconomics and the First Welfare Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 1
},
{
"abstract": "The Orbit-Stabiliser theorem is a basic result in the algebra of groups that factors the order of a group into the sizes of its orbits and stabilisers. We formalize the notion of a group action and the related concepts of orbits and stabilisers. This allows us to prove the orbit-stabiliser theorem. In the second part of this work, we formalize the tetrahedral group and use the orbit-stabiliser theorem to prove that there are twelve (orientation-preserving) rotations of the tetrahedron.",
"authors": [
"Jonas Rädle"
],
"date": "2017-08-20",
- "id": 393,
+ "id": 398,
"link": "/entries/Orbit_Stabiliser.html",
"permalink": "/entries/Orbit_Stabiliser.html",
"shortname": "Orbit_Stabiliser",
"title": "Orbit-Stabiliser Theorem with Application to Rotational Symmetries",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Andersson introduced \u003cem\u003egeneral balanced trees\u003c/em\u003e, search trees based on the design principle of partial rebuilding: perform update operations naively until the tree becomes too unbalanced, at which point a whole subtree is rebalanced. This article defines and analyzes a functional version of general balanced trees, which we call \u003cem\u003eroot-balanced trees\u003c/em\u003e. Using a lightweight model of execution time, amortized logarithmic complexity is verified in the theorem prover Isabelle. \u003c/p\u003e \u003cp\u003e This is the Isabelle formalization of the material decribed in the APLAS 2017 article \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/aplas17.html\"\u003eVerified Root-Balanced Trees\u003c/a\u003e by the same author, which also presents experimental results that show competitiveness of root-balanced with AVL and red-black trees. \u003c/p\u003e",
"authors": [
"Tobias Nipkow"
],
"date": "2017-08-20",
- "id": 394,
+ "id": 399,
"link": "/entries/Root_Balanced_Tree.html",
"permalink": "/entries/Root_Balanced_Tree.html",
"shortname": "Root_Balanced_Tree",
"title": "Root-Balanced Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "The propositions-as-types correspondence is ordinarily presented as linking the metatheory of typed λ-calculi and the proof theory of intuitionistic logic. Griffin observed that this correspondence could be extended to classical logic through the use of control operators. This observation set off a flurry of further research, leading to the development of Parigots λμ-calculus. In this work, we formalise λμ- calculus in Isabelle/HOL and prove several metatheoretical properties such as type preservation and progress.",
"authors": [
"Cristina Matache",
"Victor B. F. Gomes",
"Dominic P. Mulligan"
],
"date": "2017-08-16",
- "id": 395,
+ "id": 400,
"link": "/entries/LambdaMu.html",
"permalink": "/entries/LambdaMu.html",
"shortname": "LambdaMu",
"title": "The LambdaMu-calculus",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the two geometric theorems, Stewart's and Apollonius' theorem. Stewart's Theorem relates the length of a triangle's cevian to the lengths of the triangle's two sides. Apollonius' Theorem is a specialisation of Stewart's theorem, restricting the cevian to be the median. The proof applies the law of cosines, some basic geometric facts about triangles and then simply transforms the terms algebraically to yield the conjectured relation. The formalization in Isabelle can closely follow the informal proofs described in the Wikipedia articles of those two theorems.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-07-31",
- "id": 396,
+ "id": 401,
"link": "/entries/Stewart_Apollonius.html",
"permalink": "/entries/Stewart_Apollonius.html",
"shortname": "Stewart_Apollonius",
"title": "Stewart's Theorem and Apollonius' Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "The architecture of a system describes the system's overall organization into components and connections between those components. With the emergence of mobile computing, dynamic architectures have become increasingly important. In such architectures, components may appear or disappear, and connections may change over time. In the following we mechanize a theory of dynamic architectures and verify the soundness of a corresponding calculus. Therefore, we first formalize the notion of configuration traces as a model for dynamic architectures. Then, the behavior of single components is formalized in terms of behavior traces and an operator is introduced and studied to extract the behavior of a single component out of a given configuration trace. Then, behavior trace assertions are introduced as a temporal specification technique to specify behavior of components. Reasoning about component behavior in a dynamic context is formalized in terms of a calculus for dynamic architectures. Finally, the soundness of the calculus is verified by introducing an alternative interpretation for behavior trace assertions over configuration traces and proving the rules of the calculus. Since projection may lead to finite as well as infinite behavior traces, they are formalized in terms of coinductive lists. Thus, our theory is based on Lochbihler's formalization of coinductive lists. The theory may be applied to verify properties for dynamic architectures.",
"authors": [
"Diego Marmsoler"
],
"date": "2017-07-28",
- "id": 397,
+ "id": 402,
"link": "/entries/DynamicArchitectures.html",
"permalink": "/entries/DynamicArchitectures.html",
"shortname": "DynamicArchitectures",
"title": "Dynamic Architectures",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We present a semantics for an applied call-by-value lambda-calculus that is compositional, extensional, and elementary. We present four different views of the semantics: 1) as a relational (big-step) semantics that is not operational but instead declarative, 2) as a denotational semantics that does not use domain theory, 3) as a non-deterministic interpreter, and 4) as a variant of the intersection type systems of the Torino group. We prove that the semantics is correct by showing that it is sound and complete with respect to operational semantics on programs and that is sound with respect to contextual equivalence. We have not yet investigated whether it is fully abstract. We demonstrate that this approach to semantics is useful with three case studies. First, we use the semantics to prove correctness of a compiler optimization that inlines function application. Second, we adapt the semantics to the polymorphic lambda-calculus extended with general recursion and prove semantic type soundness. Third, we adapt the semantics to the call-by-value lambda-calculus with mutable references. \u003cbr\u003e The paper that accompanies these Isabelle theories is \u003ca href=\"https://arxiv.org/abs/1707.03762\"\u003eavailable on arXiv\u003c/a\u003e.",
"authors": [
"Jeremy Siek"
],
"date": "2017-07-21",
- "id": 398,
+ "id": 403,
"link": "/entries/Decl_Sem_Fun_PL.html",
"permalink": "/entries/Decl_Sem_Fun_PL.html",
"shortname": "Decl_Sem_Fun_PL",
"title": "Declarative Semantics for Functional Languages",
"topic_links": [
"computer-science/programming-languages"
],
"topics": [
"Computer science/Programming languages"
],
"used_by": 0
},
{
"abstract": "The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's \"fold/build\" rule and related rewrite rules; and certify a number of hints suggested by HLint.",
"authors": [
"Joachim Breitner",
"Brian Huffman",
"Neil Mitchell",
"Christian Sternagel"
],
"date": "2017-07-15",
- "id": 399,
+ "id": 404,
"link": "/entries/HOLCF-Prelude.html",
"permalink": "/entries/HOLCF-Prelude.html",
"shortname": "HOLCF-Prelude",
"title": "HOLCF-Prelude",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eMinkowski's theorem relates a subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e, the Lebesgue measure, and the integer lattice \u0026#8484;\u003csup\u003en\u003c/sup\u003e: It states that any convex subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with volume greater than 2\u003csup\u003en\u003c/sup\u003e contains at least one lattice point from \u0026#8484;\u003csup\u003en\u003c/sup\u003e\\{0}, i.\u0026thinsp;e. a non-zero point with integer coefficients.\u003c/p\u003e \u003cp\u003eA related theorem which directly implies this is Blichfeldt's theorem, which states that any subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with a volume greater than 1 contains two different points whose difference vector has integer components.\u003c/p\u003e \u003cp\u003eThe entry contains a proof of both theorems.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-07-13",
- "id": 400,
+ "id": 405,
"link": "/entries/Minkowskis_Theorem.html",
"permalink": "/entries/Minkowskis_Theorem.html",
"shortname": "Minkowskis_Theorem",
"title": "Minkowski's Theorem",
"topic_links": [
"mathematics/geometry",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Geometry",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "I formalise a Church-style simply-typed \\(\\lambda\\)-calculus, extended with pairs, a unit value, and projection functions, and show some metatheory of the calculus, such as the subject reduction property. Particular attention is paid to the treatment of names in the calculus. A nominal style of binding is used, but I use a manual approach over Nominal Isabelle in order to extract an executable type inference algorithm. More information can be found in my \u003ca href=\"http://www.openthesis.org/documents/Verified-Metatheory-Type-Inference-Simply-603182.html\"\u003eundergraduate dissertation\u003c/a\u003e.",
"authors": [
"Michael Rawson"
],
"date": "2017-07-09",
- "id": 401,
+ "id": 406,
"link": "/entries/Name_Carrying_Type_Inference.html",
"permalink": "/entries/Name_Carrying_Type_Inference.html",
"shortname": "Name_Carrying_Type_Inference",
"title": "Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter.",
"authors": [
"Victor B. F. Gomes",
"Martin Kleppmann",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2017-07-07",
- "id": 402,
+ "id": 407,
"link": "/entries/CRDT.html",
"permalink": "/entries/CRDT.html",
"shortname": "CRDT",
"title": "A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We develop Stone-Kleene relation algebras, which expand Stone relation algebras with a Kleene star operation to describe reachability in weighted graphs. Many properties of the Kleene star arise as a special case of a more general theory of iteration based on Conway semirings extended by simulation axioms. This includes several theorems representing complex program transformations. We formally prove the correctness of Conway's automata-based construction of the Kleene star of a matrix. We prove numerous results useful for reasoning about weighted graphs.",
"authors": [
"Walter Guttmann"
],
"date": "2017-07-06",
- "id": 403,
+ "id": 408,
"link": "/entries/Stone_Kleene_Relation_Algebras.html",
"permalink": "/entries/Stone_Kleene_Relation_Algebras.html",
"shortname": "Stone_Kleene_Relation_Algebras",
"title": "Stone-Kleene Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "We formalize a range of proof systems for classical propositional logic (sequent calculus, natural deduction, Hilbert systems, resolution) and prove the most important meta-theoretic results about semantics and proofs: compactness, soundness, completeness, translations between proof systems, cut-elimination, interpolation and model existence.",
"authors": [
"Julius Michaelis",
"Tobias Nipkow"
],
"date": "2017-06-21",
- "id": 404,
+ "id": 409,
"link": "/entries/Propositional_Proof_Systems.html",
"permalink": "/entries/Propositional_Proof_Systems.html",
"shortname": "Propositional_Proof_Systems",
"title": "Propositional Proof Systems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "Partial Semigroups are relevant to the foundations of quantum mechanics and combinatorics as well as to interval and separation logics. Convolution algebras can be understood either as algebras of generalised binary modalities over ternary Kripke frames, in particular over partial semigroups, or as algebras of quantale-valued functions which are equipped with a convolution-style operation of multiplication that is parametrised by a ternary relation. Convolution algebras provide algebraic semantics for various substructural logics, including categorial, relevance and linear logics, for separation logic and for interval logics; they cover quantitative and qualitative applications. These mathematical components for partial semigroups and convolution algebras provide uniform foundations from which models of computation based on relations, program traces or pomsets, and verification components for separation or interval temporal logics can be built with little effort.",
"authors": [
"Brijesh Dongol",
"Victor B. F. Gomes",
"Ian J. Hayes",
"Georg Struth"
],
"date": "2017-06-13",
- "id": 405,
+ "id": 410,
"link": "/entries/PSemigroupsConvolution.html",
"permalink": "/entries/PSemigroupsConvolution.html",
"shortname": "PSemigroupsConvolution",
"title": "Partial Semigroups and Convolution Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In the 18th century, Georges-Louis Leclerc, Comte de Buffon posed and later solved the following problem, which is often called the first problem ever solved in geometric probability: Given a floor divided into vertical strips of the same width, what is the probability that a needle thrown onto the floor randomly will cross two strips? This entry formally defines the problem in the case where the needle's position is chosen uniformly at random in a single strip around the origin (which is equivalent to larger arrangements due to symmetry). It then provides proofs of the simple solution in the case where the needle's length is no greater than the width of the strips and the more complicated solution in the opposite case.",
"authors": [
"Manuel Eberl"
],
"date": "2017-06-06",
- "id": 406,
+ "id": 411,
"link": "/entries/Buffons_Needle.html",
"permalink": "/entries/Buffons_Needle.html",
"shortname": "Buffons_Needle",
"title": "Buffon's Needle Problem",
"topic_links": [
"mathematics/probability-theory",
"mathematics/geometry"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We present a formalization of flow networks and the Min-Cut-Max-Flow theorem. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 407,
+ "id": 412,
"link": "/entries/Flow_Networks.html",
"permalink": "/entries/Flow_Networks.html",
"shortname": "Flow_Networks",
"title": "Flow Networks and the Min-Cut-Max-Flow Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "We present a formalization of push-relabel algorithms for computing the maximum flow in a network. We start with Goldberg's et al.~generic push-relabel algorithm, for which we show correctness and the time complexity bound of O(V^2E). We then derive the relabel-to-front and FIFO implementation. Using stepwise refinement techniques, we derive an efficient verified implementation. Our formal proof of the abstract algorithms closely follows a standard textbook proof. It is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 408,
+ "id": 413,
"link": "/entries/Prpu_Maxflow.html",
"permalink": "/entries/Prpu_Maxflow.html",
"shortname": "Prpu_Maxflow",
"title": "Formalizing Push-Relabel Algorithms",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Lenses provide an abstract interface for manipulating data types through spatially-separated views. They are defined abstractly in terms of two functions, \u003cem\u003eget\u003c/em\u003e, the return a value from the source type, and \u003cem\u003eput\u003c/em\u003e that updates the value. We mechanise the underlying theory of lenses, in terms of an algebraic hierarchy of lenses, including well-behaved and very well-behaved lenses, each lens class being characterised by a set of lens laws. We also mechanise a lens algebra in Isabelle that enables their composition and comparison, so as to allow construction of complex lenses. This is accompanied by a large library of algebraic laws. Moreover we also show how the lens classes can be applied by instantiating them with a number of Isabelle data types.",
"authors": [
"Simon Foster",
"Christian Pardillo-Laursen",
"Frank Zeyda"
],
"date": "2017-05-25",
- "id": 409,
+ "id": 414,
"link": "/entries/Optics.html",
"permalink": "/entries/Optics.html",
"shortname": "Optics",
"title": "Optics",
"topic_links": [
"computer-science/functional-programming",
"mathematics/algebra"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity.",
"authors": [
"Christoph Sprenger",
"Ivano Somaini"
],
"date": "2017-05-24",
- "id": 410,
+ "id": 415,
"link": "/entries/Security_Protocol_Refinement.html",
"permalink": "/entries/Security_Protocol_Refinement.html",
"shortname": "Security_Protocol_Refinement",
"title": "Developing Security Protocols by Refinement",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator natively supports type classes. For targets that do not have language support for classes and instances, it performs the well-known dictionary translation, as described by Haftmann and Nipkow. This translation happens outside the logic, i.e., there is no guarantee that it is correct, besides the pen-and-paper proof. This work implements a certified dictionary translation that produces new class-free constants and derives equality theorems.",
"authors": [
"Lars Hupel"
],
"date": "2017-05-24",
- "id": 411,
+ "id": 416,
"link": "/entries/Dict_Construction.html",
"permalink": "/entries/Dict_Construction.html",
"shortname": "Dict_Construction",
"title": "Dictionary Construction",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "The Floyd-Warshall algorithm [Flo62, Roy59, War62] is a classic dynamic programming algorithm to compute the length of all shortest paths between any two vertices in a graph (i.e. to solve the all-pairs shortest path problem, or APSP for short). Given a representation of the graph as a matrix of weights M, it computes another matrix M' which represents a graph with the same path lengths and contains the length of the shortest path between any two vertices i and j. This is only possible if the graph does not contain any negative cycles. However, in this case the Floyd-Warshall algorithm will detect the situation by calculating a negative diagonal entry. This entry includes a formalization of the algorithm and of these key properties. The algorithm is refined to an efficient imperative version using the Imperative Refinement Framework.",
"authors": [
"Simon Wimmer",
"Peter Lammich"
],
"date": "2017-05-08",
- "id": 412,
+ "id": 417,
"link": "/entries/Floyd_Warshall.html",
"permalink": "/entries/Floyd_Warshall.html",
"shortname": "Floyd_Warshall",
"title": "The Floyd-Warshall Algorithm for Shortest Paths",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eCryptHOL provides a framework for formalising cryptographic arguments in Isabelle/HOL. It shallowly embeds a probabilistic functional programming language in higher order logic. The language features monadic sequencing, recursion, random sampling, failures and failure handling, and black-box access to oracles. Oracles are probabilistic functions which maintain hidden state between different invocations. All operators are defined in the new semantic domain of generative probabilistic values, a codatatype. We derive proof rules for the operators and establish a connection with the theory of relational parametricity. Thus, the resuting proofs are trustworthy and comprehensible, and the framework is extensible and widely applicable. \u003c/p\u003e\u003cp\u003e The framework is used in the accompanying AFP entry \"Game-based Cryptography in HOL\". There, we show-case our framework by formalizing different game-based proofs from the literature. This formalisation continues the work described in the author's ESOP 2016 paper.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 413,
+ "id": 418,
"link": "/entries/CryptHOL.html",
"permalink": "/entries/CryptHOL.html",
"shortname": "CryptHOL",
"title": "CryptHOL",
"topic_links": [
"computer-science/security/cryptography",
"computer-science/functional-programming",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Computer science/Functional programming",
"Mathematics/Probability theory"
],
"used_by": 4
},
{
"abstract": "The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. We show that if a monad is used with values of only one type, this notion can be formalised in HOL. Based on this idea, we develop a library of effect specifications and implementations of monads and monad transformers. Hence, we can abstract over the concrete monad in HOL definitions and thus use the same definition for different (combinations of) effects. We illustrate the usefulness of effect polymorphism with a monadic interpreter for a simple language.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 414,
+ "id": 419,
"link": "/entries/Monomorphic_Monad.html",
"permalink": "/entries/Monomorphic_Monad.html",
"shortname": "Monomorphic_Monad",
"title": "Effect polymorphism in higher-order logic",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this AFP entry, we show how to specify game-based cryptographic security notions and formally prove secure several cryptographic constructions from the literature using the CryptHOL framework. Among others, we formalise the notions of a random oracle, a pseudo-random function, an unpredictable function, and of encryption schemes that are indistinguishable under chosen plaintext and/or ciphertext attacks. We prove the random-permutation/random-function switching lemma, security of the Elgamal and hashed Elgamal public-key encryption scheme and correctness and security of several constructions with pseudo-random functions. \u003c/p\u003e\u003cp\u003eOur proofs follow the game-hopping style advocated by Shoup and Bellare and Rogaway, from which most of the examples have been taken. We generalise some of their results such that they can be reused in other proofs. Thanks to CryptHOL's integration with Isabelle's parametricity infrastructure, many simple hops are easily justified using the theory of representation independence.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar",
"Bhargav Bhatt"
],
"date": "2017-05-05",
- "id": 415,
+ "id": 420,
"link": "/entries/Game_Based_Crypto.html",
"permalink": "/entries/Game_Based_Crypto.html",
"shortname": "Game_Based_Crypto",
"title": "Game-based cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 2
},
{
"abstract": "The usual monad laws can directly be used as rewrite rules for Isabelle’s simplifier to normalise monadic HOL terms and decide equivalences. In a commutative monad, however, the commutativity law is a higher-order permutative rewrite rule that makes the simplifier loop. This AFP entry implements a simproc that normalises monadic expressions in commutative monads using ordered rewriting. The simproc can also permute computations across control operators like if and case.",
"authors": [
"Joshua Schneider",
"Manuel Eberl",
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 416,
+ "id": 421,
"link": "/entries/Monad_Normalisation.html",
"permalink": "/entries/Monad_Normalisation.html",
"shortname": "Monad_Normalisation",
"title": "Monad normalisation",
"topic_links": [
"tools",
"computer-science/functional-programming",
"logic/rewriting"
],
"topics": [
"Tools",
"Computer science/Functional programming",
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "This AFP entry defines a probabilistic while operator based on sub-probability mass functions and formalises zero-one laws and variant rules for probabilistic loop termination. As applications, we implement probabilistic algorithms for the Bernoulli, geometric and arbitrary uniform distributions that only use fair coin flips, and prove them correct and terminating with probability 1.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 417,
+ "id": 422,
"link": "/entries/Probabilistic_While.html",
"permalink": "/entries/Probabilistic_While.html",
"shortname": "Probabilistic_While",
"title": "Probabilistic while loop",
"topic_links": [
"computer-science/functional-programming",
"mathematics/probability-theory",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Probability theory",
"Computer science/Algorithms/Randomized"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e Building on the formalization of basic category theory set out in the author's previous AFP article, the present article formalizes some basic aspects of the theory of monoidal categories. Among the notions defined here are monoidal category, monoidal functor, and equivalence of monoidal categories. The main theorems formalized are MacLane's coherence theorem and the constructions of the free monoidal category and free strict monoidal category generated by a given category. The coherence theorem is proved syntactically, using a structurally recursive approach to reduction of terms that might have some novel aspects. We also give proofs of some results given by Etingof et al, which may prove useful in a formal setting. In particular, we show that the left and right unitors need not be taken as given data in the definition of monoidal category, nor does the definition of monoidal functor need to take as given a specific isomorphism expressing the preservation of the unit object. Our definitions of monoidal category and monoidal functor are stated so as to take advantage of the economy afforded by these facts. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on cartesian monoidal categories; showing that the underlying category of a cartesian monoidal category is a cartesian category, and that every cartesian category extends to a cartesian monoidal category. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2017-05-04",
- "id": 418,
+ "id": 423,
"link": "/entries/MonoidalCategory.html",
"permalink": "/entries/MonoidalCategory.html",
"shortname": "MonoidalCategory",
"title": "Monoidal Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "A computer-formalisation of the essential parts of Fitting's textbook \"Types, Tableaus and Gödel's God\" in Isabelle/HOL is presented. In particular, Fitting's (and Anderson's) variant of the ontological argument is verified and confirmed. This variant avoids the modal collapse, which has been criticised as an undesirable side-effect of Kurt Gödel's (and Dana Scott's) versions of the ontological argument. Fitting's work is employing an intensional higher-order modal logic, which we shallowly embed here in classical higher-order logic. We then utilize the embedded logic for the formalisation of Fitting's argument. (See also the earlier AFP entry “Gödel's God in Isabelle/HOL”.)",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-05-01",
- "id": 419,
+ "id": 424,
"link": "/entries/Types_Tableaus_and_Goedels_God.html",
"permalink": "/entries/Types_Tableaus_and_Goedels_God.html",
"shortname": "Types_Tableaus_and_Goedels_God",
"title": "Types, Tableaus and Gödel’s God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This formalisation accompanies the paper \u003ca href=\"https://arxiv.org/abs/1702.03277\"\u003eLocal Lexing\u003c/a\u003e which introduces a novel parsing concept of the same name. The paper also gives a high-level algorithm for local lexing as an extension of Earley's algorithm. This formalisation proves the algorithm to be correct with respect to its local lexing semantics. As a special case, this formalisation thus also contains a proof of the correctness of Earley's algorithm. The paper contains a short outline of how this formalisation is organised.",
"authors": [
"Steven Obua"
],
"date": "2017-04-28",
- "id": 420,
+ "id": 425,
"link": "/entries/LocalLexing.html",
"permalink": "/entries/LocalLexing.html",
"shortname": "LocalLexing",
"title": "Local Lexing",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, constructor applications have to be fully saturated. That means that for constructor calls occuring as arguments to higher-order functions, synthetic lambdas have to be inserted. This entry provides tooling to avoid this construction altogether by introducing constructor functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-19",
- "id": 421,
+ "id": 426,
"link": "/entries/Constructor_Funs.html",
"permalink": "/entries/Constructor_Funs.html",
"shortname": "Constructor_Funs",
"title": "Constructor Functions",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally, this is a sophisticated procedure, because in HOL, case statements are represented as nested calls to the case combinators as generated by the datatype package. Furthermore, the procedure relies on laziness of match expressions in the target language, i.e., that branches guarded by patterns that fail to match are not evaluated. Similarly, \u003ctt\u003eif-then-else\u003c/tt\u003e is printed to the corresponding construct in the target language. This entry provides tooling to replace these special cases in the code generator by ignoring these target language features, instead printing case expressions and \u003ctt\u003eif-then-else\u003c/tt\u003e as functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-18",
- "id": 422,
+ "id": 427,
"link": "/entries/Lazy_Case.html",
"permalink": "/entries/Lazy_Case.html",
"shortname": "Lazy_Case",
"title": "Lazifying case constants",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "We formalize the theory of subresultants and the subresultant polynomial remainder sequence as described by Brown and Traub. As a result, we obtain efficient certified algorithms for computing the resultant and the greatest common divisor of polynomials.",
"authors": [
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2017-04-06",
- "id": 423,
+ "id": 428,
"link": "/entries/Subresultants.html",
"permalink": "/entries/Subresultants.html",
"shortname": "Subresultants",
"title": "Subresultants",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry contains proofs for the textbook results about the distributions of the height and internal path length of random binary search trees (BSTs), i.\u0026thinsp;e. BSTs that are formed by taking an empty BST and inserting elements from a fixed set in random order.\u003c/p\u003e \u003cp\u003eIn particular, we prove a logarithmic upper bound on the expected height and the \u003cem\u003eΘ(n log n)\u003c/em\u003e closed-form solution for the expected internal path length in terms of the harmonic numbers. We also show how the internal path length relates to the average-case cost of a lookup in a BST.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-04-04",
- "id": 424,
+ "id": 429,
"link": "/entries/Random_BSTs.html",
"permalink": "/entries/Random_BSTs.html",
"shortname": "Random_BSTs",
"title": "Expected Shape of Random Binary Search Trees",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms/Randomized"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article contains a formal proof of the well-known fact that number of comparisons that a comparison-based sorting algorithm needs to perform to sort a list of length \u003cem\u003en\u003c/em\u003e is at least \u003cem\u003elog\u003csub\u003e2\u003c/sub\u003e\u0026nbsp;(n!)\u003c/em\u003e in the worst case, i.\u0026thinsp;e.\u0026nbsp;\u003cem\u003eΩ(n log n)\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eFor this purpose, a shallow embedding for comparison-based sorting algorithms is defined: a sorting algorithm is a recursive datatype containing either a HOL function or a query of a comparison oracle with a continuation containing the remaining computation. This makes it possible to force the algorithm to use only comparisons and to track the number of comparisons made.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 425,
+ "id": 430,
"link": "/entries/Comparison_Sort_Lower_Bound.html",
"permalink": "/entries/Comparison_Sort_Lower_Bound.html",
"shortname": "Comparison_Sort_Lower_Bound",
"title": "Lower bound on comparison-based sorting algorithms",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eWe give a formal proof of the well-known results about the number of comparisons performed by two variants of QuickSort: first, the expected number of comparisons of randomised QuickSort (i.\u0026thinsp;e.\u0026nbsp;QuickSort with random pivot choice) is \u003cem\u003e2\u0026thinsp;(n+1)\u0026thinsp;H\u003csub\u003en\u003c/sub\u003e - 4\u0026thinsp;n\u003c/em\u003e, which is asymptotically equivalent to \u003cem\u003e2\u0026thinsp;n ln n\u003c/em\u003e; second, the number of comparisons performed by the classic non-randomised QuickSort has the same distribution in the average case as the randomised one.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 426,
+ "id": 431,
"link": "/entries/Quick_Sort_Cost.html",
"permalink": "/entries/Quick_Sort_Cost.html",
"shortname": "Quick_Sort_Cost",
"title": "The number of comparisons in QuickSort",
"topic_links": [
"computer-science/algorithms",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Algorithms/Randomized"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Euler-MacLaurin formula relates the value of a discrete sum to that of the corresponding integral in terms of the derivatives at the borders of the summation and a remainder term. Since the remainder term is often very small as the summation bounds grow, this can be used to compute asymptotic expansions for sums.\u003c/p\u003e \u003cp\u003eThis entry contains a proof of this formula for functions from the reals to an arbitrary Banach space. Two variants of the formula are given: the standard textbook version and a variant outlined in \u003cem\u003eConcrete Mathematics\u003c/em\u003e that is more useful for deriving asymptotic estimates.\u003c/p\u003e \u003cp\u003eAs example applications, we use that formula to derive the full asymptotic expansion of the harmonic numbers and the sum of inverse squares.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-10",
- "id": 427,
+ "id": 432,
"link": "/entries/Euler_MacLaurin.html",
"permalink": "/entries/Euler_MacLaurin.html",
"shortname": "Euler_MacLaurin",
"title": "The Euler–MacLaurin Formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We prove the group law for elliptic curves in Weierstrass form over fields of characteristic greater than 2. In addition to affine coordinates, we also formalize projective coordinates, which allow for more efficient computations. By specializing the abstract formalization to prime fields, we can apply the curve operations to parameters used in standard security protocols.",
"authors": [
"Stefan Berghofer"
],
"date": "2017-02-28",
- "id": 428,
+ "id": 433,
"link": "/entries/Elliptic_Curves_Group_Law.html",
"permalink": "/entries/Elliptic_Curves_Group_Law.html",
"shortname": "Elliptic_Curves_Group_Law",
"title": "The Group Law for Elliptic Curves",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 1
},
{
"abstract": "We present a formalization of Menger's Theorem for directed and undirected graphs in Isabelle/HOL. This well-known result shows that if two non-adjacent distinct vertices u, v in a directed graph have no separator smaller than n, then there exist n internally vertex-disjoint paths from u to v. The version for undirected graphs follows immediately because undirected graphs are a special case of directed graphs.",
"authors": [
"Christoph Dittmann"
],
"date": "2017-02-26",
- "id": 429,
+ "id": 434,
"link": "/entries/Menger.html",
"permalink": "/entries/Menger.html",
"shortname": "Menger",
"title": "Menger's Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We formalize differential dynamic logic, a logic for proving properties of hybrid systems. The proof calculus in this formalization is based on the uniform substitution principle. We show it is sound with respect to our denotational semantics, which provides increased confidence in the correctness of the KeYmaera X theorem prover based on this calculus. As an application, we include a proof term checker embedded in Isabelle/HOL with several example proofs. Published in: Rose Bohrer, Vincent Rahli, Ivana Vukotic, Marcus Völp, André Platzer: Formally verified differential dynamic logic. CPP 2017.",
"authors": [
"Rose Bohrer"
],
"date": "2017-02-13",
- "id": 430,
+ "id": 435,
"link": "/entries/Differential_Dynamic_Logic.html",
"permalink": "/entries/Differential_Dynamic_Logic.html",
"shortname": "Differential_Dynamic_Logic",
"title": "Differential Dynamic Logic",
"topic_links": [
"logic/general-logic/modal-logic",
"computer-science/programming-languages/logics"
],
"topics": [
"Logic/General logic/Modal logic",
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "A formalized coinductive account of the abstract development of Brotherston, Gorogiannis, and Petersen [APLAS 2012], in a slightly more general form since we work with arbitrary infinite proofs, which may be acyclic. This work is described in detail in an article by the authors, published in 2017 in the \u003cem\u003eJournal of Automated Reasoning\u003c/em\u003e. The abstract proof can be instantiated for various formalisms, including first-order logic with inductive predicates.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-02-10",
- "id": 431,
+ "id": 436,
"link": "/entries/Abstract_Soundness.html",
"permalink": "/entries/Abstract_Soundness.html",
"shortname": "Abstract_Soundness",
"title": "Abstract Soundness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We develop Stone relation algebras, which generalise relation algebras by replacing the underlying Boolean algebra structure with a Stone algebra. We show that finite matrices over extended real numbers form an instance. As a consequence, relation-algebraic concepts and methods can be used for reasoning about weighted graphs. We also develop a fixpoint calculus and apply it to compare different definitions of reflexive-transitive closures in semirings.",
"authors": [
"Walter Guttmann"
],
"date": "2017-02-07",
- "id": 432,
+ "id": 437,
"link": "/entries/Stone_Relation_Algebras.html",
"permalink": "/entries/Stone_Relation_Algebras.html",
"shortname": "Stone_Relation_Algebras",
"title": "Stone Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.",
"authors": [
"Joseph Lallemand",
"Christoph Sprenger"
],
"date": "2017-01-31",
- "id": 433,
+ "id": 438,
"link": "/entries/Key_Agreement_Strong_Adversaries.html",
"permalink": "/entries/Key_Agreement_Strong_Adversaries.html",
"shortname": "Key_Agreement_Strong_Adversaries",
"title": "Refining Authenticated Key Agreement with Strong Adversaries",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eBernoulli numbers were first discovered in the closed-form expansion of the sum 1\u003csup\u003em\u003c/sup\u003e + 2\u003csup\u003em\u003c/sup\u003e + \u0026hellip; + n\u003csup\u003em\u003c/sup\u003e for a fixed m and appear in many other places. This entry provides three different definitions for them: a recursive one, an explicit one, and one through their exponential generating function.\u003c/p\u003e \u003cp\u003eIn addition, we prove some basic facts, e.g. their relation to sums of powers of integers and that all odd Bernoulli numbers except the first are zero, and some advanced facts like their relationship to the Riemann zeta function on positive even integers.\u003c/p\u003e \u003cp\u003eWe also prove the correctness of the Akiyama\u0026ndash;Tanigawa algorithm for computing Bernoulli numbers with reasonable efficiency, and we define the periodic Bernoulli polynomials (which appear e.g. in the Euler\u0026ndash;MacLaurin summation formula and the expansion of the log-Gamma function) and prove their basic properties.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn",
"Manuel Eberl"
],
"date": "2017-01-24",
- "id": 434,
+ "id": 439,
"link": "/entries/Bernoulli.html",
"permalink": "/entries/Bernoulli.html",
"shortname": "Bernoulli",
"title": "Bernoulli Numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003eBertrand's postulate is an early result on the distribution of prime numbers: For every positive integer n, there exists a prime number that lies strictly between n and 2n. The proof is ported from John Harrison's formalisation in HOL Light. It proceeds by first showing that the property is true for all n greater than or equal to 600 and then showing that it also holds for all n below 600 by case distinction. \u003c/p\u003e",
"authors": [
"Julian Biendarra",
"Manuel Eberl"
],
"date": "2017-01-17",
- "id": 435,
+ "id": 440,
"link": "/entries/Bertrands_Postulate.html",
"permalink": "/entries/Bertrands_Postulate.html",
"shortname": "Bertrands_Postulate",
"title": "Bertrand's postulate",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis formalization is an extension to \u003ca href=\"https://www.isa-afp.org/entries/Formal_SSA.html\"\u003e\"Verified Construction of Static Single Assignment Form\"\u003c/a\u003e. In their work, the authors have shown that \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.'s static single assignment (SSA) construction algorithm\u003c/a\u003e produces minimal SSA form for input programs with a reducible control flow graph (CFG). However Braun et al. also proposed an extension to their algorithm that they claim produces minimal SSA form even for irreducible CFGs.\u003cbr\u003e In this formalization we support that claim by giving a mechanized proof. \u003c/p\u003e \u003cp\u003eAs the extension of Braun et al.'s algorithm aims for removing so-called redundant strongly connected components of phi functions, we show that this suffices to guarantee minimality according to \u003ca href=\"https://doi.org/10.1145/115372.115320\"\u003eCytron et al.\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Max Wagner",
"Denis Lohner"
],
"date": "2017-01-17",
- "id": 436,
+ "id": 441,
"link": "/entries/Minimal_SSA.html",
"permalink": "/entries/Minimal_SSA.html",
"shortname": "Minimal_SSA",
"title": "Minimal Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work contains a proof that Euler's number e is transcendental. The proof follows the standard approach of assuming that e is algebraic and then using a specific integer polynomial to derive two inconsistent bounds, leading to a contradiction.\u003c/p\u003e \u003cp\u003eThis kind of approach can be found in many different sources; this formalisation mostly follows a \u003ca href=\"http://planetmath.org/proofoflindemannweierstrasstheoremandthateandpiaretranscendental\"\u003ePlanetMath article\u003c/a\u003e by Roger Lipsett.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-01-12",
- "id": 437,
+ "id": 442,
"link": "/entries/E_Transcendental.html",
"permalink": "/entries/E_Transcendental.html",
"shortname": "E_Transcendental",
"title": "The Transcendence of e",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2017-01-08",
- "id": 438,
+ "id": 443,
"link": "/entries/UPF_Firewall.html",
"permalink": "/entries/UPF_Firewall.html",
"shortname": "UPF_Firewall",
"title": "Formal Network Models and Their Application to Firewall Policies",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "This paper constructs a formal model of a Diffie-Hellman password-based authentication protocol between a user and a smart card, and proves its security. The protocol provides for the dispatch of the user's password to the smart card on a secure messaging channel established by means of Password Authenticated Connection Establishment (PACE), where the mapping method being used is Chip Authentication Mapping. By applying and suitably extending Paulson's Inductive Method, this paper proves that the protocol establishes trustworthy secure messaging channels, preserves the secrecy of users' passwords, and provides an effective mutual authentication service. What is more, these security properties turn out to hold independently of the secrecy of the PACE authentication key.",
"authors": [
"Pasquale Noce"
],
"date": "2017-01-03",
- "id": 439,
+ "id": 444,
"link": "/entries/Password_Authentication_Protocol.html",
"permalink": "/entries/Password_Authentication_Protocol.html",
"shortname": "Password_Authentication_Protocol",
"title": "Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe present a certified declarative first-order prover with equality based on John Harrison's Handbook of Practical Logic and Automated Reasoning, Cambridge University Press, 2009. ML code reflection is used such that the entire prover can be executed within Isabelle as a very simple interactive proof assistant. As examples we consider Pelletier's problems 1-46.\u003c/p\u003e \u003cp\u003eReference: Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL. Alexander Birch Jensen, John Bruntse Larsen, Anders Schlichtkrull \u0026 Jørgen Villadsen. AI Communications 31:281-299 2018. \u003ca href=\"https://content.iospress.com/articles/ai-communications/aic764\"\u003e https://content.iospress.com/articles/ai-communications/aic764\u003c/a\u003e\u003c/p\u003e \u003cp\u003eSee also: Students' Proof Assistant (SPA). \u003ca href=https://github.com/logic-tools/spa\u003e https://github.com/logic-tools/spa\u003c/a\u003e\u003c/p\u003e",
"authors": [
"Alexander Birch Jensen",
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2017-01-01",
- "id": 440,
+ "id": 445,
"link": "/entries/FOL_Harrison.html",
"permalink": "/entries/FOL_Harrison.html",
"shortname": "FOL_Harrison",
"title": "First-Order Logic According to Harrison",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The concurrent refinement algebra developed here is designed to provide a foundation for rely/guarantee reasoning about concurrent programs. The algebra builds on a complete lattice of commands by providing sequential composition, parallel composition and a novel weak conjunction operator. The weak conjunction operator coincides with the lattice supremum providing its arguments are non-aborting, but aborts if either of its arguments do. Weak conjunction provides an abstract version of a guarantee condition as a guarantee process. We distinguish between models that distribute sequential composition over non-deterministic choice from the left (referred to as being conjunctive in the refinement calculus literature) and those that don't. Least and greatest fixed points of monotone functions are provided to allow recursion and iteration operators to be added to the language. Additional iteration laws are available for conjunctive models. The rely quotient of processes \u003ci\u003ec\u003c/i\u003e and \u003ci\u003ei\u003c/i\u003e is the process that, if executed in parallel with \u003ci\u003ei\u003c/i\u003e implements \u003ci\u003ec\u003c/i\u003e. It represents an abstract version of a rely condition generalised to a process.",
"authors": [
"Julian Fell",
"Ian J. Hayes",
"Andrius Velykis"
],
"date": "2016-12-30",
- "id": 441,
+ "id": 446,
"link": "/entries/Concurrent_Ref_Alg.html",
"permalink": "/entries/Concurrent_Ref_Alg.html",
"shortname": "Concurrent_Ref_Alg",
"title": "Concurrent Refinement Algebra and Rely Quotients",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry provides all cardinality theorems of the Twelvefold Way. The Twelvefold Way systematically classifies twelve related combinatorial problems concerning two finite sets, which include counting permutations, combinations, multisets, set partitions and number partitions. This development builds upon the existing formal developments with cardinality theorems for those structures. It provides twelve bijections from the various structures to different equivalence classes on finite functions, and hence, proves cardinality formulae for these equivalence classes on finite functions.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-12-29",
- "id": 442,
+ "id": 447,
"link": "/entries/Twelvefold_Way.html",
"permalink": "/entries/Twelvefold_Way.html",
"shortname": "Twelvefold_Way",
"title": "The Twelvefold Way",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Isabelle includes various automatic tools for finding proofs under certain conditions. However, for each conjecture, knowing which automation to use, and how to tweak its parameters, is currently labour intensive. We have developed a language, PSL, designed to capture high level proof strategies. PSL offloads the construction of human-readable fast-to-replay proof scripts to automatic search, making use of search-time information about each conjecture. Our preliminary evaluations show that PSL reduces the labour cost of interactive theorem proving. This submission contains the implementation of PSL and an example theory file, Example.thy, showing how to write poof strategies in PSL.",
"authors": [
"Yutaka Nagashima"
],
"date": "2016-12-20",
- "id": 443,
+ "id": 448,
"link": "/entries/Proof_Strategy_Language.html",
"permalink": "/entries/Proof_Strategy_Language.html",
"shortname": "Proof_Strategy_Language",
"title": "Proof Strategy Language",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "Paraconsistency is about handling inconsistency in a coherent way. In classical and intuitionistic logic everything follows from an inconsistent theory. A paraconsistent logic avoids the explosion. Quite a few applications in computer science and engineering are discussed in the Intelligent Systems Reference Library Volume 110: Towards Paraconsistent Engineering (Springer 2016). We formalize a paraconsistent many-valued logic that we motivated and described in a special issue on logical approaches to paraconsistency (Journal of Applied Non-Classical Logics 2005). We limit ourselves to the propositional fragment of the higher-order logic. The logic is based on so-called key equalities and has a countably infinite number of truth values. We prove theorems in the logic using the definition of validity. We verify truth tables and also counterexamples for non-theorems. We prove meta-theorems about the logic and finally we investigate a case study.",
"authors": [
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2016-12-07",
- "id": 444,
+ "id": 449,
"link": "/entries/Paraconsistency.html",
"permalink": "/entries/Paraconsistency.html",
"shortname": "Paraconsistency",
"title": "Paraconsistency",
"topic_links": [
"logic/general-logic/paraconsistent-logics"
],
"topics": [
"Logic/General logic/Paraconsistent logics"
],
"used_by": 0
},
{
"abstract": "We propose a concurrency reasoning framework for imperative programs, based on the Owicki-Gries (OG) foundational shared-variable concurrency method. Our framework combines the approaches of Hoare-Parallel, a formalisation of OG in Isabelle/HOL for a simple while-language, and Simpl, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs. We define the Complx language, extending the syntax and semantics of Simpl with support for parallel composition and synchronisation. We additionally define an OG logic, which we prove sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination. We illustrate our framework on an example that features exceptions, guards and function calls. We aim to then target concurrent operating systems, such as the interruptible eChronos embedded operating system for which we already have a model-level OG proof using Hoare-Parallel.",
"authors": [
"Sidney Amani",
"June Andronick",
"Maksym Bortin",
"Corey Lewis",
"Christine Rizkallah",
"Joseph Tuong"
],
"date": "2016-11-29",
- "id": 445,
+ "id": 450,
"link": "/entries/Complx.html",
"permalink": "/entries/Complx.html",
"shortname": "Complx",
"title": "COMPLX: A Verification Framework for Concurrent Imperative Programs",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This is the Isabelle formalization of the material decribed in the eponymous \u003ca href=\"https://doi.org/10.1007/978-3-642-32347-8_9\"\u003eITP 2012 paper\u003c/a\u003e. It develops a generic abstract interpreter for a while-language, including widening and narrowing. The collecting semantics and the abstract interpreter operate on annotated commands: the program is represented as a syntax tree with the semantic information directly embedded, without auxiliary labels. The aim of the formalization is simplicity, not efficiency or precision. This is motivated by the inclusion of the material in a theorem prover based course on semantics. A similar (but more polished) development is covered in the book \u003ca href=\"https://doi.org/10.1007/978-3-319-10542-0\"\u003eConcrete Semantics\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2016-11-23",
- "id": 446,
+ "id": 451,
"link": "/entries/Abs_Int_ITP2012.html",
"permalink": "/entries/Abs_Int_ITP2012.html",
"shortname": "Abs_Int_ITP2012",
"title": "Abstract Interpretation of Annotated Commands",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We bring the labelled sequent calculus $LS_{PASL}$ for propositional abstract separation logic to Isabelle. The tactics given here are directly applied on an extension of the Separation Algebra in the AFP. In addition to the cancellative separation algebra, we further consider some useful properties in the heap model of separation logic, such as indivisible unit, disjointness, and cross-split. The tactics are essentially a proof search procedure for the calculus $LS_{PASL}$. We wrap the tactics in an Isabelle method called separata, and give a few examples of separation logic formulae which are provable by separata.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Rajeev Gore",
"Ranald Clouston"
],
"date": "2016-11-16",
- "id": 447,
+ "id": 452,
"link": "/entries/Separata.html",
"permalink": "/entries/Separata.html",
"shortname": "Separata",
"title": "Separata: Isabelle tactics for Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"tools"
],
"topics": [
"Computer science/Programming languages/Logics",
"Tools"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines Knuth–Bendix orders for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard transfinite KBO with subterm coefficients on first-order terms. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Heiko Becker",
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-11-12",
- "id": 448,
+ "id": 453,
"link": "/entries/Lambda_Free_KBOs.html",
"permalink": "/entries/Lambda_Free_KBOs.html",
"shortname": "Lambda_Free_KBOs",
"title": "Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization introduces a nested multiset datatype and defines Dershowitz and Manna's nested multiset order. The order is proved well founded and linear. By removing one constructor, we transform the nested multisets into hereditary multisets. These are isomorphic to the syntactic ordinals—the ordinals can be recursively expressed in Cantor normal form. Addition, subtraction, multiplication, and linear orders are provided on this type.",
"authors": [
"Jasmin Christian Blanchette",
"Mathias Fleury",
"Dmitriy Traytel"
],
"date": "2016-11-12",
- "id": 449,
+ "id": 454,
"link": "/entries/Nested_Multisets_Ordinals.html",
"permalink": "/entries/Nested_Multisets_Ordinals.html",
"shortname": "Nested_Multisets_Ordinals",
"title": "Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 7
},
{
"abstract": "Deep learning has had a profound impact on computer science in recent years, with applications to search engines, image recognition and language processing, bioinformatics, and more. Recently, Cohen et al. provided theoretical evidence for the superiority of deep learning over shallow learning. This formalization of their work simplifies and generalizes the original proof, while working around the limitations of the Isabelle type system. To support the formalization, I developed reusable libraries of formalized mathematics, including results about the matrix rank, the Lebesgue measure, and multivariate polynomials, as well as a library for tensor analysis.",
"authors": [
"Alexander Bentkamp"
],
"date": "2016-11-10",
- "id": 450,
+ "id": 455,
"link": "/entries/Deep_Learning.html",
"permalink": "/entries/Deep_Learning.html",
"shortname": "Deep_Learning",
"title": "Expressiveness of Deep Learning",
"topic_links": [
"computer-science/machine-learning",
"mathematics/analysis"
],
"topics": [
"Computer science/Machine learning",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We formalize a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is defined, and proved adequate for bisimulation equivalence. A main novelty is the construction of an infinitary nominal data type to model formulas with (finitely supported) infinite conjunctions and actions that may contain binding names. The logic is generalized to treat different bisimulation variants such as early, late and open in a systematic way.",
"authors": [
"Tjark Weber",
"Lars-Henrik Eriksson",
"Joachim Parrow",
"Johannes Borgström",
"Ramunas Gutkovas"
],
"date": "2016-10-25",
- "id": 451,
+ "id": 456,
"link": "/entries/Modal_Logics_for_NTS.html",
"permalink": "/entries/Modal_Logics_for_NTS.html",
"shortname": "Modal_Logics_for_NTS",
"title": "Modal Logics for Nominal Transition Systems",
"topic_links": [
"computer-science/concurrency/process-calculi",
"logic/general-logic/modal-logic"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We mechanize proofs of several results from the matching with contracts literature, which generalize those of the classical two-sided matching scenarios that go by the name of stable marriage. Our focus is on game theoretic issues. Along the way we develop executable algorithms for computing optimal stable matches.",
"authors": [
"Peter Gammie"
],
"date": "2016-10-24",
- "id": 452,
+ "id": 457,
"link": "/entries/Stable_Matching.html",
"permalink": "/entries/Stable_Matching.html",
"shortname": "Stable_Matching",
"title": "Stable Matching",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We present LOFT — Linux firewall OpenFlow Translator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-10-21",
- "id": 453,
+ "id": 458,
"link": "/entries/LOFT.html",
"permalink": "/entries/LOFT.html",
"shortname": "LOFT",
"title": "LOFT — Verified Migration of Linux Firewalls to SDN",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We formalise the SPARCv8 instruction set architecture (ISA) which is used in processors such as LEON3. Our formalisation can be specialised to any SPARCv8 CPU, here we use LEON3 as a running example. Our model covers the operational semantics for all the instructions in the integer unit of the SPARCv8 architecture and it supports Isabelle code export, which effectively turns the Isabelle model into a SPARCv8 CPU simulator. We prove the language-based non-interference property for the LEON3 processor. Our model is based on deterministic monad, which is a modified version of the non-deterministic monad from NICTA/l4v.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Yang Liu"
],
"date": "2016-10-19",
- "id": 454,
+ "id": 459,
"link": "/entries/SPARCv8.html",
"permalink": "/entries/SPARCv8.html",
"shortname": "SPARCv8",
"title": "A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor",
"topic_links": [
"computer-science/security",
"computer-science/hardware"
],
"topics": [
"Computer science/Security",
"Computer science/Hardware"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the necessary condition on the code rate of a source code, namely that this code rate is bounded by the entropy of the source. This represents one half of Shannon's source coding theorem, which is itself an equivalence.",
"authors": [
"Quentin Hibon",
"Lawrence C. Paulson"
],
"date": "2016-10-19",
- "id": 455,
+ "id": 460,
"link": "/entries/Source_Coding_Theorem.html",
"permalink": "/entries/Source_Coding_Theorem.html",
"shortname": "Source_Coding_Theorem",
"title": "Source Coding Theorem",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize the Berlekamp-Zassenhaus algorithm for factoring square-free integer polynomials in Isabelle/HOL. We further adapt an existing formalization of Yun’s square-free factorization algorithm to integer polynomials, and thus provide an efficient and certified factorization algorithm for arbitrary univariate polynomials. \u003c/p\u003e \u003cp\u003eThe algorithm first performs a factorization in the prime field GF(p) and then performs computations in the integer ring modulo p^k, where both p and k are determined at runtime. Since a natural modeling of these structures via dependent types is not possible in Isabelle/HOL, we formalize the whole algorithm using Isabelle’s recent addition of local type definitions. \u003c/p\u003e \u003cp\u003eThrough experiments we verify that our algorithm factors polynomials of degree 100 within seconds. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-10-14",
- "id": 456,
+ "id": 461,
"link": "/entries/Berlekamp_Zassenhaus.html",
"permalink": "/entries/Berlekamp_Zassenhaus.html",
"shortname": "Berlekamp_Zassenhaus",
"title": "The Factorization Algorithm of Berlekamp and Zassenhaus",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 8
},
{
"abstract": "This entry provides a geometric proof of the intersecting chords theorem. The theorem states that when two chords intersect each other inside a circle, the products of their segments are equal. After a short review of existing proofs in the literature, I decided to use a proof approach that employs reasoning about lengths of line segments, the orthogonality of two lines and the Pythagoras Law. Hence, one can understand the formalized proof easily with the knowledge of a few general geometric facts that are commonly taught in high-school. This theorem is the 55th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-10-11",
- "id": 457,
+ "id": 462,
"link": "/entries/Chord_Segments.html",
"permalink": "/entries/Chord_Segments.html",
"shortname": "Chord_Segments",
"title": "Intersecting Chords Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Lp is the space of functions whose p-th power is integrable. It is one of the most fundamental Banach spaces that is used in analysis and probability. We develop a framework for function spaces, and then implement the Lp spaces in this framework using the existing integration theory in Isabelle/HOL. Our development contains most fundamental properties of Lp spaces, notably the Hölder and Minkowski inequalities, completeness of Lp, duality, stability under almost sure convergence, multiplication of functions in Lp and Lq, stability under conditional expectation.",
"authors": [
"Sebastien Gouezel"
],
"date": "2016-10-05",
- "id": 458,
+ "id": 463,
"link": "/entries/Lp.html",
"permalink": "/entries/Lp.html",
"shortname": "Lp",
"title": "Lp spaces",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work defines and proves the correctness of the Fisher–Yates algorithm for shuffling – i.e. producing a random permutation – of a list. The algorithm proceeds by traversing the list and in each step swapping the current element with a random element from the remaining list.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-30",
- "id": 459,
+ "id": 464,
"link": "/entries/Fisher_Yates.html",
"permalink": "/entries/Fisher_Yates.html",
"shortname": "Fisher_Yates",
"title": "Fisher–Yates shuffle",
"topic_links": [
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Randomized"
],
"used_by": 0
},
{
"abstract": "Allen’s interval calculus is a qualitative temporal representation of time events. Allen introduced 13 binary relations that describe all the possible arrangements between two events, i.e. intervals with non-zero finite length. The compositions are pertinent to reasoning about knowledge of time. In particular, a consistency problem of relation constraints is commonly solved with a guideline from these compositions. We formalize the relations together with an axiomatic system. We proof the validity of the 169 compositions of these relations. We also define nests as the sets of intervals that share a meeting point. We prove that nests give the ordering properties of points without introducing a new datatype for points. [1] J.F. Allen. Maintaining Knowledge about Temporal Intervals. In Commun. ACM, volume 26, pages 832–843, 1983. [2] J. F. Allen and P. J. Hayes. A Common-sense Theory of Time. In Proceedings of the 9th International Joint Conference on Artificial Intelligence (IJCAI’85), pages 528–531, 1985.",
"authors": [
"Fadoua Ghourabi"
],
"date": "2016-09-29",
- "id": 460,
+ "id": 465,
"link": "/entries/Allen_Calculus.html",
"permalink": "/entries/Allen_Calculus.html",
"shortname": "Allen_Calculus",
"title": "Allen's Interval Calculus",
"topic_links": [
"logic/general-logic/temporal-logic",
"mathematics/order"
],
"topics": [
"Logic/General logic/Temporal logic",
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines recursive path orders (RPOs) for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard RPO on first-order terms also in the presence of currying, distinguishing it from previous work. An optimized variant is formalized as well. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-09-23",
- "id": 461,
+ "id": 466,
"link": "/entries/Lambda_Free_RPOs.html",
"permalink": "/entries/Lambda_Free_RPOs.html",
"shortname": "Lambda_Free_RPOs",
"title": "Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 5
},
{
"abstract": "We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables rulests to a simple firewall model (c.f. AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Simple_Firewall.html\"\u003eSimple_Firewall\u003c/a\u003e) and to verify spoofing protection of a ruleset. Internally, we embed our semantics into ternary logic, ultimately supporting every iptables match condition by abstracting over unknowns. Using this AFP entry and all entries it depends on, we created an easy-to-use, stand-alone haskell tool called \u003ca href=\"http://iptables.isabelle.systems\"\u003efffuu\u003c/a\u003e. The tool does not require any input \u0026mdash;except for the \u003ctt\u003eiptables-save\u003c/tt\u003e dump of the analyzed firewall\u0026mdash; and presents interesting results about the user's ruleset. Real-Word firewall errors have been uncovered, and the correctness of rulesets has been proved, with the help of our tool.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2016-09-09",
- "id": 462,
+ "id": 467,
"link": "/entries/Iptables_Semantics.html",
"permalink": "/entries/Iptables_Semantics.html",
"shortname": "Iptables_Semantics",
"title": "Iptables Semantics",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "We provide a formalization of a variant of the superposition calculus, together with formal proofs of soundness and refutational completeness (w.r.t. the usual redundancy criteria based on clause ordering). This version of the calculus uses all the standard restrictions of the superposition rules, together with the following refinement, inspired by the basic superposition calculus: each clause is associated with a set of terms which are assumed to be in normal form -- thus any application of the replacement rule on these terms is blocked. The set is initially empty and terms may be added or removed at each inference step. The set of terms that are assumed to be in normal form includes any term introduced by previous unifiers as well as any term occurring in the parent clauses at a position that is smaller (according to some given ordering on positions) than a previously replaced term. The standard superposition calculus corresponds to the case where the set of irreducible terms is always empty.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-09-06",
- "id": 463,
+ "id": 468,
"link": "/entries/SuperCalc.html",
"permalink": "/entries/SuperCalc.html",
"shortname": "SuperCalc",
"title": "A Variant of the Superposition Calculus",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "A range of algebras between lattices and Boolean algebras generalise the notion of a complement. We develop a hierarchy of these pseudo-complemented algebras that includes Stone algebras. Independently of this theory we study filters based on partial orders. Both theories are combined to prove Chen and Grätzer's construction theorem for Stone algebras. The latter involves extensive reasoning about algebraic structures in addition to reasoning in algebraic structures.",
"authors": [
"Walter Guttmann"
],
"date": "2016-09-06",
- "id": 464,
+ "id": 469,
"link": "/entries/Stone_Algebras.html",
"permalink": "/entries/Stone_Algebras.html",
"shortname": "Stone_Algebras",
"title": "Stone Algebras",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work contains a proof of Stirling's formula both for the factorial $n! \\sim \\sqrt{2\\pi n} (n/e)^n$ on natural numbers and the real Gamma function $\\Gamma(x)\\sim \\sqrt{2\\pi/x} (x/e)^x$. The proof is based on work by \u003ca href=\"http://www.maths.lancs.ac.uk/~jameson/stirlgamma.pdf\"\u003eGraham Jameson\u003c/a\u003e.\u003c/p\u003e \u003cp\u003eThis is then extended to the full asymptotic expansion $$\\log\\Gamma(z) = \\big(z - \\tfrac{1}{2}\\big)\\log z - z + \\tfrac{1}{2}\\log(2\\pi) + \\sum_{k=1}^{n-1} \\frac{B_{k+1}}{k(k+1)} z^{-k}\\\\ {} - \\frac{1}{n} \\int_0^\\infty B_n([t])(t + z)^{-n}\\,\\text{d}t$$ uniformly for all complex $z\\neq 0$ in the cone $\\text{arg}(z)\\leq \\alpha$ for any $\\alpha\\in(0,\\pi)$, with which the above asymptotic relation for \u0026Gamma; is also extended to complex arguments.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-01",
- "id": 465,
+ "id": 470,
"link": "/entries/Stirling_Formula.html",
"permalink": "/entries/Stirling_Formula.html",
"shortname": "Stirling_Formula",
"title": "Stirling's formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 6
},
{
"abstract": "This entry contains definitions for routing with routing tables/longest prefix matching. A routing table entry is modelled as a record of a prefix match, a metric, an output port, and an optional next hop. A routing table is a list of entries, sorted by prefix length and metric. Additionally, a parser and serializer for the output of the ip-route command, a function to create a relation from output port to corresponding destination IP space, and a model of a Linux-style router are included.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-08-31",
- "id": 466,
+ "id": 471,
"link": "/entries/Routing.html",
"permalink": "/entries/Routing.html",
"shortname": "Routing",
"title": "Routing",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "We present a simple model of a firewall. The firewall can accept or drop a packet and can match on interfaces, IP addresses, protocol, and ports. It was designed to feature nice mathematical properties: The type of match expressions was carefully crafted such that the conjunction of two match expressions is only one match expression. This model is too simplistic to mirror all aspects of the real world. In the upcoming entry \"Iptables Semantics\", we will translate the Linux firewall iptables to this model. For a fixed service (e.g. ssh, http), we provide an algorithm to compute an overview of the firewall's filtering behavior. The algorithm computes minimal service matrices, i.e. graphs which partition the complete IPv4 and IPv6 address space and visualize the allowed accesses between partitions. For a detailed description, see \u003ca href=\"http://dl.ifip.org/db/conf/networking/networking2016/1570232858.pdf\"\u003eVerified iptables Firewall Analysis\u003c/a\u003e, IFIP Networking 2016.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Max W. Haslbeck"
],
"date": "2016-08-24",
- "id": 467,
+ "id": 472,
"link": "/entries/Simple_Firewall.html",
"permalink": "/entries/Simple_Firewall.html",
"shortname": "Simple_Firewall",
"title": "Simple Firewall",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "TRACER is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems. The framework provides 1) a graph- transformation based method for reducing the feasible paths in control-flow graphs, 2) a model for symbolic execution, subsumption, predicate abstraction and invariant generation. In this framework we formally prove two key properties: correct construction of the symbolic states and preservation of feasible paths. The framework focuses on core operations, leaving to concrete prototypes to “fit in” heuristics for combining them. The accompanying paper (published in ITP 2016) can be found at https://www.lri.fr/∼wolff/papers/conf/2016-itp-InfPathsNSE.pdf.",
"authors": [
"Romain Aissat",
"Frederic Voisin",
"Burkhart Wolff"
],
"date": "2016-08-18",
- "id": 468,
+ "id": 473,
"link": "/entries/InfPathElimination.html",
"permalink": "/entries/InfPathElimination.html",
"shortname": "InfPathElimination",
"title": "Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We present a formalization of the Ford-Fulkerson method for computing the maximum flow in a network. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL--- the interactive theorem prover used for the formalization. We then use stepwise refinement to obtain the Edmonds-Karp algorithm, and formally prove a bound on its complexity. Further refinement yields a verified implementation, whose execution time compares well to an unverified reference implementation in Java. This entry is based on our ITP-2016 paper with the same title.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2016-08-12",
- "id": 469,
+ "id": 474,
"link": "/entries/EdmondsKarp_Maxflow.html",
"permalink": "/entries/EdmondsKarp_Maxflow.html",
"shortname": "EdmondsKarp_Maxflow",
"title": "Formalizing the Edmonds-Karp Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 1
},
{
"abstract": "We present the Imperative Refinement Framework (IRF), a tool that supports a stepwise refinement based approach to imperative programs. This entry is based on the material we presented in [ITP-2015, CPP-2016]. It uses the Monadic Refinement Framework as a frontend for the specification of the abstract programs, and Imperative/HOL as a backend to generate executable imperative programs. The IRF comes with tool support to synthesize imperative programs from more abstract, functional ones, using efficient imperative implementations for the abstract data structures. This entry also includes the Imperative Isabelle Collection Framework (IICF), which provides a library of re-usable imperative collection data structures. Moreover, this entry contains a quickstart guide and a reference manual, which provide an introduction to using the IRF for Isabelle/HOL experts. It also provids a collection of (partly commented) practical examples, some highlights being Dijkstra's Algorithm, Nested-DFS, and a generic worklist algorithm with subsumption. Finally, this entry contains benchmark scripts that compare the runtime of some examples against reference implementations of the algorithms in Java and C++. [ITP-2015] Peter Lammich: Refinement to Imperative/HOL. ITP 2015: 253--269 [CPP-2016] Peter Lammich: Refinement based verification of imperative data structures. CPP 2016: 27--36",
"authors": [
"Peter Lammich"
],
"date": "2016-08-08",
- "id": 470,
+ "id": 475,
"link": "/entries/Refine_Imperative_HOL.html",
"permalink": "/entries/Refine_Imperative_HOL.html",
"shortname": "Refine_Imperative_HOL",
"title": "The Imperative Refinement Framework",
"topic_links": [
"computer-science/semantics-and-reasoning",
"computer-science/data-structures"
],
"topics": [
"Computer science/Semantics and reasoning",
"Computer science/Data structures"
],
"used_by": 10
},
{
"abstract": "This entry provides an analytic proof to Ptolemy's Theorem using polar form transformation and trigonometric identities. In this formalization, we use ideas from John Harrison's HOL Light formalization and the proof sketch on the Wikipedia entry of Ptolemy's Theorem. This theorem is the 95th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-08-07",
- "id": 471,
+ "id": 476,
"link": "/entries/Ptolemys_Theorem.html",
"permalink": "/entries/Ptolemys_Theorem.html",
"shortname": "Ptolemys_Theorem",
"title": "Ptolemy's Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In 1964, Fitch showed that the paradox of the surprise hanging can be resolved by showing that the judge’s verdict is inconsistent. His formalization builds on Gödel’s coding of provability. In this theory, we reproduce his proof in Isabelle, building on Paulson’s formalisation of Gödel’s incompleteness theorems.",
"authors": [
"Joachim Breitner"
],
"date": "2016-07-17",
- "id": 472,
+ "id": 477,
"link": "/entries/Surprise_Paradox.html",
"permalink": "/entries/Surprise_Paradox.html",
"shortname": "Surprise_Paradox",
"title": "Surprise Paradox",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This library defines three different versions of pairing heaps: a functional version of the original design based on binary trees [Fredman et al. 1986], the version by Okasaki [1998] and a modified version of the latter that is free of structural invariants. \u003cp\u003e The amortized complexity of pairing heaps is analyzed in the AFP article \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Hauke Brinkop",
"Tobias Nipkow"
],
"date": "2016-07-14",
- "id": 473,
+ "id": 478,
"link": "/entries/Pairing_Heap.html",
"permalink": "/entries/Pairing_Heap.html",
"shortname": "Pairing_Heap",
"title": "Pairing Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e This entry presents a framework for the modular verification of DFS-based algorithms, which is described in our [CPP-2015] paper. It provides a generic DFS algorithm framework, that can be parameterized with user-defined actions on certain events (e.g. discovery of new node). It comes with an extensible library of invariants, which can be used to derive invariants of a specific parameterization. Using refinement techniques, efficient implementations of the algorithms can easily be derived. Here, the framework comes with templates for a recursive and a tail-recursive implementation, and also with several templates for implementing the data structures required by the DFS algorithm. Finally, this entry contains a set of re-usable DFS-based algorithms, which illustrate the application of the framework. \u003c/p\u003e\u003cp\u003e [CPP-2015] Peter Lammich, René Neumann: A Framework for Verifying Depth-First Search Algorithms. CPP 2015: 137-146\u003c/p\u003e",
"authors": [
"Peter Lammich",
"René Neumann"
],
"date": "2016-07-05",
- "id": 474,
+ "id": 479,
"link": "/entries/DFS_Framework.html",
"permalink": "/entries/DFS_Framework.html",
"shortname": "DFS_Framework",
"title": "A Framework for Verifying Depth-First Search Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 4
},
{
"abstract": "We provide a basic formal framework for the theory of chamber complexes and Coxeter systems, and for buildings as thick chamber complexes endowed with a system of apartments. Along the way, we develop some of the general theory of abstract simplicial complexes and of groups (relying on the \u003ci\u003egroup_add\u003c/i\u003e class for the basics), including free groups and group presentations, and their universal properties. The main results verified are that the deletion condition is both necessary and sufficient for a group with a set of generators of order two to be a Coxeter system, and that the apartments in a (thick) building are all uniformly Coxeter.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2016-07-01",
- "id": 475,
+ "id": 480,
"link": "/entries/Buildings.html",
"permalink": "/entries/Buildings.html",
"shortname": "Buildings",
"title": "Chamber Complexes, Coxeter Systems, and Buildings",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is a formalization of the resolution calculus for first-order logic. It is proven sound and complete. The soundness proof uses the substitution lemma, which shows a correspondence between substitutions and updates to an environment. The completeness proof uses semantic trees, i.e. trees whose paths are partial Herbrand interpretations. It employs Herbrand's theorem in a formulation which states that an unsatisfiable set of clauses has a finite closed semantic tree. It also uses the lifting lemma which lifts resolution derivation steps from the ground world up to the first-order world. The theory is presented in a paper in the Journal of Automated Reasoning [Sch18] which extends a paper presented at the International Conference on Interactive Theorem Proving [Sch16]. An earlier version was presented in an MSc thesis [Sch15]. The formalization mostly follows textbooks by Ben-Ari [BA12], Chang and Lee [CL73], and Leitsch [Lei97]. The theory is part of the IsaFoL project [IsaFoL]. \u003cp\u003e \u003ca name=\"Sch18\"\u003e\u003c/a\u003e[Sch18] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". Journal of Automated Reasoning, 2018.\u003cbr\u003e \u003ca name=\"Sch16\"\u003e\u003c/a\u003e[Sch16] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". In: ITP 2016. Vol. 9807. LNCS. Springer, 2016.\u003cbr\u003e \u003ca name=\"Sch15\"\u003e\u003c/a\u003e[Sch15] Anders Schlichtkrull. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003e \"Formalization of Resolution Calculus in Isabelle\"\u003c/a\u003e. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003ehttps://people.compute.dtu.dk/andschl/Thesis.pdf\u003c/a\u003e. MSc thesis. Technical University of Denmark, 2015.\u003cbr\u003e \u003ca name=\"BA12\"\u003e\u003c/a\u003e[BA12] Mordechai Ben-Ari. \u003ci\u003eMathematical Logic for Computer Science\u003c/i\u003e. 3rd. Springer, 2012.\u003cbr\u003e \u003ca name=\"CL73\"\u003e\u003c/a\u003e[CL73] Chin-Liang Chang and Richard Char-Tung Lee. \u003ci\u003eSymbolic Logic and Mechanical Theorem Proving\u003c/i\u003e. 1st. Academic Press, Inc., 1973.\u003cbr\u003e \u003ca name=\"Lei97\"\u003e\u003c/a\u003e[Lei97] Alexander Leitsch. \u003ci\u003eThe Resolution Calculus\u003c/i\u003e. Texts in theoretical computer science. Springer, 1997.\u003cbr\u003e \u003ca name=\"IsaFoL\"\u003e\u003c/a\u003e[IsaFoL] IsaFoL authors. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003e IsaFoL: Isabelle Formalization of Logic\u003c/a\u003e. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003ehttps://bitbucket.org/jasmin_blanchette/isafol\u003c/a\u003e.",
"authors": [
"Anders Schlichtkrull"
],
"date": "2016-06-30",
- "id": 476,
+ "id": 481,
"link": "/entries/Resolution_FOL.html",
"permalink": "/entries/Resolution_FOL.html",
"shortname": "Resolution_FOL",
"title": "The Resolution Calculus for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.",
"authors": [
"Bertram Felgenhauer",
"Julian Nagele",
"Vincent van Oostrom",
"Christian Sternagel"
],
"date": "2016-06-30",
- "id": 477,
+ "id": 482,
"link": "/entries/Rewriting_Z.html",
"permalink": "/entries/Rewriting_Z.html",
"shortname": "Rewriting_Z",
"title": "The Z Property",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a compositional theory of refinement for a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that refinement theory, and demonstrates its application on some small examples.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-28",
- "id": 478,
+ "id": 483,
"link": "/entries/Dependent_SIFUM_Refinement.html",
"permalink": "/entries/Dependent_SIFUM_Refinement.html",
"shortname": "Dependent_SIFUM_Refinement",
"title": "Compositional Security-Preserving Refinement for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains a definition of IP addresses and a library to work with them. Generic IP addresses are modeled as machine words of arbitrary length. Derived from this generic definition, IPv4 addresses are 32bit machine words, IPv6 addresses are 128bit words. Additionally, IPv4 addresses can be represented in dot-decimal notation and IPv6 addresses in (compressed) colon-separated notation. We support toString functions and parsers for both notations. Sets of IP addresses can be represented with a netmask (e.g. 192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To provide executable code for set operations on IP address ranges, the library includes a datatype to work on arbitrary intervals of machine words.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Lars Hupel"
],
"date": "2016-06-28",
- "id": 479,
+ "id": 484,
"link": "/entries/IP_Addresses.html",
"permalink": "/entries/IP_Addresses.html",
"shortname": "IP_Addresses",
"title": "IP Addresses",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry provides three lemmas to count the number of multisets of a given size and finite carrier set. The first lemma provides a cardinality formula assuming that the multiset's elements are chosen from the given carrier set. The latter two lemmas provide formulas assuming that the multiset's elements also cover the given carrier set, i.e., each element of the carrier set occurs in the multiset at least once.\u003c/p\u003e \u003cp\u003eThe proof of the first lemma uses the argument of the recurrence relation for counting multisets. The proof of the second lemma is straightforward, and the proof of the third lemma is easily obtained using the first cardinality lemma. A challenge for the formalization is the derivation of the required induction rule, which is a special combination of the induction rules for finite sets and natural numbers. The induction rule is derived by defining a suitable inductive predicate and transforming the predicate's induction rule.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-06-26",
- "id": 480,
+ "id": 485,
"link": "/entries/Card_Multisets.html",
"permalink": "/entries/Card_Multisets.html",
"shortname": "Card_Multisets",
"title": "Cardinality of Multisets",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e This article attempts to develop a usable framework for doing category theory in Isabelle/HOL. Our point of view, which to some extent differs from that of the previous AFP articles on the subject, is to try to explore how category theory can be done efficaciously within HOL, rather than trying to match exactly the way things are done using a traditional approach. To this end, we define the notion of category in an \"object-free\" style, in which a category is represented by a single partial composition operation on arrows. This way of defining categories provides some advantages in the context of HOL, including the ability to avoid the use of records and the possibility of defining functors and natural transformations simply as certain functions on arrows, rather than as composite objects. We define various constructions associated with the basic notions, including: dual category, product category, functor category, discrete category, free category, functor composition, and horizontal and vertical composite of natural transformations. A \"set category\" locale is defined that axiomatizes the notion \"category of all sets at a type and all functions between them,\" and a fairly extensive set of properties of set categories is derived from the locale assumptions. The notion of a set category is used to prove the Yoneda Lemma in a general setting of a category equipped with a \"hom embedding,\" which maps arrows of the category to the \"universe\" of the set category. We also give a treatment of adjunctions, defining adjunctions via left and right adjoint functors, natural bijections between hom-sets, and unit and counit natural transformations, and showing the equivalence of these definitions. We also develop the theory of limits, including representations of functors, diagrams and cones, and diagonal functors. We show that right adjoint functors preserve limits, and that limits can be constructed via products and equalizers. We characterize the conditions under which limits exist in a set category. We also examine the case of limits in a functor category, ultimately culminating in a proof that the Yoneda embedding preserves limits. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on equivalence of categories, cartesian categories, categories with pullbacks, categories with finite limits, and cartesian closed categories. A construction was given of the category of hereditarily finite sets and functions between them, and it was shown that this category is cartesian closed. Using \"ZFC_in_HOL\", a construction was also given of the (large) category of small sets and functions between them, and it was shown that this category is small-complete. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2016-06-26",
- "id": 481,
+ "id": 486,
"link": "/entries/Category3.html",
"permalink": "/entries/Category3.html",
"shortname": "Category3",
"title": "Category Theory with Adjunctions and Limits",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a dependent security type system for compositionally verifying a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that security definition, the type system and its soundness proof, and demonstrates its application on some small examples. It was derived from the SIFUM_Type_Systems AFP entry, by Sylvia Grewe, Heiko Mantel and Daniel Schoepe, and whose structure it inherits.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-25",
- "id": 482,
+ "id": 487,
"link": "/entries/Dependent_SIFUM_Type_Systems.html",
"permalink": "/entries/Dependent_SIFUM_Type_Systems.html",
"shortname": "Dependent_SIFUM_Type_Systems",
"title": "A Dependent Security Type System for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this work, we define the Catalan numbers \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e\u003c/em\u003e and prove several equivalent definitions (including some closed-form formulae). We also show one of their applications (counting the number of binary trees of size \u003cem\u003en\u003c/em\u003e), prove the asymptotic growth approximation \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e \u0026sim; 4\u003csup\u003en\u003c/sup\u003e / (\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u0026pi;\u003c/span\u003e \u0026middot; n\u003csup\u003e1.5\u003c/sup\u003e)\u003c/em\u003e, and provide reasonably efficient executable code to compute them.\u003c/p\u003e \u003cp\u003eThe derivation of the closed-form formulae uses algebraic manipulations of the ordinary generating function of the Catalan numbers, and the asymptotic approximation is then done using generalised binomial coefficients and the Gamma function. Thanks to these highly non-elementary mathematical tools, the proofs are very short and simple.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-06-21",
- "id": 483,
+ "id": 488,
"link": "/entries/Catalan_Numbers.html",
"permalink": "/entries/Catalan_Numbers.html",
"shortname": "Catalan_Numbers",
"title": "Catalan Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Variants of Kleene algebra support program construction and verification by algebraic reasoning. This entry provides a verification component for Hoare logic based on Kleene algebra with tests, verification components for weakest preconditions and strongest postconditions based on Kleene algebra with domain and a component for step-wise refinement based on refinement Kleene algebra with tests. In addition to these components for the partial correctness of while programs, a verification component for total correctness based on divergence Kleene algebras and one for (partial correctness) of recursive programs based on domain quantales are provided. Finally we have integrated memory models for programs with pointers and a program trace semantics into the weakest precondition component.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2016-06-18",
- "id": 484,
+ "id": 489,
"link": "/entries/Algebraic_VCs.html",
"permalink": "/entries/Algebraic_VCs.html",
"shortname": "Algebraic_VCs",
"title": "Program Construction and Verification Components Based on Kleene Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the latter operation is a process in which any event not shared by both operands can occur whenever the operand that admits the event can engage in it, whereas any event shared by both operands can occur just in case both can engage in it.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of concurrent composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation. This result, along with the previous analogous one concerning sequential composition, enables the construction of more and more complex processes enforcing noninterference security by composing, sequentially or concurrently, simpler secure processes, whose security can in turn be proven using either the definition of security, or unwinding theorems.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-06-13",
- "id": 485,
+ "id": 490,
"link": "/entries/Noninterference_Concurrent_Composition.html",
"permalink": "/entries/Noninterference_Concurrent_Composition.html",
"shortname": "Noninterference_Concurrent_Composition",
"title": "Conservation of CSP Noninterference Security under Concurrent Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "This entry contains an extension to the Isabelle library for fixed-width machine words. In particular, the entry adds quickcheck setup for words, printing as hexadecimals, additional operations, reasoning about alignment, signed words, enumerations of words, normalisation of word numerals, and an extensive library of properties about generic fixed-width words, as well as an instantiation of many of these to the commonly used 32 and 64-bit bases.",
"authors": [
"Joel Beeren",
"Matthew Fernandez",
"Xin Gao",
"Gerwin Klein",
"Rafal Kolanski",
"Japheth Lim",
"Corey Lewis",
"Daniel Matichuk",
"Thomas Sewell"
],
"date": "2016-06-09",
- "id": 486,
+ "id": 491,
"link": "/entries/Word_Lib.html",
"permalink": "/entries/Word_Lib.html",
"shortname": "Word_Lib",
"title": "Finite Machine Word Library",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 9
},
{
"abstract": "We formalize tree decompositions and tree width in Isabelle/HOL, proving that trees have treewidth 1. We also show that every edge of a tree decomposition is a separation of the underlying graph. As an application of this theorem we prove that complete graphs of size n have treewidth n-1.",
"authors": [
"Christoph Dittmann"
],
"date": "2016-05-31",
- "id": 487,
+ "id": 492,
"link": "/entries/Tree_Decomposition.html",
"permalink": "/entries/Tree_Decomposition.html",
"shortname": "Tree_Decomposition",
"title": "Tree Decomposition",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This entry provides formulae for counting the number of equivalence relations and partial equivalence relations over a finite carrier set with given cardinality. To count the number of equivalence relations, we provide bijections between equivalence relations and set partitions, and then transfer the main results of the two AFP entries, Cardinality of Set Partitions and Spivey's Generalized Recurrence for Bell Numbers, to theorems on equivalence relations. To count the number of partial equivalence relations, we observe that counting partial equivalence relations over a set A is equivalent to counting all equivalence relations over all subsets of the set A. From this observation and the results on equivalence relations, we show that the cardinality of partial equivalence relations over a finite set of cardinality n is equal to the n+1-th Bell number.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-24",
- "id": 488,
+ "id": 493,
"link": "/entries/Card_Equiv_Relations.html",
"permalink": "/entries/Card_Equiv_Relations.html",
"shortname": "Card_Equiv_Relations",
"title": "Cardinality of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eBrzozowski introduced the notion of derivatives for regular expressions. They can be used for a very simple regular expression matching algorithm. Sulzmann and Lu cleverly extended this algorithm in order to deal with POSIX matching, which is the underlying disambiguation strategy for regular expressions needed in lexers. Their algorithm generates POSIX values which encode the information of how a regular expression matches a string--—that is, which part of the string is matched by which part of the regular expression. In this paper we give our inductive definition of what a POSIX value is and show (i) that such a value is unique (for given regular expression and string being matched) and (ii) that Sulzmann and Lu’s algorithm always generates such a value (provided that the regular expression matches the string). This holds also when optimisations are included. Finally we show that (iii) our inductive definition of a POSIX value is equivalent to an alternative definition by Okui and Suzuki which identifies POSIX values as least elements according to an ordering of values.\u003c/p\u003e",
"authors": [
"Fahad Ausaf",
"Roy Dyckhoff",
"Christian Urban"
],
"date": "2016-05-24",
- "id": 489,
+ "id": 494,
"link": "/entries/Posix-Lexing.html",
"permalink": "/entries/Posix-Lexing.html",
"shortname": "Posix-Lexing",
"title": "POSIX Lexing with Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe spectral radius of a matrix A is the maximum norm of all eigenvalues of A. In previous work we already formalized that for a complex matrix A, the values in A\u003csup\u003en\u003c/sup\u003e grow polynomially in n if and only if the spectral radius is at most one. One problem with the above characterization is the determination of all \u003cem\u003ecomplex\u003c/em\u003e eigenvalues. In case A contains only non-negative real values, a simplification is possible with the help of the Perron\u0026ndash;Frobenius theorem, which tells us that it suffices to consider only the \u003cem\u003ereal\u003c/em\u003e eigenvalues of A, i.e., applying Sturm's method can decide the polynomial growth of A\u003csup\u003en\u003c/sup\u003e. \u003c/p\u003e\u003cp\u003e We formalize the Perron\u0026ndash;Frobenius theorem based on a proof via Brouwer's fixpoint theorem, which is available in the HOL multivariate analysis (HMA) library. Since the results on the spectral radius is based on matrices in the Jordan normal form (JNF) library, we further develop a connection which allows us to easily transfer theorems between HMA and JNF. With this connection we derive the combined result: if A is a non-negative real matrix, and no real eigenvalue of A is strictly larger than one, then A\u003csup\u003en\u003c/sup\u003e is polynomially bounded in n. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Ondřej Kunčar",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-05-20",
- "id": 490,
+ "id": 495,
"link": "/entries/Perron_Frobenius.html",
"permalink": "/entries/Perron_Frobenius.html",
"shortname": "Perron_Frobenius",
"title": "Perron-Frobenius Theorem for Spectral Radius Analysis",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 5
},
{
"abstract": "The \u003ca href=\"http://incredible.pm\"\u003eIncredible Proof Machine\u003c/a\u003e is an interactive visual theorem prover which represents proofs as port graphs. We model this proof representation in Isabelle, and prove that it is just as powerful as natural deduction.",
"authors": [
"Joachim Breitner",
"Denis Lohner"
],
"date": "2016-05-20",
- "id": 491,
+ "id": 496,
"link": "/entries/Incredible_Proof_Machine.html",
"permalink": "/entries/Incredible_Proof_Machine.html",
"shortname": "Incredible_Proof_Machine",
"title": "The meta theory of the Incredible Proof Machine",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer's paper \"A constructive proof for FLP\". In addition to the enhanced confidence in the validity of Völzer's proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization can also be reused for further proofs of properties of distributed systems.",
"authors": [
"Benjamin Bisping",
"Paul-David Brodmann",
"Tim Jungnickel",
"Christina Rickmann",
"Henning Seidler",
"Anke Stüber",
"Arno Wilhelm-Weidner",
"Kirstin Peters",
"Uwe Nestmann"
],
"date": "2016-05-18",
- "id": 492,
+ "id": 497,
"link": "/entries/FLP.html",
"permalink": "/entries/FLP.html",
"shortname": "FLP",
"title": "A Constructive Proof for FLP",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This article formalises a proof of the maximum-flow minimal-cut theorem for networks with countably many edges. A network is a directed graph with non-negative real-valued edge labels and two dedicated vertices, the source and the sink. A flow in a network assigns non-negative real numbers to the edges such that for all vertices except for the source and the sink, the sum of values on incoming edges equals the sum of values on outgoing edges. A cut is a subset of the vertices which contains the source, but not the sink. Our theorem states that in every network, there is a flow and a cut such that the flow saturates all the edges going out of the cut and is zero on all the incoming edges. The proof is based on the paper \u003cemph\u003eThe Max-Flow Min-Cut theorem for countable networks\u003c/emph\u003e by Aharoni et al. Additionally, we prove a characterisation of the lifting operation for relations on discrete probability distributions, which leads to a concise proof of its distributivity over relation composition.",
"authors": [
"Andreas Lochbihler"
],
"date": "2016-05-09",
- "id": 493,
+ "id": 498,
"link": "/entries/MFMC_Countable.html",
"permalink": "/entries/MFMC_Countable.html",
"shortname": "MFMC_Countable",
"title": "A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "This work contains a formalisation of basic Randomised Social Choice, including Stochastic Dominance and Social Decision Schemes (SDSs) along with some of their most important properties (Anonymity, Neutrality, ex-post- and SD-Efficiency, SD-Strategy-Proofness) and two particular SDSs – Random Dictatorship and Random Serial Dictatorship (with proofs of the properties that they satisfy). Many important properties of these concepts are also proven – such as the two equivalent characterisations of Stochastic Dominance and the fact that SD-efficiency of a lottery only depends on the support. The entry also provides convenient commands to define Preference Profiles, prove their well-formedness, and automatically derive restrictions that sufficiently nice SDSs need to satisfy on the defined profiles. Currently, the formalisation focuses on weak preferences and Stochastic Dominance, but it should be easy to extend it to other domains – such as strict preferences – or other lottery extensions – such as Bilinear Dominance or Pairwise Comparison.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-05",
- "id": 494,
+ "id": 499,
"link": "/entries/Randomised_Social_Choice.html",
"permalink": "/entries/Randomised_Social_Choice.html",
"shortname": "Randomised_Social_Choice",
"title": "Randomised Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 3
},
{
"abstract": "This entry defines the Bell numbers as the cardinality of set partitions for a carrier set of given size, and derives Spivey's generalized recurrence relation for Bell numbers following his elegant and intuitive combinatorial proof. \u003cp\u003e As the set construction for the combinatorial proof requires construction of three intermediate structures, the main difficulty of the formalization is handling the overall combinatorial argument in a structured way. The introduced proof structure allows us to compose the combinatorial argument from its subparts, and supports to keep track how the detailed proof steps are related to the overall argument. To obtain this structure, this entry uses set monad notation for the set construction's definition, introduces suitable predicates and rules, and follows a repeating structure in its Isar proof.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-04",
- "id": 495,
+ "id": 500,
"link": "/entries/Bell_Numbers_Spivey.html",
"permalink": "/entries/Bell_Numbers_Spivey.html",
"shortname": "Bell_Numbers_Spivey",
"title": "Spivey's Generalized Recurrence for Bell Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "This formalisation contains the proof that there is no anonymous and neutral Social Decision Scheme for at least four voters and alternatives that fulfils both SD-Efficiency and SD-Strategy- Proofness. The proof is a fully structured and quasi-human-redable one. It was derived from the (unstructured) SMT proof of the case for exactly four voters and alternatives by Brandl et al. Their proof relies on an unverified translation of the original problem to SMT, and the proof that lifts the argument for exactly four voters and alternatives to the general case is also not machine-checked. In this Isabelle proof, on the other hand, all of these steps are fully proven and machine-checked. This is particularly important seeing as a previously published informal proof of a weaker statement contained a mistake in precisely this lifting step.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-04",
- "id": 496,
+ "id": 501,
"link": "/entries/SDS_Impossibility.html",
"permalink": "/entries/SDS_Impossibility.html",
"shortname": "SDS_Impossibility",
"title": "The Incompatibility of SD-Efficiency and SD-Strategy-Proofness",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This formalization is concerned with the theory of Gröbner bases in (commutative) multivariate polynomial rings over fields, originally developed by Buchberger in his 1965 PhD thesis. Apart from the statement and proof of the main theorem of the theory, the formalization also implements Buchberger's algorithm for actually computing Gröbner bases as a tail-recursive function, thus allowing to effectively decide ideal membership in finitely generated polynomial ideals. Furthermore, all functions can be executed on a concrete representation of multivariate polynomials as association lists.",
"authors": [
"Fabian Immler",
"Alexander Maletzky"
],
"date": "2016-05-02",
- "id": 497,
+ "id": 502,
"link": "/entries/Groebner_Bases.html",
"permalink": "/entries/Groebner_Bases.html",
"shortname": "Groebner_Bases",
"title": "Gröbner Bases Theory",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "We provide a formal proof within First Order Relativity Theory that no observer can travel faster than the speed of light. Originally reported in Stannett \u0026 Németi (2014) \"Using Isabelle/HOL to verify first-order relativity theory\", Journal of Automated Reasoning 52(4), pp. 361-378.",
"authors": [
"Mike Stannett",
"István Németi"
],
"date": "2016-04-28",
- "id": 498,
+ "id": 503,
"link": "/entries/No_FTL_observers.html",
"permalink": "/entries/No_FTL_observers.html",
"shortname": "No_FTL_observers",
"title": "No Faster-Than-Light Observers",
"topic_links": [
"mathematics/physics"
],
"topics": [
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "The theory provides a formalisation of the Cocke-Younger-Kasami algorithm (CYK for short), an approach to solving the word problem for context-free languages. CYK decides if a word is in the languages generated by a context-free grammar in Chomsky normal form. The formalized algorithm is executable.",
"authors": [
"Maksym Bortin"
],
"date": "2016-04-27",
- "id": 499,
+ "id": 504,
"link": "/entries/CYK.html",
"permalink": "/entries/CYK.html",
"shortname": "CYK",
"title": "A formalisation of the Cocke-Younger-Kasami algorithm",
"topic_links": [
"computer-science/algorithms",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We present a verified and executable implementation of ROBDDs in Isabelle/HOL. Our implementation relates pointer-based computation in the Heap monad to operations on an abstract definition of boolean functions. Internally, we implemented the if-then-else combinator in a recursive fashion, following the Shannon decomposition of the argument functions. The implementation mixes and adapts known techniques and is built with efficiency in mind.",
"authors": [
"Julius Michaelis",
"Max W. Haslbeck",
"Peter Lammich",
"Lars Hupel"
],
"date": "2016-04-27",
- "id": 500,
+ "id": 505,
"link": "/entries/ROBDD.html",
"permalink": "/entries/ROBDD.html",
"shortname": "ROBDD",
"title": "Algorithms for Reduced Ordered Binary Decision Diagrams",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the former operation is a process that initially behaves like the first operand, and then like the second operand once the execution of the first one has terminated successfully, as long as it does.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of sequential composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation, provided that successful termination cannot be affected by confidential events and cannot occur as an alternative to other events in the traces of the first operand. Both of these assumptions are shown, by means of counterexamples, to be necessary for the theorem to hold.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-04-26",
- "id": 501,
+ "id": 506,
"link": "/entries/Noninterference_Sequential_Composition.html",
"permalink": "/entries/Noninterference_Sequential_Composition.html",
"shortname": "Noninterference_Sequential_Composition",
"title": "Conservation of CSP Noninterference Security under Sequential Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "Kleene algebras with domain are Kleene algebras endowed with an operation that maps each element of the algebra to its domain of definition (or its complement) in abstract fashion. They form a simple algebraic basis for Hoare logics, dynamic logics or predicate transformer semantics. We formalise a modular hierarchy of algebras with domain and antidomain (domain complement) operations in Isabelle/HOL that ranges from domain and antidomain semigroups to modal Kleene algebras and divergence Kleene algebras. We link these algebras with models of binary relations and program traces. We include some examples from modal logics, termination and program analysis.",
"authors": [
"Victor B. F. Gomes",
"Walter Guttmann",
"Peter Höfner",
"Georg Struth",
"Tjark Weber"
],
"date": "2016-04-12",
- "id": 502,
+ "id": 507,
"link": "/entries/KAD.html",
"permalink": "/entries/KAD.html",
"shortname": "KAD",
"title": "Kleene Algebras with Domain",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn- renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductive- complete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment- minimal, non-valid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms in the considered sets and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-03-11",
- "id": 503,
+ "id": 508,
"link": "/entries/PropResPI.html",
"permalink": "/entries/PropResPI.html",
"shortname": "PropResPI",
"title": "Propositional Resolution and Prime Implicates Generation",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The Cartan fixed point theorems concern the group of holomorphic automorphisms on a connected open set of C\u003csup\u003en\u003c/sup\u003e. Ciolli et al. have formalised the one-dimensional case of these theorems in HOL Light. This entry contains their proofs, ported to Isabelle/HOL. Thus it addresses the authors' remark that \"it would be important to write a formal proof in a language that can be read by both humans and machines\".",
"authors": [
"Lawrence C. Paulson"
],
"date": "2016-03-08",
- "id": 504,
+ "id": 509,
"link": "/entries/Cartan_FP.html",
"permalink": "/entries/Cartan_FP.html",
"shortname": "Cartan_FP",
"title": "The Cartan Fixed Point Theorems",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Timed automata are a widely used formalism for modeling real-time systems, which is employed in a class of successful model checkers such as UPPAAL [LPY97], HyTech [HHWt97] or Kronos [Yov97]. This work formalizes the theory for the subclass of diagonal-free timed automata, which is sufficient to model many interesting problems. We first define the basic concepts and semantics of diagonal-free timed automata. Based on this, we prove two types of decidability results for the language emptiness problem. The first is the classic result of Alur and Dill [AD90, AD94], which uses a finite partitioning of the state space into so-called `regions`. Our second result focuses on an approach based on `Difference Bound Matrices (DBMs)`, which is practically used by model checkers. We prove the correctness of the basic forward analysis operations on DBMs. One of these operations is the Floyd-Warshall algorithm for the all-pairs shortest paths problem. To obtain a finite search space, a widening operation has to be used for this kind of analysis. We use Patricia Bouyer's [Bou04] approach to prove that this widening operation is correct in the sense that DBM-based forward analysis in combination with the widening operation also decides language emptiness. The interesting property of this proof is that the first decidability result is reused to obtain the second one.",
"authors": [
"Simon Wimmer"
],
"date": "2016-03-08",
- "id": 505,
+ "id": 510,
"link": "/entries/Timed_Automata.html",
"permalink": "/entries/Timed_Automata.html",
"shortname": "Timed_Automata",
"title": "Timed Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This theory provides a formalisation of linear temporal logic (LTL) and unifies previous formalisations within the AFP. This entry establishes syntax and semantics for this logic and decouples it from existing entries, yielding a common environment for theories reasoning about LTL. Furthermore a parser written in SML and an executable simplifier are provided.",
"authors": [
"Salomon Sickert"
],
"date": "2016-03-01",
- "id": 506,
+ "id": 511,
"link": "/entries/LTL.html",
"permalink": "/entries/LTL.html",
"shortname": "LTL",
"title": "Linear Temporal Logic",
"topic_links": [
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 6
},
{
"abstract": "\u003cp\u003e These theories formalize the quantitative analysis of a number of classical algorithms for the list update problem: 2-competitiveness of move-to-front, the lower bound of 2 for the competitiveness of deterministic list update algorithms and 1.6-competitiveness of the randomized COMB algorithm, the best randomized list update algorithm known to date. The material is based on the first two chapters of \u003ci\u003eOnline Computation and Competitive Analysis\u003c/i\u003e by Borodin and El-Yaniv. \u003c/p\u003e \u003cp\u003e For an informal description see the FSTTCS 2016 publication \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/fsttcs16.html\"\u003eVerified Analysis of List Update Algorithms\u003c/a\u003e by Haslbeck and Nipkow. \u003c/p\u003e",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2016-02-17",
- "id": 507,
+ "id": 512,
"link": "/entries/List_Update.html",
"permalink": "/entries/List_Update.html",
"shortname": "List_Update",
"title": "Analysis of List Update Algorithms",
"topic_links": [
"computer-science/algorithms/online",
"computer-science/algorithms/randomized"
],
"topics": [
"Computer science/Algorithms/Online",
"Computer science/Algorithms/Randomized"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We define a functional variant of the static single assignment (SSA) form construction algorithm described by \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.\u003c/a\u003e, which combines simplicity and efficiency. The definition is based on a general, abstract control flow graph representation using Isabelle locales. \u003c/p\u003e \u003cp\u003e We prove that the algorithm's output is semantically equivalent to the input according to a small-step semantics, and that it is in minimal SSA form for the common special case of reducible inputs. We then show the satisfiability of the locale assumptions by giving instantiations for a simple While language. \u003c/p\u003e \u003cp\u003e Furthermore, we use a generic instantiation based on typedefs in order to extract OCaml code and replace the unverified SSA construction algorithm of the \u003ca href=\"https://doi.org/10.1145/2579080\"\u003eCompCertSSA project\u003c/a\u003e with it. \u003c/p\u003e \u003cp\u003e A more detailed description of the verified SSA construction can be found in the paper \u003ca href=\"https://doi.org/10.1145/2892208.2892211\"\u003eVerified Construction of Static Single Assignment Form\u003c/a\u003e, CC 2016. \u003c/p\u003e",
"authors": [
"Sebastian Ullrich",
"Denis Lohner"
],
"date": "2016-02-05",
- "id": 508,
+ "id": 513,
"link": "/entries/Formal_SSA.html",
"permalink": "/entries/Formal_SSA.html",
"shortname": "Formal_SSA",
"title": "Verified Construction of Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "Based on existing libraries for polynomial interpolation and matrices, we formalized several factorization algorithms for polynomials, including Kronecker's algorithm for integer polynomials, Yun's square-free factorization algorithm for field polynomials, and Berlekamp's algorithm for polynomials over finite fields. By combining the last one with Hensel's lifting, we derive an efficient factorization algorithm for the integer polynomials, which is then lifted for rational polynomials by mechanizing Gauss' lemma. Finally, we assembled a combined factorization algorithm for rational polynomials, which combines all the mentioned algorithms and additionally uses the explicit formula for roots of quadratic polynomials and a rational root test. \u003cp\u003e As side products, we developed division algorithms for polynomials over integral domains, as well as primality-testing and prime-factorization algorithms for integers.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 509,
+ "id": 514,
"link": "/entries/Polynomial_Factorization.html",
"permalink": "/entries/Polynomial_Factorization.html",
"shortname": "Polynomial_Factorization",
"title": "Polynomial Factorization",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 12
},
{
"abstract": "We formalized three algorithms for polynomial interpolation over arbitrary fields: Lagrange's explicit expression, the recursive algorithm of Neville and Aitken, and the Newton interpolation in combination with an efficient implementation of divided differences. Variants of these algorithms for integer polynomials are also available, where sometimes the interpolation can fail; e.g., there is no linear integer polynomial \u003ci\u003ep\u003c/i\u003e such that \u003ci\u003ep(0) = 0\u003c/i\u003e and \u003ci\u003ep(2) = 1\u003c/i\u003e. Moreover, for the Newton interpolation for integer polynomials, we proved that all intermediate results that are computed during the algorithm must be integers. This admits an early failure detection in the implementation. Finally, we proved the uniqueness of polynomial interpolation. \u003cp\u003e The development also contains improved code equations to speed up the division of integers in target languages.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 510,
+ "id": 515,
"link": "/entries/Polynomial_Interpolation.html",
"permalink": "/entries/Polynomial_Interpolation.html",
"shortname": "Polynomial_Interpolation",
"title": "Polynomial Interpolation",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 9
},
{
"abstract": "This work contains a formalization of some topics in knot theory. The concepts that were formalized include definitions of tangles, links, framed links and link/tangle equivalence. The formalization is based on a formulation of links in terms of tangles. We further construct and prove the invariance of the Bracket polynomial. Bracket polynomial is an invariant of framed links closely linked to the Jones polynomial. This is perhaps the first attempt to formalize any aspect of knot theory in an interactive proof assistant.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-20",
- "id": 511,
+ "id": 516,
"link": "/entries/Knot_Theory.html",
"permalink": "/entries/Knot_Theory.html",
"shortname": "Knot_Theory",
"title": "Knot Theory",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "In this work, the Kronecker tensor product of matrices and the proofs of some of its properties are formalized. Properties which have been formalized include associativity of the tensor product and the mixed-product property.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-18",
- "id": 512,
+ "id": 517,
"link": "/entries/Matrix_Tensor.html",
"permalink": "/entries/Matrix_Tensor.html",
"shortname": "Matrix_Tensor",
"title": "Tensor Product of Matrices",
"topic_links": [
"computer-science/data-structures",
"mathematics/algebra"
],
"topics": [
"Computer science/Data structures",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry provides a basic library for number partitions, defines the two-argument partition function through its recurrence relation and relates this partition function to the cardinality of number partitions. The main proof shows that the recursively-defined partition function with arguments n and k equals the cardinality of number partitions of n with exactly k parts. The combinatorial proof follows the proof sketch of Theorem 2.4.1 in Mazur's textbook `Combinatorics: A Guided Tour`. This entry can serve as starting point for various more intrinsic properties about number partitions, the partition function and related recurrence relations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-01-14",
- "id": 513,
+ "id": 518,
"link": "/entries/Card_Number_Partitions.html",
"permalink": "/entries/Card_Number_Partitions.html",
"shortname": "Card_Number_Partitions",
"title": "Cardinality of Number Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 3
},
{
"abstract": "\u003cp\u003e This entry contains a definition of angles between vectors and between three points. Building on this, we prove basic geometric properties of triangles, such as the Isosceles Triangle Theorem, the Law of Sines and the Law of Cosines, that the sum of the angles of a triangle is π, and the congruence theorems for triangles. \u003c/p\u003e\u003cp\u003e The definitions and proofs were developed following those by John Harrison in HOL Light. However, due to Isabelle's type class system, all definitions and theorems in the Isabelle formalisation hold for all real inner product spaces. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 514,
+ "id": 519,
"link": "/entries/Triangle.html",
"permalink": "/entries/Triangle.html",
"shortname": "Triangle",
"title": "Basic Geometric Properties of Triangles",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Descartes' Rule of Signs relates the number of positive real roots of a polynomial with the number of sign changes in its coefficient sequence. \u003c/p\u003e\u003cp\u003e Our proof follows the simple inductive proof given by Rob Arthan, which was also used by John Harrison in his HOL Light formalisation. We proved most of the lemmas for arbitrary linearly-ordered integrity domains (e.g. integers, rationals, reals); the main result, however, requires the intermediate value theorem and was therefore only proven for real polynomials. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 515,
+ "id": 520,
"link": "/entries/Descartes_Sign_Rule.html",
"permalink": "/entries/Descartes_Sign_Rule.html",
"shortname": "Descartes_Sign_Rule",
"title": "Descartes' Rule of Signs",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Liouville numbers are a class of transcendental numbers that can be approximated particularly well with rational numbers. Historically, they were the first numbers whose transcendence was proven. \u003c/p\u003e\u003cp\u003e In this entry, we define the concept of Liouville numbers as well as the standard construction to obtain Liouville numbers (including Liouville's constant) and we prove their most important properties: irrationality and transcendence. \u003c/p\u003e\u003cp\u003e The proof is very elementary and requires only standard arithmetic, the Mean Value Theorem for polynomials, and the boundedness of polynomials on compact intervals. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 516,
+ "id": 521,
"link": "/entries/Liouville_Numbers.html",
"permalink": "/entries/Liouville_Numbers.html",
"shortname": "Liouville_Numbers",
"title": "Liouville numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this work, we prove the lower bound \u003cspan class=\"nobr\"\u003eln(H_n) - ln(5/3)\u003c/span\u003e for the partial sum of the Prime Harmonic series and, based on this, the divergence of the Prime Harmonic Series \u003cspan class=\"nobr\"\u003e∑[p\u0026thinsp;prime]\u0026thinsp;·\u0026thinsp;1/p.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e The proof relies on the unique squarefree decomposition of natural numbers. This is similar to Euler's original proof (which was highly informal and morally questionable). Its advantage over proofs by contradiction, like the famous one by Paul Erdős, is that it provides a relatively good lower bound for the partial sums. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 517,
+ "id": 522,
"link": "/entries/Prime_Harmonic_Series.html",
"permalink": "/entries/Prime_Harmonic_Series.html",
"shortname": "Prime_Harmonic_Series",
"title": "The Divergence of the Prime Harmonic Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Based on existing libraries for matrices, factorization of rational polynomials, and Sturm's theorem, we formalized algebraic numbers in Isabelle/HOL. Our development serves as an implementation for real and complex numbers, and it admits to compute roots and completely factorize real and complex polynomials, provided that all coefficients are rational numbers. Moreover, we provide two implementations to display algebraic numbers, an injective and expensive one, or a faster but approximative version. \u003c/p\u003e\u003cp\u003e To this end, we mechanized several results on resultants, which also required us to prove that polynomials over a unique factorization domain form again a unique factorization domain. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada",
"Sebastiaan J. C. Joosten"
],
"date": "2015-12-22",
- "id": 518,
+ "id": 523,
"link": "/entries/Algebraic_Numbers.html",
"permalink": "/entries/Algebraic_Numbers.html",
"shortname": "Algebraic_Numbers",
"title": "Algebraic Numbers in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "Applicative functors augment computations with effects by lifting function application to types which model the effects. As the structure of the computation cannot depend on the effects, applicative expressions can be analysed statically. This allows us to lift universally quantified equations to the effectful types, as observed by Hinze. Thus, equational reasoning over effectful computations can be reduced to pure types. \u003c/p\u003e\u003cp\u003e This entry provides a package for registering applicative functors and two proof methods for lifting of equations over applicative functors. The first method normalises applicative expressions according to the laws of applicative functors. This way, equations whose two sides contain the same list of variables can be lifted to every applicative functor. \u003c/p\u003e\u003cp\u003e To lift larger classes of equations, the second method exploits a number of additional properties (e.g., commutativity of effects) provided the properties have been declared for the concrete applicative functor at hand upon registration. \u003c/p\u003e\u003cp\u003e We declare several types from the Isabelle library as applicative functors and illustrate the use of the methods with two examples: the lifting of the arithmetic type class hierarchy to streams and the verification of a relabelling function on binary trees. We also formalise and verify the normalisation algorithm used by the first proof method. \u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2015-12-22",
- "id": 519,
+ "id": 524,
"link": "/entries/Applicative_Lifting.html",
"permalink": "/entries/Applicative_Lifting.html",
"shortname": "Applicative_Lifting",
"title": "Applicative Lifting",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 4
},
{
"abstract": "The Stern-Brocot tree contains all rational numbers exactly once and in their lowest terms. We formalise the Stern-Brocot tree as a coinductive tree using recursive and iterative specifications, which we have proven equivalent, and show that it indeed contains all the numbers as stated. Following Hinze, we prove that the Stern-Brocot tree can be linearised looplessly into Stern's diatonic sequence (also known as Dijkstra's fusc function) and that it is a permutation of the Bird tree. \u003c/p\u003e\u003cp\u003e The reasoning stays at an abstract level by appealing to the uniqueness of solutions of guarded recursive equations and lifting algebraic laws point-wise to trees and streams using applicative functors. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Andreas Lochbihler"
],
"date": "2015-12-22",
- "id": 520,
+ "id": 525,
"link": "/entries/Stern_Brocot.html",
"permalink": "/entries/Stern_Brocot.html",
"shortname": "Stern_Brocot",
"title": "The Stern-Brocot Tree",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory's main theorem states that the cardinality of set partitions of size k on a carrier set of size n is expressed by Stirling numbers of the second kind. In Isabelle, Stirling numbers of the second kind are defined in the AFP entry `Discrete Summation` through their well-known recurrence relation. The main theorem relates them to the alternative definition as cardinality of set partitions. The proof follows the simple and short explanation in Richard P. Stanley's `Enumerative Combinatorics: Volume 1` and Wikipedia, and unravels the full details and implicit reasoning steps of these explanations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-12-12",
- "id": 521,
+ "id": 526,
"link": "/entries/Card_Partitions.html",
"permalink": "/entries/Card_Partitions.html",
"shortname": "Card_Partitions",
"title": "Cardinality of Set Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 5
},
{
"abstract": "A Latin Square is a n x n table filled with integers from 1 to n where each number appears exactly once in each row and each column. A Latin Rectangle is a partially filled n x n table with r filled rows and n-r empty rows, such that each number appears at most once in each row and each column. The main result of this theory is that any Latin Rectangle can be completed to a Latin Square.",
"authors": [
"Alexander Bentkamp"
],
"date": "2015-12-02",
- "id": 522,
+ "id": 527,
"link": "/entries/Latin_Square.html",
"permalink": "/entries/Latin_Square.html",
"shortname": "Latin_Square",
"title": "Latin Square",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Ergodic theory is the branch of mathematics that studies the behaviour of measure preserving transformations, in finite or infinite measure. It interacts both with probability theory (mainly through measure theory) and with geometry as a lot of interesting examples are from geometric origin. We implement the first definitions and theorems of ergodic theory, including notably Poicaré recurrence theorem for finite measure preserving systems (together with the notion of conservativity in general), induced maps, Kac's theorem, Birkhoff theorem (arguably the most important theorem in ergodic theory), and variations around it such as conservativity of the corresponding skew product, or Atkinson lemma.",
"authors": [
"Sebastien Gouezel"
],
"date": "2015-12-01",
- "id": 523,
+ "id": 528,
"link": "/entries/Ergodic_Theory.html",
"permalink": "/entries/Ergodic_Theory.html",
"shortname": "Ergodic_Theory",
"title": "Ergodic Theory",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 4
},
{
"abstract": "Euler's Partition Theorem states that the number of partitions with only distinct parts is equal to the number of partitions with only odd parts. The combinatorial proof follows John Harrison's HOL Light formalization. This theorem is the 45th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-11-19",
- "id": 524,
+ "id": 529,
"link": "/entries/Euler_Partition.html",
"permalink": "/entries/Euler_Partition.html",
"shortname": "Euler_Partition",
"title": "Euler's Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize the Tortoise and Hare cycle-finding algorithm ascribed to Floyd by Knuth, and an improved version due to Brent.",
"authors": [
"Peter Gammie"
],
"date": "2015-11-18",
- "id": 525,
+ "id": 530,
"link": "/entries/TortoiseHare.html",
"permalink": "/entries/TortoiseHare.html",
"shortname": "TortoiseHare",
"title": "The Tortoise and Hare Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of planarity based on combinatorial maps and proves that Kuratowski's theorem implies combinatorial planarity. Moreover, it contains verified implementations of programs checking certificates for planarity (i.e., a combinatorial map) or non-planarity (i.e., a Kuratowski subgraph).",
"authors": [
"Lars Noschinski"
],
"date": "2015-11-11",
- "id": 526,
+ "id": 531,
"link": "/entries/Planarity_Certificates.html",
"permalink": "/entries/Planarity_Certificates.html",
"shortname": "Planarity_Certificates",
"title": "Planarity Certificates",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parity games (a two-player game on directed graphs) and a proof of their positional determinacy in Isabelle/HOL. This proof works for both finite and infinite games.",
"authors": [
"Christoph Dittmann"
],
"date": "2015-11-02",
- "id": 527,
+ "id": 532,
"link": "/entries/Parity_Game.html",
"permalink": "/entries/Parity_Game.html",
"shortname": "Parity_Game",
"title": "Positional Determinacy of Parity Games",
"topic_links": [
"mathematics/games-and-economics",
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Games and economics",
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "We represent a theory \u003ci\u003eof\u003c/i\u003e (a fragment of) Isabelle/HOL \u003ci\u003ein\u003c/i\u003e Isabelle/HOL. The purpose of this exercise is to write packages for domain-specific specifications such as class models, B-machines, ..., and generally speaking, any domain-specific languages whose abstract syntax can be defined by a HOL \"datatype\". On this basis, the Isabelle code-generator can then be used to generate code for global context transformations as well as tactic code. \u003cp\u003e Consequently the package is geared towards parsing, printing and code-generation to the Isabelle API. It is at the moment not sufficiently rich for doing meta theory on Isabelle itself. Extensions in this direction are possible though. \u003cp\u003e Moreover, the chosen fragment is fairly rudimentary. However it should be easily adapted to one's needs if a package is written on top of it. The supported API contains types, terms, transformation of global context like definitions and data-type declarations as well as infrastructure for Isar-setups. \u003cp\u003e This theory is drawn from the \u003ca href=\"http://isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e project where it is used to construct a package for object-oriented data-type theories generated from UML class diagrams. The Featherweight OCL, for example, allows for both the direct execution of compiled tactic code by the Isabelle API as well as the generation of \".thy\"-files for debugging purposes. \u003cp\u003e Gained experience from this project shows that the compiled code is sufficiently efficient for practical purposes while being based on a formal \u003ci\u003emodel\u003c/i\u003e on which properties of the package can be proven such as termination of certain transformations, correctness, etc.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2015-09-16",
- "id": 528,
+ "id": 533,
"link": "/entries/Isabelle_Meta_Model.html",
"permalink": "/entries/Isabelle_Meta_Model.html",
"shortname": "Isabelle_Meta_Model",
"title": "A Meta-Model for the Isabelle API",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Recently, Javier Esparza and Jan Kretinsky proposed a new method directly translating linear temporal logic (LTL) formulas to deterministic (generalized) Rabin automata. Compared to the existing approaches of constructing a non-deterministic Buechi-automaton in the first step and then applying a determinization procedure (e.g. some variant of Safra's construction) in a second step, this new approach preservers a relation between the formula and the states of the resulting automaton. While the old approach produced a monolithic structure, the new method is compositional. Furthermore, in some cases the resulting automata are much smaller than the automata generated by existing approaches. In order to ensure the correctness of the construction, this entry contains a complete formalisation and verification of the translation. Furthermore from this basis executable code is generated.",
"authors": [
"Salomon Sickert"
],
"date": "2015-09-04",
- "id": 529,
+ "id": 534,
"link": "/entries/LTL_to_DRA.html",
"permalink": "/entries/LTL_to_DRA.html",
"shortname": "LTL_to_DRA",
"title": "Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Matrix interpretations are useful as measure functions in termination proving. In order to use these interpretations also for complexity analysis, the growth rate of matrix powers has to examined. Here, we formalized a central result of spectral radius theory, namely that the growth rate is polynomially bounded if and only if the spectral radius of a matrix is at most one. \u003c/p\u003e\u003cp\u003e To formally prove this result we first studied the growth rates of matrices in Jordan normal form, and prove the result that every complex matrix has a Jordan normal form using a constructive prove via Schur decomposition. \u003c/p\u003e\u003cp\u003e The whole development is based on a new abstract type for matrices, which is also executable by a suitable setup of the code generator. It completely subsumes our former AFP-entry on executable matrices, and its main advantage is its close connection to the HMA-representation which allowed us to easily adapt existing proofs on determinants. \u003c/p\u003e\u003cp\u003e All the results have been applied to improve CeTA, our certifier to validate termination and complexity proof certificates. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2015-08-21",
- "id": 530,
+ "id": 535,
"link": "/entries/Jordan_Normal_Form.html",
"permalink": "/entries/Jordan_Normal_Form.html",
"shortname": "Jordan_Normal_Form",
"title": "Matrices, Jordan Normal Forms, and Spectral Radius Theory",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 15
},
{
"abstract": "This theory formalizes the commutation version of decreasing diagrams for Church-Rosser modulo. The proof follows Felgenhauer and van Oostrom (RTA 2013). The theory also provides important specializations, in particular van Oostrom’s conversion version (TCS 2008) of decreasing diagrams.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2015-08-20",
- "id": 531,
+ "id": 536,
"link": "/entries/Decreasing-Diagrams-II.html",
"permalink": "/entries/Decreasing-Diagrams-II.html",
"shortname": "Decreasing-Diagrams-II",
"title": "Decreasing Diagrams II",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. \u003c/p\u003e\u003cp\u003e Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-08-18",
- "id": 532,
+ "id": 537,
"link": "/entries/Noninterference_Inductive_Unwinding.html",
"permalink": "/entries/Noninterference_Inductive_Unwinding.html",
"shortname": "Noninterference_Inductive_Unwinding",
"title": "The Inductive Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We provide a formal framework for the theory of representations of finite groups, as modules over the group ring. Along the way, we develop the general theory of groups (relying on the group_add class for the basics), modules, and vector spaces, to the extent required for theory of group representations. We then provide formal proofs of several important introductory theorems in the subject, including Maschke's theorem, Schur's lemma, and Frobenius reciprocity. We also prove that every irreducible representation is isomorphic to a submodule of the group ring, leading to the fact that for a finite group there are only finitely many isomorphism classes of irreducible representations. In all of this, no restriction is made on the characteristic of the ring or field of scalars until the definition of a group representation, and then the only restriction made is that the characteristic must not divide the order of the group.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2015-08-12",
- "id": 533,
+ "id": 538,
"link": "/entries/Rep_Fin_Groups.html",
"permalink": "/entries/Rep_Fin_Groups.html",
"shortname": "Rep_Fin_Groups",
"title": "Representations of Finite Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Encodings or the proof of their absence are the main way to compare process calculi. To analyse the quality of encodings and to rule out trivial or meaningless encodings, they are augmented with quality criteria. There exists a bunch of different criteria and different variants of criteria in order to reason in different settings. This leads to incomparable results. Moreover it is not always clear whether the criteria used to obtain a result in a particular setting do indeed fit to this setting. We show how to formally reason about and compare encodability criteria by mapping them on requirements on a relation between source and target terms that is induced by the encoding function. In particular we analyse the common criteria full abstraction, operational correspondence, divergence reflection, success sensitiveness, and respect of barbs; e.g. we analyse the exact nature of the simulation relation (coupled simulation versus bisimulation) that is induced by different variants of operational correspondence. This way we reduce the problem of analysing or comparing encodability criteria to the better understood problem of comparing relations on processes.",
"authors": [
"Kirstin Peters",
"Rob van Glabbeek"
],
"date": "2015-08-10",
- "id": 534,
+ "id": 539,
"link": "/entries/Encodability_Process_Calculi.html",
"permalink": "/entries/Encodability_Process_Calculi.html",
"shortname": "Encodability_Process_Calculi",
"title": "Analysing and Comparing Encodability Criteria for Process Calculi",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Isabelle/Isar provides named cases to structure proofs. This article contains an implementation of a proof method \u003ctt\u003ecasify\u003c/tt\u003e, which can be used to easily extend proof tools with support for named cases. Such a proof tool must produce labeled subgoals, which are then interpreted by \u003ctt\u003ecasify\u003c/tt\u003e. \u003cp\u003e As examples, this work contains verification condition generators producing named cases for three languages: The Hoare language from \u003ctt\u003eHOL/Library\u003c/tt\u003e, a monadic language for computations with failure (inspired by the AutoCorres tool), and a language of conditional expressions. These VCGs are demonstrated by a number of example programs.",
"authors": [
"Lars Noschinski"
],
"date": "2015-07-21",
- "id": 535,
+ "id": 540,
"link": "/entries/Case_Labeling.html",
"permalink": "/entries/Case_Labeling.html",
"shortname": "Case_Labeling",
"title": "Generating Cases from Labeled Subgoals",
"topic_links": [
"tools",
"computer-science/programming-languages/misc"
],
"topics": [
"Tools",
"Computer science/Programming languages/Misc"
],
"used_by": 1
},
{
"abstract": "This entry provides Landau symbols to describe and reason about the asymptotic growth of functions for sufficiently large inputs. A number of simplification procedures are provided for additional convenience: cancelling of dominated terms in sums under a Landau symbol, cancelling of common factors in products, and a decision procedure for Landau expressions containing products of powers of functions like x, ln(x), ln(ln(x)) etc.",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 536,
+ "id": 541,
"link": "/entries/Landau_Symbols.html",
"permalink": "/entries/Landau_Symbols.html",
"shortname": "Landau_Symbols",
"title": "Landau Symbols",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 11
},
{
"abstract": "This article contains a formalisation of the Akra-Bazzi method based on a proof by Leighton. It is a generalisation of the well-known Master Theorem for analysing the complexity of Divide \u0026 Conquer algorithms. We also include a generalised version of the Master theorem based on the Akra-Bazzi theorem, which is easier to apply than the Akra-Bazzi theorem itself. \u003cp\u003e Some proof methods that facilitate applying the Master theorem are also included. For a more detailed explanation of the formalisation and the proof methods, see the accompanying paper (publication forthcoming).",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 537,
+ "id": 542,
"link": "/entries/Akra_Bazzi.html",
"permalink": "/entries/Akra_Bazzi.html",
"shortname": "Akra_Bazzi",
"title": "The Akra-Bazzi theorem and the Master theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "Hermite Normal Form is a canonical matrix analogue of Reduced Echelon Form, but involving matrices over more general rings. In this work we formalise an algorithm to compute the Hermite Normal Form of a matrix by means of elementary row operations, taking advantage of the Echelon Form AFP entry. We have proven the correctness of such an algorithm and refined it to immutable arrays. Furthermore, we have also formalised the uniqueness of the Hermite Normal Form of a matrix. Code can be exported and some examples of execution involving integer matrices and polynomial matrices are presented as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-07-07",
- "id": 538,
+ "id": 543,
"link": "/entries/Hermite.html",
"permalink": "/entries/Hermite.html",
"shortname": "Hermite",
"title": "Hermite Normal Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Derangements Formula describes the number of fixpoint-free permutations as a closed formula. This theorem is the 88th theorem in a list of the “\u003ca href=\"http://www.cs.ru.nl/~freek/100/\"\u003eTop 100 Mathematical Theorems\u003c/a\u003e”.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-06-27",
- "id": 539,
+ "id": 544,
"link": "/entries/Derangements.html",
"permalink": "/entries/Derangements.html",
"shortname": "Derangements",
"title": "Derangements Formula",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Binary multirelations associate elements of a set with its subsets; hence they are binary relations from a set to its power set. Applications include alternating automata, models and logics for games, program semantics with dual demonic and angelic nondeterministic choices and concurrent dynamic logics. This proof document supports an arXiv article that formalises the basic algebra of multirelations and proposes axiom systems for them, ranging from weak bi-monoids to weak bi-quantales.",
"authors": [
"Hitoshi Furusawa",
"Georg Struth"
],
"date": "2015-06-11",
- "id": 540,
+ "id": 545,
"link": "/entries/Multirelations.html",
"permalink": "/entries/Multirelations.html",
"shortname": "Multirelations",
"title": "Binary Multirelations",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Among the various mathematical tools introduced in his outstanding work on Communicating Sequential Processes, Hoare has defined \"interleaves\" as the predicate satisfied by any three lists such that the first list may be split into sublists alternately extracted from the other two ones, whatever is the criterion for extracting an item from either one list or the other in each step. \u003c/p\u003e\u003cp\u003e This paper enriches Hoare's definition by identifying such criterion with the truth value of a predicate taking as inputs the head and the tail of the first list. This enhanced \"interleaves\" predicate turns out to permit the proof of equalities between lists without the need of an induction. Some rules that allow to infer \"interleaves\" statements without induction, particularly applying to the addition or removal of a prefix to the input lists, are also proven. Finally, a stronger version of the predicate, named \"Interleaves\", is shown to fulfil further rules applying to the addition or removal of a suffix to the input lists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 541,
+ "id": 546,
"link": "/entries/List_Interleaving.html",
"permalink": "/entries/List_Interleaving.html",
"shortname": "List_Interleaving",
"title": "Reasoning about Lists via List Interleaving",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such that just individual actions, rather than unbounded sequences of actions, have to be considered. \u003c/p\u003e\u003cp\u003e By extending previous results applying to transitive noninterference policies, Rushby has proven an unwinding theorem that provides a sufficient condition of this kind in the general case of a possibly intransitive policy. This condition has to be satisfied by a generic function mapping security domains into equivalence relations over machine states. \u003c/p\u003e\u003cp\u003e An analogous problem arises for CSP noninterference security, whose definition requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. \u003c/p\u003e\u003cp\u003e This paper provides a sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's one for classical noninterference security, and has to be satisfied by a generic function mapping security domains into equivalence relations over process traces; hence its name, Generic Unwinding Theorem. Variants of this theorem applying to deterministic processes and trace set processes are also proven. Finally, the sufficient condition for security expressed by the theorem is shown not to be a necessary condition as well, viz. there exists a secure process such that no domain-relation map satisfying the condition exists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 542,
+ "id": 547,
"link": "/entries/Noninterference_Generic_Unwinding.html",
"permalink": "/entries/Noninterference_Generic_Unwinding.html",
"shortname": "Noninterference_Generic_Unwinding",
"title": "The Generic Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some sufficient condition for security such that just individual accepted and refused events, rather than unbounded sequences and sets of events, have to be considered. \u003c/p\u003e\u003cp\u003e Of course, if such a sufficient condition were necessary as well, it would be even more valuable, since it would permit to prove not only that a process is secure by verifying that the condition holds, but also that a process is not secure by verifying that the condition fails to hold. \u003c/p\u003e\u003cp\u003e This paper provides a necessary and sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's output consistency for deterministic state machines with outputs, and has to be satisfied by a specific function mapping security domains into equivalence relations over process traces. The definition of this function makes use of an intransitive purge function following Rushby's one; hence the name given to the condition, Ipurge Unwinding Theorem. \u003c/p\u003e\u003cp\u003e Furthermore, in accordance with Hoare's formal definition of deterministic processes, it is shown that a process is deterministic just in case it is a trace set process, i.e. it may be identified by means of a trace set alone, matching the set of its traces, in place of a failures-divergences pair. Then, variants of the Ipurge Unwinding Theorem are proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 543,
+ "id": 548,
"link": "/entries/Noninterference_Ipurge_Unwinding.html",
"permalink": "/entries/Noninterference_Ipurge_Unwinding.html",
"shortname": "Noninterference_Ipurge_Unwinding",
"title": "The Ipurge Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "This article formalizes the amortized analysis of dynamic tables parameterized with their minimal and maximal load factors and the expansion and contraction factors. \u003cP\u003e A full description is found in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs\"\u003ecompanion paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2015-06-07",
- "id": 544,
+ "id": 549,
"link": "/entries/Dynamic_Tables.html",
"permalink": "/entries/Dynamic_Tables.html",
"shortname": "Dynamic_Tables",
"title": "Parameterized Dynamic Tables",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We formalize new decision procedures for WS1S, M2L(Str), and Presburger Arithmetics. Formulas of these logics denote regular languages. Unlike traditional decision procedures, we do \u003cem\u003enot\u003c/em\u003e translate formulas into automata (nor into regular expressions), at least not explicitly. Instead we devise notions of derivatives (inspired by Brzozowski derivatives for regular expressions) that operate on formulas directly and compute a syntactic bisimulation using these derivatives. The treatment of Boolean connectives and quantifiers is uniform for all mentioned logics and is abstracted into a locale. This locale is then instantiated by different atomic formulas and their derivatives (which may differ even for the same logic under different encodings of interpretations as formal words). \u003cp\u003e The WS1S instance is described in the draft paper \u003ca href=\"https://people.inf.ethz.ch/trayteld/papers/csl15-ws1s_derivatives/index.html\"\u003eA Coalgebraic Decision Procedure for WS1S\u003c/a\u003e by the author.",
"authors": [
"Dmitriy Traytel"
],
"date": "2015-05-28",
- "id": 545,
+ "id": 550,
"link": "/entries/Formula_Derivatives.html",
"permalink": "/entries/Formula_Derivatives.html",
"shortname": "Formula_Derivatives",
"title": "Derivatives of Logical Formulas",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "Numerous models of probabilistic systems are studied in the literature. Coalgebra has been used to classify them into system types and compare their expressiveness. We formalize the resulting hierarchy of probabilistic system types by modeling the semantics of the different systems as codatatypes. This approach yields simple and concise proofs, as bisimilarity coincides with equality for codatatypes. \u003cp\u003e This work is described in detail in the ITP 2015 publication by the authors.",
"authors": [
"Johannes Hölzl",
"Andreas Lochbihler",
"Dmitriy Traytel"
],
"date": "2015-05-27",
- "id": 546,
+ "id": 551,
"link": "/entries/Probabilistic_System_Zoo.html",
"permalink": "/entries/Probabilistic_System_Zoo.html",
"shortname": "Probabilistic_System_Zoo",
"title": "A Zoo of Probabilistic Systems",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "A VCG auction (named after their inventors Vickrey, Clarke, and Groves) is a generalization of the single-good, second price Vickrey auction to the case of a combinatorial auction (multiple goods, from which any participant can bid on each possible combination). We formalize in this entry VCG auctions, including tie-breaking and prove that the functions for the allocation and the price determination are well-defined. Furthermore we show that the allocation function allocates goods only to participants, only goods in the auction are allocated, and no good is allocated twice. We also show that the price function is non-negative. These properties also hold for the automatically extracted Scala code.",
"authors": [
"Marco B. Caminati",
"Manfred Kerber",
"Christoph Lange",
"Colin Rowat"
],
"date": "2015-04-30",
- "id": 547,
+ "id": 552,
"link": "/entries/Vickrey_Clarke_Groves.html",
"permalink": "/entries/Vickrey_Clarke_Groves.html",
"shortname": "Vickrey_Clarke_Groves",
"title": "VCG - Combinatorial Vickrey-Clarke-Groves Auctions",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "The theory of residuated lattices, first proposed by Ward and Dilworth, is formalised in Isabelle/HOL. This includes concepts of residuated functions; their adjoints and conjugates. It also contains necessary and sufficient conditions for the existence of these operations in an arbitrary lattice. The mathematical components for residuated lattices are linked to the AFP entry for relation algebra. In particular, we prove Jonsson and Tsinakis conditions for a residuated boolean algebra to form a relation algebra.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2015-04-15",
- "id": 548,
+ "id": 553,
"link": "/entries/Residuated_Lattices.html",
"permalink": "/entries/Residuated_Lattices.html",
"shortname": "Residuated_Lattices",
"title": "Residuated Lattices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "ConcurrentIMP extends the small imperative language IMP with control non-determinism and constructs for synchronous message passing.",
"authors": [
"Peter Gammie"
],
"date": "2015-04-13",
- "id": 549,
+ "id": 554,
"link": "/entries/ConcurrentIMP.html",
"permalink": "/entries/ConcurrentIMP.html",
"shortname": "ConcurrentIMP",
"title": "Concurrent IMP",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We use ConcurrentIMP to model Schism, a state-of-the-art real-time garbage collection scheme for weak memory, and show that it is safe on x86-TSO.\u003c/p\u003e \u003cp\u003e This development accompanies the PLDI 2015 paper of the same name. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Tony Hosking",
"Kai Engelhardt"
],
"date": "2015-04-13",
- "id": 550,
+ "id": 555,
"link": "/entries/ConcurrentGC.html",
"permalink": "/entries/ConcurrentGC.html",
"shortname": "ConcurrentGC",
"title": "Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO",
"topic_links": [
"computer-science/algorithms/concurrent"
],
"topics": [
"Computer science/Algorithms/Concurrent"
],
"used_by": 0
},
{
"abstract": "This article formalizes the “trie” data structure invented by Fredkin [CACM 1960]. It also provides a specialization where the entries in the trie are lists.",
"authors": [
"Andreas Lochbihler",
"Tobias Nipkow"
],
"date": "2015-03-30",
- "id": 551,
+ "id": 556,
"link": "/entries/Trie.html",
"permalink": "/entries/Trie.html",
"shortname": "Trie",
"title": "Trie",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "Algorithms for solving the consensus problem are fundamental to distributed computing. Despite their brevity, their ability to operate in concurrent, asynchronous and failure-prone environments comes at the cost of complex and subtle behaviors. Accordingly, understanding how they work and proving their correctness is a non-trivial endeavor where abstraction is immensely helpful. Moreover, research on consensus has yielded a large number of algorithms, many of which appear to share common algorithmic ideas. A natural question is whether and how these similarities can be distilled and described in a precise, unified way. In this work, we combine stepwise refinement and lockstep models to provide an abstract and unified view of a sizeable family of consensus algorithms. Our models provide insights into the design choices underlying the different algorithms, and classify them based on those choices.",
"authors": [
"Ognjen Marić",
"Christoph Sprenger"
],
"date": "2015-03-18",
- "id": 552,
+ "id": 557,
"link": "/entries/Consensus_Refined.html",
"permalink": "/entries/Consensus_Refined.html",
"shortname": "Consensus_Refined",
"title": "Consensus Refined",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's “\u003ctt\u003ederiving Ord, Show, ...\u003c/tt\u003e” feature.\u003c/p\u003e \u003cp\u003eWe further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.\u003c/p\u003e \u003cp\u003eOur formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.\u003c/p\u003e",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2015-03-11",
- "id": 553,
+ "id": 558,
"link": "/entries/Deriving.html",
"permalink": "/entries/Deriving.html",
"shortname": "Deriving",
"title": "Deriving class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 13
},
{
"abstract": "We formalize the Call Arity analysis, as implemented in GHC, and prove both functional correctness and, more interestingly, safety (i.e. the transformation does not increase allocation). \u003cp\u003e We use syntax and the denotational semantics from the entry \"Launchbury\", where we formalized Launchbury's natural semantics for lazy evaluation. \u003cp\u003e The functional correctness of Call Arity is proved with regard to that denotational semantics. The operational properties are shown with regard to a small-step semantics akin to Sestoft's mark 1 machine, which we prove to be equivalent to Launchbury's semantics. \u003cp\u003e We use Christian Urban's Nominal2 package to define our terms and make use of Brian Huffman's HOLCF package for the domain-theoretical aspects of the development.",
"authors": [
"Joachim Breitner"
],
"date": "2015-02-20",
- "id": 554,
+ "id": 559,
"link": "/entries/Call_Arity.html",
"permalink": "/entries/Call_Arity.html",
"shortname": "Call_Arity",
"title": "The Safety of Call Arity",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We formalize an algorithm to compute the Echelon Form of a matrix. We have proved its existence over Bézout domains and made it executable over Euclidean domains, such as the integer ring and the univariate polynomials over a field. This allows us to compute determinants, inverses and characteristic polynomials of matrices. The work is based on the HOL-Multivariate Analysis library, and on both the Gauss-Jordan and Cayley-Hamilton AFP entries. As a by-product, some algebraic structures have been implemented (principal ideal domains, Bézout domains...). The algorithm has been refined to immutable arrays and code can be generated to functional languages as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 555,
+ "id": 560,
"link": "/entries/Echelon_Form.html",
"permalink": "/entries/Echelon_Form.html",
"shortname": "Echelon_Form",
"title": "Echelon Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "QR decomposition is an algorithm to decompose a real matrix A into the product of two other matrices Q and R, where Q is orthogonal and R is invertible and upper triangular. The algorithm is useful for the least squares problem; i.e., the computation of the best approximation of an unsolvable system of linear equations. As a side-product, the Gram-Schmidt process has also been formalized. A refinement using immutable arrays is presented as well. The development relies, among others, on the AFP entry \"Implementing field extensions of the form Q[sqrt(b)]\" by René Thiemann, which allows execution of the algorithm using symbolic computations. Verified code can be generated and executed using floats as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 556,
+ "id": 561,
"link": "/entries/QR_Decomposition.html",
"permalink": "/entries/QR_Decomposition.html",
"shortname": "QR_Decomposition",
"title": "QR Decomposition",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Finite Automata, both deterministic and non-deterministic, for regular languages. The Myhill-Nerode Theorem. Closure under intersection, concatenation, etc. Regular expressions define regular languages. Closure under reversal; the powerset construction mapping NFAs to DFAs. Left and right languages; minimal DFAs. Brzozowski's minimization algorithm. Uniqueness up to isomorphism of minimal DFAs.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2015-02-05",
- "id": 557,
+ "id": 562,
"link": "/entries/Finite_Automata_HF.html",
"permalink": "/entries/Finite_Automata_HF.html",
"shortname": "Finite_Automata_HF",
"title": "Finite Automata in Hereditarily Finite Set Theory",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "The UpDown scheme is a recursive scheme used to compute the stiffness matrix on a special form of sparse grids. Usually, when discretizing a Euclidean space of dimension d we need O(n^d) points, for n points along each dimension. Sparse grids are a hierarchical representation where the number of points is reduced to O(n * log(n)^d). One disadvantage of such sparse grids is that the algorithm now operate recursively in the dimensions and levels of the sparse grid. \u003cp\u003e The UpDown scheme allows us to compute the stiffness matrix on such a sparse grid. The stiffness matrix represents the influence of each representation function on the L^2 scalar product. For a detailed description see Dirk Pflüger's PhD thesis. This formalization was developed as an interdisciplinary project (IDP) at the Technische Universität München.",
"authors": [
"Johannes Hölzl"
],
"date": "2015-01-28",
- "id": 558,
+ "id": 563,
"link": "/entries/UpDown_Scheme.html",
"permalink": "/entries/UpDown_Scheme.html",
"shortname": "UpDown_Scheme",
"title": "Verification of the UpDown Scheme",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We present the Unified Policy Framework (UPF), a generic framework for modelling security (access-control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2014-11-28",
- "id": 559,
+ "id": 564,
"link": "/entries/UPF.html",
"permalink": "/entries/UPF.html",
"shortname": "UPF",
"title": "The Unified Policy Framework (UPF)",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. \u003cp\u003e This development mechanises an existing pen-and-paper proof of loop freedom of AODV. The protocol is modelled in the Algebra of Wireless Networks (AWN), which is the subject of an earlier paper and AFP mechanization. The proof relies on a novel compositional approach for lifting invariants to networks of nodes. \u003c/p\u003e\u003cp\u003e We exploit the mechanization to analyse several variants of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid. \u003c/p\u003e",
"authors": [
"Timothy Bourke",
"Peter Höfner"
],
"date": "2014-10-23",
- "id": 560,
+ "id": 565,
"link": "/entries/AODV.html",
"permalink": "/entries/AODV.html",
"shortname": "AODV",
"title": "Loop freedom of the (untimed) AODV routing protocol",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We implemented a command that can be used to easily generate elements of a restricted type \u003ctt\u003e{x :: 'a. P x}\u003c/tt\u003e, provided the definition is of the form \u003ctt\u003ef ys = (if check ys then Some(generate ys :: 'a) else None)\u003c/tt\u003e where \u003ctt\u003eys\u003c/tt\u003e is a list of variables \u003ctt\u003ey1 ... yn\u003c/tt\u003e and \u003ctt\u003echeck ys ==\u003e P(generate ys)\u003c/tt\u003e can be proved. \u003cp\u003e In principle, such a definition is also directly possible using the \u003ctt\u003elift_definition\u003c/tt\u003e command. However, then this definition will not be suitable for code-generation. To this end, we automated a more complex construction of Joachim Breitner which is amenable for code-generation, and where the test \u003ctt\u003echeck ys\u003c/tt\u003e will only be performed once. In the automation, one auxiliary type is created, and Isabelle's lifting- and transfer-package is invoked several times.",
"authors": [
"René Thiemann"
],
"date": "2014-10-13",
- "id": 561,
+ "id": 566,
"link": "/entries/Lifting_Definition_Option.html",
"permalink": "/entries/Lifting_Definition_Option.html",
"shortname": "Lifting_Definition_Option",
"title": "Lifting Definition Option",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Stream Fusion is a system for removing intermediate list data structures from functional programs, in particular Haskell. This entry adapts stream fusion to Isabelle/HOL and its code generator. We define stream types for finite and possibly infinite lists and stream versions for most of the fusible list functions in the theories List and Coinductive_List, and prove them correct with respect to the conversion functions between lists and streams. The Stream Fusion transformation itself is implemented as a simproc in the preprocessor of the code generator. [Brian Huffman's \u003ca href=\"http://isa-afp.org/entries/Stream-Fusion.html\"\u003eAFP entry\u003c/a\u003e formalises stream fusion in HOLCF for the domain of lazy lists to prove the GHC compiler rewrite rules correct. In contrast, this work enables Isabelle's code generator to perform stream fusion itself. To that end, it covers both finite and coinductive lists from the HOL library and the Coinductive entry. The fusible list functions require specification and proof principles different from Huffman's.]",
"authors": [
"Andreas Lochbihler",
"Alexandra Maximova"
],
"date": "2014-10-10",
- "id": 562,
+ "id": 567,
"link": "/entries/Stream_Fusion_Code.html",
"permalink": "/entries/Stream_Fusion_Code.html",
"shortname": "Stream_Fusion_Code",
"title": "Stream Fusion in HOL with Code Generation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://doi.org/10.1007/978-3-642-36742-7_35\"\u003eBhat et al. [TACAS 2013]\u003c/a\u003e developed an inductive compiler that computes density functions for probability spaces described by programs in a probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle's code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps: First, an abstract compiler working with abstract functions modelled directly in the theorem prover's logic is defined and proved sound. Then, this compiler is refined to a concrete version that returns a target-language expression. \u003cp\u003e An article with the same title and authors is published in the proceedings of ESOP 2015. A detailed presentation of this work can be found in the first author's master's thesis with the same title.",
"authors": [
"Manuel Eberl",
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2014-10-09",
- "id": 563,
+ "id": 568,
"link": "/entries/Density_Compiler.html",
"permalink": "/entries/Density_Compiler.html",
"shortname": "Density_Compiler",
"title": "A Verified Compiler for Probability Density Functions",
"topic_links": [
"mathematics/probability-theory",
"computer-science/programming-languages/compiling"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We present a formalization of refinement calculus for reactive systems. Refinement calculus is based on monotonic predicate transformers (monotonic functions from sets of post-states to sets of pre-states), and it is a powerful formalism for reasoning about imperative programs. We model reactive systems as monotonic property transformers that transform sets of output infinite sequences into sets of input infinite sequences. Within this semantics we can model refinement of reactive systems, (unbounded) angelic and demonic nondeterminism, sequential composition, and other semantic properties. We can model systems that may fail for some inputs, and we can model compatibility of systems. We can specify systems that have liveness properties using linear temporal logic, and we can refine system specifications into systems based on symbolic transitions systems, suitable for implementations.",
"authors": [
"Viorel Preoteasa"
],
"date": "2014-10-08",
- "id": 564,
+ "id": 569,
"link": "/entries/RefinementReactive.html",
"permalink": "/entries/RefinementReactive.html",
"shortname": "RefinementReactive",
"title": "Formalization of Refinement Calculus for Reactive Systems",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any further information or an error message; as well as a variant of the sum type that accommodates partial functions by providing an explicit bottom element) and a parser monad built on top. All of this monads are heavily used in the IsaFoR/CeTA project which thus provides many examples of their usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 565,
+ "id": 570,
"link": "/entries/Certification_Monads.html",
"permalink": "/entries/Certification_Monads.html",
"shortname": "Certification_Monads",
"title": "Certification Monads",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 3
},
{
"abstract": "This entry provides an XML library for Isabelle/HOL. This includes parsing and pretty printing of XML trees as well as combinators for transforming XML trees into arbitrary user-defined data. The main contribution of this entry is an interface (fit for code generation) that allows for communication between verified programs formalized in Isabelle/HOL and the outside world via XML. This library was developed as part of the IsaFoR/CeTA project to which we refer for examples of its usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 566,
+ "id": 571,
"link": "/entries/XML.html",
"permalink": "/entries/XML.html",
"shortname": "XML",
"title": "XML",
"topic_links": [
"computer-science/functional-programming",
"computer-science/data-structures"
],
"topics": [
"Computer science/Functional programming",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is fit for code generation.",
"authors": [
"Christian Sternagel"
],
"date": "2014-09-25",
- "id": 567,
+ "id": 572,
"link": "/entries/Imperative_Insertion_Sort.html",
"permalink": "/entries/Imperative_Insertion_Sort.html",
"shortname": "Imperative_Insertion_Sort",
"title": "Imperative Insertion Sort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We have formalized the Sturm–Tarski theorem (also referred as the Tarski theorem), which generalizes Sturm's theorem. Sturm's theorem is usually used as a way to count distinct real roots, while the Sturm-Tarksi theorem forms the basis for Tarski's classic quantifier elimination for real closed field.",
"authors": [
"Wenda Li"
],
"date": "2014-09-19",
- "id": 568,
+ "id": 573,
"link": "/entries/Sturm_Tarski.html",
"permalink": "/entries/Sturm_Tarski.html",
"shortname": "Sturm_Tarski",
"title": "The Sturm–Tarski Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "This document contains a proof of the Cayley-Hamilton theorem based on the development of matrices in HOL/Multivariate Analysis.",
"authors": [
"Stephan Adelsberger",
"Stefan Hetzl",
"Florian Pollak"
],
"date": "2014-09-15",
- "id": 569,
+ "id": 574,
"link": "/entries/Cayley_Hamilton.html",
"permalink": "/entries/Cayley_Hamilton.html",
"shortname": "Cayley_Hamilton",
"title": "The Cayley-Hamilton Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This submission contains theories that lead to a formalization of the proof of the Jordan-Hölder theorem about composition series of finite groups. The theories formalize the notions of isomorphism classes of groups, simple groups, normal series, composition series, maximal normal subgroups. Furthermore, they provide proofs of the second isomorphism theorem for groups, the characterization theorem for maximal normal subgroups as well as many useful lemmas about normal subgroups and factor groups. The proof is inspired by course notes of Stuart Rankin.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-09-09",
- "id": 570,
+ "id": 575,
"link": "/entries/Jordan_Hoelder.html",
"permalink": "/entries/Jordan_Hoelder.html",
"shortname": "Jordan_Hoelder",
"title": "The Jordan-Hölder Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry verifies priority queues based on Braun trees. Insertion and deletion take logarithmic time and preserve the balanced nature of Braun trees. Two implementations of deletion are provided.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-09-04",
- "id": 571,
+ "id": 576,
"link": "/entries/Priority_Queue_Braun.html",
"permalink": "/entries/Priority_Queue_Braun.html",
"shortname": "Priority_Queue_Braun",
"title": "Priority Queues Based on Braun Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Gauss-Jordan algorithm states that any matrix over a field can be transformed by means of elementary row operations to a matrix in reduced row echelon form. The formalization is based on the Rank Nullity Theorem entry of the AFP and on the HOL-Multivariate-Analysis session of Isabelle, where matrices are represented as functions over finite types. We have set up the code generator to make this representation executable. In order to improve the performance, a refinement to immutable arrays has been carried out. We have formalized some of the applications of the Gauss-Jordan algorithm. Thanks to this development, the following facts can be computed over matrices whose elements belong to a field: Ranks, Determinants, Inverses, Bases and dimensions and Solutions of systems of linear equations. Code can be exported to SML and Haskell.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2014-09-03",
- "id": 572,
+ "id": 577,
"link": "/entries/Gauss_Jordan.html",
"permalink": "/entries/Gauss_Jordan.html",
"shortname": "Gauss_Jordan",
"title": "Gauss-Jordan Algorithm and Its Applications",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "This development proves upper and lower bounds for several familiar real-valued functions. For sin, cos, exp and sqrt, it defines and verifies infinite families of upper and lower bounds, mostly based on Taylor series expansions. For arctan, ln and exp, it verifies a finite collection of upper and lower bounds, originally obtained from the functions' continued fraction expansions using the computer algebra system Maple. A common theme in these proofs is to take the difference between a function and its approximation, which should be zero at one point, and then consider the sign of the derivative. The immediate purpose of this development is to verify axioms used by MetiTarski, an automatic theorem prover for real-valued special functions. Crucial to MetiTarski's operation is the provision of upper and lower bounds for each function of interest.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2014-08-29",
- "id": 573,
+ "id": 578,
"link": "/entries/Special_Function_Bounds.html",
"permalink": "/entries/Special_Function_Bounds.html",
"shortname": "Special_Function_Bounds",
"title": "Real-Valued Special Functions: Upper and Lower Bounds",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This formalisation of basic linear algebra is based completely on locales, building off HOL-Algebra. It includes basic definitions: linear combinations, span, linear independence; linear transformations; interpretation of function spaces as vector spaces; the direct sum of vector spaces, sum of subspaces; the replacement theorem; existence of bases in finite-dimensional; vector spaces, definition of dimension; the rank-nullity theorem. Some concepts are actually defined and proved for modules as they also apply there. Infinite-dimensional vector spaces are supported, but dimension is only supported for finite-dimensional vector spaces. The proofs are standard; the proofs of the replacement theorem and rank-nullity theorem roughly follow the presentation in Linear Algebra by Friedberg, Insel, and Spence. The rank-nullity theorem generalises the existing development in the Archive of Formal Proof (originally using type classes, now using a mix of type classes and locales).",
"authors": [
"Holden Lee"
],
"date": "2014-08-29",
- "id": 574,
+ "id": 579,
"link": "/entries/VectorSpace.html",
"permalink": "/entries/VectorSpace.html",
"shortname": "VectorSpace",
"title": "Vector Spaces",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "Skew heaps are an amazingly simple and lightweight implementation of priority queues. They were invented by Sleator and Tarjan [SIAM 1986] and have logarithmic amortized complexity. This entry provides executable and verified functional skew heaps. \u003cp\u003e The amortized complexity of skew heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-13",
- "id": 575,
+ "id": 580,
"link": "/entries/Skew_Heap.html",
"permalink": "/entries/Skew_Heap.html",
"shortname": "Skew_Heap",
"title": "Skew Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Splay trees are self-adjusting binary search trees which were invented by Sleator and Tarjan [JACM 1985]. This entry provides executable and verified functional splay trees as well as the related splay heaps (due to Okasaki). \u003cp\u003e The amortized complexity of splay trees and heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-12",
- "id": 576,
+ "id": 581,
"link": "/entries/Splay_Tree.html",
"permalink": "/entries/Splay_Tree.html",
"shortname": "Splay_Tree",
"title": "Splay Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We implemented a type class for \"to-string\" functions, similar to Haskell's Show class. Moreover, we provide instantiations for Isabelle/HOL's standard types like bool, prod, sum, nats, ints, and rats. It is further possible, to automatically derive show functions for arbitrary user defined datatypes similar to Haskell's \"deriving Show\".",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-07-29",
- "id": 577,
+ "id": 582,
"link": "/entries/Show.html",
"permalink": "/entries/Show.html",
"shortname": "Show",
"title": "Haskell's Show Class in Isabelle/HOL",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 16
},
{
"abstract": "\u003cp\u003eIntransitive noninterference has been a widely studied topic in the last few decades. Several well-established methodologies apply interactive theorem proving to formulate a noninterference theorem over abstract academic models. In joint work with several industrial and academic partners throughout Europe, we are helping in the certification process of PikeOS, an industrial separation kernel developed at SYSGO. In this process, established theories could not be applied. We present a new generic model of separation kernels and a new theory of intransitive noninterference. The model is rich in detail, making it suitable for formal verification of realistic and industrial systems such as PikeOS. Using a refinement-based theorem proving approach, we ensure that proofs remain manageable.\u003c/p\u003e \u003cp\u003e This document corresponds to the deliverable D31.1 of the EURO-MILS Project \u003ca href=\"http://www.euromils.eu\"\u003ehttp://www.euromils.eu\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Freek Verbeek",
"Sergey Tverdyshev",
"Oto Havle",
"Holger Blasum",
"Bruno Langenstein",
"Werner Stephan",
"Yakoub Nemouchi",
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Julien Schmaltz"
],
"date": "2014-07-18",
- "id": 578,
+ "id": 583,
"link": "/entries/CISC-Kernel.html",
"permalink": "/entries/CISC-Kernel.html",
"shortname": "CISC-Kernel",
"title": "Formal Specification of a Generic Separation Kernel",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003epGCL is both a programming language and a specification language that incorporates both probabilistic and nondeterministic choice, in a unified manner. Program verification is by refinement or annotation (or both), using either Hoare triples, or weakest-precondition entailment, in the style of GCL.\u003c/p\u003e \u003cp\u003e This package provides both a shallow embedding of the language primitives, and an annotation and refinement framework. The generated document includes a brief tutorial.\u003c/p\u003e",
"authors": [
"David Cock"
],
"date": "2014-07-13",
- "id": 579,
+ "id": 584,
"link": "/entries/pGCL.html",
"permalink": "/entries/pGCL.html",
"shortname": "pGCL",
"title": "pGCL for Isabelle",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "A framework for the analysis of the amortized complexity of functional data structures is formalized in Isabelle/HOL and applied to a number of standard examples and to the folowing non-trivial ones: skew heaps, splay trees, splay heaps and pairing heaps.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-07-07",
- "id": 580,
+ "id": 585,
"link": "/entries/Amortized_Complexity.html",
"permalink": "/entries/Amortized_Complexity.html",
"shortname": "Amortized_Complexity",
"title": "Amortized Complexity Verified",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. \u003cul\u003e \u003cli\u003eSecure auto-completion of scenario-specific knowledge, which eases usability.\u003c/li\u003e \u003cli\u003eSecurity violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a security policy.\u003c/li\u003e \u003cli\u003eA formalization of stateful connection semantics in network security mechanisms.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a secure stateful implementation of a policy.\u003c/li\u003e \u003cli\u003eAn executable implementation of all the theory.\u003c/li\u003e \u003cli\u003eExamples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall.\u003c/li\u003e \u003cli\u003eMore examples: A fully automated translation of high-level security goals to both firewall and SDN configurations (see Examples/Distributed_WebApp.thy).\u003c/li\u003e \u003c/ul\u003e For a detailed description, see \u003cul\u003e \u003cli\u003eC. Diekmann, A. Korsten, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/diekmann2015mansdnnfv.pdf\"\u003eDemonstrating topoS: Theorem-prover-based synthesis of secure network configurations.\u003c/a\u003e In 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, November 2015.\u003c/li\u003e \u003cli\u003eC. Diekmann, S.-A. Posselt, H. Niedermayer, H. Kinkelin, O. Hanka, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/pub/diekmann/forte14.pdf\"\u003eVerifying Security Policies using Host Attributes.\u003c/a\u003e In FORTE, 34th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Berlin, Germany, June 2014.\u003c/li\u003e \u003cli\u003eC. Diekmann, L. Hupel, and G. Carle. Directed Security Policies: \u003ca href=\"http://rvg.web.cse.unsw.edu.au/eptcs/paper.cgi?ESSS2014.3\"\u003eA Stateful Network Implementation.\u003c/a\u003e In J. Pang and Y. Liu, editors, Engineering Safety and Security Systems, volume 150 of Electronic Proceedings in Theoretical Computer Science, pages 20-34, Singapore, May 2014. Open Publishing Association.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Cornelius Diekmann"
],
"date": "2014-07-04",
- "id": 581,
+ "id": 586,
"link": "/entries/Network_Security_Policy_Verification.html",
"permalink": "/entries/Network_Security_Policy_Verification.html",
"shortname": "Network_Security_Policy_Verification",
"title": "Network Security Policy Verification",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Pop-refinement is an approach to stepwise refinement, carried out inside an interactive theorem prover by constructing a monotonically decreasing sequence of predicates over deeply embedded target programs. The sequence starts with a predicate that characterizes the possible implementations, and ends with a predicate that characterizes a unique program in explicit syntactic form. Pop-refinement enables more requirements (e.g. program-level and non-functional) to be captured in the initial specification and preserved through refinement. Security requirements expressed as hyperproperties (i.e. predicates over sets of traces) are always preserved by pop-refinement, unlike the popular notion of refinement as trace set inclusion. Two simple examples in Isabelle/HOL are presented, featuring program-level requirements, non-functional requirements, and hyperproperties.",
"authors": [
"Alessandro Coglio"
],
"date": "2014-07-03",
- "id": 582,
+ "id": 587,
"link": "/entries/Pop_Refinement.html",
"permalink": "/entries/Pop_Refinement.html",
"shortname": "Pop_Refinement",
"title": "Pop-Refinement",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of some regular structures (e.g. automata). We verify an executable decision procedure for MSO formulas that is not based on automata but on regular expressions. \u003cp\u003e Decision procedures for regular expression equivalence have been formalized before, usually based on Brzozowski derivatives. Yet, for a straightforward embedding of MSO formulas into regular expressions an extension of regular expressions with a projection operation is required. We prove total correctness and completeness of an equivalence checker for regular expressions extended in that way. We also define a language-preserving translation of formulas into regular expressions with respect to two different semantics of MSO. ",
"authors": [
"Dmitriy Traytel",
"Tobias Nipkow"
],
"date": "2014-06-12",
- "id": 583,
+ "id": 588,
"link": "/entries/MSO_Regex_Equivalence.html",
"permalink": "/entries/MSO_Regex_Equivalence.html",
"shortname": "MSO_Regex_Equivalence",
"title": "Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This entry provides executable checkers for the following properties of boolean expressions: satisfiability, tautology and equivalence. Internally, the checkers operate on binary decision trees and are reasonably efficient (for purely functional algorithms).",
"authors": [
"Tobias Nipkow"
],
"date": "2014-06-08",
- "id": 584,
+ "id": 589,
"link": "/entries/Boolean_Expression_Checkers.html",
"permalink": "/entries/Boolean_Expression_Checkers.html",
"shortname": "Boolean_Expression_Checkers",
"title": "Boolean Expression Checkers",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 2
},
{
"abstract": "We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using the Isabelle Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of “formalized pseudocode”, and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested.",
"authors": [
"Javier Esparza",
"Peter Lammich",
"René Neumann",
"Tobias Nipkow",
"Alexander Schimpf",
"Jan-Georg Smaus"
],
"date": "2014-05-28",
- "id": 585,
+ "id": 590,
"link": "/entries/CAVA_LTL_Modelchecker.html",
"permalink": "/entries/CAVA_LTL_Modelchecker.html",
"shortname": "CAVA_LTL_Modelchecker",
"title": "A Fully Verified Executable LTL Model Checker",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We formalize linear-time temporal logic (LTL) and the algorithm by Gerth et al. to convert LTL formulas to generalized Büchi automata. We also formalize some syntactic rewrite rules that can be applied to optimize the LTL formula before conversion. Moreover, we integrate the Stuttering Equivalence AFP-Entry by Stefan Merz, adapting the lemma that next-free LTL formula cannot distinguish between stuttering equivalent runs to our setting. \u003cp\u003e We use the Isabelle Refinement and Collection framework, as well as the Autoref tool, to obtain a refined version of our algorithm, from which efficiently executable code can be extracted.",
"authors": [
"Alexander Schimpf",
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 586,
+ "id": 591,
"link": "/entries/LTL_to_GBA.html",
"permalink": "/entries/LTL_to_GBA.html",
"shortname": "LTL_to_GBA",
"title": "Converting Linear-Time Temporal Logic to Generalized Büchi Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We present an executable formalization of the language Promela, the description language for models of the model checker SPIN. This formalization is part of the work for a completely verified model checker (CAVA), but also serves as a useful (and executable!) description of the semantics of the language itself, something that is currently missing. The formalization uses three steps: It takes an abstract syntax tree generated from an SML parser, removes syntactic sugar and enriches it with type information. This further gets translated into a transition system, on which the semantic engine (read: successor function) operates.",
"authors": [
"René Neumann"
],
"date": "2014-05-28",
- "id": 587,
+ "id": 592,
"link": "/entries/Promela.html",
"permalink": "/entries/Promela.html",
"shortname": "Promela",
"title": "Promela Formalization",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We report on the graph and automata library that is used in the fully verified LTL model checker CAVA. As most components of CAVA use some type of graphs or automata, a common automata library simplifies assembly of the components and reduces redundancy. \u003cp\u003e The CAVA Automata Library provides a hierarchy of graph and automata classes, together with some standard algorithms. Its object oriented design allows for sharing of algorithms, theorems, and implementations between its classes, and also simplifies extensions of the library. Moreover, it is integrated into the Automatic Refinement Framework, supporting automatic refinement of the abstract automata types to efficient data structures. \u003cp\u003e Note that the CAVA Automata Library is work in progress. Currently, it is very specifically tailored towards the requirements of the CAVA model checker. Nevertheless, the formalization techniques presented here allow an extension of the library to a wider scope. Moreover, they are not limited to graph libraries, but apply to class hierarchies in general. \u003cp\u003e The CAVA Automata Library is described in the paper: Peter Lammich, The CAVA Automata Library, Isabelle Workshop 2014.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 588,
+ "id": 593,
"link": "/entries/CAVA_Automata.html",
"permalink": "/entries/CAVA_Automata.html",
"shortname": "CAVA_Automata",
"title": "The CAVA Automata Library",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 8
},
{
"abstract": "We present an Isabelle/HOL formalization of Gabow's algorithm for finding the strongly connected components of a directed graph. Using data refinement techniques, we extract efficient code that performs comparable to a reference implementation in Java. Our style of formalization allows for re-using large parts of the proofs when defining variants of the algorithm. We demonstrate this by verifying an algorithm for the emptiness check of generalized Büchi automata, re-using most of the existing proofs.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 589,
+ "id": 594,
"link": "/entries/Gabow_SCC.html",
"permalink": "/entries/Gabow_SCC.html",
"shortname": "Gabow_SCC",
"title": "Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e An extension of classical noninterference security for deterministic state machines, as introduced by Goguen and Meseguer and elegantly formalized by Rushby, to nondeterministic systems should satisfy two fundamental requirements: it should be based on a mathematically precise theory of nondeterminism, and should be equivalent to (or at least not weaker than) the classical notion in the degenerate deterministic case. \u003c/p\u003e \u003cp\u003e This paper proposes a definition of noninterference security applying to Hoare's Communicating Sequential Processes (CSP) in the general case of a possibly intransitive noninterference policy, and proves the equivalence of this security property to classical noninterference security for processes representing deterministic state machines. \u003c/p\u003e \u003cp\u003e Furthermore, McCullough's generalized noninterference security is shown to be weaker than both the proposed notion of CSP noninterference security for a generic process, and classical noninterference security for processes representing deterministic state machines. This renders CSP noninterference security preferable as an extension of classical noninterference security to nondeterministic systems. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2014-05-23",
- "id": 590,
+ "id": 595,
"link": "/entries/Noninterference_CSP.html",
"permalink": "/entries/Noninterference_CSP.html",
"shortname": "Noninterference_CSP",
"title": "Noninterference Security in Communicating Sequential Processes",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This formulation of the Roy-Floyd-Warshall algorithm for the transitive closure bypasses matrices and arrays, but uses a more direct mathematical model with adjacency functions for immediate predecessors and successors. This can be implemented efficiently in functional programming languages and is particularly adequate for sparse relations.",
"authors": [
"Makarius Wenzel"
],
"date": "2014-05-23",
- "id": 591,
+ "id": 596,
"link": "/entries/Roy_Floyd_Warshall.html",
"permalink": "/entries/Roy_Floyd_Warshall.html",
"shortname": "Roy_Floyd_Warshall",
"title": "Transitive closure according to Roy-Floyd-Warshall",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "Regular algebras axiomatise the equational theory of regular expressions as induced by regular language identity. We use Isabelle/HOL for a detailed systematic study of regular algebras given by Boffa, Conway, Kozen and Salomaa. We investigate the relationships between these classes, formalise a soundness proof for the smallest class (Salomaa's) and obtain completeness of the largest one (Boffa's) relative to a deep result by Krob. In addition we provide a large collection of regular identities in the general setting of Boffa's axiom. Our regular algebra hierarchy is orthogonal to the Kleene algebra hierarchy in the Archive of Formal Proofs; we have not aimed at an integration for pragmatic reasons.",
"authors": [
"Simon Foster",
"Georg Struth"
],
"date": "2014-05-21",
- "id": 592,
+ "id": 597,
"link": "/entries/Regular_Algebras.html",
"permalink": "/entries/Regular_Algebras.html",
"shortname": "Regular_Algebras",
"title": "Regular Algebras",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This set of theories presents a formalisation in Isabelle/HOL of data dependencies between components. The approach allows to analyse system structure oriented towards efficient checking of system: it aims at elaborating for a concrete system, which parts of the system are necessary to check a given property.",
"authors": [
"Maria Spichkova"
],
"date": "2014-04-28",
- "id": 593,
+ "id": 598,
"link": "/entries/ComponentDependencies.html",
"permalink": "/entries/ComponentDependencies.html",
"shortname": "ComponentDependencies",
"title": "Formalisation and Analysis of Component Dependencies",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private (high) sources to public (low) sinks. For a concurrent system, it is desirable to have compositional analysis methods that allow for analyzing each thread independently and that nevertheless guarantee that the parallel composition of successfully analyzed threads satisfies a global security guarantee. However, such a compositional analysis should not be overly pessimistic about what an environment might do with shared resources. Otherwise, the analysis will reject many intuitively secure programs. \u003cp\u003e The paper \"Assumptions and Guarantees for Compositional Noninterference\" by Mantel et. al. presents one solution for this problem: an approach for compositionally reasoning about non-interference in concurrent programs via rely-guarantee-style reasoning. We present an Isabelle/HOL formalization of the concepts and proofs of this approach.",
"authors": [
"Sylvia Grewe",
"Heiko Mantel",
"Daniel Schoepe"
],
"date": "2014-04-23",
- "id": 594,
+ "id": 599,
"link": "/entries/SIFUM_Type_Systems.html",
"permalink": "/entries/SIFUM_Type_Systems.html",
"shortname": "SIFUM_Type_Systems",
"title": "A Formalization of Assumptions and Guarantees for Compositional Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak. \u003cp\u003e We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT\u0026WHERE-security from \"Scheduler-Independent Declassification\" by Lux, Mantel, and Perner. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions. \u003cp\u003e This Isabelle/HOL formalization uses theories from the entry Strong Security.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 595,
+ "id": 600,
"link": "/entries/WHATandWHERE_Security.html",
"permalink": "/entries/WHATandWHERE_Security.html",
"shortname": "WHATandWHERE_Security",
"title": "A Formalization of Declassification with WHAT-and-WHERE-Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition. Strong security from Sabelfeld and Sands formalizes noninterference for concurrent systems. \u003cp\u003e We present an Isabelle/HOL formalization of strong security for arbitrary security lattices (Sabelfeld and Sands use a two-element security lattice in the original publication). The formalization includes compositionality proofs for strong security and a soundness proof for a security type system that checks strong security for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 596,
+ "id": 601,
"link": "/entries/Strong_Security.html",
"permalink": "/entries/Strong_Security.html",
"shortname": "Strong_Security",
"title": "A Formalization of Strong Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "This is a formalization of bounded-deducibility security (BD security), a flexible notion of information-flow security applicable to arbitrary transition systems. It generalizes Sutherland's classic notion of nondeducibility by factoring in declassification bounds and trigger, whereas nondeducibility states that, in a system, information cannot flow between specified sources and sinks, BD security indicates upper bounds for the flow and triggers under which these upper bounds are no longer guaranteed.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2014-04-22",
- "id": 597,
+ "id": 602,
"link": "/entries/Bounded_Deducibility_Security.html",
"permalink": "/entries/Bounded_Deducibility_Security.html",
"shortname": "Bounded_Deducibility_Security",
"title": "Bounded-Deducibility Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "We formalize HyperCTL*, a temporal logic for expressing security properties. We first define a shallow embedding of HyperCTL*, within which we prove inductive and coinductive rules for the operators. Then we show that a HyperCTL* formula captures Goguen-Meseguer noninterference, a landmark information flow property. We also define a deep embedding and connect it to the shallow embedding by a denotational semantics, for which we prove sanity w.r.t. dependence on the free variables. Finally, we show that under some finiteness assumptions about the model, noninterference is given by a (finitary) syntactic formula.",
"authors": [
"Markus N. Rabe",
"Peter Lammich",
"Andrei Popescu"
],
"date": "2014-04-16",
- "id": 598,
+ "id": 603,
"link": "/entries/HyperCTL.html",
"permalink": "/entries/HyperCTL.html",
"shortname": "HyperCTL",
"title": "A shallow embedding of HyperCTL*",
"topic_links": [
"computer-science/security",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Security",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "A formalization of an abstract property of possibly infinite derivation trees (modeled by a codatatype), representing the core of a proof (in Beth/Hintikka style) of the first-order logic completeness theorem, independent of the concrete syntax or inference rules. This work is described in detail in the IJCAR 2014 publication by the authors. The abstract proof can be instantiated for a wide range of Gentzen and tableau systems as well as various flavors of FOL---e.g., with or without predicates, equality, or sorts. Here, we give only a toy example instantiation with classical propositional logic. A more serious instance---many-sorted FOL with equality---is described elsewhere [Blanchette and Popescu, FroCoS 2013].",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2014-04-16",
- "id": 599,
+ "id": 604,
"link": "/entries/Abstract_Completeness.html",
"permalink": "/entries/Abstract_Completeness.html",
"shortname": "Abstract_Completeness",
"title": "Abstract Completeness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 4
},
{
"abstract": "These theories introduce basic concepts and proofs about discrete summation: shifts, formal summation, falling factorials and stirling numbers. As proof of concept, a simple summation conversion is provided.",
"authors": [
"Florian Haftmann"
],
"date": "2014-04-13",
- "id": 600,
+ "id": 605,
"link": "/entries/Discrete_Summation.html",
"permalink": "/entries/Discrete_Summation.html",
"shortname": "Discrete_Summation",
"title": "Discrete Summation",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 3
},
{
"abstract": "This document accompanies the article \"The Design and Implementation of a Verification Technique for GPU Kernels\" by Adam Betts, Nathan Chong, Alastair F. Donaldson, Jeroen Ketema, Shaz Qadeer, Paul Thomson and John Wickerson. It formalises all of the definitions provided in Sections 3 and 4 of the article.",
"authors": [
"John Wickerson"
],
"date": "2014-04-03",
- "id": 601,
+ "id": 606,
"link": "/entries/GPU_Kernel_PL.html",
"permalink": "/entries/GPU_Kernel_PL.html",
"shortname": "GPU_Kernel_PL",
"title": "Syntax and semantics of a GPU kernel programming language",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound type-system-like syntactic criteria. This is a formalization of the mathematical development presented at CPP 2013 and CALCO 2013. It is the probabilistic variant of the Possibilistic Noninterference AFP entry.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2014-03-11",
- "id": 602,
+ "id": 607,
"link": "/entries/Probabilistic_Noninterference.html",
"permalink": "/entries/Probabilistic_Noninterference.html",
"shortname": "Probabilistic_Noninterference",
"title": "Probabilistic Noninterference",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e AWN is a process algebra developed for modelling and analysing protocols for Mobile Ad hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). AWN models comprise five distinct layers: sequential processes, local parallel compositions, nodes, partial networks, and complete networks.\u003c/p\u003e \u003cp\u003e This development mechanises the original operational semantics of AWN and introduces a variant 'open' operational semantics that enables the compositional statement and proof of invariants across distinct network nodes. It supports labels (for weakening invariants) and (abstract) data state manipulations. A framework for compositional invariant proofs is developed, including a tactic (inv_cterms) for inductive invariant proofs of sequential processes, lifting rules for the open versions of the higher layers, and a rule for transferring lifted properties back to the standard semantics. A notion of 'control terms' reduces proof obligations to the subset of subterms that act directly (in contrast to operators for combining terms and joining processes).\u003c/p\u003e",
"authors": [
"Timothy Bourke"
],
"date": "2014-03-08",
- "id": 603,
+ "id": 608,
"link": "/entries/AWN.html",
"permalink": "/entries/AWN.html",
"shortname": "AWN",
"title": "Mechanization of the Algebra for Wireless Networks (AWN)",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "We provide a wrapper around the partial-function command that supports mutual recursion.",
"authors": [
"René Thiemann"
],
"date": "2014-02-18",
- "id": 604,
+ "id": 609,
"link": "/entries/Partial_Function_MR.html",
"permalink": "/entries/Partial_Function_MR.html",
"shortname": "Partial_Function_MR",
"title": "Mutually Recursive Partial Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.",
"authors": [
"Lars Hupel"
],
"date": "2014-02-13",
- "id": 605,
+ "id": 610,
"link": "/entries/Random_Graph_Subgraph_Threshold.html",
"permalink": "/entries/Random_Graph_Subgraph_Threshold.html",
"shortname": "Random_Graph_Subgraph_Threshold",
"title": "Properties of Random Graphs -- Subgraph Containment",
"topic_links": [
"mathematics/graph-theory",
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Probability theory"
],
"used_by": 3
},
{
"abstract": "Stepwise program refinement techniques can be used to simplify program verification. Programs are better understood since their main properties are clearly stated, and verification of rather complex algorithms is reduced to proving simple statements connecting successive program specifications. Additionally, it is easy to analyze similar algorithms and to compare their properties within a single formalization. Usually, formal analysis is not done in educational setting due to complexity of verification and a lack of tools and procedures to make comparison easy. Verification of an algorithm should not only give correctness proof, but also better understanding of an algorithm. If the verification is based on small step program refinement, it can become simple enough to be demonstrated within the university-level computer science curriculum. In this paper we demonstrate this and give a formal analysis of two well known algorithms (Selection Sort and Heap Sort) using proof assistant Isabelle/HOL and program refinement techniques.",
"authors": [
"Danijela Petrovic"
],
"date": "2014-02-11",
- "id": 606,
+ "id": 611,
"link": "/entries/Selection_Heap_Sort.html",
"permalink": "/entries/Selection_Heap_Sort.html",
"shortname": "Selection_Heap_Sort",
"title": "Verification of Selection and Heap Sort Using Locales",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We give a formalization of affine forms as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic.",
"authors": [
"Fabian Immler"
],
"date": "2014-02-07",
- "id": 607,
+ "id": 612,
"link": "/entries/Affine_Arithmetic.html",
"permalink": "/entries/Affine_Arithmetic.html",
"shortname": "Affine_Arithmetic",
"title": "Affine Arithmetic",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We apply data refinement to implement the real numbers, where we support all numbers in the field extension Q[sqrt(b)], i.e., all numbers of the form p + q * sqrt(b) for rational numbers p and q and some fixed natural number b. To this end, we also developed algorithms to precisely compute roots of a rational number, and to perform a factorization of natural numbers which eliminates duplicate prime factors. \u003cp\u003e Our results have been used to certify termination proofs which involve polynomial interpretations over the reals.",
"authors": [
"René Thiemann"
],
"date": "2014-02-06",
- "id": 608,
+ "id": 613,
"link": "/entries/Real_Impl.html",
"permalink": "/entries/Real_Impl.html",
"shortname": "Real_Impl",
"title": "Implementing field extensions of the form Q[sqrt(b)]",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize a unified framework for verified decision procedures for regular expression equivalence. Five recently published formalizations of such decision procedures (three based on derivatives, two on marked regular expressions) can be obtained as instances of the framework. We discover that the two approaches based on marked regular expressions, which were previously thought to be the same, are different, and one seems to produce uniformly smaller automata. The common framework makes it possible to compare the performance of the different decision procedures in a meaningful way. ",
"authors": [
"Tobias Nipkow",
"Dmitriy Traytel"
],
"date": "2014-01-30",
- "id": 609,
+ "id": 614,
"link": "/entries/Regex_Equivalence.html",
"permalink": "/entries/Regex_Equivalence.html",
"shortname": "Regex_Equivalence",
"title": "Unified Decision Procedures for Regular Expression Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories extend the existing proof of the first Sylow theorem (written by Florian Kammueller and L. C. Paulson) by what are often called the second, third and fourth Sylow theorems. These theorems state propositions about the number of Sylow p-subgroups of a group and the fact that they are conjugate to each other. The proofs make use of an implementation of group actions and their properties.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-01-28",
- "id": 610,
+ "id": 615,
"link": "/entries/Secondary_Sylow.html",
"permalink": "/entries/Secondary_Sylow.html",
"shortname": "Secondary_Sylow",
"title": "Secondary Sylow Theorems",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Tarski's algebra of binary relations is formalised along the lines of the standard textbooks of Maddux and Schmidt and Ströhlein. This includes relation-algebraic concepts such as subidentities, vectors and a domain operation as well as various notions associated to functions. Relation algebras are also expanded by a reflexive transitive closure operation, and they are linked with Kleene algebras and models of binary relations and Boolean matrices.",
"authors": [
"Alasdair Armstrong",
"Simon Foster",
"Georg Struth",
"Tjark Weber"
],
"date": "2014-01-25",
- "id": 611,
+ "id": 616,
"link": "/entries/Relation_Algebra.html",
"permalink": "/entries/Relation_Algebra.html",
"shortname": "Relation_Algebra",
"title": "Relation Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predicate transformers in the case of DRA. In addition, we derive the inference rules for Hoare logic in KAT and its relational model and present a simple formally verified program verification tool prototype based on the algebraic approach.",
"authors": [
"Alasdair Armstrong",
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2014-01-23",
- "id": 612,
+ "id": 617,
"link": "/entries/KAT_and_DRA.html",
"permalink": "/entries/KAT_and_DRA.html",
"shortname": "KAT_and_DRA",
"title": "Kleene Algebra with Tests and Demonic Refinement Algebras",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Unified Modeling Language (UML) is one of the few modeling languages that is widely used in industry. While UML is mostly known as diagrammatic modeling language (e.g., visualizing class models), it is complemented by a textual language, called Object Constraint Language (OCL). The current version of OCL is based on a four-valued logic that turns UML into a formal language. Any type comprises the elements \"invalid\" and \"null\" which are propagated as strict and non-strict, respectively. Unfortunately, the former semi-formal semantics of this specification language, captured in the \"Annex A\" of the OCL standard, leads to different interpretations of corner cases. We formalize the core of OCL: denotational definitions, a logical calculus and operational rules that allow for the execution of OCL expressions by a mixture of term rewriting and code compilation. Our formalization reveals several inconsistencies and contradictions in the current version of the OCL standard. Overall, this document is intended to provide the basis for a machine-checked text \"Annex A\" of the OCL standard targeting at tool implementors.",
"authors": [
"Achim D. Brucker",
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2014-01-16",
- "id": 613,
+ "id": 618,
"link": "/entries/Featherweight_OCL.html",
"permalink": "/entries/Featherweight_OCL.html",
"shortname": "Featherweight_OCL",
"title": "Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "This paper presents an Isabelle/HOL set of theories which allows the specification of crypto-based components and the verification of their composition properties wrt. cryptographic aspects. We introduce a formalisation of the security property of data secrecy, the corresponding definitions and proofs. Please note that here we import the Isabelle/HOL theory ListExtras.thy, presented in the AFP entry FocusStreamsCaseStudies-AFP.",
"authors": [
"Maria Spichkova"
],
"date": "2014-01-11",
- "id": 614,
+ "id": 619,
"link": "/entries/CryptoBasedCompositionalProperties.html",
"permalink": "/entries/CryptoBasedCompositionalProperties.html",
"shortname": "CryptoBasedCompositionalProperties",
"title": "Compositional Properties of Crypto-Based Components",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Sturm's Theorem states that polynomial sequences with certain properties, so-called Sturm sequences, can be used to count the number of real roots of a real polynomial. This work contains a proof of Sturm's Theorem and code for constructing Sturm sequences efficiently. It also provides the “sturm” proof method, which can decide certain statements about the roots of real polynomials, such as “the polynomial P has exactly n roots in the interval I” or “P(x) \u003e Q(x) for all x \u0026#8712; \u0026#8477;”.",
"authors": [
"Manuel Eberl"
],
"date": "2014-01-11",
- "id": 615,
+ "id": 620,
"link": "/entries/Sturm_Sequences.html",
"permalink": "/entries/Sturm_Sequences.html",
"shortname": "Sturm_Sequences",
"title": "Sturm's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Tail-recursive function definitions are sometimes more straightforward than alternatives, but proving theorems on them may be roundabout because of the peculiar form of the resulting recursion induction rules. \u003c/p\u003e\u003cp\u003e This paper describes a proof method that provides a general solution to this problem by means of suitable invariants over inductive sets, and illustrates the application of such method by examining two case studies. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2013-12-01",
- "id": 616,
+ "id": 621,
"link": "/entries/Tail_Recursive_Functions.html",
"permalink": "/entries/Tail_Recursive_Functions.html",
"shortname": "Tail_Recursive_Functions",
"title": "A General Method for the Proof of Theorems on Tail-recursive Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Gödel's two incompleteness theorems are formalised, following a careful \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003epresentation\u003c/a\u003e by Swierczkowski, in the theory of \u003ca href=\"HereditarilyFinite.html\"\u003ehereditarily finite sets\u003c/a\u003e. This represents the first ever machine-assisted proof of the second incompleteness theorem. Compared with traditional formalisations using Peano arithmetic (see e.g. Boolos), coding is simpler, with no need to formalise the notion of multiplication (let alone that of a prime number) in the formalised calculus upon which the theorem is based. However, other technical problems had to be solved in order to complete the argument.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 617,
+ "id": 622,
"link": "/entries/Incompleteness.html",
"permalink": "/entries/Incompleteness.html",
"shortname": "Incompleteness",
"title": "Gödel's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "The theory of hereditarily finite sets is formalised, following the \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003edevelopment\u003c/a\u003e of Swierczkowski. An HF set is a finite collection of other HF sets; they enjoy an induction principle and satisfy all the axioms of ZF set theory apart from the axiom of infinity, which is negated. All constructions that are possible in ZF set theory (Cartesian products, disjoint sums, natural numbers, functions) without using infinite sets are possible here. The definition of addition for the HF sets follows Kirby. This development forms the foundation for the Isabelle proof of Gödel's incompleteness theorems, which has been \u003ca href=\"Incompleteness.html\"\u003eformalised separately\u003c/a\u003e.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 618,
+ "id": 623,
"link": "/entries/HereditarilyFinite.html",
"permalink": "/entries/HereditarilyFinite.html",
"shortname": "HereditarilyFinite",
"title": "The Hereditarily Finite Sets",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003eWe define formal languages as a codataype of infinite trees branching over the alphabet. Each node in such a tree indicates whether the path to this node constitutes a word inside or outside of the language. This codatatype is isormorphic to the set of lists representation of languages, but caters for definitions by corecursion and proofs by coinduction.\u003c/p\u003e \u003cp\u003eRegular operations on languages are then defined by primitive corecursion. A difficulty arises here, since the standard definitions of concatenation and iteration from the coalgebraic literature are not primitively corecursive-they require guardedness up-to union/concatenation. Without support for up-to corecursion, these operation must be defined as a composition of primitive ones (and proved being equal to the standard definitions). As an exercise in coinduction we also prove the axioms of Kleene algebra for the defined regular operations.\u003c/p\u003e \u003cp\u003eFurthermore, a language for context-free grammars given by productions in Greibach normal form and an initial nonterminal is constructed by primitive corecursion, yielding an executable decision procedure for the word problem without further ado.\u003c/p\u003e",
"authors": [
"Dmitriy Traytel"
],
"date": "2013-11-15",
- "id": 619,
+ "id": 624,
"link": "/entries/Coinductive_Languages.html",
"permalink": "/entries/Coinductive_Languages.html",
"shortname": "Coinductive_Languages",
"title": "A Codatatype of Formal Languages",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This set of theories presents an Isabelle/HOL formalisation of stream processing components introduced in Focus, a framework for formal specification and development of interactive systems. This is an extended and updated version of the formalisation, which was elaborated within the methodology \"Focus on Isabelle\". In addition, we also applied the formalisation on three case studies that cover different application areas: process control (Steam Boiler System), data transmission (FlexRay communication protocol), memory and processing components (Automotive-Gateway System).",
"authors": [
"Maria Spichkova"
],
"date": "2013-11-14",
- "id": 620,
+ "id": 625,
"link": "/entries/FocusStreamsCaseStudies.html",
"permalink": "/entries/FocusStreamsCaseStudies.html",
"shortname": "FocusStreamsCaseStudies",
"title": "Stream Processing Components: Isabelle/HOL Formalisation and Case Studies",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Dana Scott's version of Gödel's proof of God's existence is formalized in quantified modal logic KB (QML KB). QML KB is modeled as a fragment of classical higher-order logic (HOL); thus, the formalization is essentially a formalization in HOL.",
"authors": [
"Christoph Benzmüller",
"Bruno Woltzenlogel Paleo"
],
"date": "2013-11-12",
- "id": 621,
+ "id": 626,
"link": "/entries/GoedelGod.html",
"permalink": "/entries/GoedelGod.html",
"shortname": "GoedelGod",
"title": "Gödel's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This theory contains a formalization of decreasing diagrams showing that any locally decreasing abstract rewrite system is confluent. We consider the valley (van Oostrom, TCS 1994) and the conversion version (van Oostrom, RTA 2008) and closely follow the original proofs. As an application we prove Newman's lemma.",
"authors": [
"Harald Zankl"
],
"date": "2013-11-01",
- "id": 622,
+ "id": 627,
"link": "/entries/Decreasing-Diagrams.html",
"permalink": "/entries/Decreasing-Diagrams.html",
"shortname": "Decreasing-Diagrams",
"title": "Decreasing Diagrams",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "We present the Autoref tool for Isabelle/HOL, which automatically refines algorithms specified over abstract concepts like maps and sets to algorithms over concrete implementations like red-black-trees, and produces a refinement theorem. It is based on ideas borrowed from relational parametricity due to Reynolds and Wadler. The tool allows for rapid prototyping of verified, executable algorithms. Moreover, it can be configured to fine-tune the result to the user~s needs. Our tool is able to automatically instantiate generic algorithms, which greatly simplifies the implementation of executable data structures. \u003cp\u003e This AFP-entry provides the basic tool, which is then used by the Refinement and Collection Framework to provide automatic data refinement for the nondeterminism monad and various collection datastructures.",
"authors": [
"Peter Lammich"
],
"date": "2013-10-02",
- "id": 623,
+ "id": 628,
"link": "/entries/Automatic_Refinement.html",
"permalink": "/entries/Automatic_Refinement.html",
"shortname": "Automatic_Refinement",
"title": "Automatic Data Refinement",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 10
},
{
"abstract": "This entry makes machine words and machine arithmetic available for code generation from Isabelle/HOL. It provides a common abstraction that hides the differences between the different target languages. The code generator maps these operations to the APIs of the target languages. Apart from that, we extend the available bit operations on types int and integer, and map them to the operations in the target languages.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-09-17",
- "id": 624,
+ "id": 629,
"link": "/entries/Native_Word.html",
"permalink": "/entries/Native_Word.html",
"shortname": "Native_Word",
"title": "Native Word",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 10
},
{
"abstract": "This development provides a formal model of IEEE-754 floating-point arithmetic. This formalization, including formal specification of the standard and proofs of important properties of floating-point arithmetic, forms the foundation for verifying programs with floating-point computation. There is also a code generation setup for floats so that we can execute programs using this formalization in functional programming languages.",
"authors": [
"Lei Yu"
],
"date": "2013-07-27",
- "id": 625,
+ "id": 630,
"link": "/entries/IEEE_Floating_Point.html",
"permalink": "/entries/IEEE_Floating_Point.html",
"shortname": "IEEE_Floating_Point",
"title": "A Formal Model of IEEE Floating Point Arithmetic",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "In 1927, Lehmer presented criterions for primality, based on the converse of Fermat's litte theorem. This work formalizes the second criterion from Lehmer's paper, a necessary and sufficient condition for primality. \u003cp\u003e As a side product we formalize some properties of Euler's phi-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 626,
+ "id": 631,
"link": "/entries/Lehmer.html",
"permalink": "/entries/Lehmer.html",
"shortname": "Lehmer",
"title": "Lehmer's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "In 1975, Pratt introduced a proof system for certifying primes. He showed that a number \u003ci\u003ep\u003c/i\u003e is prime iff a primality certificate for \u003ci\u003ep\u003c/i\u003e exists. By showing a logarithmic upper bound on the length of the certificates in size of the prime number, he concluded that the decision problem for prime numbers is in NP. This work formalizes soundness and completeness of Pratt's proof system as well as an upper bound for the size of the certificate.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 627,
+ "id": 632,
"link": "/entries/Pratt_Certificate.html",
"permalink": "/entries/Pratt_Certificate.html",
"shortname": "Pratt_Certificate",
"title": "Pratt's Primality Certificates",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "This development provides a formalization of undirected graphs and simple graphs, which are based on Benedikt Nordhoff and Peter Lammich's simple formalization of labelled directed graphs in the archive. Then, with our formalization of graphs, we show both necessary and sufficient conditions for Eulerian trails and circuits as well as the fact that the Königsberg Bridge Problem does not have a solution. In addition, we show the Friendship Theorem in simple graphs.",
"authors": [
"Wenda Li"
],
"date": "2013-07-19",
- "id": 628,
+ "id": 633,
"link": "/entries/Koenigsberg_Friendship.html",
"permalink": "/entries/Koenigsberg_Friendship.html",
"shortname": "Koenigsberg_Friendship",
"title": "The Königsberg Bridge Problem and the Friendship Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the soundness and completeness properties for various efficient encodings of sorts in unsorted first-order logic used by Isabelle's Sledgehammer tool. \u003cp\u003e Essentially, the encodings proceed as follows: a many-sorted problem is decorated with (as few as possible) tags or guards that make the problem monotonic; then sorts can be soundly erased. \u003cp\u003e The development employs a formalization of many-sorted first-order logic in clausal form (clauses, structures and the basic properties of the satisfaction relation), which could be of interest as the starting point for other formalizations of first-order logic metatheory.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu"
],
"date": "2013-06-27",
- "id": 629,
+ "id": 634,
"link": "/entries/Sort_Encodings.html",
"permalink": "/entries/Sort_Encodings.html",
"shortname": "Sort_Encodings",
"title": "Sound and Complete Sort Encodings for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "This theory is split into two sections. In the first section, we give a formal proof that a well-known axiomatic characterization of the single-source shortest path problem is correct. Namely, we prove that in a directed graph with a non-negative cost function on the edges the single-source shortest path function is the only function that satisfies a set of four axioms. In the second section, we give a formal proof of the correctness of an axiomatic characterization of the single-source shortest path problem for directed graphs with general cost functions. The axioms here are more involved because we have to account for potential negative cycles in the graph. The axioms are summarized in three Isabelle locales.",
"authors": [
"Christine Rizkallah"
],
"date": "2013-05-22",
- "id": 630,
+ "id": 635,
"link": "/entries/ShortestPath.html",
"permalink": "/entries/ShortestPath.html",
"shortname": "ShortestPath",
"title": "An Axiomatic Characterization of the Single-Source Shortest Path Problem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms. \u003cp\u003e This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.",
"authors": [
"Lars Noschinski"
],
"date": "2013-04-28",
- "id": 631,
+ "id": 636,
"link": "/entries/Graph_Theory.html",
"permalink": "/entries/Graph_Theory.html",
"shortname": "Graph_Theory",
"title": "Graph Theory",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 7
},
{
"abstract": "This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this light-weight approach can seamlessly replace Isabelle's default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. \u003cp\u003e To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with non-complements.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-04-15",
- "id": 632,
+ "id": 637,
"link": "/entries/Containers.html",
"permalink": "/entries/Containers.html",
"shortname": "Containers",
"title": "Light-weight Containers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 8
},
{
"abstract": "\u003cp\u003eDealing with binders, renaming of bound variables, capture-avoiding substitution, etc., is very often a major problem in formal proofs, especially in proofs by structural and rule induction. Nominal Isabelle is designed to make such proofs easy to formalise: it provides an infrastructure for declaring nominal datatypes (that is alpha-equivalence classes) and for defining functions over them by structural recursion. It also provides induction principles that have Barendregt’s variable convention already built in. \u003c/p\u003e\u003cp\u003e This entry can be used as a more advanced replacement for HOL/Nominal in the Isabelle distribution. \u003c/p\u003e",
"authors": [
"Christian Urban",
"Stefan Berghofer",
"Cezary Kaliszyk"
],
"date": "2013-02-21",
- "id": 633,
+ "id": 638,
"link": "/entries/Nominal2.html",
"permalink": "/entries/Nominal2.html",
"shortname": "Nominal2",
"title": "Nominal 2",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 8
},
{
"abstract": "In his seminal paper \"Natural Semantics for Lazy Evaluation\", John Launchbury proves his semantics correct with respect to a denotational semantics, and outlines an adequacy proof. We have formalized both semantics and machine-checked the correctness proof, clarifying some details. Furthermore, we provide a new and more direct adequacy proof that does not require intermediate operational semantics.",
"authors": [
"Joachim Breitner"
],
"date": "2013-01-31",
- "id": 634,
+ "id": 639,
"link": "/entries/Launchbury.html",
"permalink": "/entries/Launchbury.html",
"shortname": "Launchbury",
"title": "The Correctness of Launchbury's Natural Semantics for Lazy Evaluation",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This document concerns the theory of ribbon proofs: a diagrammatic proof system, based on separation logic, for verifying program correctness. We include the syntax, proof rules, and soundness results for two alternative formalisations of ribbon proofs. \u003cp\u003e Compared to traditional proof outlines, ribbon proofs emphasise the structure of a proof, so are intelligible and pedagogical. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they may be more scalable. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs.",
"authors": [
"John Wickerson"
],
"date": "2013-01-19",
- "id": 635,
+ "id": 640,
"link": "/entries/Ribbon_Proofs.html",
"permalink": "/entries/Ribbon_Proofs.html",
"shortname": "Ribbon_Proofs",
"title": "Ribbon Proofs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "In this contribution, we present some formalizations based on the HOL-Multivariate-Analysis session of Isabelle. Firstly, a generalization of several theorems of such library are presented. Secondly, some definitions and proofs involving Linear Algebra and the four fundamental subspaces of a matrix are shown. Finally, we present a proof of the result known in Linear Algebra as the “Rank-Nullity Theorem”, which states that, given any linear map f from a finite dimensional vector space V to a vector space W, then the dimension of V is equal to the dimension of the kernel of f (which is a subspace of V) and the dimension of the range of f (which is a subspace of W). The proof presented here is based on the one given by Sheldon Axler in his book \u003ci\u003eLinear Algebra Done Right\u003c/i\u003e. As a corollary of the previous theorem, and taking advantage of the relationship between linear maps and matrices, we prove that, for every matrix A (which has associated a linear map between finite dimensional vector spaces), the sum of its null space and its column space (which is equal to the range of the linear map) is equal to the number of columns of A.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2013-01-16",
- "id": 636,
+ "id": 641,
"link": "/entries/Rank_Nullity_Theorem.html",
"permalink": "/entries/Rank_Nullity_Theorem.html",
"shortname": "Rank_Nullity_Theorem",
"title": "Rank-Nullity Theorem in Linear Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "These files contain a formalisation of variants of Kleene algebras and their most important models as axiomatic type classes in Isabelle/HOL. Kleene algebras are foundational structures in computing with applications ranging from automata and language theory to computational modeling, program construction and verification. \u003cp\u003e We start with formalising dioids, which are additively idempotent semirings, and expand them by axiomatisations of the Kleene star for finite iteration and an omega operation for infinite iteration. We show that powersets over a given monoid, (regular) languages, sets of paths in a graph, sets of computation traces, binary relations and formal power series form Kleene algebras, and consider further models based on lattices, max-plus semirings and min-plus semirings. We also demonstrate that dioids are closed under the formation of matrices (proofs for Kleene algebras remain to be completed). \u003cp\u003e On the one hand we have aimed at a reference formalisation of variants of Kleene algebras that covers a wide range of variants and the core theorems in a structured and modular way and provides readable proofs at text book level. On the other hand, we intend to use this algebraic hierarchy and its models as a generic algebraic middle-layer from which programming applications can quickly be explored, implemented and verified.",
"authors": [
"Alasdair Armstrong",
"Georg Struth",
"Tjark Weber"
],
"date": "2013-01-15",
- "id": 637,
+ "id": 642,
"link": "/entries/Kleene_Algebra.html",
"permalink": "/entries/Kleene_Algebra.html",
"shortname": "Kleene_Algebra",
"title": "Kleene Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "We implement the Babylonian method to compute n-th roots of numbers. We provide precise algorithms for naturals, integers and rationals, and offer an approximation algorithm for square roots over linear ordered fields. Moreover, there are precise algorithms to compute the floor and the ceiling of n-th roots.",
"authors": [
"René Thiemann"
],
"date": "2013-01-03",
- "id": 638,
+ "id": 643,
"link": "/entries/Sqrt_Babylonian.html",
"permalink": "/entries/Sqrt_Babylonian.html",
"shortname": "Sqrt_Babylonian",
"title": "Computing N-th Roots using the Babylonian Method",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "We provide a framework for separation-logic based correctness proofs of Imperative HOL programs. Our framework comes with a set of proof methods to automate canonical tasks such as verification condition generation and frame inference. Moreover, we provide a set of examples that show the applicability of our framework. The examples include algorithms on lists, hash-tables, and union-find trees. We also provide abstract interfaces for lists, maps, and sets, that allow to develop generic imperative algorithms and use data-refinement techniques. \u003cbr\u003e As we target Imperative HOL, our programs can be translated to efficiently executable code in various target languages, including ML, OCaml, Haskell, and Scala.",
"authors": [
"Peter Lammich",
"Rene Meis"
],
"date": "2012-11-14",
- "id": 639,
+ "id": 644,
"link": "/entries/Separation_Logic_Imperative_HOL.html",
"permalink": "/entries/Separation_Logic_Imperative_HOL.html",
"shortname": "Separation_Logic_Imperative_HOL",
"title": "A Separation Logic Framework for Imperative HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, \u003ci\u003eInformation Processing Letters\u003c/i\u003e 29, 1988, pp.19-23. \u003cp\u003eThis research was supported by the Austrian Science Fund (FWF): J3202.\u003c/p\u003e",
"authors": [
"Mizuhito Ogawa",
"Christian Sternagel"
],
"date": "2012-11-02",
- "id": 640,
+ "id": 645,
"link": "/entries/Open_Induction.html",
"permalink": "/entries/Open_Induction.html",
"shortname": "Open_Induction",
"title": "Open Induction",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "Tarski's axioms of plane geometry are formalized and, using the standard real Cartesian model, shown to be consistent. A substantial theory of the projective plane is developed. Building on this theory, the Klein-Beltrami model of the hyperbolic plane is defined and shown to satisfy all of Tarski's axioms except his Euclidean axiom; thus Tarski's Euclidean axiom is shown to be independent of his other axioms of plane geometry. \u003cp\u003e An earlier version of this work was the subject of the author's \u003ca href=\"http://researcharchive.vuw.ac.nz/handle/10063/2315\"\u003eMSc thesis\u003c/a\u003e, which contains natural-language explanations of some of the more interesting proofs.",
"authors": [
"T. J. M. Makarios"
],
"date": "2012-10-30",
- "id": 641,
+ "id": 646,
"link": "/entries/Tarskis_Geometry.html",
"permalink": "/entries/Tarskis_Geometry.html",
"shortname": "Tarskis_Geometry",
"title": "The independence of Tarski's Euclidean axiom",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "A proof of Bondy's theorem following B. Bollabas, Combinatorics, 1986, Cambridge University Press.",
"authors": [
"Jeremy Avigad",
"Stefan Hetzl"
],
"date": "2012-10-27",
- "id": 642,
+ "id": 647,
"link": "/entries/Bondy.html",
"permalink": "/entries/Bondy.html",
"shortname": "Bondy",
"title": "Bondy's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize a wide variety of Volpano/Smith-style noninterference notions for a while language with parallel composition. We systematize and classify these notions according to compositionality w.r.t. the language constructs. Compositionality yields sound syntactic criteria (a.k.a. type systems) in a uniform way. \u003cp\u003e An \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cpp12.html\"\u003earticle\u003c/a\u003e about these proofs is published in the proceedings of the conference Certified Programs and Proofs 2012.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2012-09-10",
- "id": 643,
+ "id": 648,
"link": "/entries/Possibilistic_Noninterference.html",
"permalink": "/entries/Possibilistic_Noninterference.html",
"shortname": "Possibilistic_Noninterference",
"title": "Possibilistic Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's “\u003ctt\u003ederiving Ord, Show, ...\u003c/tt\u003e” feature. \u003cp\u003e We further implemented such automatic methods to derive (linear) orders or hash-functions which are required in the Isabelle Collection Framework. Moreover, for the tactic of Huffman and Krauss to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. \u003cp\u003e Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactic we could completely remove tedious proofs for linear orders of two datatypes. \u003cp\u003e This development is aimed at datatypes generated by the \"\u003ctt\u003eold_datatype\u003c/tt\u003e\" command.",
"authors": [
"René Thiemann"
],
"date": "2012-08-07",
- "id": 644,
+ "id": 649,
"link": "/entries/Datatype_Order_Generator.html",
"permalink": "/entries/Datatype_Order_Generator.html",
"shortname": "Datatype_Order_Generator",
"title": "Generating linear orders for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "Squaring the circle, doubling the cube and trisecting an angle, using a compass and straightedge alone, are classic unsolved problems first posed by the ancient Greeks. All three problems were proved to be impossible in the 19th century. The following document presents the proof of the impossibility of solving the latter two problems using Isabelle/HOL, following a proof by Carrega. The proof uses elementary methods: no Galois theory or field extensions. The set of points constructible using a compass and straightedge is defined inductively. Radical expressions, which involve only square roots and arithmetic of rational numbers, are defined, and we find that all constructive points have radical coordinates. Finally, doubling the cube and trisecting certain angles requires solving certain cubic equations that can be proved to have no rational roots. The Isabelle proofs require a great many detailed calculations.",
"authors": [
"Ralph Romanos",
"Lawrence C. Paulson"
],
"date": "2012-08-05",
- "id": 645,
+ "id": 650,
"link": "/entries/Impossible_Geometry.html",
"permalink": "/entries/Impossible_Geometry.html",
"shortname": "Impossible_Geometry",
"title": "Proving the Impossibility of Trisecting an Angle and Doubling the Cube",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Distributed computing is inherently based on replication, promising increased tolerance to failures of individual computing nodes or communication channels. Realizing this promise, however, involves quite subtle algorithmic mechanisms, and requires precise statements about the kinds and numbers of faults that an algorithm tolerates (such as process crashes, communication faults or corrupted values). The landmark theorem due to Fischer, Lynch, and Paterson shows that it is impossible to achieve Consensus among N asynchronously communicating nodes in the presence of even a single permanent failure. Existing solutions must rely on assumptions of \"partial synchrony\". \u003cp\u003e Indeed, there have been numerous misunderstandings on what exactly a given algorithm is supposed to realize in what kinds of environments. Moreover, the abundance of subtly different computational models complicates comparisons between different algorithms. Charron-Bost and Schiper introduced the Heard-Of model for representing algorithms and failure assumptions in a uniform framework, simplifying comparisons between algorithms. \u003cp\u003e In this contribution, we represent the Heard-Of model in Isabelle/HOL. We define two semantics of runs of algorithms with different unit of atomicity and relate these through a reduction theorem that allows us to verify algorithms in the coarse-grained semantics (where proofs are easier) and infer their correctness for the fine-grained one (which corresponds to actual executions). We instantiate the framework by verifying six Consensus algorithms that differ in the underlying algorithmic mechanisms and the kinds of faults they tolerate.",
"authors": [
"Henri Debrat",
"Stephan Merz"
],
"date": "2012-07-27",
- "id": 646,
+ "id": 651,
"link": "/entries/Heard_Of.html",
"permalink": "/entries/Heard_Of.html",
"shortname": "Heard_Of",
"title": "Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 1
},
{
"abstract": "We apply Andy Pitts's methods of defining relations over domains to several classical results in the literature. We show that the Y combinator coincides with the domain-theoretic fixpoint operator, that parallel-or and the Plotkin existential are not definable in PCF, that the continuation semantics for PCF coincides with the direct semantics, and that our domain-theoretic semantics for PCF is adequate for reasoning about contextual equivalence in an operational semantics. Our version of PCF is untyped and has both strict and non-strict function abstractions. The development is carried out in HOLCF.",
"authors": [
"Peter Gammie"
],
"date": "2012-07-01",
- "id": 647,
+ "id": 652,
"link": "/entries/PCF.html",
"permalink": "/entries/PCF.html",
"shortname": "PCF",
"title": "Logical Relations for PCF",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "These theories contain a formalization of first class type constructors and axiomatic constructor classes for HOLCF. This work is described in detail in the ICFP 2012 paper \u003ci\u003eFormal Verification of Monad Transformers\u003c/i\u003e by the author. The formalization is a revised and updated version of earlier joint work with Matthews and White. \u003cP\u003e Based on the hierarchy of type classes in Haskell, we define classes for functors, monads, monad-plus, etc. Each one includes all the standard laws as axioms. We also provide a new user command, tycondef, for defining new type constructors in HOLCF. Using tycondef, we instantiate the type class hierarchy with various monads and monad transformers.",
"authors": [
"Brian Huffman"
],
"date": "2012-06-26",
- "id": 648,
+ "id": 653,
"link": "/entries/Tycon.html",
"permalink": "/entries/Tycon.html",
"shortname": "Tycon",
"title": "Type Constructor Classes and Monad Transformers",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We formalise a large portion of CCS as described in Milner's book 'Communication and Concurrency' using the nominal datatype package in Isabelle. Our results include many of the standard theorems of bisimulation equivalence and congruence, for both weak and strong versions. One main goal of this formalisation is to keep the machine-checked proofs as close to their pen-and-paper counterpart as possible. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 649,
+ "id": 654,
"link": "/entries/CCS.html",
"permalink": "/entries/CCS.html",
"shortname": "CCS",
"title": "CCS in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied pi-calculus and the concurrent constraint pi-calculus. \u003cp\u003e We have formalised psi-calculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. \u003cp\u003e The main effort in the formalisation is to keep the machine checked proofs as close to their pen-and-paper counterparts as possible. This includes treating all binding sequences as atomic elements, and creating custom induction and inversion rules that to remove the bulk of manual alpha-conversions. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 650,
+ "id": 655,
"link": "/entries/Psi_Calculi.html",
"permalink": "/entries/Psi_Calculi.html",
"shortname": "Psi_Calculi",
"title": "Psi-calculi in Isabelle",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We formalise the pi-calculus using the nominal datatype package, based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a uniform manner. We thus provide one of the most extensive formalisations of a the pi-calculus ever done inside a theorem prover. \u003cp\u003e A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 651,
+ "id": 656,
"link": "/entries/Pi_Calculus.html",
"permalink": "/entries/Pi_Calculus.html",
"shortname": "Pi_Calculus",
"title": "The pi-calculus in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He's Unifying Theories of Programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). \u003cp\u003e The Isabelle/Circus environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. This article contains an extended version of corresponding VSTTE Paper together with the complete formal development of its underlying commented theories.",
"authors": [
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Marie-Claude Gaudel"
],
"date": "2012-05-27",
- "id": 652,
+ "id": 657,
"link": "/entries/Circus.html",
"permalink": "/entries/Circus.html",
"shortname": "Circus",
"title": "Isabelle/Circus",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/system-description-languages"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We present a generic type class implementation of separation algebra for Isabelle/HOL as well as lemmas and generic tactics which can be used directly for any instantiation of the type class. \u003cP\u003e The ex directory contains example instantiations that include structures such as a heap or virtual memory. \u003cP\u003e The abstract separation algebra is based upon \"Abstract Separation Logic\" by Calcagno et al. These theories are also the basis of the ITP 2012 rough diamond \"Mechanised Separation Algebra\" by the authors. \u003cP\u003e The aim of this work is to support and significantly reduce the effort for future separation logic developments in Isabelle/HOL by factoring out the part of separation logic that can be treated abstractly once and for all. This includes developing typical default rule sets for reasoning as well as automated tactic support for separation logic.",
"authors": [
"Gerwin Klein",
"Rafal Kolanski",
"Andrew Boyton"
],
"date": "2012-05-11",
- "id": 653,
+ "id": 658,
"link": "/entries/Separation_Algebra.html",
"permalink": "/entries/Separation_Algebra.html",
"shortname": "Separation_Algebra",
"title": "Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 3
},
{
"abstract": "\u003cp\u003eTwo omega-sequences are stuttering equivalent if they differ only by finite repetitions of elements. Stuttering equivalence is a fundamental concept in the theory of concurrent and distributed systems. Notably, Lamport argues that refinement notions for such systems should be insensitive to finite stuttering. Peled and Wilke showed that all PLTL (propositional linear-time temporal logic) properties that are insensitive to stuttering equivalence can be expressed without the next-time operator. Stuttering equivalence is also important for certain verification techniques such as partial-order reduction for model checking.\u003c/p\u003e \u003cp\u003eWe formalize stuttering equivalence in Isabelle/HOL. Our development relies on the notion of stuttering sampling functions that may skip blocks of identical sequence elements. We also encode PLTL and prove the theorem due to Peled and Wilke.\u003c/p\u003e",
"authors": [
"Stephan Merz"
],
"date": "2012-05-07",
- "id": 654,
+ "id": 659,
"link": "/entries/Stuttering_Equivalence.html",
"permalink": "/entries/Stuttering_Equivalence.html",
"shortname": "Stuttering_Equivalence",
"title": "Stuttering Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 5
},
{
"abstract": "This document contains the full theory files accompanying article \u003ci\u003eInductive Study of Confidentiality --- for Everyone\u003c/i\u003e in \u003ci\u003eFormal Aspects of Computing\u003c/i\u003e. They aim at an illustrative and didactic presentation of the Inductive Method of protocol analysis, focusing on the treatment of one of the main goals of security protocols: confidentiality against a threat model. The treatment of confidentiality, which in fact forms a key aspect of all protocol analysis tools, has been found cryptic by many learners of the Inductive Method, hence the motivation for this work. The theory files in this document guide the reader step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev-Yao and a more audacious one, the General Attacker, which turns out to be particularly useful also for teaching purposes.",
"authors": [
"Giampaolo Bella"
],
"date": "2012-05-02",
- "id": 655,
+ "id": 660,
"link": "/entries/Inductive_Confidentiality.html",
"permalink": "/entries/Inductive_Confidentiality.html",
"shortname": "Inductive_Confidentiality",
"title": "Inductive Study of Confidentiality",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSession Ordinary-Differential-Equations formalizes ordinary differential equations (ODEs) and initial value problems. This work comprises proofs for local and global existence of unique solutions (Picard-Lindelöf theorem). Moreover, it contains a formalization of the (continuous or even differentiable) dependency of the flow on initial conditions as the \u003ci\u003eflow\u003c/i\u003e of ODEs.\u003c/p\u003e \u003cp\u003e Not in the generated document are the following sessions: \u003cul\u003e \u003cli\u003e HOL-ODE-Numerics: Rigorous numerical algorithms for computing enclosures of solutions based on Runge-Kutta methods and affine arithmetic. Reachability analysis with splitting and reduction at hyperplanes.\u003c/li\u003e \u003cli\u003e HOL-ODE-Examples: Applications of the numerical algorithms to concrete systems of ODEs.\u003c/li\u003e \u003cli\u003e Lorenz_C0, Lorenz_C1: Verified algorithms for checking C1-information according to Tucker's proof, computation of C0-information.\u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e",
"authors": [
"Fabian Immler",
"Johannes Hölzl"
],
"date": "2012-04-26",
- "id": 656,
+ "id": 661,
"link": "/entries/Ordinary_Differential_Equations.html",
"permalink": "/entries/Ordinary_Differential_Equations.html",
"shortname": "Ordinary_Differential_Equations",
"title": "Ordinary Differential Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 3
},
{
"abstract": "Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of \"bad\" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of finite trees, which (almost) directly follow from our proofs of (1) Dickson's Lemma, (2) Higman's Lemma, and (3) Kruskal's Tree Theorem. More concretely: \u003cul\u003e \u003cli\u003eIf the sets A and B are wqo then their Cartesian product is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite lists over A is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite trees over A is wqo.\u003c/li\u003e \u003c/ul\u003e The research was funded by the Austrian Science Fund (FWF): J3202.",
"authors": [
"Christian Sternagel"
],
"date": "2012-04-13",
- "id": 657,
+ "id": 662,
"link": "/entries/Well_Quasi_Orders.html",
"permalink": "/entries/Well_Quasi_Orders.html",
"shortname": "Well_Quasi_Orders",
"title": "Well-Quasi-Orders",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 5
},
{
"abstract": "We define the Abortable Linearizable Module automaton (ALM for short) and prove its key composition property using the IOA theory of HOLCF. The ALM is at the heart of the Speculative Linearizability framework. This framework simplifies devising correct speculative algorithms by enabling their decomposition into independent modules that can be analyzed and proved correct in isolation. It is particularly useful when working in a distributed environment, where the need to tolerate faults and asynchrony has made current monolithic protocols so intricate that it is no longer tractable to check their correctness. Our theory contains a typical example of a refinement proof in the I/O-automata framework of Lynch and Tuttle.",
"authors": [
"Rachid Guerraoui",
"Viktor Kuncak",
"Giuliano Losa"
],
"date": "2012-03-01",
- "id": 658,
+ "id": 663,
"link": "/entries/Abortable_Linearizable_Modules.html",
"permalink": "/entries/Abortable_Linearizable_Modules.html",
"shortname": "Abortable_Linearizable_Modules",
"title": "Abortable Linearizable Modules",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We provide a generic work-list algorithm to compute the (reflexive-)transitive closure of relations where only successors of newly detected states are generated. In contrast to our previous work, the relations do not have to be finite, but each element must only have finitely many (indirect) successors. Moreover, a subsumption relation can be used instead of pure equality. An executable variant of the algorithm is available where the generic operations are instantiated with list operations. \u003c/p\u003e\u003cp\u003e This formalization was performed as part of the IsaFoR/CeTA project, and it has been used to certify size-change termination proofs where large transitive closures have to be computed. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2012-02-29",
- "id": 659,
+ "id": 664,
"link": "/entries/Transitive-Closure-II.html",
"permalink": "/entries/Transitive-Closure-II.html",
"shortname": "Transitive-Closure-II",
"title": "Executable Transitive Closures",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This works presents a formalization of the Girth-Chromatic number theorem in graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. The proof uses the theory of Random Graphs to prove the existence with probabilistic arguments.",
"authors": [
"Lars Noschinski"
],
"date": "2012-02-06",
- "id": 660,
+ "id": 665,
"link": "/entries/Girth_Chromatic.html",
"permalink": "/entries/Girth_Chromatic.html",
"shortname": "Girth_Chromatic",
"title": "A Probabilistic Proof of the Girth-Chromatic Number Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 5
},
{
"abstract": "We implement and prove correct Dijkstra's algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation is derived using data structures from the Isabelle Collection Framework.",
"authors": [
"Benedikt Nordhoff",
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 661,
+ "id": 666,
"link": "/entries/Dijkstra_Shortest_Path.html",
"permalink": "/entries/Dijkstra_Shortest_Path.html",
"shortname": "Dijkstra_Shortest_Path",
"title": "Dijkstra's Shortest Path Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminism-monad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. \u003cp\u003e The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. \u003cp\u003e This submission comes with a collection of examples and a user-guide, illustrating the usage of the framework.",
"authors": [
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 662,
+ "id": 667,
"link": "/entries/Refine_Monadic.html",
"permalink": "/entries/Refine_Monadic.html",
"shortname": "Refine_Monadic",
"title": "Refinement for Monadic Programs",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 3
},
{
"abstract": "This is a formalization of Markov models in Isabelle/HOL. It builds on Isabelle's probability theory. The available models are currently Discrete-Time Markov Chains and a extensions of them with rewards. \u003cp\u003e As application of these models we formalize probabilistic model checking of pCTL formulas, analysis of IPv4 address allocation in ZeroConf and an analysis of the anonymity of the Crowds protocol. \u003ca href=\"http://arxiv.org/abs/1212.3870\"\u003eSee here for the corresponding paper.\u003c/a\u003e",
"authors": [
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2012-01-03",
- "id": 663,
+ "id": 668,
"link": "/entries/Markov_Models.html",
"permalink": "/entries/Markov_Models.html",
"shortname": "Markov_Models",
"title": "Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "We mechanise the logic TLA* \u003ca href=\"http://www.springerlink.com/content/ax3qk557qkdyt7n6/\"\u003e[Merz 1999]\u003c/a\u003e, an extension of Lamport's Temporal Logic of Actions (TLA) \u003ca href=\"http://dl.acm.org/citation.cfm?doid=177492.177726\"\u003e[Lamport 1994]\u003c/a\u003e for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising] the verification of TLA (or TLA*) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [Merz 1998], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: \u003cul\u003e \u003cli\u003ea theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; \u003cli\u003ea definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; \u003cli\u003ea substantial set of derived proof rules, including the TLA* axioms and Lamport's proof rules for system verification; \u003cli\u003ea set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. \u003c/ul\u003e Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic \u003ca href=\"http://www.springerlink.com/content/354026160p14j175/\"\u003e[Chaudhuri et al 2010]\u003c/a\u003e.",
"authors": [
"Gudmund Grov",
"Stephan Merz"
],
"date": "2011-11-19",
- "id": 664,
+ "id": 669,
"link": "/entries/TLA.html",
"permalink": "/entries/TLA.html",
"shortname": "TLA",
"title": "A Definitional Encoding of TLA* in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.",
"authors": [
"Christian Sternagel"
],
"date": "2011-11-09",
- "id": 665,
+ "id": 670,
"link": "/entries/Efficient-Mergesort.html",
"permalink": "/entries/Efficient-Mergesort.html",
"shortname": "Efficient-Mergesort",
"title": "Efficient Mergesort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "Algebras of imperative programming languages have been successful in reasoning about programs. In general an algebra of programs is an algebraic structure with programs as elements and with program compositions (sequential composition, choice, skip) as algebra operations. Various versions of these algebras were introduced to model partial correctness, total correctness, refinement, demonic choice, and other aspects. We formalize here an algebra which can be used to model total correctness, refinement, demonic and angelic choice. The basic model of this algebra are monotonic Boolean transformers (monotonic functions from a Boolean algebra to itself).",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 666,
+ "id": 671,
"link": "/entries/MonoBoolTranAlgebra.html",
"permalink": "/entries/MonoBoolTranAlgebra.html",
"shortname": "MonoBoolTranAlgebra",
"title": "Algebra of Monotonic Boolean Transformers",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "This formalization introduces and collects some algebraic structures based on lattices and complete lattices for use in other developments. The structures introduced are modular, and lattice ordered groups. In addition to the results proved for the new lattices, this formalization also introduces theorems about latices and complete lattices in general.",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 667,
+ "id": 672,
"link": "/entries/LatticeProperties.html",
"permalink": "/entries/LatticeProperties.html",
"shortname": "LatticeProperties",
"title": "Lattice Properties",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 3
},
{
"abstract": "Pseudo-hoops are algebraic structures introduced by B. Bosbach under the name of complementary semigroups. In this formalization we prove some properties of pseudo-hoops and we define the basic concepts of filter and normal filter. The lattice of normal filters is isomorphic with the lattice of congruences of a pseudo-hoop. We also study some important classes of pseudo-hoops. Bounded Wajsberg pseudo-hoops are equivalent to pseudo-Wajsberg algebras and bounded basic pseudo-hoops are equivalent to pseudo-BL algebras. Some examples of pseudo-hoops are given in the last section of the formalization.",
"authors": [
"George Georgescu",
"Laurentiu Leustean",
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 668,
+ "id": 673,
"link": "/entries/PseudoHoops.html",
"permalink": "/entries/PseudoHoops.html",
"shortname": "PseudoHoops",
"title": "Pseudo Hoops",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "There are many proofs of the Myhill-Nerode theorem using automata. In this library we give a proof entirely based on regular expressions, since regularity of languages can be conveniently defined using regular expressions (it is more painful in HOL to define regularity in terms of automata). We prove the first direction of the Myhill-Nerode theorem by solving equational systems that involve regular expressions. For the second direction we give two proofs: one using tagging-functions and another using partial derivatives. We also establish various closure properties of regular languages. Most details of the theories are described in our ITP 2011 paper.",
"authors": [
"Chunhan Wu",
"Xingyuan Zhang",
"Christian Urban"
],
"date": "2011-08-26",
- "id": 669,
+ "id": 674,
"link": "/entries/Myhill-Nerode.html",
"permalink": "/entries/Myhill-Nerode.html",
"shortname": "Myhill-Nerode",
"title": "The Myhill-Nerode Theorem Based on Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This theory provides a compact formulation of Gauss-Jordan elimination for matrices represented as functions. Its distinctive feature is succinctness. It is not meant for large computations.",
"authors": [
"Tobias Nipkow"
],
"date": "2011-08-19",
- "id": 670,
+ "id": 675,
"link": "/entries/Gauss-Jordan-Elim-Fun.html",
"permalink": "/entries/Gauss-Jordan-Elim-Fun.html",
"shortname": "Gauss-Jordan-Elim-Fun",
"title": "Gauss-Jordan Elimination for Matrices Represented as Functions",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003ematching\u003c/em\u003e in a graph \u003ci\u003eG\u003c/i\u003e is a subset \u003ci\u003eM\u003c/i\u003e of the edges of \u003ci\u003eG\u003c/i\u003e such that no two share an endpoint. A matching has maximum cardinality if its cardinality is at least as large as that of any other matching. An \u003cem\u003eodd-set cover\u003c/em\u003e \u003ci\u003eOSC\u003c/i\u003e of a graph \u003ci\u003eG\u003c/i\u003e is a labeling of the nodes of \u003ci\u003eG\u003c/i\u003e with integers such that every edge of \u003ci\u003eG\u003c/i\u003e is either incident to a node labeled 1 or connects two nodes labeled with the same number \u003ci\u003ei \u0026ge; 2\u003c/i\u003e. \u003c/p\u003e\u003cp\u003e This article proves Edmonds theorem:\u003cbr\u003e Let \u003ci\u003eM\u003c/i\u003e be a matching in a graph \u003ci\u003eG\u003c/i\u003e and let \u003ci\u003eOSC\u003c/i\u003e be an odd-set cover of \u003ci\u003eG\u003c/i\u003e. For any \u003ci\u003ei \u0026ge; 0\u003c/i\u003e, let \u003cvar\u003en(i)\u003c/var\u003e be the number of nodes labeled \u003ci\u003ei\u003c/i\u003e. If \u003ci\u003e|M| = n(1) + \u0026sum;\u003csub\u003ei \u0026ge; 2\u003c/sub\u003e(n(i) div 2)\u003c/i\u003e, then \u003ci\u003eM\u003c/i\u003e is a maximum cardinality matching. \u003c/p\u003e",
"authors": [
"Christine Rizkallah"
],
"date": "2011-07-21",
- "id": 671,
+ "id": 676,
"link": "/entries/Max-Card-Matching.html",
"permalink": "/entries/Max-Card-Matching.html",
"shortname": "Max-Card-Matching",
"title": "Maximum Cardinality Matching",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm top-down, using Isabelle's locale mechanism to structure these proofs, and show that two classic examples can be synthesised using Isabelle's code generator.",
"authors": [
"Peter Gammie"
],
"date": "2011-05-17",
- "id": 672,
+ "id": 677,
"link": "/entries/KBPs.html",
"permalink": "/entries/KBPs.html",
"shortname": "KBPs",
"title": "Knowledge-based programs",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "Some acute-angled triangles are special, e.g. right-angled or isoscele triangles. Some are not of this kind, but, without measuring angles, look as if they were. In that sense, there is exactly one general triangle. This well-known fact is proven here formally.",
"authors": [
"Joachim Breitner"
],
"date": "2011-04-01",
- "id": 673,
+ "id": 678,
"link": "/entries/General-Triangle.html",
"permalink": "/entries/General-Triangle.html",
"shortname": "General-Triangle",
"title": "The General Triangle Is Unique",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was performed as part of the IsaFoR/CeTA project where reflexive transitive closures of large tree automata have to be computed.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2011-03-14",
- "id": 674,
+ "id": 679,
"link": "/entries/Transitive-Closure.html",
"permalink": "/entries/Transitive-Closure.html",
"shortname": "Transitive-Closure",
"title": "Executable Transitive Closures of Finite Relations",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We formalize the AutoFocus Semantics (a time-synchronous subset of the Focus formalism) as stream processing functions on finite and infinite message streams represented as finite/infinite lists. The formalization comprises both the conventional single-clocking semantics (uniform global clock for all components and communications channels) and its extension to multi-clocking semantics (internal execution clocking of a component may be a multiple of the external communication clocking). The semantics is defined by generic stream processing functions making it suitable for simulation/code generation in Isabelle/HOL. Furthermore, a number of AutoFocus semantics properties are formalized using definitions from the IntervalLogic theories.",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 675,
+ "id": 680,
"link": "/entries/AutoFocus-Stream.html",
"permalink": "/entries/AutoFocus-Stream.html",
"shortname": "AutoFocus-Stream",
"title": "AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We introduce a theory of infinite lists in HOL formalized as functions over naturals (folder ListInf, theories ListInf and ListInf_Prefix). It also provides additional results for finite lists (theory ListInf/List2), natural numbers (folder CommonArith, esp. division/modulo, naturals with infinity), sets (folder CommonSet, esp. cutting/truncating sets, traversing sets of naturals).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 676,
+ "id": 681,
"link": "/entries/List-Infinite.html",
"permalink": "/entries/List-Infinite.html",
"shortname": "List-Infinite",
"title": "Infinite Lists",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We introduce a theory of temporal logic operators using sets of natural numbers as time domain, formalized in a shallow embedding manner. The theory comprises special natural intervals (theory IL_Interval: open and closed intervals, continuous and modulo intervals, interval traversing results), operators for shifting intervals to left/right on the number axis as well as expanding/contracting intervals by constant factors (theory IL_IntervalOperators.thy), and ultimately definitions and results for unary and binary temporal operators on arbitrary natural sets (theory IL_TemporalOperators).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 677,
+ "id": 682,
"link": "/entries/Nat-Interval-Logic.html",
"permalink": "/entries/Nat-Interval-Logic.html",
"shortname": "Nat-Interval-Logic",
"title": "Interval Temporal Logic on Natural Numbers",
"topic_links": [
"logic/general-logic/temporal-logic"
],
"topics": [
"Logic/General logic/Temporal logic"
],
"used_by": 1
},
{
"abstract": "A fully-formalized and extensible minimal imperative fragment of Java.",
"authors": [
"Rok Strniša",
"Matthew Parkinson"
],
"date": "2011-02-07",
- "id": 678,
+ "id": 683,
"link": "/entries/LightweightJava.html",
"permalink": "/entries/LightweightJava.html",
"shortname": "LightweightJava",
"title": "Lightweight Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This work presents a verification of an implementation in SPARK/ADA of the cryptographic hash-function RIPEMD-160. A functional specification of RIPEMD-160 is given in Isabelle/HOL. Proofs for the verification conditions generated by the static-analysis toolset of SPARK certify the functional correctness of the implementation.",
"authors": [
"Fabian Immler"
],
"date": "2011-01-10",
- "id": 679,
+ "id": 684,
"link": "/entries/RIPEMD-160-SPARK.html",
"permalink": "/entries/RIPEMD-160-SPARK.html",
"shortname": "RIPEMD-160-SPARK",
"title": "RIPEMD-160",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We define the notions of lower and upper semicontinuity for functions from a metric space to the extended real line. We prove that a function is both lower and upper semicontinuous if and only if it is continuous. We also give several equivalent characterizations of lower semicontinuity. In particular, we prove that a function is lower semicontinuous if and only if its epigraph is a closed set. Also, we introduce the notion of the lower semicontinuous hull of an arbitrary function and prove its basic properties.",
"authors": [
"Bogdan Grechuk"
],
"date": "2011-01-08",
- "id": 680,
+ "id": 685,
"link": "/entries/Lower_Semicontinuous.html",
"permalink": "/entries/Lower_Semicontinuous.html",
"shortname": "Lower_Semicontinuous",
"title": "Lower Semicontinuous Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Two proofs of Hall's Marriage Theorem: one due to Halmos and Vaughan, one due to Rado.",
"authors": [
"Dongchen Jiang",
"Tobias Nipkow"
],
"date": "2010-12-17",
- "id": 681,
+ "id": 686,
"link": "/entries/Marriage.html",
"permalink": "/entries/Marriage.html",
"shortname": "Marriage",
"title": "Hall's Marriage Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In his dissertation, Olin Shivers introduces a concept of control flow graphs for functional languages, provides an algorithm to statically derive a safe approximation of the control flow graph and proves this algorithm correct. In this research project, Shivers' algorithms and proofs are formalized in the HOLCF extension of HOL.",
"authors": [
"Joachim Breitner"
],
"date": "2010-11-16",
- "id": 682,
+ "id": 687,
"link": "/entries/Shivers-CFA.html",
"permalink": "/entries/Shivers-CFA.html",
"shortname": "Shivers-CFA",
"title": "Shivers' Control Flow Analysis",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We implement and prove correct binomial heaps and skew binomial heaps. Both are data-structures for priority queues. While binomial heaps have logarithmic \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003edeleteMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, skew binomial heaps have constant time \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, and only the \u003cem\u003edeleteMin\u003c/em\u003e-operation is logarithmic. This is achieved by using \u003cem\u003eskew links\u003c/em\u003e to avoid cascading linking on \u003cem\u003einsert\u003c/em\u003e-operations, and \u003cem\u003edata-structural bootstrapping\u003c/em\u003e to get constant-time \u003cem\u003efindMin\u003c/em\u003e and \u003cem\u003emeld\u003c/em\u003e operations. Our implementation follows the paper by Brodal and Okasaki.",
"authors": [
"Rene Meis",
"Finn Nielsen",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 683,
+ "id": 688,
"link": "/entries/Binomial-Heaps.html",
"permalink": "/entries/Binomial-Heaps.html",
"shortname": "Binomial-Heaps",
"title": "Binomial Heaps and Skew Binomial Heaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We implement and prove correct 2-3 finger trees. Finger trees are a general purpose data structure, that can be used to efficiently implement other data structures, such as priority queues. Intuitively, a finger tree is an annotated sequence, where the annotations are elements of a monoid. Apart from operations to access the ends of the sequence, the main operation is to split the sequence at the point where a \u003cem\u003emonotone predicate\u003c/em\u003e over the sum of the left part of the sequence becomes true for the first time. The implementation follows the paper of Hinze and Paterson. The code generator can be used to get efficient, verified code.",
"authors": [
"Benedikt Nordhoff",
"Stefan Körner",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 684,
+ "id": 689,
"link": "/entries/Finger-Trees.html",
"permalink": "/entries/Finger-Trees.html",
"shortname": "Finger-Trees",
"title": "Finger Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 3
},
{
"abstract": "Priority queues are an important data structure and efficient implementations of them are crucial. We implement a functional variant of binomial queues in Isabelle/HOL and show its functional correctness. A verification against an abstract reference specification of priority queues has also been attempted, but could not be achieved to the full extent.",
"authors": [
"René Neumann"
],
"date": "2010-10-28",
- "id": 685,
+ "id": 690,
"link": "/entries/Binomial-Queues.html",
"permalink": "/entries/Binomial-Queues.html",
"shortname": "Binomial-Queues",
"title": "Functional Binomial Queues",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Handling variable binding is one of the main difficulties in formal proofs. In this context, Moggi's computational metalanguage serves as an interesting case study. It features monadic types and a commuting conversion rule that rearranges the binding structure. Lindley and Stark have given an elegant proof of strong normalization for this calculus. The key construction in their proof is a notion of relational TT-lifting, using stacks of elimination contexts to obtain a Girard-Tait style logical relation. I give a formalization of their proof in Isabelle/HOL-Nominal with a particular emphasis on the treatment of bound variables.",
"authors": [
"Christian Doczkal"
],
"date": "2010-08-29",
- "id": 686,
+ "id": 691,
"link": "/entries/Lam-ml-Normalization.html",
"permalink": "/entries/Lam-ml-Normalization.html",
"shortname": "Lam-ml-Normalization",
"title": "Strong Normalization of Moggis's Computational Metalanguage",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter, Zankl, and Middeldorp. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over polynomials. Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA-system\u003c/a\u003e which contains several termination techniques. The provided theories have been essential to formalize polynomial interpretations. \u003cp\u003e This formalization also contains an abstract representation as coefficient functions with finite support and a type of power-products. If this type is ordered by a linear (term) ordering, various additional notions, such as leading power-product, leading coefficient etc., are introduced as well. Furthermore, a lot of generic properties of, and functions on, multivariate polynomials are formalized, including the substitution and evaluation homomorphisms, embeddings of polynomial rings into larger rings (i.e. with one additional indeterminate), homogenization and dehomogenization of polynomials, and the canonical isomorphism between R[X,Y] and R[X][Y].",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Alexander Maletzky",
"Fabian Immler",
"Florian Haftmann",
"Andreas Lochbihler",
"Alexander Bentkamp"
],
"date": "2010-08-10",
- "id": 687,
+ "id": 692,
"link": "/entries/Polynomials.html",
"permalink": "/entries/Polynomials.html",
"shortname": "Polynomials",
"title": "Executable Multivariate Polynomials",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 7
},
{
"abstract": "We formalize in Isabelle/HOL the abtract syntax and a synchronous step semantics for the specification language Statecharts. The formalization is based on Hierarchical Automata which allow a structural decomposition of Statecharts into Sequential Automata. To support the composition of Statecharts, we introduce calculating operators to construct a Hierarchical Automaton in a stepwise manner. Furthermore, we present a complete semantics of Statecharts including a theory of data spaces, which enables the modelling of racing effects. We also adapt CTL for Statecharts to build a bridge for future combinations with model checking. However the main motivation of this work is to provide a sound and complete basis for reasoning on Statecharts. As a central meta theorem we prove that the well-formedness of a Statechart is preserved by the semantics.",
"authors": [
"Steffen Helke",
"Florian Kammüller"
],
"date": "2010-08-08",
- "id": 688,
+ "id": 693,
"link": "/entries/Statecharts.html",
"permalink": "/entries/Statecharts.html",
"shortname": "Statecharts",
"title": "Formalizing Statecharts using Hierarchical Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Free Groups are, in a sense, the most generic kind of group. They are defined over a set of generators with no additional relations in between them. They play an important role in the definition of group presentations and in other fields. This theory provides the definition of Free Group as the set of fully canceled words in the generators. The universal property is proven, as well as some isomorphisms results about Free Groups.",
"authors": [
"Joachim Breitner"
],
"date": "2010-06-24",
- "id": 689,
+ "id": 694,
"link": "/entries/Free-Groups.html",
"permalink": "/entries/Free-Groups.html",
"shortname": "Free-Groups",
"title": "Free Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This article presents a development of Category Theory in Isabelle/HOL. A Category is defined using records and locales. Functors and Natural Transformations are also defined. The main result that has been formalized is that the Yoneda functor is a full and faithful embedding. We also formalize the completeness of many sorted monadic equational logic. Extensive use is made of the HOLZF theory in both cases. For an informal description see \u003ca href=\"http://www.srcf.ucam.org/~apk32/Isabelle/Category/Cat.pdf\"\u003ehere [pdf]\u003c/a\u003e.",
"authors": [
"Alexander Katovsky"
],
"date": "2010-06-20",
- "id": 690,
+ "id": 695,
"link": "/entries/Category2.html",
"permalink": "/entries/Category2.html",
"shortname": "Category2",
"title": "Category Theory",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization is part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e system which contains several termination techniques. The provided theories have been essential to formalize matrix-interpretations and arctic interpretations.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-17",
- "id": 691,
+ "id": 696,
"link": "/entries/Matrix.html",
"permalink": "/entries/Matrix.html",
"shortname": "Matrix",
"title": "Executable Matrix Operations on Matrices of Arbitrary Dimensions",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like \u003ci\u003ejoinability\u003c/i\u003e, \u003ci\u003emeetability\u003c/i\u003e, \u003ci\u003econversion\u003c/i\u003e, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since this formalization is the basis of \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e (which is mainly about strong normalization of term rewrite systems). Hence lemmas involving strong normalization constitute by far the biggest part of this theory. One of those is Newman's lemma.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-14",
- "id": 692,
+ "id": 697,
"link": "/entries/Abstract-Rewriting.html",
"permalink": "/entries/Abstract-Rewriting.html",
"shortname": "Abstract-Rewriting",
"title": "Abstract Rewriting",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 10
},
{
"abstract": "The invariant based programming is a technique of constructing correct programs by first identifying the basic situations (pre- and post-conditions and invariants) that can occur during the execution of the program, and then defining the transitions and proving that they preserve the invariants. Data refinement is a technique of building correct programs working on concrete datatypes as refinements of more abstract programs. In the theories presented here we formalize the predicate transformer semantics for invariant based programs and their data refinement.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 693,
+ "id": 698,
"link": "/entries/DataRefinementIBP.html",
"permalink": "/entries/DataRefinementIBP.html",
"shortname": "DataRefinementIBP",
"title": "Semantics and Data Refinement of Invariant Based Programs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "The verification of the Deutsch-Schorr-Waite graph marking algorithm is used as a benchmark in many formalizations of pointer programs. The main purpose of this mechanization is to show how data refinement of invariant based programs can be used in verifying practical algorithms. The verification starts with an abstract algorithm working on a graph given by a relation \u003ci\u003enext\u003c/i\u003e on nodes. Gradually the abstract program is refined into Deutsch-Schorr-Waite graph marking algorithm where only one bit per graph node of additional memory is used for marking.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 694,
+ "id": 699,
"link": "/entries/GraphMarkingIBP.html",
"permalink": "/entries/GraphMarkingIBP.html",
"shortname": "GraphMarkingIBP",
"title": "Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, \u003ci\u003eA Complete Proof of the Robbins Conjecture\u003c/i\u003e, 2003.",
"authors": [
"Matthew Doty"
],
"date": "2010-05-22",
- "id": 695,
+ "id": 700,
"link": "/entries/Robbins-Conjecture.html",
"permalink": "/entries/Robbins-Conjecture.html",
"shortname": "Robbins-Conjecture",
"title": "A Complete Proof of the Robbins Conjecture",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This is a library of constructions on regular expressions and languages. It provides the operations of concatenation, Kleene star and derivative on languages. Regular expressions and their meaning are defined. An executable equivalence checker for regular expressions is verified; it does not need automata but works directly on regular expressions. \u003ci\u003eBy mapping regular expressions to binary relations, an automatic and complete proof method for (in)equalities of binary relations over union, concatenation and (reflexive) transitive closure is obtained.\u003c/i\u003e \u003cP\u003e Extended regular expressions with complement and intersection are also defined and an equivalence checker is provided.",
"authors": [
"Alexander Krauss",
"Tobias Nipkow"
],
"date": "2010-05-12",
- "id": 696,
+ "id": 701,
"link": "/entries/Regular-Sets.html",
"permalink": "/entries/Regular-Sets.html",
"shortname": "Regular-Sets",
"title": "Regular Sets and Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 12
},
{
"abstract": "We present a Theory of Objects based on the original functional sigma-calculus by Abadi and Cardelli but with an additional parameter to methods. We prove confluence of the operational semantics following the outline of Nipkow's proof of confluence for the lambda-calculus reusing his theory Commutation, a generic diamond lemma reduction. We furthermore formalize a simple type system for our sigma-calculus including a proof of type safety. The entire development uses the concept of Locally Nameless representation for binders. We reuse an earlier proof of confluence for a simpler sigma-calculus based on de Bruijn indices and lists to represent objects.",
"authors": [
"Ludovic Henrio",
"Florian Kammüller",
"Bianca Lutz",
"Henry Sudhof"
],
"date": "2010-04-30",
- "id": 697,
+ "id": 702,
"link": "/entries/Locally-Nameless-Sigma.html",
"permalink": "/entries/Locally-Nameless-Sigma.html",
"shortname": "Locally-Nameless-Sigma",
"title": "Locally Nameless Sigma Calculus",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This theory defines a type constructor representing the free Boolean algebra over a set of generators. Values of type (α)\u003ci\u003eformula\u003c/i\u003e represent propositional formulas with uninterpreted variables from type α, ordered by implication. In addition to all the standard Boolean algebra operations, the library also provides a function for building homomorphisms to any other Boolean algebra type.",
"authors": [
"Brian Huffman"
],
"date": "2010-03-29",
- "id": 698,
+ "id": 703,
"link": "/entries/Free-Boolean-Algebra.html",
"permalink": "/entries/Free-Boolean-Algebra.html",
"shortname": "Free-Boolean-Algebra",
"title": "Free Boolean Algebra",
"topic_links": [
"logic/general-logic/classical-propositional-logic"
],
"topics": [
"Logic/General logic/Classical propositional logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for intra-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing_Inter.html\"\u003eInformationFlowSlicing_Inter\u003c/a\u003e for the inter-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 699,
+ "id": 704,
"link": "/entries/InformationFlowSlicing.html",
"permalink": "/entries/InformationFlowSlicing.html",
"shortname": "InformationFlowSlicing",
"title": "Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for inter-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing.html\"\u003eInformationFlowSlicing\u003c/a\u003e for the intra-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 700,
+ "id": 705,
"link": "/entries/InformationFlowSlicing_Inter.html",
"permalink": "/entries/InformationFlowSlicing_Inter.html",
"shortname": "InformationFlowSlicing_Inter",
"title": "Inter-Procedural Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This theory provides functions for finding the index of an element in a list, by predicate and by value.",
"authors": [
"Tobias Nipkow"
],
"date": "2010-02-20",
- "id": 701,
+ "id": 706,
"link": "/entries/List-Index.html",
"permalink": "/entries/List-Index.html",
"shortname": "List-Index",
"title": "List Index",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 23
},
{
"abstract": "This article collects formalisations of general-purpose coinductive data types and sets. Currently, it contains coinductive natural numbers, coinductive lists, i.e. lazy lists or streams, infinite streams, coinductive terminated lists, coinductive resumptions, a library of operations on coinductive lists, and a version of König's lemma as an application for coinductive lists.\u003cbr\u003eThe initial theory was contributed by Paulson and Wenzel. Extensions and other coinductive formalisations of general interest are welcome.",
"authors": [
"Andreas Lochbihler"
],
"date": "2010-02-12",
- "id": 702,
+ "id": 707,
"link": "/entries/Coinductive.html",
"permalink": "/entries/Coinductive.html",
"shortname": "Coinductive",
"title": "Coinductive",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 13
},
{
"abstract": "This contribution contains a fast SAT solver for Isabelle written in Standard ML. By loading the theory \u003ctt\u003eDPT_SAT_Solver\u003c/tt\u003e, the SAT solver installs itself (under the name “\u003ctt\u003edptsat\u003c/tt\u003e”) and certain Isabelle tools like Refute will start using it automatically. This is a port of the DPT (Decision Procedure Toolkit) SAT Solver written in OCaml.",
"authors": [
"Armin Heller"
],
"date": "2009-12-09",
- "id": 703,
+ "id": 708,
"link": "/entries/DPT-SAT-Solver.html",
"permalink": "/entries/DPT-SAT-Solver.html",
"shortname": "DPT-SAT-Solver",
"title": "A Fast SAT Solver for Isabelle in Standard ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "This work presents a formalization of a library for automata on bit strings. It forms the basis of a reflection-based decision procedure for Presburger arithmetic, which is efficiently executable thanks to Isabelle's code generator. With this work, we therefore provide a mechanized proof of a well-known connection between logic and automata theory. The formalization is also described in a publication [TPHOLs 2009].",
"authors": [
"Stefan Berghofer",
"Markus Reiter"
],
"date": "2009-12-03",
- "id": 704,
+ "id": 709,
"link": "/entries/Presburger-Automata.html",
"permalink": "/entries/Presburger-Automata.html",
"shortname": "Presburger-Automata",
"title": "Formalizing the Logic-Automaton Connection",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 705,
+ "id": 710,
"link": "/entries/Collections.html",
"permalink": "/entries/Collections.html",
"shortname": "Collections",
"title": "Collections Framework",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 18
},
{
"abstract": "This work presents a machine-checked tree automata library for Standard-ML, OCaml and Haskell. The algorithms are efficient by using appropriate data structures like RB-trees. The available algorithms for non-deterministic automata include membership query, reduction, intersection, union, and emptiness check with computation of a witness for non-emptiness. The executable algorithms are derived from less-concrete, non-executable algorithms using data-refinement techniques. The concrete data structures are from the Isabelle Collections Framework. Moreover, this work contains a formalization of the class of tree-regular languages and its closure properties under set operations.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 706,
+ "id": 711,
"link": "/entries/Tree-Automata.html",
"permalink": "/entries/Tree-Automata.html",
"shortname": "Tree-Automata",
"title": "Tree Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories present the mechanised proof of the Perfect Number Theorem.",
"authors": [
"Mark Ijbema"
],
"date": "2009-11-22",
- "id": 707,
+ "id": 712,
"link": "/entries/Perfect-Number-Thm.html",
"permalink": "/entries/Perfect-Number-Thm.html",
"shortname": "Perfect-Number-Thm",
"title": "Perfect Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "After verifying \u003ca href=\"Slicing.html\"\u003edynamic and static interprocedural slicing\u003c/a\u003e, we present a modular framework for static interprocedural slicing. To this end, we formalized the standard two-phase slicer from Horwitz, Reps and Binkley (see their TOPLAS 12(1) 1990 paper) together with summary edges as presented by Reps et al. (see FSE 1994). The framework is again modular in the programming language by using an abstract CFG, defined via structural and well-formedness properties. Using a weak simulation between the original and sliced graph, we were able to prove the correctness of static interprocedural slicing. We also instantiate our framework with a simple While language with procedures. This shows that the chosen abstractions are indeed valid.",
"authors": [
"Daniel Wasserrab"
],
"date": "2009-11-13",
- "id": 708,
+ "id": 713,
"link": "/entries/HRB-Slicing.html",
"permalink": "/entries/HRB-Slicing.html",
"shortname": "HRB-Slicing",
"title": "Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "Gill and Hutton formalise the worker/wrapper transformation, building on the work of Launchbury and Peyton-Jones who developed it as a way of changing the type at which a recursive function operates. This development establishes the soundness of the technique and several examples of its use.",
"authors": [
"Peter Gammie"
],
"date": "2009-10-30",
- "id": 709,
+ "id": 714,
"link": "/entries/WorkerWrapper.html",
"permalink": "/entries/WorkerWrapper.html",
"shortname": "WorkerWrapper",
"title": "The Worker/Wrapper Transformation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We develop a basic theory of ordinals and cardinals in Isabelle/HOL, up to the point where some cardinality facts relevant for the “working mathematician” become available. Unlike in set theory, here we do not have at hand canonical notions of ordinal and cardinal. Therefore, here an ordinal is merely a well-order relation and a cardinal is an ordinal minim w.r.t. order embedding on its field.",
"authors": [
"Andrei Popescu"
],
"date": "2009-09-01",
- "id": 710,
+ "id": 715,
"link": "/entries/Ordinals_and_Cardinals.html",
"permalink": "/entries/Ordinals_and_Cardinals.html",
"shortname": "Ordinals_and_Cardinals",
"title": "Ordinals and Cardinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "The invertibility of the rules of a sequent calculus is important for guiding proof search and can be used in some formalised proofs of Cut admissibility. We present sufficient conditions for when a rule is invertible with respect to a calculus. We illustrate the conditions with examples. It must be noted we give purely syntactic criteria; no guarantees are given as to the suitability of the rules.",
"authors": [
"Peter Chapman"
],
"date": "2009-08-28",
- "id": 711,
+ "id": 716,
"link": "/entries/SequentInvertibility.html",
"permalink": "/entries/SequentInvertibility.html",
"shortname": "SequentInvertibility",
"title": "Invertibility in Sequent Calculi",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize the usual proof that the group generated by the function k -\u003e k + 1 on the integers gives rise to a cofinitary group.",
"authors": [
"Bart Kastermans"
],
"date": "2009-08-04",
- "id": 712,
+ "id": 717,
"link": "/entries/CofGroups.html",
"permalink": "/entries/CofGroups.html",
"shortname": "CofGroups",
"title": "An Example of a Cofinitary Group in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "FinFuns are total functions that are constant except for a finite set of points, i.e. a generalisation of finite maps. They are formalised as a new type in Isabelle/HOL such that the code generator can handle equality tests and quantification on FinFuns. On the code output level, FinFuns are explicitly represented by constant functions and pointwise updates, similarly to associative lists. Inside the logic, they behave like ordinary functions with extensionality. Via the update/constant pattern, a recursion combinator and an induction rule for FinFuns allow for defining and reasoning about operators on FinFun that are also executable.",
"authors": [
"Andreas Lochbihler"
],
"date": "2009-05-06",
- "id": 713,
+ "id": 718,
"link": "/entries/FinFun.html",
"permalink": "/entries/FinFun.html",
"shortname": "FinFun",
"title": "Code Generation for Functions as Data",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 4
},
{
"abstract": "Stream Fusion is a system for removing intermediate list structures from Haskell programs; it consists of a Haskell library along with several compiler rewrite rules. (The library is available \u003ca href=\"http://hackage.haskell.org/package/stream-fusion\"\u003eonline\u003c/a\u003e.)\u003cbr\u003e\u003cbr\u003eThese theories contain a formalization of much of the Stream Fusion library in HOLCF. Lazy list and stream types are defined, along with coercions between the two types, as well as an equivalence relation for streams that generate the same list. List and stream versions of map, filter, foldr, enumFromTo, append, zipWith, and concatMap are defined, and the stream versions are shown to respect stream equivalence.",
"authors": [
"Brian Huffman"
],
"date": "2009-04-29",
- "id": 714,
+ "id": 719,
"link": "/entries/Stream-Fusion.html",
"permalink": "/entries/Stream-Fusion.html",
"shortname": "Stream-Fusion",
"title": "Stream Fusion",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This document contains the Isabelle/HOL sources underlying the paper \u003ci\u003eA bytecode logic for JML and types\u003c/i\u003e by Beringer and Hofmann, updated to Isabelle 2008. We present a program logic for a subset of sequential Java bytecode that is suitable for representing both, features found in high-level specification language JML as well as interpretations of high-level type systems. To this end, we introduce a fine-grained collection of assertions, including strong invariants, local annotations and VDM-reminiscent partial-correctness specifications. Thanks to a goal-oriented structure and interpretation of judgements, verification may proceed without recourse to an additional control flow analysis. The suitability for interpreting intensional type systems is illustrated by the proof-carrying-code style encoding of a type system for a first-order functional language which guarantees a constant upper bound on the number of objects allocated throughout an execution, be the execution terminating or non-terminating. Like the published paper, the formal development is restricted to a comparatively small subset of the JVML, lacking (among other features) exceptions, arrays, virtual methods, and static fields. This shortcoming has been overcome meanwhile, as our paper has formed the basis of the Mobius base logic, a program logic for the full sequential fragment of the JVML. Indeed, the present formalisation formed the basis of a subsequent formalisation of the Mobius base logic in the proof assistant Coq, which includes a proof of soundness with respect to the Bicolano operational semantics by Pichardie.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-12-12",
- "id": 715,
+ "id": 720,
"link": "/entries/BytecodeLogicJmlTypes.html",
"permalink": "/entries/BytecodeLogicJmlTypes.html",
"shortname": "BytecodeLogicJmlTypes",
"title": "A Bytecode Logic for JML and Types",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in relational program logics. We first treat the imperative language IMP, extended by a simple procedure call mechanism. For this language we consider base-line non-interference in the style of Volpano et al. and the flow-sensitive type system by Hunt and Sands. In both cases, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. We then add instructions for object creation and manipulation, and derive appropriate proof rules for base-line non-interference. As a consequence of our work, standard verification technology may be used for verifying that a concrete program satisfies the non-interference property.\u003cbr\u003e\u003cbr\u003eThe present proof development represents an update of the formalisation underlying our paper [CSF 2007] and is intended to resolve any ambiguities that may be present in the paper.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-11-10",
- "id": 716,
+ "id": 721,
"link": "/entries/SIFPL.html",
"permalink": "/entries/SIFPL.html",
"shortname": "SIFPL",
"title": "Secure information flow and program logics",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Drawing on Sen's landmark work \"Collective Choice and Social Welfare\" (1970), this development proves Arrow's General Possibility Theorem, Sen's Liberal Paradox and May's Theorem in a general setting. The goal was to make precise the classical statements and proofs of these results, and to provide a foundation for more recent results such as the Gibbard-Satterthwaite and Duggan-Schwartz theorems.",
"authors": [
"Peter Gammie"
],
"date": "2008-11-09",
- "id": 717,
+ "id": 722,
"link": "/entries/SenSocialChoice.html",
"permalink": "/entries/SenSocialChoice.html",
"shortname": "SenSocialChoice",
"title": "Some classical results in Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Tilings are defined inductively. It is shown that one form of mutilated chess board cannot be tiled with dominoes, while another one can be tiled with L-shaped tiles. Please add further fun examples of this kind!",
"authors": [
"Tobias Nipkow",
"Lawrence C. Paulson"
],
"date": "2008-11-07",
- "id": 718,
+ "id": 723,
"link": "/entries/FunWithTilings.html",
"permalink": "/entries/FunWithTilings.html",
"shortname": "FunWithTilings",
"title": "Fun With Tilings",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "Huffman's algorithm is a procedure for constructing a binary tree with minimum weighted path length. This report presents a formal proof of the correctness of Huffman's algorithm written using Isabelle/HOL. Our proof closely follows the sketches found in standard algorithms textbooks, uncovering a few snags in the process. Another distinguishing feature of our formalization is the use of custom induction rules to help Isabelle's automatic tactics, leading to very short proofs for most of the lemmas.",
"authors": [
"Jasmin Christian Blanchette"
],
"date": "2008-10-15",
- "id": 719,
+ "id": 724,
"link": "/entries/Huffman.html",
"permalink": "/entries/Huffman.html",
"shortname": "Huffman",
"title": "The Textbook Proof of Huffman's Algorithm",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Slicing is a widely-used technique with applications in e.g. compiler technology and software security. Thus verification of algorithms in these areas is often based on the correctness of slicing, which should ideally be proven independent of concrete programming languages and with the help of well-known verifying techniques such as proof assistants. As a first step in this direction, this contribution presents a framework for dynamic and static intraprocedural slicing based on control flow and program dependence graphs. Abstracting from concrete syntax we base the framework on a graph representation of the program fulfilling certain structural and well-formedness properties.\u003cbr\u003e\u003cbr\u003eThe formalization consists of the basic framework (in subdirectory Basic/), the correctness proof for dynamic slicing (in subdirectory Dynamic/), the correctness proof for static intraprocedural slicing (in subdirectory StaticIntra/) and instantiations of the framework with a simple While language (in subdirectory While/) and the sophisticated object-oriented bytecode language of Jinja (in subdirectory JinjaVM/). For more information on the framework, see the TPHOLS 2008 paper by Wasserrab and Lochbihler and the PLAS 2009 paper by Wasserrab et al.",
"authors": [
"Daniel Wasserrab"
],
"date": "2008-09-16",
- "id": 720,
+ "id": 725,
"link": "/entries/Slicing.html",
"permalink": "/entries/Slicing.html",
"shortname": "Slicing",
"title": "Towards Certified Slicing",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 2
},
{
"abstract": "The Volpano/Smith/Irvine security type systems requires that variables are annotated as high (secret) or low (public), and provides typing rules which guarantee that secret values cannot leak to public output ports. This property of a program is called confidentiality. For a simple while-language without threads, our proof shows that typeability in the Volpano/Smith system guarantees noninterference. Noninterference means that if two initial states for program execution are low-equivalent, then the final states are low-equivalent as well. This indeed implies that secret values cannot leak to public ports. The proof defines an abstract syntax and operational semantics for programs, formalizes noninterference, and then proceeds by rule induction on the operational semantics. The mathematically most intricate part is the treatment of implicit flows. Note that the Volpano/Smith system is not flow-sensitive and thus quite unprecise, resulting in false alarms. However, due to the correctness property, all potential breaks of confidentiality are discovered.",
"authors": [
"Gregor Snelting",
"Daniel Wasserrab"
],
"date": "2008-09-02",
- "id": 721,
+ "id": 726,
"link": "/entries/VolpanoSmith.html",
"permalink": "/entries/VolpanoSmith.html",
"shortname": "VolpanoSmith",
"title": "A Correctness Proof for the Volpano/Smith Security Typing System",
"topic_links": [
"computer-science/programming-languages/type-systems",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Type systems",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This article formalizes two proofs of Arrow's impossibility theorem due to Geanakoplos and derives the Gibbard-Satterthwaite theorem as a corollary. One formalization is based on utility functions, the other one on strict partial orders.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-09-01",
- "id": 722,
+ "id": 727,
"link": "/entries/ArrowImpossibilityGS.html",
"permalink": "/entries/ArrowImpossibilityGS.html",
"shortname": "ArrowImpossibilityGS",
"title": "Arrow and Gibbard-Satterthwaite",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This is a collection of cute puzzles of the form ”Show that if a function satisfies the following constraints, it must be ...µ Please add further examples to this collection!",
"authors": [
"Tobias Nipkow"
],
"date": "2008-08-26",
- "id": 723,
+ "id": 728,
"link": "/entries/FunWithFunctions.html",
"permalink": "/entries/FunWithFunctions.html",
"shortname": "FunWithFunctions",
"title": "Fun With Functions",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "This document contains formal correctness proofs of modern SAT solvers. Following (Krstic et al, 2007) and (Nieuwenhuis et al., 2006), solvers are described using state-transition systems. Several different SAT solver descriptions are given and their partial correctness and termination is proved. These include: \u003cul\u003e \u003cli\u003e a solver based on classical DPLL procedure (using only a backtrack-search with unit propagation),\u003c/li\u003e \u003cli\u003e a very general solver with backjumping and learning (similar to the description given in (Nieuwenhuis et al., 2006)), and\u003c/li\u003e \u003cli\u003e a solver with a specific conflict analysis algorithm (similar to the description given in (Krstic et al., 2007)).\u003c/li\u003e \u003c/ul\u003e Within the SAT solver correctness proofs, a large number of lemmas about propositional logic and CNF formulae are proved. This theory is self-contained and could be used for further exploring of properties of CNF based SAT algorithms.",
"authors": [
"Filip Marić"
],
"date": "2008-07-23",
- "id": 724,
+ "id": 729,
"link": "/entries/SATSolverVerification.html",
"permalink": "/entries/SATSolverVerification.html",
"shortname": "SATSolverVerification",
"title": "Formal Verification of Modern SAT Solvers",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of introductory material from recursion theory --- definitions and basic properties of primitive recursive functions, Cantor pairing function and computably enumerable sets (including a proof of existence of a one-complete computably enumerable set and a proof of the Rice's theorem).",
"authors": [
"Michael Nedzelsky"
],
"date": "2008-04-05",
- "id": 725,
+ "id": 730,
"link": "/entries/Recursion-Theory-I.html",
"permalink": "/entries/Recursion-Theory-I.html",
"shortname": "Recursion-Theory-I",
"title": "Recursion Theory I",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 1
},
{
"abstract": "We present the theory of Simpl, a sequential imperative programming language. We introduce its syntax, its semantics (big and small-step operational semantics) and Hoare logics for both partial as well as total correctness. We prove soundness and completeness of the Hoare logic. We integrate and automate the Hoare logic in Isabelle/HOL to obtain a practically usable verification environment for imperative programs. Simpl is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expressions with side effects, pointers to procedures, partial application and closures, dynamic method invocation and also unbounded nondeterminism.",
"authors": [
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 726,
+ "id": 731,
"link": "/entries/Simpl.html",
"permalink": "/entries/Simpl.html",
"shortname": "Simpl",
"title": "A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "We present the verification of the normalisation of a binary decision diagram (BDD). The normalisation follows the original algorithm presented by Bryant in 1986 and transforms an ordered BDD in a reduced, ordered and shared BDD. The verification is based on Hoare logics.",
"authors": [
"Veronika Ortner",
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 727,
+ "id": 732,
"link": "/entries/BDD.html",
"permalink": "/entries/BDD.html",
"shortname": "BDD",
"title": "BDD Normalisation",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This article formalizes normalization by evaluation as implemented in Isabelle. Lambda calculus plus term rewriting is compiled into a functional program with pattern matching. It is proved that the result of a successful evaluation is a) correct, i.e. equivalent to the input, and b) in normal form.",
"authors": [
"Klaus Aehlig",
"Tobias Nipkow"
],
"date": "2008-02-18",
- "id": 728,
+ "id": 733,
"link": "/entries/NormByEval.html",
"permalink": "/entries/NormByEval.html",
"shortname": "NormByEval",
"title": "Normalization by Evaluation",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "This article formalizes quantifier elimination procedures for dense linear orders, linear real arithmetic and Presburger arithmetic. In each case both a DNF-based non-elementary algorithm and one or more (doubly) exponential NNF-based algorithms are formalized, including the well-known algorithms by Ferrante and Rackoff and by Cooper. The NNF-based algorithms for dense linear orders are new but based on Ferrante and Rackoff and on an algorithm by Loos and Weisspfenning which simulates infenitesimals. All algorithms are directly executable. In particular, they yield reflective quantifier elimination procedures for HOL itself. The formalization makes heavy use of locales and is therefore highly modular.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-01-11",
- "id": 729,
+ "id": 734,
"link": "/entries/LinearQuantifierElim.html",
"permalink": "/entries/LinearQuantifierElim.html",
"shortname": "LinearQuantifierElim",
"title": "Quantifier Elimination for Linear Arithmetic",
"topic_links": [
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "In this work we formally verify the soundness and precision of a static program analysis that detects conflicts (e. g. data races) in programs with procedures, thread creation and monitors with the Isabelle theorem prover. As common in static program analysis, our program model abstracts guarded branching by nondeterministic branching, but completely interprets the call-/return behavior of procedures, synchronization by monitors, and thread creation. The analysis is based on the observation that all conflicts already occur in a class of particularly restricted schedules. These restricted schedules are suited to constraint-system-based program analysis. The formalization is based upon a flowgraph-based program model with an operational semantics as reference point.",
"authors": [
"Peter Lammich",
"Markus Müller-Olm"
],
"date": "2007-12-14",
- "id": 730,
+ "id": 735,
"link": "/entries/Program-Conflict-Analysis.html",
"permalink": "/entries/Program-Conflict-Analysis.html",
"shortname": "Program-Conflict-Analysis",
"title": "Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "We extend the Jinja source code semantics by Klein and Nipkow with Java-style arrays and threads. Concurrency is captured in a generic framework semantics for adding concurrency through interleaving to a sequential semantics, which features dynamic thread creation, inter-thread communication via shared memory, lock synchronisation and joins. Also, threads can suspend themselves and be notified by others. We instantiate the framework with the adapted versions of both Jinja source and byte code and show type safety for the multithreaded case. Equally, the compiler from source to byte code is extended, for which we prove weak bisimilarity between the source code small step semantics and the defensive Jinja virtual machine. On top of this, we formalise the JMM and show the DRF guarantee and consistency. For description of the different parts, see Lochbihler's papers at FOOL 2008, ESOP 2010, ITP 2011, and ESOP 2012.",
"authors": [
"Andreas Lochbihler"
],
"date": "2007-12-03",
- "id": 731,
+ "id": 736,
"link": "/entries/JinjaThreads.html",
"permalink": "/entries/JinjaThreads.html",
"shortname": "JinjaThreads",
"title": "Jinja with Threads",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This article is an Isabelle formalisation of a paper with the same title. In a similar way as Knuth's 0-1-principle for sorting algorithms, that paper develops a 0-1-2-principle for parallel prefix computations.",
"authors": [
"Sascha Böhme"
],
"date": "2007-11-06",
- "id": 732,
+ "id": 737,
"link": "/entries/MuchAdoAboutTwo.html",
"permalink": "/entries/MuchAdoAboutTwo.html",
"shortname": "MuchAdoAboutTwo",
"title": "Much Ado About Two",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of\u003cul\u003e\u003cli\u003eFermat's Last Theorem for exponents 3 and 4 and\u003c/li\u003e\u003cli\u003ethe parametrisation of Pythagorean Triples.\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 733,
+ "id": 738,
"link": "/entries/Fermat3_4.html",
"permalink": "/entries/Fermat3_4.html",
"shortname": "Fermat3_4",
"title": "Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of the following results:\u003cul\u003e\u003cli\u003eany prime number of the form 4m+1 can be written as the sum of two squares;\u003c/li\u003e\u003cli\u003eany natural number can be written as the sum of four squares\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 734,
+ "id": 739,
"link": "/entries/SumSquares.html",
"permalink": "/entries/SumSquares.html",
"shortname": "SumSquares",
"title": "Sums of Two and Four Squares",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Convergence with respect to a valuation is discussed as convergence of a Cauchy sequence. Cauchy sequences of polynomials are defined. They are used to formalize Hensel's lemma.",
"authors": [
"Hidetsune Kobayashi"
],
"date": "2007-08-08",
- "id": 735,
+ "id": 740,
"link": "/entries/Valuation.html",
"permalink": "/entries/Valuation.html",
"shortname": "Valuation",
"title": "Fundamental Properties of Valuation Theory and Hensel's Lemma",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parts of Melvin Fitting's book \"First-Order Logic and Automated Theorem Proving\". The formalization covers the syntax of first-order logic, its semantics, the model existence theorem, a natural deduction proof calculus together with a proof of correctness and completeness, as well as the Löwenheim-Skolem theorem.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 736,
+ "id": 741,
"link": "/entries/FOL-Fitting.html",
"permalink": "/entries/FOL-Fitting.html",
"shortname": "FOL-Fitting",
"title": "First-Order Logic According to Fitting",
"topic_links": [
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Logic/General logic/Classical first-order logic"
],
"used_by": 2
},
{
"abstract": "We present a solution to the POPLmark challenge designed by Aydemir et al., which has as a goal the formalization of the meta-theory of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e. The formalization is carried out in the theorem prover Isabelle/HOL using an encoding based on de Bruijn indices. We start with a relatively simple formalization covering only the basic features of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e, and explain how it can be extended to also cover records and more advanced binding constructs.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 737,
+ "id": 742,
"link": "/entries/POPLmark-deBruijn.html",
"permalink": "/entries/POPLmark-deBruijn.html",
"shortname": "POPLmark-deBruijn",
"title": "POPLmark Challenge Via de Bruijn Indices",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-09-09",
- "id": 738,
+ "id": 743,
"link": "/entries/HotelKeyCards.html",
"permalink": "/entries/HotelKeyCards.html",
"shortname": "HotelKeyCards",
"title": "Hotel Key Card System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-08-08",
- "id": 739,
+ "id": 744,
"link": "/entries/Abstract-Hoare-Logics.html",
"permalink": "/entries/Abstract-Hoare-Logics.html",
"shortname": "Abstract-Hoare-Logics",
"title": "Abstract Hoare Logics",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "These theories present the verified enumeration of \u003ci\u003etame\u003c/i\u003e plane graphs as defined by Thomas C. Hales in his proof of the Kepler Conjecture in his book \u003ci\u003eDense Sphere Packings. A Blueprint for Formal Proofs.\u003c/i\u003e [CUP 2012]. The values of the constants in the definition of tameness are identical to those in the \u003ca href=\"https://code.google.com/p/flyspeck/\"\u003eFlyspeck project\u003c/a\u003e. The \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/Flyspeck/\"\u003eIJCAR 2006 paper by Nipkow, Bauer and Schultz\u003c/a\u003e refers to the original version of Hales' proof, the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp11.html\"\u003eITP 2011 paper by Nipkow\u003c/a\u003e refers to the Blueprint version of the proof.",
"authors": [
"Gertrud Bauer",
"Tobias Nipkow"
],
"date": "2006-05-22",
- "id": 740,
+ "id": 745,
"link": "/entries/Flyspeck-Tame.html",
"permalink": "/entries/Flyspeck-Tame.html",
"shortname": "Flyspeck-Tame",
"title": "Flyspeck I: Tame Graphs",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behavior of method calls, field accesses, and two forms of casts in C++ class hierarchies. For explanations see the OOPSLA 2006 paper by Wasserrab, Nipkow, Snelting and Tip.",
"authors": [
"Daniel Wasserrab"
],
"date": "2006-05-15",
- "id": 741,
+ "id": 746,
"link": "/entries/CoreC++.html",
"permalink": "/entries/CoreC++.html",
"shortname": "CoreC++",
"title": "CoreC++",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize the type system, small-step operational semantics, and type soundness proof for Featherweight Java, a simple object calculus, in Isabelle/HOL.",
"authors": [
"J. Nathan Foster",
"Dimitrios Vytiniotis"
],
"date": "2006-03-31",
- "id": 742,
+ "id": 747,
"link": "/entries/FeatherweightJava.html",
"permalink": "/entries/FeatherweightJava.html",
"shortname": "FeatherweightJava",
"title": "A Theory of Featherweight Java in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "F. B. Schneider (\"Understanding protocols for Byzantine clock synchronization\") generalizes a number of protocols for Byzantine fault-tolerant clock synchronization and presents a uniform proof for their correctness. In Schneider's schema, each processor maintains a local clock by periodically adjusting each value to one computed by a convergence function applied to the readings of all the clocks. Then, correctness of an algorithm, i.e. that the readings of two clocks at any time are within a fixed bound of each other, is based upon some conditions on the convergence function. To prove that a particular clock synchronization algorithm is correct it suffices to show that the convergence function used by the algorithm meets Schneider's conditions. Using the theorem prover Isabelle, we formalize the proofs that the convergence functions of two algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith and the Fault-tolerant Midpoint algorithm of Lundelius-Lynch, meet Schneider's conditions. Furthermore, we experiment on handling some parts of the proofs with fully automatic tools like ICS and CVC-lite. These theories are part of a joint work with Alwen Tiu and Leonor P. Nieto \u003ca href=\"http://users.rsise.anu.edu.au/~tiu/clocksync.pdf\"\u003e\"Verification of Clock Synchronization Algorithms: Experiments on a combination of deductive tools\"\u003c/a\u003e in proceedings of AVOCS 2005. In this work the correctness of Schneider schema was also verified using Isabelle (entry \u003ca href=\"GenClock.html\"\u003eGenClock\u003c/a\u003e in AFP).",
"authors": [
"Damián Barsotti"
],
"date": "2006-03-15",
- "id": 743,
+ "id": 748,
"link": "/entries/ClockSynchInst.html",
"permalink": "/entries/ClockSynchInst.html",
"shortname": "ClockSynchInst",
"title": "Instances of Schneider's generalized protocol of clock synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of two popular theorems attributed to Augustin Louis Cauchy - Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality.",
"authors": [
"Benjamin Porter"
],
"date": "2006-03-14",
- "id": 744,
+ "id": 749,
"link": "/entries/Cauchy.html",
"permalink": "/entries/Cauchy.html",
"shortname": "Cauchy",
"title": "Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development defines a well-ordered type of countable ordinals. It includes notions of continuous and normal functions, recursively defined functions over ordinals, least fixed-points, and derivatives. Much of ordinal arithmetic is formalized, including exponentials and logarithms. The development concludes with formalizations of Cantor Normal Form and Veblen hierarchies over normal functions.",
"authors": [
"Brian Huffman"
],
"date": "2005-11-11",
- "id": 745,
+ "id": 750,
"link": "/entries/Ordinal.html",
"permalink": "/entries/Ordinal.html",
"shortname": "Ordinal",
"title": "Countable Ordinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We formalise a functional implementation of the FFT algorithm over the complex numbers, and its inverse. Both are shown equivalent to the usual definitions of these operations through Vandermonde matrices. They are also shown to be inverse to each other, more precisely, that composition of the inverse and the transformation yield the identity up to a scalar.",
"authors": [
"Clemens Ballarin"
],
"date": "2005-10-12",
- "id": 746,
+ "id": 751,
"link": "/entries/FFT.html",
"permalink": "/entries/FFT.html",
"shortname": "FFT",
"title": "Fast Fourier Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock synchronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Based on these assumptions the correctness of the protocol is proved by Schneider. His proof was later verified by Shankar using the theorem prover EHDM (precursor to PVS). Our formalization in Isabelle/HOL is based on Shankar's formalization.",
"authors": [
"Alwen Tiu"
],
"date": "2005-06-24",
- "id": 747,
+ "id": 752,
"link": "/entries/GenClock.html",
"permalink": "/entries/GenClock.html",
"shortname": "GenClock",
"title": "Formalization of a Generalized Protocol for Clock Synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Disk Paxos is an algorithm for building arbitrary fault-tolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system, showing that Isabelle is a practical tool for verifying properties of TLA+ specifications.",
"authors": [
"Mauro Jaskelioff",
"Stephan Merz"
],
"date": "2005-06-22",
- "id": 748,
+ "id": 753,
"link": "/entries/DiskPaxos.html",
"permalink": "/entries/DiskPaxos.html",
"shortname": "DiskPaxos",
"title": "Proving the Correctness of Disk Paxos",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of an object-oriented data and store model in Isabelle/HOL. This model is being used in the Java Interactive Verification Environment, Jive.",
"authors": [
"Nicole Rauch",
"Norbert Schirmer"
],
"date": "2005-06-20",
- "id": 749,
+ "id": 754,
"link": "/entries/JiveDataStoreModel.html",
"permalink": "/entries/JiveDataStoreModel.html",
"shortname": "JiveDataStoreModel",
"title": "Jive Data and Store Model",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.",
"authors": [
"Gerwin Klein",
"Tobias Nipkow"
],
"date": "2005-06-01",
- "id": 750,
+ "id": 755,
"link": "/entries/Jinja.html",
"permalink": "/entries/Jinja.html",
"shortname": "Jinja",
"title": "Jinja is not Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 4
},
{
"abstract": "Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. These theories are one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.",
"authors": [
"Christina Lindenberg",
"Kai Wirt"
],
"date": "2005-05-02",
- "id": 751,
+ "id": 756,
"link": "/entries/RSAPSS.html",
"permalink": "/entries/RSAPSS.html",
"shortname": "RSAPSS",
"title": "SHA1, RSA, PSS and more",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "This development proves Yoneda's lemma and aims to be readable by humans. It only defines what is needed for the lemma: categories, functors and natural transformations. Limits, adjunctions and other important concepts are not included.",
"authors": [
"Greg O'Keefe"
],
"date": "2005-04-21",
- "id": 752,
+ "id": 757,
"link": "/entries/Category.html",
"permalink": "/entries/Category.html",
"shortname": "Category",
"title": "Category Theory to Yoneda's Lemma",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "These theories illustrates the verification of basic file operations (file creation, file read and file write) in the Isabelle theorem prover. We describe a file at two levels of abstraction: an abstract file represented as a resizable array, and a concrete file represented using data blocks.",
"authors": [
"Karen Zee",
"Viktor Kuncak"
],
"date": "2004-12-09",
- "id": 753,
+ "id": 758,
"link": "/entries/FileRefinement.html",
"permalink": "/entries/FileRefinement.html",
"shortname": "FileRefinement",
"title": "File Refinement",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Lebesgue-style integration plays a major role in advanced probability. We formalize concepts of elementary measure theory, real-valued random variables as Borel-measurable functions, and a stepwise inductive definition of the integral itself. All proofs are carried out in human readable style using the Isar language.",
"authors": [
"Stefan Richter"
],
"date": "2004-11-19",
- "id": 754,
+ "id": 759,
"link": "/entries/Integration.html",
"permalink": "/entries/Integration.html",
"shortname": "Integration",
"title": "Integration theory and random variables",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Soundness and completeness for a system of first order logic are formally proved, building on James Margetson's formalization of work by Wainer and Wallen. The completeness proofs naturally suggest an algorithm to derive proofs. This algorithm, which can be implemented tail recursively, is formalized in Isabelle/HOL. The algorithm can be executed via the rewriting tactics of Isabelle. Alternatively, the definitions can be exported to OCaml, yielding a directly executable program.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-28",
- "id": 755,
+ "id": 760,
"link": "/entries/Verified-Prover.html",
"permalink": "/entries/Verified-Prover.html",
"shortname": "Verified-Prover",
"title": "A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The completeness of first-order logic is proved, following the first five pages of Wainer and Wallen's chapter of the book \u003ci\u003eProof Theory\u003c/i\u003e by Aczel et al., CUP, 1992. Their presentation of formulas allows the proofs to use symmetry arguments. Margetson formalized this theorem by early 2000. The Isar conversion is thanks to Tom Ridge. A paper describing the formalization is available \u003ca href=\"Completeness-paper.pdf\"\u003e[pdf]\u003c/a\u003e.",
"authors": [
"James Margetson",
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 756,
+ "id": 761,
"link": "/entries/Completeness.html",
"permalink": "/entries/Completeness.html",
"shortname": "Completeness",
"title": "Completeness theorem",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This formalization of Ramsey's theorem (infinitary version) is taken from Boolos and Jeffrey, \u003ci\u003eComputability and Logic\u003c/i\u003e, 3rd edition, Chapter 26. It differs slightly from the text by assuming a slightly stronger hypothesis. In particular, the induction hypothesis is stronger, holding for any infinite subset of the naturals. This avoids the rather peculiar mapping argument between kj and aikj on p.263, which is unnecessary and slightly mars this really beautiful result.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 757,
+ "id": 762,
"link": "/entries/Ramsey-Infinite.html",
"permalink": "/entries/Ramsey-Infinite.html",
"shortname": "Ramsey-Infinite",
"title": "Ramsey's theorem, infinitary version",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "An exception compilation scheme that dynamically creates and removes exception handler entries on the stack. A formalization of an article of the same name by \u003ca href=\"http://www.cs.nott.ac.uk/~gmh/\"\u003eHutton\u003c/a\u003e and Wright.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-07-09",
- "id": 758,
+ "id": 763,
"link": "/entries/Compiling-Exceptions-Correctly.html",
"permalink": "/entries/Compiling-Exceptions-Correctly.html",
"shortname": "Compiling-Exceptions-Correctly",
"title": "Compiling Exceptions Correctly",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "Depth-first search of a graph is formalized with recdef. It is shown that it visits all of the reachable nodes from a given list of nodes. Executable ML code of depth-first search is obtained using the code generation feature of Isabelle/HOL.",
"authors": [
"Toshiaki Nishihara",
"Yasuhiko Minamide"
],
"date": "2004-06-24",
- "id": 759,
+ "id": 764,
"link": "/entries/Depth-First-Search.html",
"permalink": "/entries/Depth-First-Search.html",
"shortname": "Depth-First-Search",
"title": "Depth First Search",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "The theory of groups, rings and modules is developed to a great depth. Group theory results include Zassenhaus's theorem and the Jordan-Hoelder theorem. The ring theory development includes ideals, quotient rings and the Chinese remainder theorem. The module development includes the Nakayama lemma, exact sequences and Tensor products.",
"authors": [
"Hidetsune Kobayashi",
"L. Chen",
"H. Murao"
],
"date": "2004-05-18",
- "id": 760,
+ "id": 765,
"link": "/entries/Group-Ring-Module.html",
"permalink": "/entries/Group-Ring-Module.html",
"shortname": "Group-Ring-Module",
"title": "Groups, Rings and Modules",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This theory contains some useful extensions to the LList (lazy list) theory by \u003ca href=\"http://www.cl.cam.ac.uk/~lp15/\"\u003eLarry Paulson\u003c/a\u003e, including finite, infinite, and positive llists over an alphabet, as well as the new constants take and drop and the prefix order of llists. Finally, the notions of safety and liveness in the sense of Alpern and Schneider (1985) are defined.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 761,
+ "id": 766,
"link": "/entries/Lazy-Lists-II.html",
"permalink": "/entries/Lazy-Lists-II.html",
"shortname": "Lazy-Lists-II",
"title": "Lazy Lists II",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This entry contains two theories. The first, \u003ctt\u003eTopology\u003c/tt\u003e, develops the basic notions of general topology. The second, which can be viewed as a demonstration of the first, is called \u003ctt\u003eLList_Topology\u003c/tt\u003e. It develops the topology of lazy lists.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 762,
+ "id": 767,
"link": "/entries/Topology.html",
"permalink": "/entries/Topology.html",
"shortname": "Topology",
"title": "Topology",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The correctness is shown of binary search tree operations (lookup, insert and remove) implementing a set. Two versions are given, for both structured and linear (tactic-style) proofs. An implementation of integer-indexed maps is also verified.",
"authors": [
"Viktor Kuncak"
],
"date": "2004-04-05",
- "id": 763,
+ "id": 768,
"link": "/entries/BinarySearchTree.html",
"permalink": "/entries/BinarySearchTree.html",
"shortname": "BinarySearchTree",
"title": "Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines deterministic and nondeterministic automata in a functional representation: the transition function/relation and the finality predicate are just functions. Hence the state space may be infinite. It is shown how to convert regular expressions into such automata. A scanner (generator) is implemented with the help of functional automata: the scanner chops the input up into longest recognized substrings. Finally we also show how to convert a certain subclass of functional automata (essentially the finite deterministic ones) into regular sets.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-03-30",
- "id": 764,
+ "id": 769,
"link": "/entries/Functional-Automata.html",
"permalink": "/entries/Functional-Automata.html",
"shortname": "Functional-Automata",
"title": "Functional Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Two formalizations of AVL trees with room for extensions. The first formalization is monolithic and shorter, the second one in two stages, longer and a bit simpler. The final implementation is the same. If you are interested in developing this further, please contact \u003ctt\u003egerwin.klein@nicta.com.au\u003c/tt\u003e.",
"authors": [
"Tobias Nipkow",
"Cornelia Pusch"
],
"date": "2004-03-19",
- "id": 765,
+ "id": 770,
"link": "/entries/AVL-Trees.html",
"permalink": "/entries/AVL-Trees.html",
"shortname": "AVL-Trees",
"title": "AVL Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines the type inference rules and the type inference algorithm \u003ci\u003eW\u003c/i\u003e for MiniML (simply-typed lambda terms with \u003ctt\u003elet\u003c/tt\u003e) due to Milner. It proves the soundness and completeness of \u003ci\u003eW\u003c/i\u003e w.r.t. the rules.",
"authors": [
"Wolfgang Naraschewski",
"Tobias Nipkow"
],
"date": "2004-03-19",
- "id": 766,
+ "id": 771,
"link": "/entries/MiniML.html",
"permalink": "/entries/MiniML.html",
"shortname": "MiniML",
"title": "Mini ML",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
}
]
\ No newline at end of file
diff --git a/web/index.xml b/web/index.xml
--- a/web/index.xml
+++ b/web/index.xml
@@ -1,10930 +1,11000 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Archive of Formal Proofs
</title>
<link>/</link>
<description>
Recent content
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Fri, 22 Sep 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Cardinality and Representation of Stone Relation Algebras</title>
<link>/entries/Relational_Cardinality.html</link>
<pubDate>Fri, 22 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Cardinality.html</guid>
<description></description>
</item>
<item>
<title>General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</title>
<link>/entries/Lovasz_Local.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Lovasz_Local.html</guid>
<description></description>
</item>
<item>
<title>Hypergraphs</title>
<link>/entries/Hypergraph_Basics.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Hypergraph_Basics.html</guid>
<description></description>
</item>
<item>
<title>Unification Utilities for Isabelle/ML</title>
<link>/entries/ML_Unification.html</link>
<pubDate>Tue, 19 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/ML_Unification.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Polyhedron Formula</title>
<link>/entries/Euler_Polyhedron_Formula.html</link>
<pubDate>Sat, 16 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Polyhedron_Formula.html</guid>
<description></description>
</item>
<item>
+ <title>Conformance Relations between Input/Output Languages</title>
+ <link>/entries/IO_Language_Conformance.html</link>
+ <pubDate>Fri, 01 Sep 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/IO_Language_Conformance.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Ceva&#39;s Theorem</title>
<link>/entries/Ceva.html</link>
<pubDate>Wed, 16 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Ceva.html</guid>
<description></description>
</item>
<item>
<title>Catoids, Categories, Groupoids</title>
<link>/entries/Catoids.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Catoids.html</guid>
<description></description>
</item>
<item>
<title>Fixed-length vectors</title>
<link>/entries/Fixed_Length_Vector.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Fixed_Length_Vector.html</guid>
<description></description>
</item>
<item>
<title>Polygonal Number Theorem</title>
<link>/entries/Polygonal_Number_Theorem.html</link>
<pubDate>Thu, 10 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Polygonal_Number_Theorem.html</guid>
<description></description>
</item>
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Earley Parser</title>
<link>/entries/Earley_Parser.html</link>
<pubDate>Sun, 16 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Earley_Parser.html</guid>
<description></description>
</item>
<item>
<title>Gray Codes for Arbitrary Numeral Systems</title>
<link>/entries/Gray_Codes.html</link>
<pubDate>Tue, 11 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Gray_Codes.html</guid>
<description></description>
</item>
<item>
<title>Executable Randomized Algorithms</title>
<link>/entries/Executable_Randomized_Algorithms.html</link>
<pubDate>Mon, 19 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Executable_Randomized_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>DCR Syntax and Execution Equivalent Markings</title>
<link>/entries/DCR-ExecutionEquivalence.html</link>
<pubDate>Fri, 16 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/DCR-ExecutionEquivalence.html</guid>
<description></description>
</item>
<item>
<title>Zeckendorf’s Theorem</title>
<link>/entries/Zeckendorf.html</link>
<pubDate>Mon, 12 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Zeckendorf.html</guid>
<description></description>
</item>
<item>
<title>Cryptographic Standards</title>
<link>/entries/Crypto_Standards.html</link>
<pubDate>Tue, 06 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Crypto_Standards.html</guid>
<description></description>
</item>
<item>
<title>A Verified Efficient Implementation of the Weighted Path Order</title>
<link>/entries/Efficient_Weighted_Path_Order.html</link>
<pubDate>Thu, 01 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Efficient_Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Results on Directed Sets</title>
<link>/entries/Directed_Sets.html</link>
<pubDate>Wed, 24 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Directed_Sets.html</guid>
<description></description>
</item>
<item>
<title>Inner Structure, Determinism and Modal Algebra of Multirelations</title>
<link>/entries/Multirelations_Heterogeneous.html</link>
<pubDate>Mon, 22 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations_Heterogeneous.html</guid>
<description></description>
</item>
<item>
<title>Tree Enumeration</title>
<link>/entries/Tree_Enumeration.html</link>
<pubDate>Tue, 09 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>Three Squares Theorem</title>
<link>/entries/Three_Squares.html</link>
<pubDate>Wed, 03 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Three_Squares.html</guid>
<description></description>
</item>
<item>
<title>The Halting Problem is Soluble in Malament-Hogarth Spacetimes</title>
<link>/entries/MHComputation.html</link>
<pubDate>Sat, 29 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/MHComputation.html</guid>
<description></description>
</item>
<item>
<title>The Schwartz-Zippel Lemma</title>
<link>/entries/Schwartz_Zippel.html</link>
<pubDate>Thu, 27 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Schwartz_Zippel.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</title>
<link>/entries/Simple_Clause_Learning.html</link>
<pubDate>Thu, 20 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Clause_Learning.html</guid>
<description></description>
</item>
<item>
<title>The CHSH inequality: Tsirelson&#39;s upper-bound and other results</title>
<link>/entries/TsirelsonBound.html</link>
<pubDate>Tue, 18 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/TsirelsonBound.html</guid>
<description></description>
</item>
<item>
<title>Distributed Distinct Elements</title>
<link>/entries/Distributed_Distinct_Elements.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Distributed_Distinct_Elements.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</title>
<link>/entries/HyperHoareLogic.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/HyperHoareLogic.html</guid>
<description></description>
</item>
<item>
<title>Positional Notation for Natural Numbers in an Arbitrary Base</title>
<link>/entries/DigitsInBase.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/DigitsInBase.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers (GenRel)</title>
<link>/entries/No_FTL_observers_Gen_Rel.html</link>
<pubDate>Sun, 05 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers_Gen_Rel.html</guid>
<description></description>
</item>
<item>
<title>Expander Graphs</title>
<link>/entries/Expander_Graphs.html</link>
<pubDate>Fri, 03 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/Expander_Graphs.html</guid>
<description></description>
</item>
<item>
<title>Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</title>
<link>/entries/Rensets.html</link>
<pubDate>Tue, 28 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Rensets.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Group Law of Edwards Elliptic Curves</title>
<link>/entries/Edwards_Elliptic_Curves_Group.html</link>
<pubDate>Thu, 16 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Edwards_Elliptic_Curves_Group.html</guid>
<description></description>
</item>
<item>
<title>Hardness of Lattice Problems</title>
<link>/entries/CVP_Hardness.html</link>
<pubDate>Thu, 02 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/CVP_Hardness.html</guid>
<description></description>
</item>
<item>
<title>ABY3 Multiplication and Array Shuffling</title>
<link>/entries/ABY3_Protocols.html</link>
<pubDate>Fri, 27 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/ABY3_Protocols.html</guid>
<description></description>
</item>
<item>
<title>Given Clause Loops</title>
<link>/entries/Given_Clause_Loops.html</link>
<pubDate>Wed, 25 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Given_Clause_Loops.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A Hoare Logic for Diverging Programs</title>
<link>/entries/HoareForDivergence.html</link>
<pubDate>Fri, 20 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/HoareForDivergence.html</guid>
<description></description>
</item>
<item>
<title>Strict Omega Categories</title>
<link>/entries/StrictOmegaCategories.html</link>
<pubDate>Sat, 14 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/StrictOmegaCategories.html</guid>
<description></description>
</item>
<item>
<title>Synthetic Completeness</title>
<link>/entries/Synthetic_Completeness.html</link>
<pubDate>Mon, 09 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Synthetic_Completeness.html</guid>
<description></description>
</item>
<item>
<title>The Cook-Levin theorem</title>
<link>/entries/Cook_Levin.html</link>
<pubDate>Sun, 08 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Cook_Levin.html</guid>
<description></description>
</item>
<item>
<title>Binary codes that do not preserve primitivity</title>
<link>/entries/Binary_Code_Imprimitive.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Binary_Code_Imprimitive.html</guid>
<description></description>
</item>
<item>
<title>Intersection of two monoids generated by two element codes</title>
<link>/entries/Two_Generated_Word_Monoids_Intersection.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Two_Generated_Word_Monoids_Intersection.html</guid>
<description></description>
</item>
<item>
<title>A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL</title>
<link>/entries/Quantifier_Elimination_Hybrid.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quantifier_Elimination_Hybrid.html</guid>
<description></description>
</item>
<item>
<title>Class-based Classical Propositional Logic</title>
<link>/entries/Propositional_Logic_Class.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Logic_Class.html</guid>
<description></description>
</item>
<item>
<title>Birkhoff&#39;s Representation Theorem For Finite Distributive Lattices</title>
<link>/entries/Birkhoff_Finite_Distributive_Lattices.html</link>
<pubDate>Tue, 06 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Birkhoff_Finite_Distributive_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</title>
<link>/entries/Multitape_To_Singletape_TM.html</link>
<pubDate>Wed, 30 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multitape_To_Singletape_TM.html</guid>
<description></description>
</item>
<item>
<title>Abstract Object Theory</title>
<link>/entries/AOT.html</link>
<pubDate>Mon, 28 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/AOT.html</guid>
<description></description>
</item>
<item>
<title>A Formal CHERI-C Memory Model</title>
<link>/entries/CHERI-C_Memory_Model.html</link>
<pubDate>Fri, 25 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/CHERI-C_Memory_Model.html</guid>
<description></description>
</item>
<item>
<title>Sauer-Shelah Lemma</title>
<link>/entries/Sauer_Shelah_Lemma.html</link>
<pubDate>Thu, 24 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sauer_Shelah_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Kneser&#39;s Theorem and the Cauchy–Davenport Theorem</title>
<link>/entries/Kneser_Cauchy_Davenport.html</link>
<pubDate>Mon, 21 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Kneser_Cauchy_Davenport.html</guid>
<description></description>
</item>
<item>
<title>Turán&#39;s Graph Theorem</title>
<link>/entries/Turans_Graph_Theorem.html</link>
<pubDate>Mon, 14 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Turans_Graph_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Enumeration Algorithms</title>
<link>/entries/Combinatorial_Enumeration_Algorithms.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorial_Enumeration_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>The Balog–Szemerédi–Gowers Theorem</title>
<link>/entries/Balog_Szemeredi_Gowers.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Balog_Szemeredi_Gowers.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</title>
<link>/entries/PAPP_Impossibility.html</link>
<pubDate>Thu, 10 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/PAPP_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Verification of Query Optimization Algorithms</title>
<link>/entries/Query_Optimization.html</link>
<pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
<guid>/entries/Query_Optimization.html</guid>
<description></description>
</item>
<item>
<title>Maximum Segment Sum</title>
<link>/entries/Maximum_Segment_Sum.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Maximum_Segment_Sum.html</guid>
<description></description>
</item>
<item>
<title>Undirected Graph Theory</title>
<link>/entries/Undirected_Graph_Theory.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Undirected_Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
<title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
<link>/entries/SCC_Bloemen_Sequential.html</link>
<pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/SCC_Bloemen_Sequential.html</guid>
<description></description>
</item>
<item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm–Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/sessions/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/sessions/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/sessions/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/sessions/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/sessions/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/sessions/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>ABY3_Protocols</title>
<link>/sessions/aby3_protocols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aby3_protocols/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/sessions/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/sessions/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/sessions/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/sessions/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/sessions/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/sessions/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/sessions/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/sessions/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/sessions/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/sessions/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/sessions/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/sessions/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/sessions/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/sessions/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/sessions/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aodv/</guid>
<description></description>
</item>
<item>
<title>AOT</title>
<link>/sessions/aot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aot/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/sessions/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/sessions/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/sessions/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/sessions/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/sessions/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/sessions/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/sessions/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/sessions/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/sessions/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/sessions/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/sessions/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/sessions/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/sessions/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/sessions/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/sessions/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Balog_Szemeredi_Gowers</title>
<link>/sessions/balog_szemeredi_gowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/balog_szemeredi_gowers/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/sessions/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/sessions/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/sessions/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/sessions/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/sessions/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/sessions/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/sessions/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/sessions/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/sessions/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/sessions/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bicategory/</guid>
<description></description>
</item>
<item>
<title>Binary_Code_Imprimitive</title>
<link>/sessions/binary_code_imprimitive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binary_code_imprimitive/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/sessions/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/sessions/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/sessions/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/sessions/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/sessions/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Birkhoff_Finite_Distributive_Lattices</title>
<link>/sessions/birkhoff_finite_distributive_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/birkhoff_finite_distributive_lattices/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/sessions/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/sessions/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/sessions/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/sessions/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/sessions/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/sessions/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference_Automated</title>
<link>/sessions/boolos_curious_inference_automated/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolos_curious_inference_automated/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/sessions/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/sessions/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/sessions/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/sessions/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/sessions/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/sessions/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/sessions/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/sessions/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/sessions/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/sessions/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/sessions/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/sessions/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/sessions/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/sessions/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/sessions/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/sessions/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/sessions/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/sessions/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/sessions/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/sessions/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/sessions/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category3/</guid>
<description></description>
</item>
<item>
<title>Catoids</title>
<link>/sessions/catoids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/catoids/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/sessions/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/sessions/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/sessions/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/sessions/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/sessions/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/sessions/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/sessions/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/sessions/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Ceva</title>
<link>/sessions/ceva/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ceva/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/sessions/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>CHERI-C_Memory_Model</title>
<link>/sessions/cheri-c_memory_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cheri-c_memory_model/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/sessions/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/sessions/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/sessions/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/sessions/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/sessions/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/sessions/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/sessions/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/sessions/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/sessions/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/sessions/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/sessions/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/sessions/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/sessions/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/sessions/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorial_Enumeration_Algorithms</title>
<link>/sessions/combinatorial_enumeration_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorial_enumeration_algorithms/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/sessions/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/sessions/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/sessions/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>CommCSL</title>
<link>/sessions/commcsl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/commcsl/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/sessions/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/sessions/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/sessions/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/sessions/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/sessions/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/sessions/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators_Dependencies</title>
<link>/sessions/complex_bounded_operators_dependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_bounded_operators_dependencies/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/sessions/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/sessions/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/sessions/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/sessions/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/sessions/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/sessions/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/sessions/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/sessions/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/sessions/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/sessions/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/sessions/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/sessions/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/sessions/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/sessions/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/sessions/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Cook_Levin</title>
<link>/sessions/cook_levin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cook_levin/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/sessions/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/sessions/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/sessions/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/sessions/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/sessions/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/sessions/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/sessions/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/sessions/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/count_complex_roots/</guid>
<description></description>
</item>
<item>
+ <title>Coupledsim_Contrasim</title>
+ <link>/sessions/coupledsim_contrasim/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/coupledsim_contrasim/</guid>
+ <description></description>
+ </item>
+ <item>
<title>CRDT</title>
<link>/sessions/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/sessions/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crypthol/</guid>
<description></description>
</item>
<item>
<title>Crypto_Standards</title>
<link>/sessions/crypto_standards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crypto_standards/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/sessions/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/sessions/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/sessions/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/sessions/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CVP_Hardness</title>
<link>/sessions/cvp_hardness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cvp_hardness/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/sessions/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/sessions/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/sessions/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/sessions/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/sessions/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/sessions/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>DCR-ExecutionEquivalence</title>
<link>/sessions/dcr-executionequivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dcr-executionequivalence/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/sessions/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/sessions/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/sessions/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/sessions/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/sessions/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/sessions/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/sessions/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/sessions/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/sessions/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/sessions/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/sessions/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/sessions/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/sessions/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/sessions/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/sessions/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/sessions/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/sessions/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/sessions/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/sessions/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>DigitsInBase</title>
<link>/sessions/digitsinbase/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/digitsinbase/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/sessions/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/sessions/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Directed_Sets</title>
<link>/sessions/directed_sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/directed_sets/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/sessions/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/sessions/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/sessions/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/sessions/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/sessions/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>Distributed_Distinct_Elements</title>
<link>/sessions/distributed_distinct_elements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/distributed_distinct_elements/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/sessions/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/sessions/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/sessions/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/sessions/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/sessions/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/sessions/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/sessions/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Earley_Parser</title>
<link>/sessions/earley_parser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/earley_parser/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/sessions/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/sessions/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Edwards_Elliptic_Curves_Group</title>
<link>/sessions/edwards_elliptic_curves_group/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/edwards_elliptic_curves_group/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/sessions/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Efficient_Weighted_Path_Order</title>
<link>/sessions/efficient_weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/efficient_weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/sessions/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/sessions/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/sessions/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/sessions/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/sessions/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/sessions/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/sessions/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/sessions/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Euler_Polyhedron_Formula</title>
<link>/sessions/euler_polyhedron_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_polyhedron_formula/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/sessions/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Example-Submission</title>
<link>/sessions/example-submission/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/example-submission/</guid>
<description></description>
</item>
<item>
<title>Executable_Randomized_Algorithms</title>
<link>/sessions/executable_randomized_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/executable_randomized_algorithms/</guid>
<description></description>
</item>
<item>
<title>Expander_Graphs</title>
<link>/sessions/expander_graphs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/expander_graphs/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/sessions/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/sessions/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/sessions/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/sessions/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/sessions/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/sessions/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/sessions/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/sessions/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/sessions/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/sessions/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/sessions/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/sessions/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/sessions/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/sessions/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/sessions/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/sessions/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/sessions/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/sessions/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/sessions/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/sessions/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/sessions/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/sessions/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Fixed_Length_Vector</title>
<link>/sessions/fixed_length_vector/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fixed_length_vector/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/sessions/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/sessions/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/sessions/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/sessions/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/sessions/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/sessions/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/sessions/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/sessions/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/sessions/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/sessions/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/sessions/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/sessions/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/sessions/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/sessions/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/sessions/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/sessions/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/sessions/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/sessions/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/sessions/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/sessions/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/sessions/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/sessions/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/sessions/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/sessions/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/sessions/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/sessions/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/sessions/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/sessions/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/sessions/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/sessions/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/sessions/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/sessions/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/sessions/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/sessions/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/sessions/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/sessions/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/sessions/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/sessions/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/sessions/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/sessions/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/sessions/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/sessions/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/sessions/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/sessions/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/sessions/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Given_Clause_Loops</title>
<link>/sessions/given_clause_loops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/given_clause_loops/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/sessions/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/sessions/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/sessions/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/sessions/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/sessions/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/sessions/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/sessions/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/sessions/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/sessions/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Gray_Codes</title>
<link>/sessions/gray_codes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gray_codes/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/sessions/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/sessions/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/sessions/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/sessions/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/sessions/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/sessions/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/sessions/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/sessions/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/sessions/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/sessions/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hello_world/</guid>
<description></description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/sessions/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/sessions/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/sessions/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/sessions/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/sessions/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/sessions/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HoareForDivergence</title>
<link>/sessions/hoarefordivergence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hoarefordivergence/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/sessions/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/sessions/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/sessions/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/sessions/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/sessions/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/sessions/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/sessions/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/sessions/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/sessions/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/sessions/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/sessions/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/sessions/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/sessions/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/sessions/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperdual/</guid>
<description></description>
</item>
<item>
<title>Hypergraph_Basics</title>
<link>/sessions/hypergraph_basics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hypergraph_basics/</guid>
<description></description>
</item>
<item>
<title>HyperHoareLogic</title>
<link>/sessions/hyperhoarelogic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperhoarelogic/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/sessions/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/sessions/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/sessions/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/sessions/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/sessions/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/sessions/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/sessions/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/sessions/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/sessions/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
<title>Implicational_Logic</title>
<link>/sessions/implicational_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/implicational_logic/</guid>
<description></description>
</item>
<item>
<title>Impossible_Geometry</title>
<link>/sessions/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/sessions/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/sessions/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/sessions/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/sessions/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/sessions/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/sessions/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/sessions/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/sessions/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/sessions/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/sessions/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/sessions/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/sessions/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/sessions/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/sessions/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/involutions2squares/</guid>
<description></description>
</item>
<item>
+ <title>IO_Language_Conformance</title>
+ <link>/sessions/io_language_conformance/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/io_language_conformance/</guid>
+ <description></description>
+ </item>
+ <item>
<title>IP_Addresses</title>
<link>/sessions/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/sessions/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/sessions/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/sessions/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/sessions/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/sessions/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/sessions/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/sessions/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/sessions/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/sessions/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/sessions/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/sessions/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/sessions/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/sessions/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/sessions/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/sessions/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/sessions/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/sessions/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/sessions/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/sessions/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/sessions/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/sessions/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/sessions/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/sessions/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/sessions/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/sessions/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Kneser_Cauchy_Davenport</title>
<link>/sessions/kneser_cauchy_davenport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kneser_cauchy_davenport/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/sessions/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/sessions/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/sessions/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/sessions/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/sessions/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/sessions/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/sessions/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/sessions/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/sessions/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/sessions/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/sessions/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/sessions/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/sessions/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/sessions/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/sessions/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/sessions/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/sessions/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/sessions/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/sessions/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/sessions/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/sessions/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/sessions/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/sessions/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/sessions/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/sessions/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/sessions/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/sessions/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/sessions/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/sessions/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/sessions/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/sessions/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/sessions/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/sessions/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/sessions/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/sessions/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/sessions/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/sessions/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/sessions/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/sessions/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/sessions/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/sessions/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/sessions/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/sessions/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/sessions/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/sessions/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/sessions/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/sessions/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/sessions/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lovasz_Local</title>
<link>/sessions/lovasz_local/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lovasz_local/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/sessions/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/sessions/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/sessions/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/sessions/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/sessions/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/sessions/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/sessions/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/sessions/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/sessions/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/sessions/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/sessions/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/sessions/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/sessions/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/sessions/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/sessions/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/sessions/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/sessions/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/sessions/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>Maximum_Segment_Sum</title>
<link>/sessions/maximum_segment_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/maximum_segment_sum/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/sessions/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/sessions/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/sessions/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/sessions/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/sessions/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/sessions/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/sessions/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/sessions/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/sessions/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/sessions/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/sessions/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>MHComputation</title>
<link>/sessions/mhcomputation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mhcomputation/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/sessions/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/sessions/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/sessions/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/sessions/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/sessions/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>ML_Unification</title>
<link>/sessions/ml_unification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ml_unification/</guid>
<description></description>
</item>
<item>
<title>MLSS_Decision_Proc</title>
<link>/sessions/mlss_decision_proc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mlss_decision_proc/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/sessions/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/sessions/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/sessions/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/sessions/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/sessions/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/sessions/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/sessions/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/sessions/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/sessions/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/sessions/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/sessions/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/sessions/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multirelations_Heterogeneous</title>
<link>/sessions/multirelations_heterogeneous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multirelations_heterogeneous/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/sessions/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Multitape_To_Singletape_TM</title>
<link>/sessions/multitape_to_singletape_tm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multitape_to_singletape_tm/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/sessions/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/sessions/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/sessions/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/sessions/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/sessions/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/sessions/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/sessions/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/sessions/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/sessions/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/sessions/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers_Gen_Rel</title>
<link>/sessions/no_ftl_observers_gen_rel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/no_ftl_observers_gen_rel/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/sessions/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/sessions/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/sessions/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/sessions/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/sessions/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/sessions/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/sessions/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/sessions/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/sessions/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/sessions/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/sessions/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/sessions/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/sessions/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/sessions/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/sessions/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/sessions/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/sessions/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/sessions/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/sessions/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/sessions/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/sessions/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/sessions/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/sessions/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/sessions/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/sessions/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/package_logic/</guid>
<description></description>
</item>
<item>
<title>Padic_Field</title>
<link>/sessions/padic_field/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/padic_field/</guid>
<description></description>
</item>
<item>
<title>Padic_Ints</title>
<link>/sessions/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/sessions/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/sessions/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pal/</guid>
<description></description>
</item>
<item>
<title>PAPP_Impossibility</title>
<link>/sessions/papp_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/papp_impossibility/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/sessions/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/sessions/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/sessions/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/sessions/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/sessions/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/sessions/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/sessions/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/sessions/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/sessions/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/sessions/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/sessions/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/sessions/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/sessions/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/sessions/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/sessions/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/sessions/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/sessions/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/sessions/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polygonal_Number_Theorem</title>
<link>/sessions/polygonal_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polygonal_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/sessions/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/sessions/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/sessions/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/sessions/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/sessions/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/sessions/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/sessions/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/sessions/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/sessions/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/sessions/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/sessions/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/sessions/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/sessions/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/sessions/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/sessions/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/sessions/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/sessions/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/sessions/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/sessions/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/sessions/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/sessions/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/sessions/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Probability_Inequality_Completeness</title>
<link>/sessions/probability_inequality_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probability_inequality_completeness/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/sessions/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/sessions/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/sessions/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/sessions/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/sessions/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/sessions/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Logic_Class</title>
<link>/sessions/propositional_logic_class/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/propositional_logic_class/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/sessions/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/sessions/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/sessions/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/sessions/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/sessions/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/sessions/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/sessions/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/sessions/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/sessions/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/sessions/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/sessions/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantales/</guid>
<description></description>
</item>
<item>
<title>Quantales_Converse</title>
<link>/sessions/quantales_converse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantales_converse/</guid>
<description></description>
</item>
<item>
<title>Quantifier_Elimination_Hybrid</title>
<link>/sessions/quantifier_elimination_hybrid/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantifier_elimination_hybrid/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/sessions/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/sessions/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quaternions/</guid>
<description></description>
</item>
<item>
<title>Query_Optimization</title>
<link>/sessions/query_optimization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/query_optimization/</guid>
<description></description>
</item>
<item>
<title>Quick_Sort_Cost</title>
<link>/sessions/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/sessions/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/sessions/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/sessions/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/sessions/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/sessions/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/sessions/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/sessions/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/sessions/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/sessions/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/sessions/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/sessions/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/sessions/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/sessions/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/sessions/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/sessions/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/sessions/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/sessions/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/sessions/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/sessions/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/sessions/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/sessions/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/sessions/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Cardinality</title>
<link>/sessions/relational_cardinality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_cardinality/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/sessions/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/sessions/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/sessions/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/sessions/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/sessions/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rensets</title>
<link>/sessions/rensets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rensets/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/sessions/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/sessions/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/sessions/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/sessions/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/sessions/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/sessions/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/sessions/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/sessions/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
<title>Risk_Free_Lending</title>
<link>/sessions/risk_free_lending/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/risk_free_lending/</guid>
<description></description>
</item>
<item>
<title>Robbins-Conjecture</title>
<link>/sessions/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/sessions/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/sessions/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/sessions/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/sessions/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/sessions/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/sessions/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/sessions/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rsapss/</guid>
<description></description>
</item>
<item>
+ <title>S_Finite_Measure_Monad</title>
+ <link>/sessions/s_finite_measure_monad/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/s_finite_measure_monad/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Safe_Distance</title>
<link>/sessions/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/sessions/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>Safe_Range_RC</title>
<link>/sessions/safe_range_rc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_range_rc/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/sessions/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/sessions/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/sessions/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>Sauer_Shelah_Lemma</title>
<link>/sessions/sauer_shelah_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sauer_shelah_lemma/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/sessions/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sc_dom_components/</guid>
<description></description>
</item>
<item>
<title>SCC_Bloemen_Sequential</title>
<link>/sessions/scc_bloemen_sequential/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/scc_bloemen_sequential/</guid>
<description></description>
</item>
<item>
<title>Schutz_Spacetime</title>
<link>/sessions/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>Schwartz_Zippel</title>
<link>/sessions/schwartz_zippel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/schwartz_zippel/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/sessions/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/sessions/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/sessions/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/sessions/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/sessions/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/sessions/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/sessions/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/sessions/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Unbounded</title>
<link>/sessions/separation_logic_unbounded/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_logic_unbounded/</guid>
<description></description>
</item>
<item>
<title>Sepref_Basic</title>
<link>/sessions/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/sessions/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/sessions/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/sessions/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/sessions/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/sessions/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/sessions/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/sessions/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/sessions/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/sessions/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/sessions/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/sessions/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/sessions/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/sessions/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Clause_Learning</title>
<link>/sessions/simple_clause_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simple_clause_learning/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/sessions/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/sessions/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/sessions/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/sessions/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/sessions/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/sessions/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/sessions/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/sessions/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/sessions/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/sessions/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/sessions/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/sessions/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/sessions/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/sessions/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/sessions/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/sessions/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/sessions/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/sessions/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/sessions/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/sessions/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/sessions/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/sessions/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Stalnaker_Logic</title>
<link>/sessions/stalnaker_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stalnaker_logic/</guid>
<description></description>
</item>
<item>
+ <title>Standard_Borel_Spaces</title>
+ <link>/sessions/standard_borel_spaces/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/standard_borel_spaces/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Statecharts</title>
<link>/sessions/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/sessions/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/sessions/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/sessions/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/sessions/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/sessions/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/sessions/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/sessions/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/sessions/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/sessions/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/sessions/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/sessions/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/sessions/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>StrictOmegaCategories</title>
<link>/sessions/strictomegacategories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/strictomegacategories/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/sessions/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/sessions/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/sessions/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/sessions/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/sessions/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/sessions/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/sessions/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/sessions/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/sessions/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/supercalc/</guid>
<description></description>
</item>
<item>
<title>Suppes_Theorem</title>
<link>/sessions/suppes_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/suppes_theorem/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/sessions/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/sessions/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/sessions/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Synthetic_Completeness</title>
<link>/sessions/synthetic_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/synthetic_completeness/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/sessions/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/sessions/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/sessions/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/sessions/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/sessions/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/sessions/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/sessions/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/three_circles/</guid>
<description></description>
</item>
<item>
<title>Three_Squares</title>
<link>/sessions/three_squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/three_squares/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/sessions/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/sessions/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/sessions/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/sessions/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/sessions/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/sessions/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/sessions/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/sessions/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/sessions/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/sessions/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/sessions/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive_models/</guid>
<description></description>
</item>
<item>
+ <title>Transport</title>
+ <link>/sessions/transport/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/transport/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Treaps</title>
<link>/sessions/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/sessions/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/sessions/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Tree_Enumeration</title>
<link>/sessions/tree_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree_enumeration/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/sessions/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/sessions/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/trie/</guid>
<description></description>
</item>
<item>
<title>TsirelsonBound</title>
<link>/sessions/tsirelsonbound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tsirelsonbound/</guid>
<description></description>
</item>
<item>
<title>Turans_Graph_Theorem</title>
<link>/sessions/turans_graph_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/turans_graph_theorem/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/sessions/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Two_Generated_Word_Monoids_Intersection</title>
<link>/sessions/two_generated_word_monoids_intersection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/two_generated_word_monoids_intersection/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/sessions/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/sessions/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/sessions/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Undirected_Graph_Theory</title>
<link>/sessions/undirected_graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/undirected_graph_theory/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/sessions/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/sessions/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/sessions/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/sessions/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/sessions/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/sessions/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/sessions/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/sessions/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/sessions/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/sessions/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/sessions/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/sessions/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/sessions/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/sessions/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/sessions/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/sessions/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/sessions/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/sessions/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/sessions/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/sessions/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/sessions/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/sessions/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/sessions/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/sessions/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/sessions/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/sessions/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/sessions/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/sessions/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/sessions/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/sessions/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/sessions/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/sessions/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/sessions/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/sessions/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeckendorf</title>
<link>/sessions/zeckendorf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeckendorf/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/sessions/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/sessions/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/sessions/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/sessions/coupledsim_contrasim/index.html b/web/sessions/coupledsim_contrasim/index.html
new file mode 100644
--- /dev/null
+++ b/web/sessions/coupledsim_contrasim/index.html
@@ -0,0 +1,111 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Coupledsim_Contrasim - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+
+ <meta property="og:title" content="Coupledsim_Contrasim" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/sessions/coupledsim_contrasim/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="sessions" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Coupledsim_Contrasim"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+ <link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore theories'>
+ <aside>
+
+<div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Coupledsim_Contrasim.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>C</span>oupledsim_<span class='first'>C</span>ontrasim
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <main id="theories">
+ <a id="Transition_Systems" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Transition_Systems.html"><h2>Transition_Systems</h2></a>
+ <a id="Weak_Transition_Systems" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Weak_Transition_Systems.html"><h2>Weak_Transition_Systems</h2></a>
+ <a id="Simple_Game" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Simple_Game.html"><h2>Simple_Game</h2></a>
+ <a id="Strong_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Strong_Relations.html"><h2>Strong_Relations</h2></a>
+ <a id="Weak_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Weak_Relations.html"><h2>Weak_Relations</h2></a>
+ <a id="Contrasimulation" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Contrasimulation.html"><h2>Contrasimulation</h2></a>
+ <a id="Coupled_Simulation" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Coupled_Simulation.html"><h2>Coupled_Simulation</h2></a>
+ <a id="Coupledsim_Game_Delay" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Coupledsim_Game_Delay.html"><h2>Coupledsim_Game_Delay</h2></a>
+ <a id="Coupledsim_Fixpoint_Algo_Delay" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Coupledsim_Fixpoint_Algo_Delay.html"><h2>Coupledsim_Fixpoint_Algo_Delay</h2></a>
+ <a id="Contrasim_Word_Game" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Contrasim_Word_Game.html"><h2>Contrasim_Word_Game</h2></a>
+ <a id="Contrasim_Set_Game" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Contrasim_Set_Game.html"><h2>Contrasim_Set_Game</h2></a>
+ <a id="HM_Logic_Infinitary" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/HM_Logic_Infinitary.html"><h2>HM_Logic_Infinitary</h2></a>
+ <a id="Weak_HML_Contrasimulation" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Weak_HML_Contrasimulation.html"><h2>Weak_HML_Contrasimulation</h2></a>
+ <a id="Tau_Sinks" href="https://www.isa-afp.org/browser_info/current/AFP/Coupledsim_Contrasim/Tau_Sinks.html"><h2>Tau_Sinks</h2></a>
+ </main>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/sessions/index.xml b/web/sessions/index.xml
--- a/web/sessions/index.xml
+++ b/web/sessions/index.xml
@@ -1,5560 +1,5595 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Sessions on Archive of Formal Proofs
</title>
<link>/sessions/</link>
<description>
Recent content in Sessions
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/sessions/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/sessions/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/sessions/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/sessions/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/sessions/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/sessions/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/sessions/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>ABY3_Protocols</title>
<link>/sessions/aby3_protocols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aby3_protocols/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/sessions/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/sessions/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/sessions/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/sessions/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/sessions/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/sessions/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/sessions/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/sessions/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/sessions/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/sessions/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/sessions/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/sessions/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/sessions/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/sessions/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/sessions/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aodv/</guid>
<description></description>
</item>
<item>
<title>AOT</title>
<link>/sessions/aot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aot/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/sessions/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/sessions/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/sessions/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/sessions/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/sessions/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/sessions/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/sessions/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/sessions/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/sessions/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/sessions/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/sessions/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/sessions/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/sessions/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/sessions/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/sessions/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Balog_Szemeredi_Gowers</title>
<link>/sessions/balog_szemeredi_gowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/balog_szemeredi_gowers/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/sessions/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/sessions/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/sessions/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/sessions/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/sessions/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/sessions/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/sessions/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/sessions/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/sessions/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/sessions/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bicategory/</guid>
<description></description>
</item>
<item>
<title>Binary_Code_Imprimitive</title>
<link>/sessions/binary_code_imprimitive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binary_code_imprimitive/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/sessions/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/sessions/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/sessions/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/sessions/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/sessions/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Birkhoff_Finite_Distributive_Lattices</title>
<link>/sessions/birkhoff_finite_distributive_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/birkhoff_finite_distributive_lattices/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/sessions/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/sessions/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/sessions/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/sessions/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/sessions/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/sessions/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference_Automated</title>
<link>/sessions/boolos_curious_inference_automated/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/boolos_curious_inference_automated/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/sessions/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/sessions/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/sessions/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/sessions/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/sessions/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/sessions/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/sessions/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/sessions/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/sessions/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/sessions/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/sessions/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/sessions/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/sessions/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/sessions/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/sessions/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/sessions/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/sessions/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/sessions/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/sessions/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/sessions/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/sessions/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/category3/</guid>
<description></description>
</item>
<item>
<title>Catoids</title>
<link>/sessions/catoids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/catoids/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/sessions/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/sessions/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/sessions/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/sessions/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/sessions/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/sessions/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/sessions/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/sessions/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Ceva</title>
<link>/sessions/ceva/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ceva/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/sessions/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>CHERI-C_Memory_Model</title>
<link>/sessions/cheri-c_memory_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cheri-c_memory_model/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/sessions/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/sessions/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/sessions/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/sessions/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/sessions/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/sessions/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/sessions/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/sessions/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/sessions/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/sessions/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/sessions/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/sessions/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/sessions/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/sessions/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorial_Enumeration_Algorithms</title>
<link>/sessions/combinatorial_enumeration_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorial_enumeration_algorithms/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/sessions/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/sessions/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/sessions/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>CommCSL</title>
<link>/sessions/commcsl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/commcsl/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/sessions/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/sessions/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/sessions/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/sessions/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/sessions/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/sessions/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators_Dependencies</title>
<link>/sessions/complex_bounded_operators_dependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_bounded_operators_dependencies/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/sessions/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/sessions/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/sessions/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/sessions/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/sessions/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/sessions/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/sessions/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/sessions/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/sessions/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/sessions/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/sessions/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/sessions/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/sessions/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/sessions/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/sessions/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Cook_Levin</title>
<link>/sessions/cook_levin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cook_levin/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/sessions/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/sessions/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/sessions/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/sessions/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/sessions/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/sessions/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/sessions/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/sessions/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/count_complex_roots/</guid>
<description></description>
</item>
<item>
+ <title>Coupledsim_Contrasim</title>
+ <link>/sessions/coupledsim_contrasim/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/coupledsim_contrasim/</guid>
+ <description></description>
+ </item>
+ <item>
<title>CRDT</title>
<link>/sessions/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/sessions/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crypthol/</guid>
<description></description>
</item>
<item>
<title>Crypto_Standards</title>
<link>/sessions/crypto_standards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crypto_standards/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/sessions/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/sessions/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/sessions/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/sessions/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CVP_Hardness</title>
<link>/sessions/cvp_hardness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cvp_hardness/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/sessions/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/sessions/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/sessions/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/sessions/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/sessions/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/sessions/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>DCR-ExecutionEquivalence</title>
<link>/sessions/dcr-executionequivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dcr-executionequivalence/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/sessions/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/sessions/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/sessions/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/sessions/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/sessions/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/sessions/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/sessions/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/sessions/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/sessions/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/sessions/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/sessions/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/sessions/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/sessions/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/sessions/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/sessions/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/sessions/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/sessions/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/sessions/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/sessions/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>DigitsInBase</title>
<link>/sessions/digitsinbase/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/digitsinbase/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/sessions/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/sessions/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Directed_Sets</title>
<link>/sessions/directed_sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/directed_sets/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/sessions/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/sessions/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/sessions/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/sessions/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/sessions/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>Distributed_Distinct_Elements</title>
<link>/sessions/distributed_distinct_elements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/distributed_distinct_elements/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/sessions/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/sessions/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/sessions/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/sessions/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/sessions/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/sessions/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/sessions/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Earley_Parser</title>
<link>/sessions/earley_parser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/earley_parser/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/sessions/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/sessions/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Edwards_Elliptic_Curves_Group</title>
<link>/sessions/edwards_elliptic_curves_group/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/edwards_elliptic_curves_group/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/sessions/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Efficient_Weighted_Path_Order</title>
<link>/sessions/efficient_weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/efficient_weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/sessions/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/sessions/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/sessions/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/sessions/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/sessions/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/sessions/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/sessions/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/sessions/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Euler_Polyhedron_Formula</title>
<link>/sessions/euler_polyhedron_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/euler_polyhedron_formula/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/sessions/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Example-Submission</title>
<link>/sessions/example-submission/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/example-submission/</guid>
<description></description>
</item>
<item>
<title>Executable_Randomized_Algorithms</title>
<link>/sessions/executable_randomized_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/executable_randomized_algorithms/</guid>
<description></description>
</item>
<item>
<title>Expander_Graphs</title>
<link>/sessions/expander_graphs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/expander_graphs/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/sessions/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/sessions/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/sessions/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/sessions/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/sessions/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/sessions/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/sessions/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/sessions/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/sessions/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/sessions/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/sessions/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/sessions/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/sessions/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/sessions/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/sessions/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/sessions/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/sessions/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/sessions/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/sessions/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/sessions/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/sessions/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/sessions/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Fixed_Length_Vector</title>
<link>/sessions/fixed_length_vector/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fixed_length_vector/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/sessions/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/sessions/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/sessions/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/sessions/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/sessions/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/sessions/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/sessions/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/sessions/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/sessions/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/sessions/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/sessions/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/sessions/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/sessions/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/sessions/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/sessions/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/sessions/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/sessions/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/sessions/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/sessions/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/sessions/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/sessions/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/sessions/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/sessions/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/sessions/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/sessions/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/sessions/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/sessions/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/sessions/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/sessions/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/sessions/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/sessions/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/sessions/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/sessions/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/sessions/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/sessions/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/sessions/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/sessions/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/sessions/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/sessions/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/sessions/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/sessions/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/sessions/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/sessions/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/sessions/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/sessions/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Given_Clause_Loops</title>
<link>/sessions/given_clause_loops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/given_clause_loops/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/sessions/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/sessions/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/sessions/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/sessions/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/sessions/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/sessions/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/sessions/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/sessions/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/sessions/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Gray_Codes</title>
<link>/sessions/gray_codes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gray_codes/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/sessions/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/sessions/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/sessions/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/sessions/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/sessions/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/sessions/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/sessions/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/sessions/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/sessions/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/sessions/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hello_world/</guid>
<description></description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/sessions/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/sessions/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/sessions/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/sessions/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/sessions/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/sessions/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HoareForDivergence</title>
<link>/sessions/hoarefordivergence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hoarefordivergence/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/sessions/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/sessions/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/sessions/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/sessions/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/sessions/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/sessions/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/sessions/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/sessions/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/sessions/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/sessions/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/sessions/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/sessions/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/sessions/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/sessions/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperdual/</guid>
<description></description>
</item>
<item>
<title>Hypergraph_Basics</title>
<link>/sessions/hypergraph_basics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hypergraph_basics/</guid>
<description></description>
</item>
<item>
<title>HyperHoareLogic</title>
<link>/sessions/hyperhoarelogic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/hyperhoarelogic/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/sessions/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/sessions/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/sessions/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/sessions/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/sessions/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/sessions/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/sessions/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/sessions/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/sessions/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
<title>Implicational_Logic</title>
<link>/sessions/implicational_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/implicational_logic/</guid>
<description></description>
</item>
<item>
<title>Impossible_Geometry</title>
<link>/sessions/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/sessions/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/sessions/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/sessions/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/sessions/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/sessions/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/sessions/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/sessions/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/sessions/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/sessions/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/sessions/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/sessions/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/sessions/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/sessions/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/sessions/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/involutions2squares/</guid>
<description></description>
</item>
<item>
+ <title>IO_Language_Conformance</title>
+ <link>/sessions/io_language_conformance/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/io_language_conformance/</guid>
+ <description></description>
+ </item>
+ <item>
<title>IP_Addresses</title>
<link>/sessions/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/sessions/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/sessions/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/sessions/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/sessions/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/sessions/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/sessions/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/sessions/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/sessions/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/sessions/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/sessions/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/sessions/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/sessions/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/sessions/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/sessions/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/sessions/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/sessions/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/sessions/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/sessions/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/sessions/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/sessions/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/sessions/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/sessions/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/sessions/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/sessions/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/sessions/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Kneser_Cauchy_Davenport</title>
<link>/sessions/kneser_cauchy_davenport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kneser_cauchy_davenport/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/sessions/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/sessions/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/sessions/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/sessions/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/sessions/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/sessions/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/sessions/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/sessions/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/sessions/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/sessions/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/sessions/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/sessions/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/sessions/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/sessions/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/sessions/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/sessions/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/sessions/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/sessions/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/sessions/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/sessions/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/sessions/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/sessions/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/sessions/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/sessions/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/sessions/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/sessions/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/sessions/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/sessions/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/sessions/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/sessions/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/sessions/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/sessions/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/sessions/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/sessions/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/sessions/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/sessions/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/sessions/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/sessions/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/sessions/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/sessions/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/sessions/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/sessions/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/sessions/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/sessions/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/sessions/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/sessions/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/sessions/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/sessions/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lovasz_Local</title>
<link>/sessions/lovasz_local/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lovasz_local/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/sessions/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/sessions/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/sessions/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/sessions/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/sessions/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/sessions/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/sessions/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/sessions/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/sessions/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/sessions/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/sessions/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/sessions/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/sessions/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/sessions/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/sessions/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/sessions/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/sessions/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/sessions/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>Maximum_Segment_Sum</title>
<link>/sessions/maximum_segment_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/maximum_segment_sum/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/sessions/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/sessions/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/sessions/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/sessions/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/sessions/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/sessions/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/sessions/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/sessions/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/sessions/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/sessions/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/sessions/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>MHComputation</title>
<link>/sessions/mhcomputation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mhcomputation/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/sessions/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/sessions/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/sessions/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/sessions/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/sessions/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>ML_Unification</title>
<link>/sessions/ml_unification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ml_unification/</guid>
<description></description>
</item>
<item>
<title>MLSS_Decision_Proc</title>
<link>/sessions/mlss_decision_proc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mlss_decision_proc/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/sessions/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/sessions/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/sessions/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/sessions/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/sessions/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/sessions/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/sessions/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/sessions/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/sessions/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/sessions/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/sessions/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/sessions/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multirelations_Heterogeneous</title>
<link>/sessions/multirelations_heterogeneous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multirelations_heterogeneous/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/sessions/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Multitape_To_Singletape_TM</title>
<link>/sessions/multitape_to_singletape_tm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/multitape_to_singletape_tm/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/sessions/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/sessions/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/sessions/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/sessions/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/sessions/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/sessions/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/sessions/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/sessions/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/sessions/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/sessions/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers_Gen_Rel</title>
<link>/sessions/no_ftl_observers_gen_rel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/no_ftl_observers_gen_rel/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/sessions/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/sessions/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/sessions/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/sessions/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/sessions/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/sessions/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/sessions/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/sessions/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/sessions/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/sessions/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/sessions/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/sessions/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/sessions/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/sessions/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/sessions/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/sessions/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/sessions/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/sessions/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/sessions/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/sessions/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/sessions/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/sessions/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/sessions/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/sessions/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/sessions/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/package_logic/</guid>
<description></description>
</item>
<item>
<title>Padic_Field</title>
<link>/sessions/padic_field/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/padic_field/</guid>
<description></description>
</item>
<item>
<title>Padic_Ints</title>
<link>/sessions/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/sessions/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/sessions/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pal/</guid>
<description></description>
</item>
<item>
<title>PAPP_Impossibility</title>
<link>/sessions/papp_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/papp_impossibility/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/sessions/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/sessions/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/sessions/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/sessions/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/sessions/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/sessions/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/sessions/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/sessions/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/sessions/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/sessions/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/sessions/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/sessions/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/sessions/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/sessions/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/sessions/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/sessions/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/sessions/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/sessions/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polygonal_Number_Theorem</title>
<link>/sessions/polygonal_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polygonal_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/sessions/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/sessions/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/sessions/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/sessions/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/sessions/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/sessions/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/sessions/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/sessions/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/sessions/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/sessions/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/sessions/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/sessions/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/sessions/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/sessions/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/sessions/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/sessions/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/sessions/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/sessions/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/sessions/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/sessions/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/sessions/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/sessions/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Probability_Inequality_Completeness</title>
<link>/sessions/probability_inequality_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/probability_inequality_completeness/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/sessions/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/sessions/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/sessions/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/sessions/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/sessions/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/sessions/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Logic_Class</title>
<link>/sessions/propositional_logic_class/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/propositional_logic_class/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/sessions/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/sessions/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/sessions/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/sessions/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/sessions/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/sessions/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/sessions/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/sessions/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/sessions/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/sessions/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/sessions/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantales/</guid>
<description></description>
</item>
<item>
<title>Quantales_Converse</title>
<link>/sessions/quantales_converse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantales_converse/</guid>
<description></description>
</item>
<item>
<title>Quantifier_Elimination_Hybrid</title>
<link>/sessions/quantifier_elimination_hybrid/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quantifier_elimination_hybrid/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/sessions/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/sessions/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quaternions/</guid>
<description></description>
</item>
<item>
<title>Query_Optimization</title>
<link>/sessions/query_optimization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/query_optimization/</guid>
<description></description>
</item>
<item>
<title>Quick_Sort_Cost</title>
<link>/sessions/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/sessions/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/sessions/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/sessions/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/sessions/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/sessions/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/sessions/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/sessions/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/sessions/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/sessions/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/sessions/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/sessions/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/sessions/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/sessions/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/sessions/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/sessions/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/sessions/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/sessions/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/sessions/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/sessions/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/sessions/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/sessions/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/sessions/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Cardinality</title>
<link>/sessions/relational_cardinality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_cardinality/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/sessions/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/sessions/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/sessions/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/sessions/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/sessions/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rensets</title>
<link>/sessions/rensets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rensets/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/sessions/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/sessions/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/sessions/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/sessions/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/sessions/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/sessions/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/sessions/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/sessions/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
<title>Risk_Free_Lending</title>
<link>/sessions/risk_free_lending/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/risk_free_lending/</guid>
<description></description>
</item>
<item>
<title>Robbins-Conjecture</title>
<link>/sessions/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/sessions/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/sessions/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/sessions/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/sessions/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/sessions/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/sessions/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/sessions/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/rsapss/</guid>
<description></description>
</item>
<item>
+ <title>S_Finite_Measure_Monad</title>
+ <link>/sessions/s_finite_measure_monad/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/s_finite_measure_monad/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Safe_Distance</title>
<link>/sessions/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/sessions/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>Safe_Range_RC</title>
<link>/sessions/safe_range_rc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/safe_range_rc/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/sessions/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/sessions/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/sessions/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>Sauer_Shelah_Lemma</title>
<link>/sessions/sauer_shelah_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sauer_shelah_lemma/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/sessions/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sc_dom_components/</guid>
<description></description>
</item>
<item>
<title>SCC_Bloemen_Sequential</title>
<link>/sessions/scc_bloemen_sequential/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/scc_bloemen_sequential/</guid>
<description></description>
</item>
<item>
<title>Schutz_Spacetime</title>
<link>/sessions/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>Schwartz_Zippel</title>
<link>/sessions/schwartz_zippel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/schwartz_zippel/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/sessions/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/sessions/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/sessions/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/sessions/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/sessions/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/sessions/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/sessions/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/sessions/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Unbounded</title>
<link>/sessions/separation_logic_unbounded/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/separation_logic_unbounded/</guid>
<description></description>
</item>
<item>
<title>Sepref_Basic</title>
<link>/sessions/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/sessions/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/sessions/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/sessions/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/sessions/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/sessions/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/sessions/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/sessions/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/sessions/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/sessions/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/sessions/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/sessions/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/sessions/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/sessions/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Clause_Learning</title>
<link>/sessions/simple_clause_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simple_clause_learning/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/sessions/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/sessions/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/sessions/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/sessions/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/sessions/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/sessions/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/sessions/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/sessions/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/sessions/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/sessions/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/sessions/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/sessions/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/sessions/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/sessions/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/sessions/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/sessions/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/sessions/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/sessions/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/sessions/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/sessions/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/sessions/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/sessions/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Stalnaker_Logic</title>
<link>/sessions/stalnaker_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stalnaker_logic/</guid>
<description></description>
</item>
<item>
+ <title>Standard_Borel_Spaces</title>
+ <link>/sessions/standard_borel_spaces/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/standard_borel_spaces/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Statecharts</title>
<link>/sessions/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/sessions/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/sessions/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/sessions/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/sessions/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/sessions/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/sessions/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/sessions/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/sessions/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/sessions/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/sessions/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/sessions/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/sessions/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>StrictOmegaCategories</title>
<link>/sessions/strictomegacategories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/strictomegacategories/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/sessions/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/sessions/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/sessions/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/sessions/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/sessions/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/sessions/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/sessions/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/sessions/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/sessions/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/supercalc/</guid>
<description></description>
</item>
<item>
<title>Suppes_Theorem</title>
<link>/sessions/suppes_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/suppes_theorem/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/sessions/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/sessions/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/sessions/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Synthetic_Completeness</title>
<link>/sessions/synthetic_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/synthetic_completeness/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/sessions/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/sessions/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/sessions/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/sessions/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/sessions/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/sessions/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/sessions/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/three_circles/</guid>
<description></description>
</item>
<item>
<title>Three_Squares</title>
<link>/sessions/three_squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/three_squares/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/sessions/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/sessions/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/sessions/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/sessions/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/sessions/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/sessions/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/sessions/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/sessions/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/sessions/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/sessions/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/sessions/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/transitive_models/</guid>
<description></description>
</item>
<item>
+ <title>Transport</title>
+ <link>/sessions/transport/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+ <guid>/sessions/transport/</guid>
+ <description></description>
+ </item>
+ <item>
<title>Treaps</title>
<link>/sessions/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/sessions/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/sessions/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Tree_Enumeration</title>
<link>/sessions/tree_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tree_enumeration/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/sessions/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/sessions/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/trie/</guid>
<description></description>
</item>
<item>
<title>TsirelsonBound</title>
<link>/sessions/tsirelsonbound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tsirelsonbound/</guid>
<description></description>
</item>
<item>
<title>Turans_Graph_Theorem</title>
<link>/sessions/turans_graph_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/turans_graph_theorem/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/sessions/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Two_Generated_Word_Monoids_Intersection</title>
<link>/sessions/two_generated_word_monoids_intersection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/two_generated_word_monoids_intersection/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/sessions/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/sessions/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/sessions/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Undirected_Graph_Theory</title>
<link>/sessions/undirected_graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/undirected_graph_theory/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/sessions/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/sessions/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/sessions/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/sessions/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/sessions/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/sessions/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/sessions/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/sessions/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/sessions/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/sessions/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/sessions/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/sessions/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/sessions/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/sessions/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/sessions/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/sessions/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/sessions/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/sessions/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/sessions/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/sessions/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/sessions/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/sessions/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/sessions/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/sessions/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/sessions/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/sessions/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/sessions/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/sessions/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/sessions/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/sessions/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/sessions/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/sessions/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/sessions/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/sessions/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeckendorf</title>
<link>/sessions/zeckendorf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeckendorf/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/sessions/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/sessions/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/sessions/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/sessions/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/sessions/io_language_conformance/index.html b/web/sessions/io_language_conformance/index.html
new file mode 100644
--- /dev/null
+++ b/web/sessions/io_language_conformance/index.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>IO_Language_Conformance - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+
+ <meta property="og:title" content="IO_Language_Conformance" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/sessions/io_language_conformance/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="sessions" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="IO_Language_Conformance"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+ <link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore theories'>
+ <aside>
+
+<div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/IO_Language_Conformance.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>I</span><span class='first'>O</span>_<span class='first'>L</span>anguage_<span class='first'>C</span>onformance
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <main id="theories">
+ <a id="Input_Output_Language_Conformance" href="https://www.isa-afp.org/browser_info/current/AFP/IO_Language_Conformance/Input_Output_Language_Conformance.html"><h2>Input_Output_Language_Conformance</h2></a>
+ </main>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/sessions/s_finite_measure_monad/index.html b/web/sessions/s_finite_measure_monad/index.html
new file mode 100644
--- /dev/null
+++ b/web/sessions/s_finite_measure_monad/index.html
@@ -0,0 +1,105 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>S_Finite_Measure_Monad - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+
+ <meta property="og:title" content="S_Finite_Measure_Monad" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/sessions/s_finite_measure_monad/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="sessions" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="S_Finite_Measure_Monad"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+ <link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore theories'>
+ <aside>
+
+<div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/S_Finite_Measure_Monad.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>S</span>_<span class='first'>F</span>inite_<span class='first'>M</span>easure_<span class='first'>M</span>onad
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <main id="theories">
+ <a id="Lemmas_S_Finite_Measure_Monad" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Lemmas_S_Finite_Measure_Monad.html"><h2>Lemmas_S_Finite_Measure_Monad</h2></a>
+ <a id="Kernels" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Kernels.html"><h2>Kernels</h2></a>
+ <a id="QuasiBorel" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/QuasiBorel.html"><h2>QuasiBorel</h2></a>
+ <a id="QBS_Morphism" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/QBS_Morphism.html"><h2>QBS_Morphism</h2></a>
+ <a id="Measure_QuasiBorel_Adjunction" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Measure_QuasiBorel_Adjunction.html"><h2>Measure_QuasiBorel_Adjunction</h2></a>
+ <a id="Monad_QuasiBorel" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Monad_QuasiBorel.html"><h2>Monad_QuasiBorel</h2></a>
+ <a id="Montecarlo" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Montecarlo.html"><h2>Montecarlo</h2></a>
+ <a id="Query" href="https://www.isa-afp.org/browser_info/current/AFP/S_Finite_Measure_Monad/Query.html"><h2>Query</h2></a>
+ </main>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/sessions/standard_borel_spaces/index.html b/web/sessions/standard_borel_spaces/index.html
new file mode 100644
--- /dev/null
+++ b/web/sessions/standard_borel_spaces/index.html
@@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Standard_Borel_Spaces - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+
+ <meta property="og:title" content="Standard_Borel_Spaces" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/sessions/standard_borel_spaces/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="sessions" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Standard_Borel_Spaces"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+ <link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore theories'>
+ <aside>
+
+<div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Standard_Borel_Spaces.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>S</span>tandard_<span class='first'>B</span>orel_<span class='first'>S</span>paces
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <main id="theories">
+ <a id="Lemmas_StandardBorel" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/Lemmas_StandardBorel.html"><h2>Lemmas_StandardBorel</h2></a>
+ <a id="Set_Based_Metric_Space" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/Set_Based_Metric_Space.html"><h2>Set_Based_Metric_Space</h2></a>
+ <a id="Set_Based_Metric_Product" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/Set_Based_Metric_Product.html"><h2>Set_Based_Metric_Product</h2></a>
+ <a id="Abstract_Metrizable_Topology" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/Abstract_Metrizable_Topology.html"><h2>Abstract_Metrizable_Topology</h2></a>
+ <a id="StandardBorel" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/StandardBorel.html"><h2>StandardBorel</h2></a>
+ <a id="Space_of_Continuous_Maps" href="https://www.isa-afp.org/browser_info/current/AFP/Standard_Borel_Spaces/Space_of_Continuous_Maps.html"><h2>Space_of_Continuous_Maps</h2></a>
+ </main>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/sessions/transport/index.html b/web/sessions/transport/index.html
new file mode 100644
--- /dev/null
+++ b/web/sessions/transport/index.html
@@ -0,0 +1,210 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Transport - Archive of Formal Proofs</title>
+ <meta name="description" content="A collection of proof libraries, examples, and larger
+ scientific developments, mechanically checked in the theorem prover Isabelle.">
+
+ <meta property="og:title" content="Transport" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/sessions/transport/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="sessions" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+
+ <meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Transport"/>
+<meta name="twitter:description" content=""/>
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+ <link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon">
+
+ <script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script>
+ <script src="../../js/header-search.js"></script>
+ <script src="../../js/search-autocomplete.js"></script>
+</head>
+
+ <body class='mathjax_ignore theories'>
+ <aside>
+
+<div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Transport.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+ <div class='content'>
+ <header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value=""
+ aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button">
+ <img src="../../images/search.svg" alt="Search"/>
+ </button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1>
+ <span class='first'>T</span>ransport
+
+ </h1>
+ <div>
+ </div>
+</header>
+ <div>
+
+ <main id="theories">
+ <a id="HOL_Basics_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Basics_Base.html"><h2>HOL_Basics_Base</h2></a>
+ <a id="Binary_Relation_Functions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relation_Functions.html"><h2>Binary_Relation_Functions</h2></a>
+ <a id="Binary_Relations_Order_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Order_Base.html"><h2>Binary_Relations_Order_Base</h2></a>
+ <a id="Binary_Relations_Lattice" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Lattice.html"><h2>Binary_Relations_Lattice</h2></a>
+ <a id="Functions_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Base.html"><h2>Functions_Base</h2></a>
+ <a id="HOL_Syntax_Bundles_Lattices" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Lattices.html"><h2>HOL_Syntax_Bundles_Lattices</h2></a>
+ <a id="Predicates_Lattice" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Predicates_Lattice.html"><h2>Predicates_Lattice</h2></a>
+ <a id="Function_Relators" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Function_Relators.html"><h2>Function_Relators</h2></a>
+ <a id="Predicates_Order" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Predicates_Order.html"><h2>Predicates_Order</h2></a>
+ <a id="Predicates" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Predicates.html"><h2>Predicates</h2></a>
+ <a id="Functions_Monotone" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Monotone.html"><h2>Functions_Monotone</h2></a>
+ <a id="Binary_Relations_Reflexive" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Reflexive.html"><h2>Binary_Relations_Reflexive</h2></a>
+ <a id="Binary_Relations_Symmetric" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Symmetric.html"><h2>Binary_Relations_Symmetric</h2></a>
+ <a id="Binary_Relations_Transitive" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Transitive.html"><h2>Binary_Relations_Transitive</h2></a>
+ <a id="Binary_Relations_Order" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Order.html"><h2>Binary_Relations_Order</h2></a>
+ <a id="Binary_Relations_Antisymmetric" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Antisymmetric.html"><h2>Binary_Relations_Antisymmetric</h2></a>
+ <a id="Binary_Relations_Injective" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Injective.html"><h2>Binary_Relations_Injective</h2></a>
+ <a id="Binary_Relations_Irreflexive" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Irreflexive.html"><h2>Binary_Relations_Irreflexive</h2></a>
+ <a id="Binary_Relations_Left_Total" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Left_Total.html"><h2>Binary_Relations_Left_Total</h2></a>
+ <a id="Binary_Relations_Right_Unique" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Right_Unique.html"><h2>Binary_Relations_Right_Unique</h2></a>
+ <a id="Binary_Relations_Surjective" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relations_Surjective.html"><h2>Binary_Relations_Surjective</h2></a>
+ <a id="Binary_Relation_Properties" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Binary_Relation_Properties.html"><h2>Binary_Relation_Properties</h2></a>
+ <a id="Preorders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Preorders.html"><h2>Preorders</h2></a>
+ <a id="Partial_Equivalence_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Partial_Equivalence_Relations.html"><h2>Partial_Equivalence_Relations</h2></a>
+ <a id="Equivalence_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Equivalence_Relations.html"><h2>Equivalence_Relations</h2></a>
+ <a id="Partial_Orders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Partial_Orders.html"><h2>Partial_Orders</h2></a>
+ <a id="Restricted_Equality" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Restricted_Equality.html"><h2>Restricted_Equality</h2></a>
+ <a id="LBinary_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/LBinary_Relations.html"><h2>LBinary_Relations</h2></a>
+ <a id="Functions_Injective" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Injective.html"><h2>Functions_Injective</h2></a>
+ <a id="Functions_Inverse" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Inverse.html"><h2>Functions_Inverse</h2></a>
+ <a id="Functions_Bijection" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Bijection.html"><h2>Functions_Bijection</h2></a>
+ <a id="Functions_Surjective" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Functions_Surjective.html"><h2>Functions_Surjective</h2></a>
+ <a id="Function_Properties" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Function_Properties.html"><h2>Function_Properties</h2></a>
+ <a id="LFunctions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/LFunctions.html"><h2>LFunctions</h2></a>
+ <a id="Order_Functions_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Order_Functions_Base.html"><h2>Order_Functions_Base</h2></a>
+ <a id="Order_Functors_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Order_Functors_Base.html"><h2>Order_Functors_Base</h2></a>
+ <a id="Galois_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Base.html"><h2>Galois_Base</h2></a>
+ <a id="Galois_Relator_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Relator_Base.html"><h2>Galois_Relator_Base</h2></a>
+ <a id="Order_Equivalences" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Order_Equivalences.html"><h2>Order_Equivalences</h2></a>
+ <a id="Half_Galois_Property" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Half_Galois_Property.html"><h2>Half_Galois_Property</h2></a>
+ <a id="Galois_Property" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Property.html"><h2>Galois_Property</h2></a>
+ <a id="Galois_Connections" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Connections.html"><h2>Galois_Connections</h2></a>
+ <a id="Galois_Equivalences" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Equivalences.html"><h2>Galois_Equivalences</h2></a>
+ <a id="Galois_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois_Relator.html"><h2>Galois_Relator</h2></a>
+ <a id="Galois" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Galois.html"><h2>Galois</h2></a>
+ <a id="Closure_Operators" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Closure_Operators.html"><h2>Closure_Operators</h2></a>
+ <a id="Order_Functions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Order_Functions.html"><h2>Order_Functions</h2></a>
+ <a id="Order_Functors" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Order_Functors.html"><h2>Order_Functors</h2></a>
+ <a id="Orders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Orders.html"><h2>Orders</h2></a>
+ <a id="HOL_Basics" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Basics.html"><h2>HOL_Basics</h2></a>
+ <a id="HOL_Mem_Of" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Mem_Of.html"><h2>HOL_Mem_Of</h2></a>
+ <a id="HOL_Syntax_Bundles_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Relations.html"><h2>HOL_Syntax_Bundles_Relations</h2></a>
+ <a id="HOL_Alignment_Binary_Relations" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Alignment_Binary_Relations.html"><h2>HOL_Alignment_Binary_Relations</h2></a>
+ <a id="HOL_Syntax_Bundles_Functions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Functions.html"><h2>HOL_Syntax_Bundles_Functions</h2></a>
+ <a id="HOL_Alignment_Functions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Alignment_Functions.html"><h2>HOL_Alignment_Functions</h2></a>
+ <a id="HOL_Syntax_Bundles_Orders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Orders.html"><h2>HOL_Syntax_Bundles_Orders</h2></a>
+ <a id="HOL_Alignment_Orders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Alignment_Orders.html"><h2>HOL_Alignment_Orders</h2></a>
+ <a id="HOL_Alignments" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Alignments.html"><h2>HOL_Alignments</h2></a>
+ <a id="HOL_Algebra_Alignment_Orders" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Algebra_Alignment_Orders.html"><h2>HOL_Algebra_Alignment_Orders</h2></a>
+ <a id="HOL_Algebra_Alignment_Galois" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Algebra_Alignment_Galois.html"><h2>HOL_Algebra_Alignment_Galois</h2></a>
+ <a id="HOL_Algebra_Alignments" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Algebra_Alignments.html"><h2>HOL_Algebra_Alignments</h2></a>
+ <a id="HOL_Syntax_Bundles_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Base.html"><h2>HOL_Syntax_Bundles_Base</h2></a>
+ <a id="HOL_Syntax_Bundles_Groups" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles_Groups.html"><h2>HOL_Syntax_Bundles_Groups</h2></a>
+ <a id="HOL_Syntax_Bundles" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/HOL_Syntax_Bundles.html"><h2>HOL_Syntax_Bundles</h2></a>
+ <a id="Transport_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Base.html"><h2>Transport_Base</h2></a>
+ <a id="Transport_Bijections" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Bijections.html"><h2>Transport_Bijections</h2></a>
+ <a id="Transport_Compositions_Agree_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Base.html"><h2>Transport_Compositions_Agree_Base</h2></a>
+ <a id="Transport_Compositions_Agree_Monotone" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Monotone.html"><h2>Transport_Compositions_Agree_Monotone</h2></a>
+ <a id="Transport_Compositions_Agree_Galois_Property" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Galois_Property.html"><h2>Transport_Compositions_Agree_Galois_Property</h2></a>
+ <a id="Transport_Compositions_Agree_Galois_Connection" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Galois_Connection.html"><h2>Transport_Compositions_Agree_Galois_Connection</h2></a>
+ <a id="Transport_Compositions_Agree_Galois_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Galois_Equivalence.html"><h2>Transport_Compositions_Agree_Galois_Equivalence</h2></a>
+ <a id="Transport_Compositions_Agree_Galois_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Galois_Relator.html"><h2>Transport_Compositions_Agree_Galois_Relator</h2></a>
+ <a id="Transport_Compositions_Agree_Order_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree_Order_Equivalence.html"><h2>Transport_Compositions_Agree_Order_Equivalence</h2></a>
+ <a id="Transport_Compositions_Agree" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Agree.html"><h2>Transport_Compositions_Agree</h2></a>
+ <a id="Transport_Compositions_Generic_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Base.html"><h2>Transport_Compositions_Generic_Base</h2></a>
+ <a id="Transport_Compositions_Generic_Galois_Property" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Galois_Property.html"><h2>Transport_Compositions_Generic_Galois_Property</h2></a>
+ <a id="Transport_Compositions_Generic_Monotone" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Monotone.html"><h2>Transport_Compositions_Generic_Monotone</h2></a>
+ <a id="Transport_Compositions_Generic_Galois_Connection" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Galois_Connection.html"><h2>Transport_Compositions_Generic_Galois_Connection</h2></a>
+ <a id="Transport_Compositions_Generic_Galois_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Galois_Equivalence.html"><h2>Transport_Compositions_Generic_Galois_Equivalence</h2></a>
+ <a id="Transport_Compositions_Generic_Galois_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Galois_Relator.html"><h2>Transport_Compositions_Generic_Galois_Relator</h2></a>
+ <a id="Transport_Compositions_Generic_Order_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Order_Base.html"><h2>Transport_Compositions_Generic_Order_Base</h2></a>
+ <a id="Transport_Compositions_Generic_Order_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic_Order_Equivalence.html"><h2>Transport_Compositions_Generic_Order_Equivalence</h2></a>
+ <a id="Transport_Compositions_Generic" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions_Generic.html"><h2>Transport_Compositions_Generic</h2></a>
+ <a id="Transport_Compositions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Compositions.html"><h2>Transport_Compositions</h2></a>
+ <a id="Reflexive_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Reflexive_Relator.html"><h2>Reflexive_Relator</h2></a>
+ <a id="Monotone_Function_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Monotone_Function_Relator.html"><h2>Monotone_Function_Relator</h2></a>
+ <a id="Transport_Functions_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Base.html"><h2>Transport_Functions_Base</h2></a>
+ <a id="Transport_Functions_Monotone" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Monotone.html"><h2>Transport_Functions_Monotone</h2></a>
+ <a id="Transport_Functions_Galois_Property" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Galois_Property.html"><h2>Transport_Functions_Galois_Property</h2></a>
+ <a id="Transport_Functions_Galois_Connection" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Galois_Connection.html"><h2>Transport_Functions_Galois_Connection</h2></a>
+ <a id="Transport_Functions_Order_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Order_Base.html"><h2>Transport_Functions_Order_Base</h2></a>
+ <a id="Transport_Functions_Galois_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Galois_Equivalence.html"><h2>Transport_Functions_Galois_Equivalence</h2></a>
+ <a id="Transport_Functions_Relation_Simplifications" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Relation_Simplifications.html"><h2>Transport_Functions_Relation_Simplifications</h2></a>
+ <a id="Transport_Functions_Galois_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Galois_Relator.html"><h2>Transport_Functions_Galois_Relator</h2></a>
+ <a id="Transport_Functions_Order_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions_Order_Equivalence.html"><h2>Transport_Functions_Order_Equivalence</h2></a>
+ <a id="Transport_Functions" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Functions.html"><h2>Transport_Functions</h2></a>
+ <a id="Transport_Identity" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Identity.html"><h2>Transport_Identity</h2></a>
+ <a id="Transport" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport.html"><h2>Transport</h2></a>
+ <a id="Transport_Natural_Functors_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors_Base.html"><h2>Transport_Natural_Functors_Base</h2></a>
+ <a id="Transport_Natural_Functors_Galois" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors_Galois.html"><h2>Transport_Natural_Functors_Galois</h2></a>
+ <a id="Transport_Natural_Functors_Galois_Relator" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors_Galois_Relator.html"><h2>Transport_Natural_Functors_Galois_Relator</h2></a>
+ <a id="Transport_Natural_Functors_Order_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors_Order_Base.html"><h2>Transport_Natural_Functors_Order_Base</h2></a>
+ <a id="Transport_Natural_Functors_Order_Equivalence" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors_Order_Equivalence.html"><h2>Transport_Natural_Functors_Order_Equivalence</h2></a>
+ <a id="Transport_Natural_Functors" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Natural_Functors.html"><h2>Transport_Natural_Functors</h2></a>
+ <a id="Transport_Rel_If" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Rel_If.html"><h2>Transport_Rel_If</h2></a>
+ <a id="Transport_Prototype" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Prototype.html"><h2>Transport_Prototype</h2></a>
+ <a id="Transport_Syntax" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Syntax.html"><h2>Transport_Syntax</h2></a>
+ <a id="Transport_Dep_Fun_Rel_Examples" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Dep_Fun_Rel_Examples.html"><h2>Transport_Dep_Fun_Rel_Examples</h2></a>
+ <a id="Transport_Lists_Sets_Examples" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Lists_Sets_Examples.html"><h2>Transport_Lists_Sets_Examples</h2></a>
+ <a id="Transport_Partial_Quotient_Types" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Partial_Quotient_Types.html"><h2>Transport_Partial_Quotient_Types</h2></a>
+ <a id="Transport_Typedef_Base" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Typedef_Base.html"><h2>Transport_Typedef_Base</h2></a>
+ <a id="Transport_Typedef" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Typedef.html"><h2>Transport_Typedef</h2></a>
+ <a id="Transport_Via_Partial_Galois_Connections_Equivalences_Paper" href="https://www.isa-afp.org/browser_info/current/AFP/Transport/Transport_Via_Partial_Galois_Connections_Equivalences_Paper.html"><h2>Transport_Via_Partial_Galois_Connections_Equivalences_Paper</h2></a>
+ </main>
+
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
diff --git a/web/sitemap.xml b/web/sitemap.xml
--- a/web/sitemap.xml
+++ b/web/sitemap.xml
@@ -1,6596 +1,6630 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/topics/computer-science/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/kappelmann/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/topics/mathematics/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/ml_unification/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/topics/</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Transport.html</loc>
+ <lastmod>2023-10-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Cardinality.html</loc>
<lastmod>2023-09-22T00:00:00+00:00</lastmod>
</url><url>
- <loc>/dependencies/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
- </url><url>
- <loc>/entries/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/guttmann/</loc>
<lastmod>2023-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-infinite/</loc>
<lastmod>2023-09-22T00:00:00+00:00</lastmod>
</url><url>
- <loc>/topics/mathematics/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/stone_relation_algebras/</loc>
<lastmod>2023-09-22T00:00:00+00:00</lastmod>
</url><url>
- <loc>/topics/</loc>
- <lastmod>2023-09-22T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/card_partitions/</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/design_theory/</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/edmonds/</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fishers_inequality/</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lovasz_Local.html</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hypergraph_Basics.html</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/undirected_graph_theory/</loc>
<lastmod>2023-09-20T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/kappelmann/</loc>
- <lastmod>2023-09-19T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/speccheck/</loc>
<lastmod>2023-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/topics/tools/</loc>
<lastmod>2023-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ML_Unification.html</loc>
<lastmod>2023-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_Polyhedron_Formula.html</loc>
<lastmod>2023-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paulson/</loc>
<lastmod>2023-09-16T00:00:00+00:00</lastmod>
</url><url>
+ <loc>/entries/IO_Language_Conformance.html</loc>
+ <lastmod>2023-09-01T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/sachtleben/</loc>
+ <lastmod>2023-09-01T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/bisping/</loc>
+ <lastmod>2023-08-18T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Coupledsim_Contrasim.html</loc>
+ <lastmod>2023-08-18T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/topics/logic/</loc>
+ <lastmod>2023-08-18T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/montanari/</loc>
+ <lastmod>2023-08-18T00:00:00+00:00</lastmod>
+ </url><url>
<loc>/entries/Ceva.html</loc>
<lastmod>2023-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rabing/</loc>
<lastmod>2023-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/triangle/</loc>
<lastmod>2023-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Catoids.html</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
- <loc>/topics/computer-science/</loc>
- <lastmod>2023-08-14T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Fixed_Length_Vector.html</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hupel/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kad/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quantales/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quantales_converse/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relation_algebra/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/struth/</loc>
<lastmod>2023-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/argyraki/</loc>
<lastmod>2023-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/leek/</loc>
<lastmod>2023-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polygonal_Number_Theorem.html</loc>
<lastmod>2023-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/three_squares/</loc>
<lastmod>2023-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yez/</loc>
<lastmod>2023-08-10T00:00:00+00:00</lastmod>
</url><url>
+ <loc>/authors/hirata/</loc>
+ <lastmod>2023-08-08T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/minamide/</loc>
+ <lastmod>2023-08-08T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/S_Finite_Measure_Monad.html</loc>
+ <lastmod>2023-08-08T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Standard_Borel_Spaces.html</loc>
+ <lastmod>2023-08-08T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/standard_borel_spaces/</loc>
+ <lastmod>2023-08-08T00:00:00+00:00</lastmod>
+ </url><url>
<loc>/authors/calk/</loc>
<lastmod>2023-07-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kleene_algebra/</loc>
<lastmod>2023-07-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quantales_Converse.html</loc>
<lastmod>2023-07-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Earley_Parser.html</loc>
<lastmod>2023-07-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rau/</loc>
<lastmod>2023-07-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gray_Codes.html</loc>
<lastmod>2023-07-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spitz/</loc>
<lastmod>2023-07-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eberl/</loc>
<lastmod>2023-06-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Executable_Randomized_Algorithms.html</loc>
<lastmod>2023-06-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/karayel/</loc>
<lastmod>2023-06-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_while/</loc>
<lastmod>2023-06-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zeta_function/</loc>
<lastmod>2023-06-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/christfort/</loc>
<lastmod>2023-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DCR-ExecutionEquivalence.html</loc>
<lastmod>2023-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/debois/</loc>
<lastmod>2023-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dalvit/</loc>
<lastmod>2023-06-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeckendorf.html</loc>
<lastmod>2023-06-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Crypto_Standards.html</loc>
<lastmod>2023-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/elliptic_curves_group_law/</loc>
<lastmod>2023-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/whitley/</loc>
<lastmod>2023-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Efficient_Weighted_Path_Order.html</loc>
<lastmod>2023-06-01T00:00:00+00:00</lastmod>
</url><url>
- <loc>/topics/logic/</loc>
- <lastmod>2023-06-01T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/thiemann/</loc>
<lastmod>2023-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/weighted_path_order/</loc>
<lastmod>2023-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wenninger/</loc>
<lastmod>2023-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complete_non_orders/</loc>
<lastmod>2023-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dubut/</loc>
<lastmod>2023-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Directed_Sets.html</loc>
<lastmod>2023-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yamada/</loc>
<lastmod>2023-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multirelations_Heterogeneous.html</loc>
<lastmod>2023-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cremer/</loc>
<lastmod>2023-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree_Enumeration.html</loc>
<lastmod>2023-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fresh_identifiers/</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/graph_theory/</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hereditarilyfinite/</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-index/</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MLSS_Decision_Proc.html</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stevens/</loc>
<lastmod>2023-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chevalier/</loc>
<lastmod>2023-05-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/danilkin/</loc>
<lastmod>2023-05-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_l/</loc>
<lastmod>2023-05-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Three_Squares.html</loc>
<lastmod>2023-05-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stannett/</loc>
<lastmod>2023-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MHComputation.html</loc>
<lastmod>2023-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/factor_algebraic_polynomial/</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jordan_normal_form/</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kim/</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/skip_lists/</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tan/</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Schwartz_Zippel.html</loc>
<lastmod>2023-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simple_Clause_Learning.html</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/desharnais/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_order_terms/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/functional_ordered_resolution_prover/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordered_resolution_prover/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/saturation_framework/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/saturation_framework_extensions/</loc>
<lastmod>2023-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/commuting_hermitian/</loc>
<lastmod>2023-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/echenim/</loc>
<lastmod>2023-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mhalla/</loc>
<lastmod>2023-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mori/</loc>
<lastmod>2023-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TsirelsonBound.html</loc>
<lastmod>2023-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dardinier/</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/discrete_summation/</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Distributed_Distinct_Elements.html</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/expander_graphs/</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HyperHoareLogic.html</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DigitsInBase.html</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/staats/</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stirling_formula/</loc>
<lastmod>2023-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CommCSL.html</loc>
<lastmod>2023-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/andreka/</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/higgins/</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/madarasz/</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemeti/</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/No_FTL_observers_Gen_Rel.html</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/szekely/</loc>
<lastmod>2023-03-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Expander_Graphs.html</loc>
<lastmod>2023-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/frequency_moments/</loc>
<lastmod>2023-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/perron_frobenius/</loc>
<lastmod>2023-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/weighted_arithmetic_geometric_mean/</loc>
<lastmod>2023-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/popescu/</loc>
<lastmod>2023-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rensets.html</loc>
<lastmod>2023-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probability_Inequality_Completeness.html</loc>
<lastmod>2023-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/doty/</loc>
<lastmod>2023-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/suppes_theorem/</loc>
<lastmod>2023-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Edwards_Elliptic_Curves_Group.html</loc>
<lastmod>2023-02-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raya/</loc>
<lastmod>2023-02-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/benor_kozen_reif/</loc>
<lastmod>2023-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/berlekamp_zassenhaus/</loc>
<lastmod>2023-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CVP_Hardness.html</loc>
<lastmod>2023-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kreuzer/</loc>
<lastmod>2023-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lll_basis_reduction/</loc>
<lastmod>2023-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ABY3_Protocols.html</loc>
<lastmod>2023-01-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crypthol/</loc>
<lastmod>2023-01-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hu/</loc>
<lastmod>2023-01-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blanchette/</loc>
<lastmod>2023-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Given_Clause_Loops.html</loc>
<lastmod>2023-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/qiu/</loc>
<lastmod>2023-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tourret/</loc>
<lastmod>2023-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/propositional_logic_class/</loc>
<lastmod>2023-01-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Suppes_Theorem.html</loc>
<lastmod>2023-01-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HoareForDivergence.html</loc>
<lastmod>2023-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive/</loc>
<lastmod>2023-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/myreen/</loc>
<lastmod>2023-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pohjola/</loc>
<lastmod>2023-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tanaka/</loc>
<lastmod>2023-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bordg/</loc>
<lastmod>2023-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mateo/</loc>
<lastmod>2023-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/StrictOmegaCategories.html</loc>
<lastmod>2023-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/from/</loc>
<lastmod>2023-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Synthetic_Completeness.html</loc>
<lastmod>2023-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/balbach/</loc>
<lastmod>2023-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cook_Levin.html</loc>
<lastmod>2023-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binary_Code_Imprimitive.html</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/combinatorics_words/</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/combinatorics_words_graph_lemma/</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/holub/</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Two_Generated_Word_Monoids_Intersection.html</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raska/</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/starosta/</loc>
<lastmod>2023-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quantifier_Elimination_Hybrid.html</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/algebraic_numbers/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Propositional_Logic_Class.html</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cordwell/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datatype_order_generator/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/descartes_sign_rule/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/platzer/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_interpolation/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/virtual_substitution/</loc>
<lastmod>2022-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Birkhoff_Finite_Distributive_Lattices.html</loc>
<lastmod>2022-12-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolos_Curious_Inference_Automated.html</loc>
<lastmod>2022-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/benzmueller/</loc>
<lastmod>2022-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fuenmayor/</loc>
<lastmod>2022-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/steen/</loc>
<lastmod>2022-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sutcliffe/</loc>
<lastmod>2022-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multitape_To_Singletape_TM.html</loc>
<lastmod>2022-11-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AOT.html</loc>
<lastmod>2022-11-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kirchner/</loc>
<lastmod>2022-11-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CHERI-C_Memory_Model.html</loc>
<lastmod>2022-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/containers/</loc>
<lastmod>2022-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/park/</loc>
<lastmod>2022-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_algebra/</loc>
<lastmod>2022-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/word_lib/</loc>
<lastmod>2022-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keskin/</loc>
<lastmod>2022-11-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sauer_Shelah_Lemma.html</loc>
<lastmod>2022-11-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/baksys/</loc>
<lastmod>2022-11-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jacobson_basic_algebra/</loc>
<lastmod>2022-11-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kneser_Cauchy_Davenport.html</loc>
<lastmod>2022-11-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pluennecke_ruzsa_inequality/</loc>
<lastmod>2022-11-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/girth_chromatic/</loc>
<lastmod>2022-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lauermann/</loc>
<lastmod>2022-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_graph_subgraph_threshold/</loc>
<lastmod>2022-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Turans_Graph_Theorem.html</loc>
<lastmod>2022-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_number_partitions/</loc>
<lastmod>2022-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorial_Enumeration_Algorithms.html</loc>
<lastmod>2022-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/falling_factorial_sum/</loc>
<lastmod>2022-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hofmeier/</loc>
<lastmod>2022-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Balog_Szemeredi_Gowers.html</loc>
<lastmod>2022-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/delemazure/</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/demeulemeester/</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/israel/</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lederer/</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/randomised_social_choice/</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAPP_Impossibility.html</loc>
<lastmod>2022-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stoeckl/</loc>
<lastmod>2022-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Query_Optimization.html</loc>
<lastmod>2022-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Maximum_Segment_Sum.html</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Undirected_Graph_Theory.html</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/collections/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deriving/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_Range_RC.html</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raszyk/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traytel/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/epistemic_logic/</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guzman/</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stalnaker_Logic.html</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/crighton/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/localization_ring/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Padic_Field.html</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/padic_ints/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Risk_Free_Lending.html</loc>
<lastmod>2022-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Implicational_Logic.html</loc>
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/villadsen/</loc>
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRYSTALS-Kyber.html</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/number_theoretic_transform/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Logic_Unbounded.html</loc>
<lastmod>2022-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bernoulli/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Khovanskii_Theorem.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sulejmani/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hales_Jewett.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ammer/</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Number_Theoretic_Transform.html</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SCC_Bloemen_Sequential.html</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/merz/</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/trelat/</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bortin/</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Involutions2Squares.html</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/native_word/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/sachtleben/</loc>
- <lastmod>2022-08-09T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/FSM_Tests.html</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brucker/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nano_JSON.html</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finite-map-extras/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Solidity.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/marmsoler/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/projective_measurements/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Commuting_Hermitian.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Arithmetic_Geometric_Mean.html</loc>
<lastmod>2022-07-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler_Reuse.html</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noce/</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nipkow/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Time_Deque.html</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/toth/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolos_Curious_Inference.html</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ketland/</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_series/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Fields.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaNet.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klenze/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sprenger/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bayer/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/david/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/digit_expansions/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPRM_Theorem.html</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lucas_theorem/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matiyasevich/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pal/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schleicher/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stock/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochmann/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewrite_Properties_Reduction.html</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular_tree_relations/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinable_Wands.html</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/package_logic/</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pluennecke_Ruzsa_Inequality.html</loc>
<lastmod>2022-05-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Package_logic.html</loc>
<lastmod>2022-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clique_and_Monotone_Circuits.html</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sunflowers/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishers_Inequality.html</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/groebner_bases/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_factorization/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Digit_Expansions.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmidinger/</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multiset_Ordering_NPC.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sophomores_Dream.html</loc>
<lastmod>2022-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prefix_Free_Code_Combinators.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bertrands_postulate/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/equivalence_relation_enumeration/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Frequency_Moments.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/interpolation_polynomials_hol_algebra/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lp/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_method/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prefix_free_code_combinators/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/universal_hash_families/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dedekind_Real.html</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleuriot/</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ackermanns_not_PR.html</loc>
<lastmod>2022-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc3.html</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_completeness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_soundness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cotangent_PFD_Formula.html</loc>
<lastmod>2022-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gunther/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pagano/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/steinberg/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/terraf/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Independence_CH.html</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive_models/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/delta_system_lemma/</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive_Models.html</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ResiduatedTransitionSystem.html</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stark/</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finite_fields/</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Hash_Families.html</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Wetzels_Problem.html</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zfc_in_hol/</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Eval_FO.html</loc>
<lastmod>2022-02-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VYDRA_MDL.html</loc>
<lastmod>2022-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_equiv_relations/</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Equivalence_Relation_Enumeration.html</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LP_Duality.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/hirata/</loc>
- <lastmod>2022-02-03T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/linear_inequalities/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/minamide/</loc>
- <lastmod>2022-02-03T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Quasi_Borel_Spaces.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sato/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/felgenhauer/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FO_Theory_Rewriting.html</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol-fitting/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc2.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol_seq_calc1/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jacobsen/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Youngs_Inequality.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpolation_Polynomials_HOL_Algebra.html</loc>
<lastmod>2022-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Method.html</loc>
<lastmod>2022-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Actuarial_Mathematics.html</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ito/</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationals_From_THEBOOK.html</loc>
<lastmod>2022-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knights_Tour.html</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koller/</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hyperdual.html</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smola/</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gale_Shapley.html</loc>
<lastmod>2021-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ergodic_theory/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roth_Arithmetic_Progressions.html</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szemeredi_regularity/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/abdulaziz/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss_jordan/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Rewards.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mdp-rewards/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schaeffeler/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Algorithms.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/knuth_bendix_order/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Tree_Relations.html</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagel/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagelt/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aransay/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/campo/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/michaelis/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_imperative_hol/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/robdd/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplicial_complexes_and_boolean_functions.html</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/automatic_refinement/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lammich/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_Emde_Boas_Trees.html</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Foundation_of_geometry.html</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/iwama/</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cousin/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guiol/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hahn_Jordan_Decomposition.html</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAL.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SimplifiedOntologicalArgument.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factor_Algebraic_Polynomial.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite_lindemann/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomials/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Power.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiche/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szemeredi_Regularity.html</loc>
<lastmod>2021-11-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_bounded_operators/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Registers.html</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/unruh/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Belief_Revision.html</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boulanger/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fouillard/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sabouret/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taha/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bharadwaj/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bockenek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ravindran/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/roessle/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/verbeek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weerwag/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/X86_Semantics.html</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Correctness_Algebras.html</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monobooltranalgebra/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_kleene_relation_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subset_boolean_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitsch/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scharager/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Virtual_Substitution.html</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Axiomatic.html</loc>
<lastmod>2021-09-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/banach_steinhaus/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caballero/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Bounded_Operators.html</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/real_impl/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Path_Order.html</loc>
<lastmod>2021-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Foundations.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Elementary_Categories.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Universal_Constructions.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Simplification.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Transfer_Rule.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_simplification/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_transfer_rule/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_elementary_categories/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_foundations/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_To_Sets_Extension.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Intro_Dest_Elim.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/intro_dest_elim/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/milehins/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dominance_CHK.html</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiang/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinja/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_geometry/</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cubic_Quartic_Equations.html</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Logging_Independent_Anonymity.html</loc>
<lastmod>2021-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/budan_fourier/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/li/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Three_Circles.html</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thomson/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauereiss/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bd_security_compositional/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bounded_deducibility_security/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoCon.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BD_Security_Compositional.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMed.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMeDis.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fresh_Identifiers.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Design_Theory.html</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nested_multisets_ordinals/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Forests.html</loc>
<lastmod>2021-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/palmer/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmoetten/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Schutz_Spacetime.html</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finitely_Generated_Abelian_Groups.html</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thommes/</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bulwahn/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SpecCheck.html</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/willenbrink/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_der_Waerden.html</loc>
<lastmod>2021-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniSail.html</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nominal2/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/show/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wassell/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Public_Announcement_Logic.html</loc>
<lastmod>2021-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler.html</loc>
<lastmod>2021-06-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Graph_Lemma.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Lyndon.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szpilrajn/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinjadci/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mansky/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regression_Test_Selection.html</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Metalogic_ProofChecker.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kadzioka/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_the_Exponent.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rosskopf/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_tarski/</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BenOr_Kozen_Reif.html</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GaleStewart_Games.html</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/joosten/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/parity_game/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brun/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/decova/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Progress_Tracking.html</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lattuada/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IFC_Tracking.html</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nordhoff/</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Grothendieck_Schemes.html</loc>
<lastmod>2021-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Padic_Ints.html</loc>
<lastmod>2021-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography_CM.html</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructive_cryptography/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/game_based_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochbihler/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sefidgar/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sigma_commit_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bottesch/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/divason/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/smith_normal_form/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/isabelle_marries_dirac/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pi_transcendental/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/power_sum_polynomials/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/qhlprover/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Measurements.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite_Lindemann.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blumson/</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mereology.html</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sunflowers.html</loc>
<lastmod>2021-02-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BTree.html</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/muendler/</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_Puiseux_Series.html</loc>
<lastmod>2021-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laws_of_Large_Numbers.html</loc>
<lastmod>2021-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coghetto/</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaGeoCoq.html</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Blue_Eyes.html</loc>
<lastmod>2021-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hood_Melville_Queue.html</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/londono/</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaDCI.html</loc>
<lastmod>2021-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Delta_System_Lemma.html</loc>
<lastmod>2020-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topological_Semantics.html</loc>
<lastmod>2020-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brien/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Minimum_Spanning_Trees.html</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relational_disjoint_set_forests/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpreter_Optimizations.html</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vericomp/</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Method.html</loc>
<lastmod>2020-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/he/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Marries_Dirac.html</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lachnitt/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix_tensor/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vectorspace/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hol-csp/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CSP_RefTK.html</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wolff/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ye/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AI_Planning_Languages_Semantics.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ai_planning_languages_semantics/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/certification_monads/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kurz/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/propositional_proof_systems/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified_SAT_Based_AI_Planning.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Physical_Quantities.html</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosters/</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diaz/</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite-Map-Extras.html</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SC_DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/herzberg/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_Incompleteness.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semantic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semanticless.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/goedel_incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robinson_Arithmetic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Syntax_Independent_Logic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/syntax_independent_logic/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machines.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/derrick/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/extended_finite_state_machines/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finfun/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/foster/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machine_Inference.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taylor/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleury/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaufmann/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAC_Checker.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Inference.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/aggregation_algebras/</loc>
<lastmod>2020-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Disjoint_Set_Forests.html</loc>
<lastmod>2020-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework_Extensions.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gammie/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/holcf-prelude/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BirdKMP.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/well_quasi_orders/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amicable_Numbers.html</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pratt_certificate/</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nash_williams/</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal_Partitions.html</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chandy_Lamport.html</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fiedler/</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoefner/</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Paths.html</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_Distance.html</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/immler/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizaldi/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_sequences/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smith_Normal_Form.html</loc>
<lastmod>2020-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nash_Williams.html</loc>
<lastmod>2020-05-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Bendix_Order.html</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix/</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrational_Series_Erdos_Straus.html</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_distribution_elementary/</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dunaev/</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Addition.html</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Normal_Form.html</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_master_theorem/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sickert/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Forcing.html</loc>
<lastmod>2020-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Banach_Steinhaus.html</loc>
<lastmod>2020-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Attack_Trees.html</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kammueller/</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gaussian_Integers.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Power_Sum_Polynomials.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/symmetric_polynomials/</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambert_W.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hybrid_systems_vcs/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrices_for_ODEs.html</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/munive/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ADS_Functor.html</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maric/</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sliding_Window_Algorithm.html</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heimes/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schneider/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFODL_Monitor_Optimized.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/generic_join/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ieee_floating_point/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lambda_free_rpos/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfotl_monitor/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automated_Stateful_Protocol_Verification.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hess/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moedersheim/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schlichtkrull/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stateful_Protocol_Composition_and_Typing.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stateful_protocol_composition_and_typing/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lucas_Theorem.html</loc>
<lastmod>2020-04-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gonzalez/</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WOOT_Strong_Eventual_Consistency.html</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Furstenberg_Topology.html</loc>
<lastmod>2020-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational-Incorrectness-Logic.html</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murray/</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diekmann/</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hello_World.html</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goodstein_Lambda.html</loc>
<lastmod>2020-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VeriComp.html</loc>
<lastmod>2020-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Arith_Prog_Rel_Primes.html</loc>
<lastmod>2020-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subset_Boolean_Algebras.html</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moeller/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_algebras/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mersenne_Primes.html</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pell/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_prime_tests/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/essmann/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/robillard/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Approximation_Algorithms.html</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/akra_bazzi/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Closest_Pair_Points.html</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/root_balanced_tree/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeck/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_normalisation/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skip_Lists.html</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bicategory.html</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monoidalcategory/</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/e_transcendental/</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_number_theorem/</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_3_Irrational.html</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Logic.html</loc>
<lastmod>2019-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinary_differential_equations/</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Bendixson.html</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boutry/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Geometry.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maricf/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Disc.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/simic/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Sums.html</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generalized_Counting_Sort.html</loc>
<lastmod>2019-12-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bohrer/</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interval_Arithmetic_Word32.html</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ZFC_in_HOL.html</loc>
<lastmod>2019-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_C.html</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuong/</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2019.html</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wimmer/</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aristotles_Assertoric_Syllogistic.html</loc>
<lastmod>2019-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/butler/</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sigma_Commit_Crypto.html</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clean.html</loc>
<lastmod>2019-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Join.html</loc>
<lastmod>2019-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kat_and_dra/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transformer_semantics/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Systems_VCs.html</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fourier.html</loc>
<lastmod>2019-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jacobson_Basic_Algebra.html</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ballarin/</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Adaptive_State_Counting.html</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transition_systems_and_automata/</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laplace_Transform.html</loc>
<lastmod>2019-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/buyse/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/C2KA_DistributedSystems.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/farkas/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskolka/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaliszyk/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Programming.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parsert/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMO2019.html</loc>
<lastmod>2019-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/losa/</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stellar_Quorums.html</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TESL_Language.html</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/van/</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szpilrajn.html</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zeller/</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc1.html</loc>
<lastmod>2019-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML_Codegen.html</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cakeml/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructor_funs/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dict_construction/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/higher_order_terms/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/huffman/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pairing_heap/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFOTL_Monitor.html</loc>
<lastmod>2019-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complete_Non_Orders.html</loc>
<lastmod>2019-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Search_Trees.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/priority_search_trees/</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prim_Dijkstra_Simple.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Inequalities.html</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reynaud/</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nullstellensatz.html</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maletzky/</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Macaulay.html</loc>
<lastmod>2019-06-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2_Binary_Heap.html</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/griebel/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/imp2/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Game_Logic.html</loc>
<lastmod>2019-06-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_of_medians_selection/</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KD_Tree.html</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaAuth.html</loc>
<lastmod>2019-05-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aspinall/</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multi_Party_Computation.html</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOL-CSP.html</loc>
<lastmod>2019-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Master_Theorem.html</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidl/</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binding_Syntax_Theory.html</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gheri/</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transcendence_Series_Hancl_Rucki.html</loc>
<lastmod>2019-03-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deep_learning/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liu/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liut/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liy/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QHLProver.html</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wang/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ying/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yingm/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhan/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhann/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nikiforov/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_OCL.html</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Distribution_Elementary.html</loc>
<lastmod>2019-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/biendarra/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeckm/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kruskal.html</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matroids/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_monadic/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Prime_Tests.html</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stuewe/</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/regensburger/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Turing_Machine.html</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/urban/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/xu/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhangx/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UTP.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemouchi/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/optics/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ribeiro/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Inversions.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zeyda/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Farkas.html</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simplex/</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Higher_Order_Terms.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Store_Buffer_Reduction.html</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cohen/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schirmer/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_DOM.html</loc>
<lastmod>2018-12-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Concurrent_Revisions.html</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/overbeek/</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/auto2_hol/</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_Imperative_HOL.html</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography.html</loc>
<lastmod>2018-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/order_lattice_props/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Order_Lattice_Props.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quantales.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transformer_Semantics.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional_Ordered_Resolution_Prover.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Saturation.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/open_induction/</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_HOL.html</loc>
<lastmod>2018-11-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keinholz/</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matroids.html</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Deriving.html</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raedle/</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GewirthPGCProof.html</loc>
<lastmod>2018-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Epistemic_Logic.html</loc>
<lastmod>2018-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smooth_Manifolds.html</loc>
<lastmod>2018-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bentkamp/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_EPO.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_bsts/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_BSTs.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factored_Transition_System_Bounding.html</loc>
<lastmod>2018-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Transcendental.html</loc>
<lastmod>2018-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Symmetric_Polynomials.html</loc>
<lastmod>2018-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Signature_Groebner.html</loc>
<lastmod>2018-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Number_Theorem.html</loc>
<lastmod>2018-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aggregation_Algebras.html</loc>
<lastmod>2018-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Octonions.html</loc>
<lastmod>2018-09-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quaternions.html</loc>
<lastmod>2018-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Budan_Fourier.html</loc>
<lastmod>2018-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplex.html</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spasic/</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract-rewriting/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minsky_Machines.html</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/recursion-theory-i/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiscretePricing.html</loc>
<lastmod>2018-07-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_welfare_theorem/</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Neumann_Morgenstern_Utility.html</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pell.html</loc>
<lastmod>2018-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Geometry.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Localization_Ring.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brunner/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Order_Reduction.html</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stuttering_equivalence/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_memo_dp/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optimal_BST.html</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somogyi/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hidden_Markov_Models.html</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/markov_models/</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoelzl/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Timed_Automata.html</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/timed_automata/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AxiomaticCategoryTheory.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationality_J_Hancl.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scott/</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Memo_DP.html</loc>
<lastmod>2018-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beresford/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gomes/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kleppmann/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mulligan/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/OpSets.html</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_Assembly_Kit_Security.html</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bracevac/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gay/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grewe/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mantel/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudbrock/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tasch/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/watt/</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WebAssembly.html</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2018.html</loc>
<lastmod>2018-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_CC.html</loc>
<lastmod>2018-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brandt/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/saile/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stricker/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishburn_Impossibility.html</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dirix/</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weight_Balanced_Trees.html</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML.html</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhang/</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Architectural_Design_Patterns.html</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dynamicarchitectures/</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hoare_Time.html</loc>
<lastmod>2018-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Factorization.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/comparison_sort_lower_bound/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Order_Terms.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/landau_symbols/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Error_Function.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Treaps.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Basis_Reduction.html</loc>
<lastmod>2018-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordered_Resolution_Prover.html</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/waldmann/</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gouezel/</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gromov_Hyperbolicity.html</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Green.html</loc>
<lastmod>2018-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/affine_arithmetic/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Taylor_Models.html</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traut/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Falling_Factorial_Sum.html</loc>
<lastmod>2017-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_L.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finitely_generated_abelian_groups/</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mason_Stothers.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Of_Medians_Selection.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_Operations.html</loc>
<lastmod>2017-12-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hellauer/</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Morris_Pratt.html</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stochastic_Matrices.html</loc>
<lastmod>2017-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crdt/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jungnickel/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/loibl/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oldenburg/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMAP-CRDT.html</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/linker/</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gioiosa/</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kuratowski_Closure_Complement.html</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buchi_Complementation.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dfs_framework/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gabow_scc/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transition_Systems_and_Automata.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Count_Complex_Roots.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Winding_Number_Eval.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/winding_number_eval/</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Diophantine_Eqns_Lin_Hom.html</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/messner/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepf/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/count_complex_roots/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_Series.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/euler_maclaurin/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Recurrences.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_Function.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lowe_Ontological_Argument.html</loc>
<lastmod>2017-09-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PLM.html</loc>
<lastmod>2017-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AnselmGod.html</loc>
<lastmod>2017-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Welfare_Theorem.html</loc>
<lastmod>2017-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/amortized_complexity/</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Orbit_Stabiliser.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Root_Balanced_Tree.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matache/</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaMu.html</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stewart_Apollonius.html</loc>
<lastmod>2017-07-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DynamicArchitectures.html</loc>
<lastmod>2017-07-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decl_Sem_Fun_PL.html</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/siek/</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/breitner/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOLCF-Prelude.html</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/huffman/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitchell/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minkowskis_Theorem.html</loc>
<lastmod>2017-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rawson/</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Name_Carrying_Type_Inference.html</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRDT.html</loc>
<lastmod>2017-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Kleene_Relation_Algebras.html</loc>
<lastmod>2017-07-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Propositional_Proof_Systems.html</loc>
<lastmod>2017-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dongol/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hayes/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PSemigroupsConvolution.html</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buffons_Needle.html</loc>
<lastmod>2017-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_automata/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flow_Networks.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/flow_networks/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prpu_Maxflow.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/program-conflict-analysis/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/laursen/</loc>
<lastmod>2017-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optics.html</loc>
<lastmod>2017-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Security_Protocol_Refinement.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dict_Construction.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy_case/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somaini/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Floyd_Warshall.html</loc>
<lastmod>2017-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/applicative_lifting/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bhatt/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptHOL.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monomorphic_Monad.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Game_Based_Crypto.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfmc_countable/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Normalisation.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monomorphic_monad/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_While.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/category3/</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoidalCategory.html</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_Tableaus_and_Goedels_God.html</loc>
<lastmod>2017-05-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LocalLexing.html</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/obua/</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructor_Funs.html</loc>
<lastmod>2017-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy_Case.html</loc>
<lastmod>2017-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subresultants.html</loc>
<lastmod>2017-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_BSTs.html</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quick_sort_cost/</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Comparison_Sort_Lower_Bound.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular-sets/</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quick_Sort_Cost.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_MacLaurin.html</loc>
<lastmod>2017-03-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/berghofer/</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Elliptic_Curves_Group_Law.html</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dittmann/</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Menger.html</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Dynamic_Logic.html</loc>
<lastmod>2017-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Soundness.html</loc>
<lastmod>2017-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Relation_Algebras.html</loc>
<lastmod>2017-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lallemand/</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Key_Agreement_Strong_Adversaries.html</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bernoulli.html</loc>
<lastmod>2017-01-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bertrands_Postulate.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/formal_ssa/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lohner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minimal_SSA.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wagner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/E_Transcendental.html</loc>
<lastmod>2017-01-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bruegger/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF_Firewall.html</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/upf/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Password_Authentication_Protocol.html</loc>
<lastmod>2017-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Harrison.html</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jensen/</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Concurrent_Ref_Alg.html</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fell/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/velykis/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bell_numbers_spivey/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_multisets/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Twelvefold_Way.html</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagashima/</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Proof_Strategy_Language.html</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Paraconsistency.html</loc>
<lastmod>2016-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/amani/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/andronick/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complx.html</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lewis/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizkallah/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuongj/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abs_Int_ITP2012.html</loc>
<lastmod>2016-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/clouston/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gore/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hou/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sanan/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separata.html</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tiu/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/becker/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_KBOs.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nested_Multisets_Ordinals.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinal/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wand/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deep_Learning.html</loc>
<lastmod>2016-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/borgstroem/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eriksson/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gutkovas/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modal_Logics_for_NTS.html</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parrow/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weber/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stable_Matching.html</loc>
<lastmod>2016-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/iptables_semantics/</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LOFT.html</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SPARCv8.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hibon/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liuy/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Source_Coding_Theorem.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/efficient-mergesort/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subresultants/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Berlekamp_Zassenhaus.html</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chord_Segments.html</loc>
<lastmod>2016-10-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lp.html</loc>
<lastmod>2016-10-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fisher_Yates.html</loc>
<lastmod>2016-09-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Allen_Calculus.html</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ghourabi/</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_RPOs.html</loc>
<lastmod>2016-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Iptables_Semantics.html</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/routing/</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SuperCalc.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peltier/</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Algebras.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stirling_Formula.html</loc>
<lastmod>2016-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Routing.html</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simple_firewall/</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ip_addresses/</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simple_Firewall.html</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aissat/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InfPathElimination.html</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/voisin/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/EdmondsKarp_Maxflow.html</loc>
<lastmod>2016-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dijkstra_shortest_path/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_logic_imperative_hol/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Imperative_HOL.html</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ptolemys_Theorem.html</loc>
<lastmod>2016-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Surprise_Paradox.html</loc>
<lastmod>2016-07-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brinkop/</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pairing_Heap.html</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DFS_Framework.html</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/neumann/</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buildings.html</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sylvestre/</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagele/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oostrom/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Resolution_FOL.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewriting_Z.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Refinement.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dependent_sifum_type_systems/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IP_Addresses.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pierzchalski/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sison/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Multisets.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category3.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Type_Systems.html</loc>
<lastmod>2016-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Catalan_Numbers.html</loc>
<lastmod>2016-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_VCs.html</loc>
<lastmod>2016-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Concurrent_Composition.html</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_sequential_composition/</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beeren/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fernandez/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Word_Lib.html</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gao/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klein/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kolanski/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lim/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matichuk/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sewell/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree_Decomposition.html</loc>
<lastmod>2016-05-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ausaf/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Equiv_Relations.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dyckhoff/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Posix-Lexing.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncar/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perron_Frobenius.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/rank_nullity_theorem/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incredible_Proof_Machine.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FLP.html</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/bisping/</loc>
- <lastmod>2016-05-18T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/brodmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nestmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peters/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rickmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidler/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stueber/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weidner/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFMC_Countable.html</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/edmondskarp_maxflow/</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_Social_Choice.html</loc>
<lastmod>2016-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bell_Numbers_Spivey.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SDS_Impossibility.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Bases.html</loc>
<lastmod>2016-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/No_FTL_observers.html</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CYK.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ROBDD.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Sequential_Composition.html</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_ipurge_unwinding/</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAD.html</loc>
<lastmod>2016-04-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PropResPI.html</loc>
<lastmod>2016-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cartan_FP.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Timed_Automata.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/boolean_expression_checkers/</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL.html</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Update.html</loc>
<lastmod>2016-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/slicing/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ullrich/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_SSA.html</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_function_mr/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Factorization.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Interpolation.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sqrt_babylonian/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knot_Theory.html</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/prathamesh/</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix_Tensor.html</loc>
<lastmod>2016-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Number_Partitions.html</loc>
<lastmod>2016-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Triangle.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Descartes_Sign_Rule.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Liouville_Numbers.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Harmonic_Series.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_Numbers.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Applicative_Lifting.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stern_Brocot.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Partitions.html</loc>
<lastmod>2015-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Latin_Square.html</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/marriage/</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ergodic_Theory.html</loc>
<lastmod>2015-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_Partition.html</loc>
<lastmod>2015-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TortoiseHare.html</loc>
<lastmod>2015-11-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/case_labeling/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noschinski/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Planarity_Certificates.html</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simpl/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive-closure/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Parity_Game.html</loc>
<lastmod>2015-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Meta_Model.html</loc>
<lastmod>2015-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_DRA.html</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kbps/</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Normal_Form.html</loc>
<lastmod>2015-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams-II.html</loc>
<lastmod>2015-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Inductive_Unwinding.html</loc>
<lastmod>2015-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rep_Fin_Groups.html</loc>
<lastmod>2015-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Encodability_Process_Calculi.html</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/glabbeek/</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Case_Labeling.html</loc>
<lastmod>2015-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Landau_Symbols.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Akra_Bazzi.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/echelon_form/</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite.html</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Derangements.html</loc>
<lastmod>2015-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multirelations.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/furusawa/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list_interleaving/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_csp/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Interleaving.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Generic_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Ipurge_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dynamic_Tables.html</loc>
<lastmod>2015-06-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive_languages/</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formula_Derivatives.html</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_System_Zoo.html</loc>
<lastmod>2015-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caminati/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kerber/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lange/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rowat/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Vickrey_Clarke_Groves.html</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Residuated_Lattices.html</loc>
<lastmod>2015-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentIMP.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/concurrentimp/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/engelhardt/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hosking/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentGC.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Trie.html</loc>
<lastmod>2015-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Consensus_Refined.html</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/heard_of/</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deriving.html</loc>
<lastmod>2015-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/launchbury/</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Call_Arity.html</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cayley_hamilton/</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Echelon_Form.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QR_Decomposition.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Automata_HF.html</loc>
<lastmod>2015-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UpDown_Scheme.html</loc>
<lastmod>2015-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF.html</loc>
<lastmod>2014-11-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/awn/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bourke/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AODV.html</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_Definition_Option.html</loc>
<lastmod>2014-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maximova/</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream_Fusion_Code.html</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Density_Compiler.html</loc>
<lastmod>2014-10-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RefinementReactive.html</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/preoteasa/</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Certification_Monads.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/XML.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Imperative_Insertion_Sort.html</loc>
<lastmod>2014-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Tarski.html</loc>
<lastmod>2014-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/adelsberger/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hetzl/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pollak/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cayley_Hamilton.html</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raumer/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/secondary_sylow/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Hoelder.html</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Queue_Braun.html</loc>
<lastmod>2014-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Jordan.html</loc>
<lastmod>2014-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lee/</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Special_Function_Bounds.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VectorSpace.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skew_Heap.html</loc>
<lastmod>2014-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Splay_Tree.html</loc>
<lastmod>2014-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Show.html</loc>
<lastmod>2014-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blasum/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/feliachi/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CISC-Kernel.html</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/havle/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/langenstein/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmaltz/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stephan/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tverdyshev/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cock/</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/pGCL.html</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amortized_Complexity.html</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/skew_heap/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/splay_tree/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Network_Security_Policy_Verification.html</loc>
<lastmod>2014-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coglio/</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pop_Refinement.html</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MSO_Regex_Equivalence.html</loc>
<lastmod>2014-06-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolean_Expression_Checkers.html</loc>
<lastmod>2014-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_LTL_Modelchecker.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_GBA.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/esparza/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_to_gba/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_order_reduction/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/promela/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Promela.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schimpf/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smaus/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_Automata.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gabow_SCC.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_CSP.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roy_Floyd_Warshall.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wenzel/</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Algebras.html</loc>
<lastmod>2014-05-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ComponentDependencies.html</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spichkova/</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFUM_Type_Systems.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WHATandWHERE_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Strong_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lux/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sauer/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepe/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/strong_security/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bounded_Deducibility_Security.html</loc>
<lastmod>2014-04-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HyperCTL.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Completeness.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rabe/</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Discrete_Summation.html</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haftmann/</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GPU_Kernel_PL.html</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wickerson/</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Noninterference.html</loc>
<lastmod>2014-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AWN.html</loc>
<lastmod>2014-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Function_MR.html</loc>
<lastmod>2014-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_Graph_Subgraph_Threshold.html</loc>
<lastmod>2014-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/petrovic/</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Selection_Heap_Sort.html</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Affine_Arithmetic.html</loc>
<lastmod>2014-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Impl.html</loc>
<lastmod>2014-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regex_Equivalence.html</loc>
<lastmod>2014-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Secondary_Sylow.html</loc>
<lastmod>2014-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/armstrong/</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relation_Algebra.html</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAT_and_DRA.html</loc>
<lastmod>2014-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Featherweight_OCL.html</loc>
<lastmod>2014-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptoBasedCompositionalProperties.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Sequences.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tail_Recursive_Functions.html</loc>
<lastmod>2013-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incompleteness.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HereditarilyFinite.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive_Languages.html</loc>
<lastmod>2013-11-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FocusStreamsCaseStudies.html</loc>
<lastmod>2013-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GoedelGod.html</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paleo/</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams.html</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zankl/</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automatic_Refinement.html</loc>
<lastmod>2013-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Native_Word.html</loc>
<lastmod>2013-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IEEE_Floating_Point.html</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yu/</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lehmer/</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lehmer.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pratt_Certificate.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Koenigsberg_Friendship.html</loc>
<lastmod>2013-07-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sort_Encodings.html</loc>
<lastmod>2013-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ShortestPath.html</loc>
<lastmod>2013-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Theory.html</loc>
<lastmod>2013-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finger-trees/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Containers.html</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/trie/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nominal2.html</loc>
<lastmod>2013-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Launchbury.html</loc>
<lastmod>2013-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ribbon_Proofs.html</loc>
<lastmod>2013-01-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rank_Nullity_Theorem.html</loc>
<lastmod>2013-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kleene_Algebra.html</loc>
<lastmod>2013-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cauchy/</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sqrt_Babylonian.html</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Logic_Imperative_HOL.html</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/meis/</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ogawa/</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Open_Induction.html</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/makarios/</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tarskis_Geometry.html</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/avigad/</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bondy.html</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Possibilistic_Noninterference.html</loc>
<lastmod>2012-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Datatype_Order_Generator.html</loc>
<lastmod>2012-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Impossible_Geometry.html</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/romanos/</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/debrat/</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Heard_Of.html</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PCF.html</loc>
<lastmod>2012-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tycon.html</loc>
<lastmod>2012-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bengtson/</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CCS.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Psi_Calculi.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Calculus.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gaudel/</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Circus.html</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boyton/</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Algebra.html</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stuttering_Equivalence.html</loc>
<lastmod>2012-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bella/</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Confidentiality.html</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinary_Differential_Equations.html</loc>
<lastmod>2012-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Well_Quasi_Orders.html</loc>
<lastmod>2012-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abortable_Linearizable_Modules.html</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guerraoui/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncak/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure-II.html</loc>
<lastmod>2012-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Girth_Chromatic.html</loc>
<lastmod>2012-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dijkstra_Shortest_Path.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Monadic.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss-jordan-elim-fun/</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Markov_Models.html</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TLA.html</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grov/</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Efficient-Mergesort.html</loc>
<lastmod>2011-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoBoolTranAlgebra.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/georgescu/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LatticeProperties.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/latticeproperties/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/leustean/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PseudoHoops.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Myhill-Nerode.html</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wu/</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss-Jordan-Elim-Fun.html</loc>
<lastmod>2011-08-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Max-Card-Matching.html</loc>
<lastmod>2011-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KBPs.html</loc>
<lastmod>2011-05-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/General-Triangle.html</loc>
<lastmod>2011-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure.html</loc>
<lastmod>2011-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AutoFocus-Stream.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Infinite.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nat-Interval-Logic.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nat-interval-logic/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/trachtenherz/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LightweightJava.html</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parkinson/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/strnisa/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RIPEMD-160-SPARK.html</loc>
<lastmod>2011-01-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grechuk/</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lower_Semicontinuous.html</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Marriage.html</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiangd/</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shivers-CFA.html</loc>
<lastmod>2010-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Heaps.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finger-Trees.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Queues.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koerner/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nielsen/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/doczkal/</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lam-ml-Normalization.html</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomials.html</loc>
<lastmod>2010-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Statecharts.html</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/helke/</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Groups.html</loc>
<lastmod>2010-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category2.html</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/katovsky/</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix.html</loc>
<lastmod>2010-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Rewriting.html</loc>
<lastmod>2010-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/back/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datarefinementibp/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DataRefinementIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GraphMarkingIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robbins-Conjecture.html</loc>
<lastmod>2010-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/krauss/</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular-Sets.html</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/henrio/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Locally-Nameless-Sigma.html</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lutz/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudhof/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Boolean-Algebra.html</loc>
<lastmod>2010-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hrb-slicing/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing_Inter.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wasserrab/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Index.html</loc>
<lastmod>2010-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive.html</loc>
<lastmod>2010-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPT-SAT-Solver.html</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heller/</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Presburger-Automata.html</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiter/</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/binomial-heaps/</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Collections.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree-Automata.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ijbema/</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perfect-Number-Thm.html</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HRB-Slicing.html</loc>
<lastmod>2009-11-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WorkerWrapper.html</loc>
<lastmod>2009-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinals_and_Cardinals.html</loc>
<lastmod>2009-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chapman/</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SequentInvertibility.html</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CofGroups.html</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kastermans/</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FinFun.html</loc>
<lastmod>2009-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream-Fusion.html</loc>
<lastmod>2009-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BytecodeLogicJmlTypes.html</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beringer/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hofmann/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFPL.html</loc>
<lastmod>2008-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SenSocialChoice.html</loc>
<lastmod>2008-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithTilings.html</loc>
<lastmod>2008-11-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Huffman.html</loc>
<lastmod>2008-10-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Slicing.html</loc>
<lastmod>2008-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VolpanoSmith.html</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/snelting/</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ArrowImpossibilityGS.html</loc>
<lastmod>2008-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithFunctions.html</loc>
<lastmod>2008-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SATSolverVerification.html</loc>
<lastmod>2008-07-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nedzelsky/</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Theory-I.html</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simpl.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BDD.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ortner/</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aehlig/</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/NormByEval.html</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LinearQuantifierElim.html</loc>
<lastmod>2008-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Program-Conflict-Analysis.html</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/olm/</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaThreads.html</loc>
<lastmod>2007-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boehme/</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MuchAdoAboutTwo.html</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fermat3_4.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oosterhuis/</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SumSquares.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Valuation.html</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/group-ring-module/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kobayashi/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL-Fitting.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/POPLmark-deBruijn.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HotelKeyCards.html</loc>
<lastmod>2006-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Hoare-Logics.html</loc>
<lastmod>2006-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauer/</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flyspeck-Tame.html</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoreC&#43;&#43;.html</loc>
<lastmod>2006-05-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FeatherweightJava.html</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosterj/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/vytiniotis/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/barsotti/</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ClockSynchInst.html</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cauchy.html</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/porter/</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal.html</loc>
<lastmod>2005-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FFT.html</loc>
<lastmod>2005-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GenClock.html</loc>
<lastmod>2005-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskelioff/</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiskPaxos.html</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JiveDataStoreModel.html</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rauch/</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jinja.html</loc>
<lastmod>2005-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lindenberg/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RSAPSS.html</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wirt/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category.html</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keefe/</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FileRefinement.html</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zee/</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Integration.html</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/richter/</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified-Prover.html</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ridge/</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Completeness.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/margetson/</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ramsey-Infinite.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Compiling-Exceptions-Correctly.html</loc>
<lastmod>2004-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Depth-First-Search.html</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nishihara/</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chen/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Group-Ring-Module.html</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murao/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/friedrich/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy-Lists-II.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy-lists-ii/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topology.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BinarySearchTree.html</loc>
<lastmod>2004-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional-Automata.html</loc>
<lastmod>2004-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AVL-Trees.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniML.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/naraschewski/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pusch/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/webapp/</loc>
</url><url>
<loc>/sessions/abortable_linearizable_modules/</loc>
</url><url>
<loc>/about/</loc>
</url><url>
<loc>/sessions/abs_int_itp2012/</loc>
</url><url>
<loc>/sessions/abstract-hoare-logics/</loc>
</url><url>
<loc>/sessions/abstract-rewriting/</loc>
</url><url>
<loc>/sessions/abstract_completeness/</loc>
</url><url>
<loc>/sessions/abstract_soundness/</loc>
</url><url>
<loc>/sessions/aby3_protocols/</loc>
</url><url>
<loc>/sessions/ackermanns_not_pr/</loc>
</url><url>
<loc>/sessions/actuarial_mathematics/</loc>
</url><url>
<loc>/sessions/adaptive_state_counting/</loc>
</url><url>
<loc>/sessions/ads_functor/</loc>
</url><url>
<loc>/sessions/affine_arithmetic/</loc>
</url><url>
<loc>/sessions/aggregation_algebras/</loc>
</url><url>
<loc>/sessions/ai_planning_languages_semantics/</loc>
</url><url>
<loc>/sessions/akra_bazzi/</loc>
</url><url>
<loc>/sessions/algebraic_numbers/</loc>
</url><url>
<loc>/sessions/algebraic_vcs/</loc>
</url><url>
<loc>/sessions/allen_calculus/</loc>
</url><url>
<loc>/sessions/amicable_numbers/</loc>
</url><url>
<loc>/sessions/amortized_complexity/</loc>
</url><url>
<loc>/sessions/anselmgod/</loc>
</url><url>
<loc>/sessions/aodv/</loc>
</url><url>
<loc>/sessions/aot/</loc>
</url><url>
<loc>/sessions/applicative_lifting/</loc>
</url><url>
<loc>/sessions/approximation_algorithms/</loc>
</url><url>
<loc>/sessions/architectural_design_patterns/</loc>
</url><url>
<loc>/sessions/aristotles_assertoric_syllogistic/</loc>
</url><url>
<loc>/sessions/arith_prog_rel_primes/</loc>
</url><url>
<loc>/sessions/arrowimpossibilitygs/</loc>
</url><url>
<loc>/sessions/attack_trees/</loc>
</url><url>
<loc>/sessions/auto2_hol/</loc>
</url><url>
<loc>/sessions/auto2_imperative_hol/</loc>
</url><url>
<loc>/sessions/autofocus-stream/</loc>
</url><url>
<loc>/sessions/automated_stateful_protocol_verification/</loc>
</url><url>
<loc>/sessions/automatic_refinement/</loc>
</url><url>
<loc>/sessions/avl-trees/</loc>
</url><url>
<loc>/sessions/awn/</loc>
</url><url>
<loc>/sessions/axiomaticcategorytheory/</loc>
</url><url>
<loc>/sessions/balog_szemeredi_gowers/</loc>
</url><url>
<loc>/sessions/banach_steinhaus/</loc>
</url><url>
<loc>/sessions/bd_security_compositional/</loc>
</url><url>
<loc>/sessions/bdd/</loc>
</url><url>
<loc>/sessions/belief_revision/</loc>
</url><url>
<loc>/sessions/bell_numbers_spivey/</loc>
</url><url>
<loc>/sessions/benor_kozen_reif/</loc>
</url><url>
<loc>/sessions/berlekamp_zassenhaus/</loc>
</url><url>
<loc>/sessions/bernoulli/</loc>
</url><url>
<loc>/sessions/bertrands_postulate/</loc>
</url><url>
<loc>/sessions/bicategory/</loc>
</url><url>
<loc>/sessions/binary_code_imprimitive/</loc>
</url><url>
<loc>/sessions/binarysearchtree/</loc>
</url><url>
<loc>/sessions/binding_syntax_theory/</loc>
</url><url>
<loc>/sessions/binomial-heaps/</loc>
</url><url>
<loc>/sessions/binomial-queues/</loc>
</url><url>
<loc>/sessions/birdkmp/</loc>
</url><url>
<loc>/sessions/birkhoff_finite_distributive_lattices/</loc>
</url><url>
<loc>/sessions/blue_eyes/</loc>
</url><url>
<loc>/sessions/bnf_cc/</loc>
</url><url>
<loc>/sessions/bnf_operations/</loc>
</url><url>
<loc>/sessions/bondy/</loc>
</url><url>
<loc>/sessions/boolean_expression_checkers/</loc>
</url><url>
<loc>/sessions/boolos_curious_inference/</loc>
</url><url>
<loc>/sessions/boolos_curious_inference_automated/</loc>
</url><url>
<loc>/sessions/bounded_deducibility_security/</loc>
</url><url>
<loc>/sessions/btree/</loc>
</url><url>
<loc>/sessions/buchi_complementation/</loc>
</url><url>
<loc>/sessions/budan_fourier/</loc>
</url><url>
<loc>/sessions/buffons_needle/</loc>
</url><url>
<loc>/sessions/buildings/</loc>
</url><url>
<loc>/sessions/bytecodelogicjmltypes/</loc>
</url><url>
<loc>/sessions/c2ka_distributedsystems/</loc>
</url><url>
<loc>/sessions/cakeml/</loc>
</url><url>
<loc>/sessions/cakeml_codegen/</loc>
</url><url>
<loc>/sessions/call_arity/</loc>
</url><url>
<loc>/sessions/card_equiv_relations/</loc>
</url><url>
<loc>/sessions/card_multisets/</loc>
</url><url>
<loc>/sessions/card_number_partitions/</loc>
</url><url>
<loc>/sessions/card_partitions/</loc>
</url><url>
<loc>/sessions/cartan_fp/</loc>
</url><url>
<loc>/sessions/case_labeling/</loc>
</url><url>
<loc>/sessions/catalan_numbers/</loc>
</url><url>
<loc>/sessions/category/</loc>
</url><url>
<loc>/sessions/category2/</loc>
</url><url>
<loc>/sessions/category3/</loc>
</url><url>
<loc>/sessions/catoids/</loc>
</url><url>
<loc>/sessions/cauchy/</loc>
</url><url>
<loc>/sessions/cava_automata/</loc>
</url><url>
<loc>/sessions/cava_base/</loc>
</url><url>
<loc>/sessions/cava_ltl_modelchecker/</loc>
</url><url>
<loc>/sessions/cava_setup/</loc>
</url><url>
<loc>/sessions/cayley_hamilton/</loc>
</url><url>
<loc>/sessions/ccl/</loc>
</url><url>
<loc>/sessions/ccs/</loc>
</url><url>
<loc>/sessions/certification_monads/</loc>
</url><url>
<loc>/sessions/ceva/</loc>
</url><url>
<loc>/sessions/chandy_lamport/</loc>
</url><url>
<loc>/sessions/cheri-c_memory_model/</loc>
</url><url>
<loc>/sessions/chord_segments/</loc>
</url><url>
<loc>/sessions/circus/</loc>
</url><url>
<loc>/sessions/cisc-kernel/</loc>
</url><url>
<loc>/sessions/classes/</loc>
</url><url>
<loc>/sessions/clean/</loc>
</url><url>
<loc>/sessions/clique_and_monotone_circuits/</loc>
</url><url>
<loc>/sessions/clocksynchinst/</loc>
</url><url>
<loc>/sessions/closest_pair_points/</loc>
</url><url>
<loc>/sessions/cocon/</loc>
</url><url>
<loc>/sessions/codegen/</loc>
</url><url>
<loc>/sessions/cofgroups/</loc>
</url><url>
<loc>/sessions/coinductive/</loc>
</url><url>
<loc>/sessions/coinductive_languages/</loc>
</url><url>
<loc>/sessions/collections/</loc>
</url><url>
<loc>/sessions/collections_examples/</loc>
</url><url>
<loc>/sessions/combinable_wands/</loc>
</url><url>
<loc>/sessions/combinatorial_enumeration_algorithms/</loc>
</url><url>
<loc>/sessions/combinatorics_words/</loc>
</url><url>
<loc>/sessions/combinatorics_words_graph_lemma/</loc>
</url><url>
<loc>/sessions/combinatorics_words_lyndon/</loc>
</url><url>
<loc>/sessions/commcsl/</loc>
</url><url>
<loc>/sessions/commuting_hermitian/</loc>
</url><url>
<loc>/sessions/comparison_sort_lower_bound/</loc>
</url><url>
<loc>/sessions/compiling-exceptions-correctly/</loc>
</url><url>
<loc>/sessions/complete_non_orders/</loc>
</url><url>
<loc>/sessions/completeness/</loc>
</url><url>
<loc>/sessions/complex_bounded_operators/</loc>
</url><url>
<loc>/sessions/complex_bounded_operators_dependencies/</loc>
</url><url>
<loc>/sessions/complex_geometry/</loc>
</url><url>
<loc>/sessions/complx/</loc>
</url><url>
<loc>/sessions/componentdependencies/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/approximation/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/concurrent/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/distributed/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/geometry/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/graph/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/mathematical/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/online/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/optimization/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/quantum-computing/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/randomized/</loc>
</url><url>
<loc>/topics/computer-science/artificial-intelligence/</loc>
</url><url>
<loc>/topics/computer-science/automata-and-formal-languages/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/process-calculi/</loc>
</url><url>
<loc>/topics/computer-science/data-management-systems/</loc>
</url><url>
<loc>/topics/computer-science/data-structures/</loc>
</url><url>
<loc>/topics/computer-science/functional-programming/</loc>
</url><url>
<loc>/topics/computer-science/hardware/</loc>
</url><url>
<loc>/topics/computer-science/machine-learning/</loc>
</url><url>
<loc>/topics/computer-science/networks/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/compiling/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/lambda-calculi/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/language-definitions/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/logics/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/misc/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/static-analysis/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/type-systems/</loc>
</url><url>
<loc>/topics/computer-science/security/</loc>
</url><url>
<loc>/topics/computer-science/security/cryptography/</loc>
</url><url>
<loc>/topics/computer-science/semantics-and-reasoning/</loc>
</url><url>
<loc>/topics/computer-science/system-description-languages/</loc>
</url><url>
<loc>/sessions/concurrent_ref_alg/</loc>
</url><url>
<loc>/sessions/concurrent_revisions/</loc>
</url><url>
<loc>/sessions/concurrentgc/</loc>
</url><url>
<loc>/sessions/concurrentimp/</loc>
</url><url>
<loc>/sessions/conditional_simplification/</loc>
</url><url>
<loc>/sessions/conditional_transfer_rule/</loc>
</url><url>
<loc>/sessions/consensus_refined/</loc>
</url><url>
<loc>/sessions/constructive_cryptography/</loc>
</url><url>
<loc>/sessions/constructive_cryptography_cm/</loc>
</url><url>
<loc>/sessions/constructor_funs/</loc>
</url><url>
<loc>/sessions/containers/</loc>
</url><url>
<loc>/sessions/containers-benchmarks/</loc>
</url><url>
<loc>/sessions/cook_levin/</loc>
</url><url>
<loc>/sessions/core_dom/</loc>
</url><url>
<loc>/sessions/core_sc_dom/</loc>
</url><url>
<loc>/sessions/corec/</loc>
</url><url>
<loc>/sessions/corec&#43;&#43;/</loc>
</url><url>
<loc>/sessions/correctness_algebras/</loc>
</url><url>
<loc>/sessions/cosmed/</loc>
</url><url>
<loc>/sessions/cosmedis/</loc>
</url><url>
<loc>/sessions/cotangent_pfd_formula/</loc>
</url><url>
<loc>/sessions/count_complex_roots/</loc>
</url><url>
+ <loc>/sessions/coupledsim_contrasim/</loc>
+ </url><url>
<loc>/sessions/crdt/</loc>
</url><url>
<loc>/sessions/crypthol/</loc>
</url><url>
<loc>/sessions/crypto_standards/</loc>
</url><url>
<loc>/sessions/cryptobasedcompositionalproperties/</loc>
</url><url>
<loc>/sessions/crystals-kyber/</loc>
</url><url>
<loc>/sessions/csp_reftk/</loc>
</url><url>
<loc>/sessions/ctt/</loc>
</url><url>
<loc>/sessions/cube/</loc>
</url><url>
<loc>/sessions/cubic_quartic_equations/</loc>
</url><url>
<loc>/sessions/cvp_hardness/</loc>
</url><url>
<loc>/sessions/cyk/</loc>
</url><url>
<loc>/sessions/czh_elementary_categories/</loc>
</url><url>
<loc>/sessions/czh_foundations/</loc>
</url><url>
<loc>/sessions/czh_universal_constructions/</loc>
</url><url>
<loc>/sessions/datarefinementibp/</loc>
</url><url>
<loc>/sessions/datatype_order_generator/</loc>
</url><url>
<loc>/sessions/datatypes/</loc>
</url><url>
<loc>/sessions/dcr-executionequivalence/</loc>
</url><url>
<loc>/sessions/decl_sem_fun_pl/</loc>
</url><url>
<loc>/sessions/decreasing-diagrams/</loc>
</url><url>
<loc>/sessions/decreasing-diagrams-ii/</loc>
</url><url>
<loc>/sessions/dedekind_real/</loc>
</url><url>
<loc>/sessions/deep_learning/</loc>
</url><url>
<loc>/sessions/delta_system_lemma/</loc>
</url><url>
<loc>/sessions/demo_easychair/</loc>
</url><url>
<loc>/sessions/demo_eptcs/</loc>
</url><url>
<loc>/sessions/demo_foiltex/</loc>
</url><url>
<loc>/sessions/demo_lipics/</loc>
</url><url>
<loc>/sessions/demo_llncs/</loc>
</url><url>
<loc>/sessions/density_compiler/</loc>
</url><url>
<loc>/sessions/dependent_sifum_refinement/</loc>
</url><url>
<loc>/sessions/dependent_sifum_type_systems/</loc>
</url><url>
<loc>/sessions/depth-first-search/</loc>
</url><url>
<loc>/sessions/derangements/</loc>
</url><url>
<loc>/sessions/deriving/</loc>
</url><url>
<loc>/sessions/descartes_sign_rule/</loc>
</url><url>
<loc>/sessions/design_theory/</loc>
</url><url>
<loc>/sessions/dfs_framework/</loc>
</url><url>
<loc>/sessions/dict_construction/</loc>
</url><url>
<loc>/sessions/differential_dynamic_logic/</loc>
</url><url>
<loc>/sessions/differential_game_logic/</loc>
</url><url>
<loc>/sessions/digit_expansions/</loc>
</url><url>
<loc>/sessions/digitsinbase/</loc>
</url><url>
<loc>/sessions/dijkstra_shortest_path/</loc>
</url><url>
<loc>/sessions/diophantine_eqns_lin_hom/</loc>
</url><url>
<loc>/sessions/directed_sets/</loc>
</url><url>
<loc>/sessions/dirichlet_l/</loc>
</url><url>
<loc>/sessions/dirichlet_series/</loc>
</url><url>
<loc>/sessions/discrete_summation/</loc>
</url><url>
<loc>/sessions/discretepricing/</loc>
</url><url>
<loc>/sessions/diskpaxos/</loc>
</url><url>
<loc>/sessions/distributed_distinct_elements/</loc>
</url><url>
<loc>/sessions/dom_components/</loc>
</url><url>
<loc>/sessions/dominance_chk/</loc>
</url><url>
<loc>/download/</loc>
</url><url>
<loc>/sessions/dprm_theorem/</loc>
</url><url>
<loc>/sessions/dpt-sat-solver/</loc>
</url><url>
<loc>/sessions/dynamic_tables/</loc>
</url><url>
<loc>/sessions/dynamicarchitectures/</loc>
</url><url>
<loc>/sessions/e_transcendental/</loc>
</url><url>
<loc>/sessions/earley_parser/</loc>
</url><url>
<loc>/sessions/echelon_form/</loc>
</url><url>
<loc>/sessions/edmondskarp_maxflow/</loc>
</url><url>
<loc>/sessions/edwards_elliptic_curves_group/</loc>
</url><url>
<loc>/sessions/efficient-mergesort/</loc>
</url><url>
<loc>/sessions/efficient_weighted_path_order/</loc>
</url><url>
<loc>/sessions/eisbach/</loc>
</url><url>
<loc>/sessions/elliptic_curves_group_law/</loc>
</url><url>
<loc>/sessions/encodability_process_calculi/</loc>
</url><url>
<loc>/submission/</loc>
</url><url>
<loc>/sessions/epistemic_logic/</loc>
</url><url>
<loc>/sessions/equivalence_relation_enumeration/</loc>
</url><url>
<loc>/sessions/ergodic_theory/</loc>
</url><url>
<loc>/sessions/error_function/</loc>
</url><url>
<loc>/sessions/euler_maclaurin/</loc>
</url><url>
<loc>/sessions/euler_partition/</loc>
</url><url>
<loc>/sessions/euler_polyhedron_formula/</loc>
</url><url>
<loc>/sessions/eval_fo/</loc>
</url><url>
<loc>/sessions/example-submission/</loc>
</url><url>
<loc>/sessions/executable_randomized_algorithms/</loc>
</url><url>
<loc>/sessions/expander_graphs/</loc>
</url><url>
<loc>/sessions/extended_finite_state_machine_inference/</loc>
</url><url>
<loc>/sessions/extended_finite_state_machines/</loc>
</url><url>
<loc>/sessions/factor_algebraic_polynomial/</loc>
</url><url>
<loc>/sessions/factored_transition_system_bounding/</loc>
</url><url>
<loc>/sessions/falling_factorial_sum/</loc>
</url><url>
<loc>/sessions/farkas/</loc>
</url><url>
<loc>/sessions/featherweight_ocl/</loc>
</url><url>
<loc>/sessions/featherweightjava/</loc>
</url><url>
<loc>/sessions/fermat3_4/</loc>
</url><url>
<loc>/sessions/fft/</loc>
</url><url>
<loc>/sessions/filerefinement/</loc>
</url><url>
<loc>/sessions/finfun/</loc>
</url><url>
<loc>/sessions/finger-trees/</loc>
</url><url>
<loc>/sessions/finite-map-extras/</loc>
</url><url>
<loc>/sessions/finite_automata_hf/</loc>
</url><url>
<loc>/sessions/finite_fields/</loc>
</url><url>
<loc>/sessions/finitely_generated_abelian_groups/</loc>
</url><url>
<loc>/sessions/first_order_terms/</loc>
</url><url>
<loc>/sessions/first_welfare_theorem/</loc>
</url><url>
<loc>/sessions/fishburn_impossibility/</loc>
</url><url>
<loc>/sessions/fisher_yates/</loc>
</url><url>
<loc>/sessions/fishers_inequality/</loc>
</url><url>
<loc>/sessions/fixed_length_vector/</loc>
</url><url>
<loc>/sessions/flow_networks/</loc>
</url><url>
<loc>/sessions/floyd_warshall/</loc>
</url><url>
<loc>/sessions/flp/</loc>
</url><url>
<loc>/sessions/flyspeck-tame/</loc>
</url><url>
<loc>/sessions/flyspeck-tame-computation/</loc>
</url><url>
<loc>/sessions/fo_theory_rewriting/</loc>
</url><url>
<loc>/sessions/focusstreamscasestudies/</loc>
</url><url>
<loc>/sessions/fol/</loc>
</url><url>
<loc>/sessions/fol-ex/</loc>
</url><url>
<loc>/sessions/fol-fitting/</loc>
</url><url>
<loc>/sessions/fol_axiomatic/</loc>
</url><url>
<loc>/sessions/fol_harrison/</loc>
</url><url>
<loc>/sessions/fol_seq_calc1/</loc>
</url><url>
<loc>/sessions/fol_seq_calc2/</loc>
</url><url>
<loc>/sessions/fol_seq_calc3/</loc>
</url><url>
<loc>/sessions/folp/</loc>
</url><url>
<loc>/sessions/folp-ex/</loc>
</url><url>
<loc>/sessions/forcing/</loc>
</url><url>
<loc>/sessions/formal_puiseux_series/</loc>
</url><url>
<loc>/sessions/formal_ssa/</loc>
</url><url>
<loc>/sessions/formula_derivatives/</loc>
</url><url>
<loc>/sessions/formula_derivatives-examples/</loc>
</url><url>
<loc>/sessions/foundation_of_geometry/</loc>
</url><url>
<loc>/sessions/fourier/</loc>
</url><url>
<loc>/sessions/free-boolean-algebra/</loc>
</url><url>
<loc>/sessions/free-groups/</loc>
</url><url>
<loc>/sessions/frequency_moments/</loc>
</url><url>
<loc>/sessions/fresh_identifiers/</loc>
</url><url>
<loc>/sessions/fsm_tests/</loc>
</url><url>
<loc>/sessions/functional-automata/</loc>
</url><url>
<loc>/sessions/functional_ordered_resolution_prover/</loc>
</url><url>
<loc>/sessions/functions/</loc>
</url><url>
<loc>/sessions/funwithfunctions/</loc>
</url><url>
<loc>/sessions/funwithtilings/</loc>
</url><url>
<loc>/sessions/furstenberg_topology/</loc>
</url><url>
<loc>/sessions/gabow_scc/</loc>
</url><url>
<loc>/sessions/gale_shapley/</loc>
</url><url>
<loc>/sessions/galestewart_games/</loc>
</url><url>
<loc>/sessions/game_based_crypto/</loc>
</url><url>
<loc>/sessions/gauss-jordan-elim-fun/</loc>
</url><url>
<loc>/sessions/gauss_jordan/</loc>
</url><url>
<loc>/sessions/gauss_sums/</loc>
</url><url>
<loc>/sessions/gaussian_integers/</loc>
</url><url>
<loc>/sessions/genclock/</loc>
</url><url>
<loc>/sessions/general-triangle/</loc>
</url><url>
<loc>/sessions/generalized_counting_sort/</loc>
</url><url>
<loc>/sessions/generic_deriving/</loc>
</url><url>
<loc>/sessions/generic_join/</loc>
</url><url>
<loc>/sessions/gewirthpgcproof/</loc>
</url><url>
<loc>/sessions/girth_chromatic/</loc>
</url><url>
<loc>/sessions/given_clause_loops/</loc>
</url><url>
<loc>/sessions/goedel_hfset_semantic/</loc>
</url><url>
<loc>/sessions/goedel_hfset_semanticless/</loc>
</url><url>
<loc>/sessions/goedel_incompleteness/</loc>
</url><url>
<loc>/sessions/goedelgod/</loc>
</url><url>
<loc>/sessions/goodstein_lambda/</loc>
</url><url>
<loc>/sessions/gpu_kernel_pl/</loc>
</url><url>
<loc>/sessions/graph_saturation/</loc>
</url><url>
<loc>/sessions/graph_theory/</loc>
</url><url>
<loc>/sessions/graphmarkingibp/</loc>
</url><url>
<loc>/sessions/gray_codes/</loc>
</url><url>
<loc>/sessions/green/</loc>
</url><url>
<loc>/sessions/groebner_bases/</loc>
</url><url>
<loc>/sessions/groebner_macaulay/</loc>
</url><url>
<loc>/sessions/gromov_hyperbolicity/</loc>
</url><url>
<loc>/sessions/grothendieck_schemes/</loc>
</url><url>
<loc>/sessions/group-ring-module/</loc>
</url><url>
<loc>/sessions/hahn_jordan_decomposition/</loc>
</url><url>
<loc>/sessions/hales_jewett/</loc>
</url><url>
<loc>/sessions/haskell/</loc>
</url><url>
<loc>/sessions/heard_of/</loc>
</url><url>
<loc>/sessions/hello_world/</loc>
</url><url>
<loc>/help/</loc>
</url><url>
<loc>/sessions/hereditarilyfinite/</loc>
</url><url>
<loc>/sessions/hermite/</loc>
</url><url>
<loc>/sessions/hermite_lindemann/</loc>
</url><url>
<loc>/sessions/hidden_markov_models/</loc>
</url><url>
<loc>/sessions/higher_order_terms/</loc>
</url><url>
<loc>/sessions/hoare_time/</loc>
</url><url>
<loc>/sessions/hoarefordivergence/</loc>
</url><url>
<loc>/sessions/hol/</loc>
</url><url>
<loc>/sessions/hol-algebra/</loc>
</url><url>
<loc>/sessions/hol-analysis/</loc>
</url><url>
<loc>/sessions/hol-analysis-ex/</loc>
</url><url>
<loc>/sessions/hol-auth/</loc>
</url><url>
<loc>/sessions/hol-bali/</loc>
</url><url>
<loc>/sessions/hol-cardinals/</loc>
</url><url>
<loc>/sessions/hol-codegenerator_test/</loc>
</url><url>
<loc>/sessions/hol-combinatorics/</loc>
</url><url>
<loc>/sessions/hol-complex_analysis/</loc>
</url><url>
<loc>/sessions/hol-computational_algebra/</loc>
</url><url>
<loc>/sessions/hol-corec_examples/</loc>
</url><url>
<loc>/sessions/hol-csp/</loc>
</url><url>
<loc>/sessions/hol-data_structures/</loc>
</url><url>
<loc>/sessions/hol-datatype_examples/</loc>
</url><url>
<loc>/sessions/hol-decision_procs/</loc>
</url><url>
<loc>/sessions/hol-eisbach/</loc>
</url><url>
<loc>/sessions/hol-ex/</loc>
</url><url>
<loc>/sessions/hol-examples/</loc>
</url><url>
<loc>/sessions/hol-hahn_banach/</loc>
</url><url>
<loc>/sessions/hol-hoare/</loc>
</url><url>
<loc>/sessions/hol-hoare_parallel/</loc>
</url><url>
<loc>/sessions/hol-homology/</loc>
</url><url>
<loc>/sessions/hol-imp/</loc>
</url><url>
<loc>/sessions/hol-imperative_hol/</loc>
</url><url>
<loc>/sessions/hol-import/</loc>
</url><url>
<loc>/sessions/hol-impp/</loc>
</url><url>
<loc>/sessions/hol-induct/</loc>
</url><url>
<loc>/sessions/hol-ioa/</loc>
</url><url>
<loc>/sessions/hol-isar_examples/</loc>
</url><url>
<loc>/sessions/hol-lattice/</loc>
</url><url>
<loc>/sessions/hol-library/</loc>
</url><url>
<loc>/sessions/hol-matrix_lp/</loc>
</url><url>
<loc>/sessions/hol-metis_examples/</loc>
</url><url>
<loc>/sessions/hol-microjava/</loc>
</url><url>
<loc>/sessions/hol-mirabelle-ex/</loc>
</url><url>
<loc>/sessions/hol-mutabelle/</loc>
</url><url>
<loc>/sessions/hol-nanojava/</loc>
</url><url>
<loc>/sessions/hol-nitpick_examples/</loc>
</url><url>
<loc>/sessions/hol-nominal/</loc>
</url><url>
<loc>/sessions/hol-nominal-examples/</loc>
</url><url>
<loc>/sessions/hol-nonstandard_analysis/</loc>
</url><url>
<loc>/sessions/hol-nonstandard_analysis-examples/</loc>
</url><url>
<loc>/sessions/hol-number_theory/</loc>
</url><url>
<loc>/sessions/hol-ode-arch-comp/</loc>
</url><url>
<loc>/sessions/hol-ode-examples/</loc>
</url><url>
<loc>/sessions/hol-ode-numerics/</loc>
</url><url>
<loc>/sessions/hol-predicate_compile_examples/</loc>
</url><url>
<loc>/sessions/hol-probability/</loc>
</url><url>
<loc>/sessions/hol-probability-ex/</loc>
</url><url>
<loc>/sessions/hol-prolog/</loc>
</url><url>
<loc>/sessions/hol-proofs/</loc>
</url><url>
<loc>/sessions/hol-proofs-ex/</loc>
</url><url>
<loc>/sessions/hol-proofs-extraction/</loc>
</url><url>
<loc>/sessions/hol-proofs-lambda/</loc>
</url><url>
<loc>/sessions/hol-quickcheck_examples/</loc>
</url><url>
<loc>/sessions/hol-quotient_examples/</loc>
</url><url>
<loc>/sessions/hol-real_asymp/</loc>
</url><url>
<loc>/sessions/hol-real_asymp-manual/</loc>
</url><url>
<loc>/sessions/hol-set_protocol/</loc>
</url><url>
<loc>/sessions/hol-smt_examples/</loc>
</url><url>
<loc>/sessions/hol-spark/</loc>
</url><url>
<loc>/sessions/hol-spark-examples/</loc>
</url><url>
<loc>/sessions/hol-spark-manual/</loc>
</url><url>
<loc>/sessions/hol-statespace/</loc>
</url><url>
<loc>/sessions/hol-tla/</loc>
</url><url>
<loc>/sessions/hol-tla-buffer/</loc>
</url><url>
<loc>/sessions/hol-tla-inc/</loc>
</url><url>
<loc>/sessions/hol-tla-memory/</loc>
</url><url>
<loc>/sessions/hol-tptp/</loc>
</url><url>
<loc>/sessions/hol-types_to_sets/</loc>
</url><url>
<loc>/sessions/hol-unity/</loc>
</url><url>
<loc>/sessions/hol-unix/</loc>
</url><url>
<loc>/sessions/hol-zf/</loc>
</url><url>
<loc>/sessions/holcf/</loc>
</url><url>
<loc>/sessions/holcf-ex/</loc>
</url><url>
<loc>/sessions/holcf-focus/</loc>
</url><url>
<loc>/sessions/holcf-imp/</loc>
</url><url>
<loc>/sessions/holcf-library/</loc>
</url><url>
<loc>/sessions/holcf-prelude/</loc>
</url><url>
<loc>/sessions/holcf-tutorial/</loc>
</url><url>
<loc>/sessions/hood_melville_queue/</loc>
</url><url>
<loc>/sessions/hotelkeycards/</loc>
</url><url>
<loc>/sessions/how_to_prove_it/</loc>
</url><url>
<loc>/sessions/hrb-slicing/</loc>
</url><url>
<loc>/sessions/huffman/</loc>
</url><url>
<loc>/sessions/hybrid_logic/</loc>
</url><url>
<loc>/sessions/hybrid_multi_lane_spatial_logic/</loc>
</url><url>
<loc>/sessions/hybrid_systems_vcs/</loc>
</url><url>
<loc>/sessions/hyperctl/</loc>
</url><url>
<loc>/sessions/hyperdual/</loc>
</url><url>
<loc>/sessions/hypergraph_basics/</loc>
</url><url>
<loc>/sessions/hyperhoarelogic/</loc>
</url><url>
<loc>/sessions/ieee_floating_point/</loc>
</url><url>
<loc>/sessions/ifc_tracking/</loc>
</url><url>
<loc>/sessions/imap-crdt/</loc>
</url><url>
<loc>/sessions/imo2019/</loc>
</url><url>
<loc>/sessions/imp2/</loc>
</url><url>
<loc>/sessions/imp2_binary_heap/</loc>
</url><url>
<loc>/sessions/imp_compiler/</loc>
</url><url>
<loc>/sessions/imp_compiler_reuse/</loc>
</url><url>
<loc>/sessions/imperative_insertion_sort/</loc>
</url><url>
<loc>/sessions/implementation/</loc>
</url><url>
<loc>/sessions/implicational_logic/</loc>
</url><url>
<loc>/sessions/impossible_geometry/</loc>
</url><url>
<loc>/sessions/incompleteness/</loc>
</url><url>
<loc>/sessions/incredible_proof_machine/</loc>
</url><url>
<loc>/sessions/independence_ch/</loc>
</url><url>
<loc>/sessions/inductive_confidentiality/</loc>
</url><url>
<loc>/sessions/inductive_inference/</loc>
</url><url>
<loc>/sessions/informationflowslicing/</loc>
</url><url>
<loc>/sessions/informationflowslicing_inter/</loc>
</url><url>
<loc>/sessions/infpathelimination/</loc>
</url><url>
<loc>/sessions/integration/</loc>
</url><url>
<loc>/sessions/interpolation_polynomials_hol_algebra/</loc>
</url><url>
<loc>/sessions/interpreter_optimizations/</loc>
</url><url>
<loc>/sessions/interval_arithmetic_word32/</loc>
</url><url>
<loc>/sessions/intro/</loc>
</url><url>
<loc>/sessions/intro_dest_elim/</loc>
</url><url>
<loc>/sessions/involutions2squares/</loc>
</url><url>
+ <loc>/sessions/io_language_conformance/</loc>
+ </url><url>
<loc>/sessions/ioa/</loc>
</url><url>
<loc>/sessions/ioa-abp/</loc>
</url><url>
<loc>/sessions/ioa-ex/</loc>
</url><url>
<loc>/sessions/ioa-ntp/</loc>
</url><url>
<loc>/sessions/ioa-storage/</loc>
</url><url>
<loc>/sessions/ip_addresses/</loc>
</url><url>
<loc>/sessions/iptables_semantics/</loc>
</url><url>
<loc>/sessions/iptables_semantics_examples/</loc>
</url><url>
<loc>/sessions/iptables_semantics_examples_big/</loc>
</url><url>
<loc>/sessions/irrational_series_erdos_straus/</loc>
</url><url>
<loc>/sessions/irrationality_j_hancl/</loc>
</url><url>
<loc>/sessions/irrationals_from_thebook/</loc>
</url><url>
<loc>/sessions/isabelle_c/</loc>
</url><url>
<loc>/sessions/isabelle_marries_dirac/</loc>
</url><url>
<loc>/sessions/isabelle_meta_model/</loc>
</url><url>
<loc>/sessions/isageocoq/</loc>
</url><url>
<loc>/sessions/isanet/</loc>
</url><url>
<loc>/sessions/isar_ref/</loc>
</url><url>
<loc>/sessions/jacobson_basic_algebra/</loc>
</url><url>
<loc>/sessions/jedit/</loc>
</url><url>
<loc>/sessions/jinja/</loc>
</url><url>
<loc>/sessions/jinjadci/</loc>
</url><url>
<loc>/sessions/jinjathreads/</loc>
</url><url>
<loc>/sessions/jivedatastoremodel/</loc>
</url><url>
<loc>/sessions/jordan_hoelder/</loc>
</url><url>
<loc>/sessions/jordan_normal_form/</loc>
</url><url>
<loc>/sessions/kad/</loc>
</url><url>
<loc>/sessions/kat_and_dra/</loc>
</url><url>
<loc>/sessions/kbps/</loc>
</url><url>
<loc>/sessions/kd_tree/</loc>
</url><url>
<loc>/sessions/key_agreement_strong_adversaries/</loc>
</url><url>
<loc>/sessions/khovanskii_theorem/</loc>
</url><url>
<loc>/sessions/kleene_algebra/</loc>
</url><url>
<loc>/sessions/kneser_cauchy_davenport/</loc>
</url><url>
<loc>/sessions/knights_tour/</loc>
</url><url>
<loc>/sessions/knot_theory/</loc>
</url><url>
<loc>/sessions/knuth_bendix_order/</loc>
</url><url>
<loc>/sessions/knuth_morris_pratt/</loc>
</url><url>
<loc>/sessions/koenigsberg_friendship/</loc>
</url><url>
<loc>/sessions/kruskal/</loc>
</url><url>
<loc>/sessions/kuratowski_closure_complement/</loc>
</url><url>
<loc>/sessions/lam-ml-normalization/</loc>
</url><url>
<loc>/sessions/lambda_free_epo/</loc>
</url><url>
<loc>/sessions/lambda_free_kbos/</loc>
</url><url>
<loc>/sessions/lambda_free_rpos/</loc>
</url><url>
<loc>/sessions/lambdaauth/</loc>
</url><url>
<loc>/sessions/lambdamu/</loc>
</url><url>
<loc>/sessions/lambert_w/</loc>
</url><url>
<loc>/sessions/landau_symbols/</loc>
</url><url>
<loc>/sessions/laplace_transform/</loc>
</url><url>
<loc>/sessions/latin_square/</loc>
</url><url>
<loc>/sessions/latticeproperties/</loc>
</url><url>
<loc>/sessions/launchbury/</loc>
</url><url>
<loc>/sessions/laws_of_large_numbers/</loc>
</url><url>
<loc>/sessions/lazy-lists-ii/</loc>
</url><url>
<loc>/sessions/lazy_case/</loc>
</url><url>
<loc>/sessions/lcf/</loc>
</url><url>
<loc>/sessions/lehmer/</loc>
</url><url>
<loc>/sessions/lem/</loc>
</url><url>
<loc>/sessions/lifting_definition_option/</loc>
</url><url>
<loc>/sessions/lifting_the_exponent/</loc>
</url><url>
<loc>/sessions/lightweightjava/</loc>
</url><url>
<loc>/sessions/linear_inequalities/</loc>
</url><url>
<loc>/sessions/linear_programming/</loc>
</url><url>
<loc>/sessions/linear_recurrences/</loc>
</url><url>
<loc>/sessions/linear_recurrences_solver/</loc>
</url><url>
<loc>/sessions/linearquantifierelim/</loc>
</url><url>
<loc>/sessions/liouville_numbers/</loc>
</url><url>
<loc>/sessions/list-index/</loc>
</url><url>
<loc>/sessions/list-infinite/</loc>
</url><url>
<loc>/sessions/list_interleaving/</loc>
</url><url>
<loc>/sessions/list_inversions/</loc>
</url><url>
<loc>/sessions/list_update/</loc>
</url><url>
<loc>/sessions/lll_basis_reduction/</loc>
</url><url>
<loc>/sessions/lll_factorization/</loc>
</url><url>
<loc>/sessions/locales/</loc>
</url><url>
<loc>/sessions/localization_ring/</loc>
</url><url>
<loc>/sessions/locallexing/</loc>
</url><url>
<loc>/sessions/locally-nameless-sigma/</loc>
</url><url>
<loc>/sessions/loft/</loc>
</url><url>
<loc>/sessions/logging_independent_anonymity/</loc>
</url><url>
<loc>/topics/logic/computability/</loc>
</url><url>
<loc>/topics/logic/general-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-first-order-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-propositional-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/decidability-of-theories/</loc>
</url><url>
<loc>/topics/logic/general-logic/logics-of-knowledge-and-belief/</loc>
</url><url>
<loc>/topics/logic/general-logic/mechanization-of-proofs/</loc>
</url><url>
<loc>/topics/logic/general-logic/modal-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/paraconsistent-logics/</loc>
</url><url>
<loc>/topics/logic/general-logic/temporal-logic/</loc>
</url><url>
<loc>/topics/logic/philosophical-aspects/</loc>
</url><url>
<loc>/topics/logic/proof-theory/</loc>
</url><url>
<loc>/topics/logic/rewriting/</loc>
</url><url>
<loc>/topics/logic/set-theory/</loc>
</url><url>
<loc>/sessions/logics/</loc>
</url><url>
<loc>/sessions/logics_zf/</loc>
</url><url>
<loc>/sessions/lorenz_approximation/</loc>
</url><url>
<loc>/sessions/lorenz_c0/</loc>
</url><url>
<loc>/sessions/lorenz_c1/</loc>
</url><url>
<loc>/sessions/lovasz_local/</loc>
</url><url>
<loc>/sessions/lowe_ontological_argument/</loc>
</url><url>
<loc>/sessions/lower_semicontinuous/</loc>
</url><url>
<loc>/sessions/lp/</loc>
</url><url>
<loc>/sessions/lp_duality/</loc>
</url><url>
<loc>/sessions/ltl/</loc>
</url><url>
<loc>/sessions/ltl_master_theorem/</loc>
</url><url>
<loc>/sessions/ltl_normal_form/</loc>
</url><url>
<loc>/sessions/ltl_to_dra/</loc>
</url><url>
<loc>/sessions/ltl_to_gba/</loc>
</url><url>
<loc>/sessions/lucas_theorem/</loc>
</url><url>
<loc>/sessions/main/</loc>
</url><url>
<loc>/sessions/markov_models/</loc>
</url><url>
<loc>/sessions/marriage/</loc>
</url><url>
<loc>/sessions/mason_stothers/</loc>
</url><url>
<loc>/topics/mathematics/algebra/</loc>
</url><url>
<loc>/topics/mathematics/analysis/</loc>
</url><url>
<loc>/topics/mathematics/category-theory/</loc>
</url><url>
<loc>/topics/mathematics/combinatorics/</loc>
</url><url>
<loc>/topics/mathematics/games-and-economics/</loc>
</url><url>
<loc>/topics/mathematics/geometry/</loc>
</url><url>
<loc>/topics/mathematics/graph-theory/</loc>
</url><url>
<loc>/topics/mathematics/measure-and-integration/</loc>
</url><url>
<loc>/topics/mathematics/misc/</loc>
</url><url>
<loc>/topics/mathematics/number-theory/</loc>
</url><url>
<loc>/topics/mathematics/order/</loc>
</url><url>
<loc>/topics/mathematics/physics/</loc>
</url><url>
<loc>/topics/mathematics/physics/quantum-information/</loc>
</url><url>
<loc>/topics/mathematics/probability-theory/</loc>
</url><url>
<loc>/topics/mathematics/topology/</loc>
</url><url>
<loc>/sessions/matrices_for_odes/</loc>
</url><url>
<loc>/sessions/matrix/</loc>
</url><url>
<loc>/sessions/matrix_tensor/</loc>
</url><url>
<loc>/sessions/matroids/</loc>
</url><url>
<loc>/sessions/max-card-matching/</loc>
</url><url>
<loc>/sessions/maximum_segment_sum/</loc>
</url><url>
<loc>/sessions/mdp-algorithms/</loc>
</url><url>
<loc>/sessions/mdp-rewards/</loc>
</url><url>
<loc>/sessions/median_method/</loc>
</url><url>
<loc>/sessions/median_of_medians_selection/</loc>
</url><url>
<loc>/sessions/menger/</loc>
</url><url>
<loc>/sessions/mereology/</loc>
</url><url>
<loc>/sessions/mersenne_primes/</loc>
</url><url>
<loc>/sessions/metalogic_proofchecker/</loc>
</url><url>
<loc>/sessions/mfmc_countable/</loc>
</url><url>
<loc>/sessions/mfodl_monitor_optimized/</loc>
</url><url>
<loc>/sessions/mfotl_monitor/</loc>
</url><url>
<loc>/sessions/mhcomputation/</loc>
</url><url>
<loc>/sessions/minimal_ssa/</loc>
</url><url>
<loc>/sessions/miniml/</loc>
</url><url>
<loc>/sessions/minisail/</loc>
</url><url>
<loc>/sessions/minkowskis_theorem/</loc>
</url><url>
<loc>/sessions/minsky_machines/</loc>
</url><url>
<loc>/sessions/ml_unification/</loc>
</url><url>
<loc>/sessions/mlss_decision_proc/</loc>
</url><url>
<loc>/sessions/modal_logics_for_nts/</loc>
</url><url>
<loc>/sessions/modular_arithmetic_lll_and_hnf_algorithms/</loc>
</url><url>
<loc>/sessions/modular_assembly_kit_security/</loc>
</url><url>
<loc>/sessions/monad_memo_dp/</loc>
</url><url>
<loc>/sessions/monad_normalisation/</loc>
</url><url>
<loc>/sessions/monobooltranalgebra/</loc>
</url><url>
<loc>/sessions/monoidalcategory/</loc>
</url><url>
<loc>/sessions/monomorphic_monad/</loc>
</url><url>
<loc>/sessions/mso_regex_equivalence/</loc>
</url><url>
<loc>/sessions/muchadoabouttwo/</loc>
</url><url>
<loc>/sessions/multi_party_computation/</loc>
</url><url>
<loc>/sessions/multirelations/</loc>
</url><url>
<loc>/sessions/multirelations_heterogeneous/</loc>
</url><url>
<loc>/sessions/multiset_ordering_npc/</loc>
</url><url>
<loc>/sessions/multitape_to_singletape_tm/</loc>
</url><url>
<loc>/sessions/myhill-nerode/</loc>
</url><url>
<loc>/sessions/name_carrying_type_inference/</loc>
</url><url>
<loc>/sessions/nano_json/</loc>
</url><url>
<loc>/sessions/naproche/</loc>
</url><url>
<loc>/sessions/naproche-test/</loc>
</url><url>
<loc>/sessions/nash_williams/</loc>
</url><url>
<loc>/sessions/nat-interval-logic/</loc>
</url><url>
<loc>/sessions/native_word/</loc>
</url><url>
<loc>/sessions/nested_multisets_ordinals/</loc>
</url><url>
<loc>/sessions/network_security_policy_verification/</loc>
</url><url>
<loc>/sessions/neumann_morgenstern_utility/</loc>
</url><url>
<loc>/sessions/nitpick/</loc>
</url><url>
<loc>/sessions/no_ftl_observers/</loc>
</url><url>
<loc>/sessions/no_ftl_observers_gen_rel/</loc>
</url><url>
<loc>/sessions/nominal2/</loc>
</url><url>
<loc>/sessions/noninterference_concurrent_composition/</loc>
</url><url>
<loc>/sessions/noninterference_csp/</loc>
</url><url>
<loc>/sessions/noninterference_generic_unwinding/</loc>
</url><url>
<loc>/sessions/noninterference_inductive_unwinding/</loc>
</url><url>
<loc>/sessions/noninterference_ipurge_unwinding/</loc>
</url><url>
<loc>/sessions/noninterference_sequential_composition/</loc>
</url><url>
<loc>/sessions/normbyeval/</loc>
</url><url>
<loc>/sessions/nullstellensatz/</loc>
</url><url>
<loc>/sessions/number_theoretic_transform/</loc>
</url><url>
<loc>/sessions/octonions/</loc>
</url><url>
<loc>/sessions/old_datatype_show/</loc>
</url><url>
<loc>/sessions/open_induction/</loc>
</url><url>
<loc>/sessions/opsets/</loc>
</url><url>
<loc>/sessions/optics/</loc>
</url><url>
<loc>/sessions/optimal_bst/</loc>
</url><url>
<loc>/sessions/orbit_stabiliser/</loc>
</url><url>
<loc>/sessions/order_lattice_props/</loc>
</url><url>
<loc>/sessions/ordered_resolution_prover/</loc>
</url><url>
<loc>/sessions/ordinal/</loc>
</url><url>
<loc>/sessions/ordinal_partitions/</loc>
</url><url>
<loc>/sessions/ordinals_and_cardinals/</loc>
</url><url>
<loc>/sessions/ordinary_differential_equations/</loc>
</url><url>
<loc>/sessions/pac_checker/</loc>
</url><url>
<loc>/sessions/package_logic/</loc>
</url><url>
<loc>/sessions/padic_field/</loc>
</url><url>
<loc>/sessions/padic_ints/</loc>
</url><url>
<loc>/sessions/pairing_heap/</loc>
</url><url>
<loc>/sessions/pal/</loc>
</url><url>
<loc>/sessions/papp_impossibility/</loc>
</url><url>
<loc>/sessions/paraconsistency/</loc>
</url><url>
<loc>/sessions/parity_game/</loc>
</url><url>
<loc>/sessions/partial_function_mr/</loc>
</url><url>
<loc>/sessions/partial_order_reduction/</loc>
</url><url>
<loc>/sessions/password_authentication_protocol/</loc>
</url><url>
<loc>/sessions/pcf/</loc>
</url><url>
<loc>/sessions/pell/</loc>
</url><url>
<loc>/sessions/perfect-number-thm/</loc>
</url><url>
<loc>/sessions/perron_frobenius/</loc>
</url><url>
<loc>/sessions/pgcl/</loc>
</url><url>
<loc>/sessions/physical_quantities/</loc>
</url><url>
<loc>/sessions/pi_calculus/</loc>
</url><url>
<loc>/sessions/pi_transcendental/</loc>
</url><url>
<loc>/sessions/planarity_certificates/</loc>
</url><url>
<loc>/sessions/plm/</loc>
</url><url>
<loc>/sessions/pluennecke_ruzsa_inequality/</loc>
</url><url>
<loc>/sessions/poincare_bendixson/</loc>
</url><url>
<loc>/sessions/poincare_disc/</loc>
</url><url>
<loc>/sessions/polygonal_number_theorem/</loc>
</url><url>
<loc>/sessions/polynomial_factorization/</loc>
</url><url>
<loc>/sessions/polynomial_interpolation/</loc>
</url><url>
<loc>/sessions/polynomials/</loc>
</url><url>
<loc>/sessions/pop_refinement/</loc>
</url><url>
<loc>/sessions/poplmark-debruijn/</loc>
</url><url>
<loc>/sessions/posix-lexing/</loc>
</url><url>
<loc>/sessions/possibilistic_noninterference/</loc>
</url><url>
<loc>/sessions/power_sum_polynomials/</loc>
</url><url>
<loc>/sessions/pratt_certificate/</loc>
</url><url>
<loc>/sessions/prefix_free_code_combinators/</loc>
</url><url>
<loc>/sessions/presburger-automata/</loc>
</url><url>
<loc>/sessions/prim_dijkstra_simple/</loc>
</url><url>
<loc>/sessions/prime_distribution_elementary/</loc>
</url><url>
<loc>/sessions/prime_harmonic_series/</loc>
</url><url>
<loc>/sessions/prime_number_theorem/</loc>
</url><url>
<loc>/sessions/priority_queue_braun/</loc>
</url><url>
<loc>/sessions/priority_search_trees/</loc>
</url><url>
<loc>/sessions/probabilistic_noninterference/</loc>
</url><url>
<loc>/sessions/probabilistic_prime_tests/</loc>
</url><url>
<loc>/sessions/probabilistic_system_zoo/</loc>
</url><url>
<loc>/sessions/probabilistic_timed_automata/</loc>
</url><url>
<loc>/sessions/probabilistic_while/</loc>
</url><url>
<loc>/sessions/probability_inequality_completeness/</loc>
</url><url>
<loc>/sessions/prog_prove/</loc>
</url><url>
<loc>/sessions/program-conflict-analysis/</loc>
</url><url>
<loc>/sessions/progress_tracking/</loc>
</url><url>
<loc>/sessions/projective_geometry/</loc>
</url><url>
<loc>/sessions/projective_measurements/</loc>
</url><url>
<loc>/sessions/promela/</loc>
</url><url>
<loc>/sessions/proof_strategy_language/</loc>
</url><url>
<loc>/sessions/propositional_logic_class/</loc>
</url><url>
<loc>/sessions/propositional_proof_systems/</loc>
</url><url>
<loc>/sessions/proprespi/</loc>
</url><url>
<loc>/sessions/prpu_maxflow/</loc>
</url><url>
<loc>/sessions/psemigroupsconvolution/</loc>
</url><url>
<loc>/sessions/pseudohoops/</loc>
</url><url>
<loc>/sessions/psi_calculi/</loc>
</url><url>
<loc>/sessions/ptolemys_theorem/</loc>
</url><url>
<loc>/sessions/public_announcement_logic/</loc>
</url><url>
<loc>/sessions/pure/</loc>
</url><url>
<loc>/sessions/pure-ex/</loc>
</url><url>
<loc>/sessions/pure-examples/</loc>
</url><url>
<loc>/sessions/qhlprover/</loc>
</url><url>
<loc>/sessions/qr_decomposition/</loc>
</url><url>
<loc>/sessions/quantales/</loc>
</url><url>
<loc>/sessions/quantales_converse/</loc>
</url><url>
<loc>/sessions/quantifier_elimination_hybrid/</loc>
</url><url>
<loc>/sessions/quasi_borel_spaces/</loc>
</url><url>
<loc>/sessions/quaternions/</loc>
</url><url>
<loc>/sessions/query_optimization/</loc>
</url><url>
<loc>/sessions/quick_sort_cost/</loc>
</url><url>
<loc>/sessions/ramsey-infinite/</loc>
</url><url>
<loc>/sessions/random_bsts/</loc>
</url><url>
<loc>/sessions/random_graph_subgraph_threshold/</loc>
</url><url>
<loc>/sessions/randomised_bsts/</loc>
</url><url>
<loc>/sessions/randomised_social_choice/</loc>
</url><url>
<loc>/sessions/rank_nullity_theorem/</loc>
</url><url>
<loc>/sessions/real_impl/</loc>
</url><url>
<loc>/sessions/real_power/</loc>
</url><url>
<loc>/sessions/real_time_deque/</loc>
</url><url>
<loc>/sessions/recursion-addition/</loc>
</url><url>
<loc>/sessions/recursion-theory-i/</loc>
</url><url>
<loc>/sessions/refine_imperative_hol/</loc>
</url><url>
<loc>/sessions/refine_monadic/</loc>
</url><url>
<loc>/sessions/refinementreactive/</loc>
</url><url>
<loc>/sessions/regex_equivalence/</loc>
</url><url>
<loc>/sessions/registers/</loc>
</url><url>
<loc>/sessions/regression_test_selection/</loc>
</url><url>
<loc>/sessions/regular-sets/</loc>
</url><url>
<loc>/sessions/regular_algebras/</loc>
</url><url>
<loc>/sessions/regular_tree_relations/</loc>
</url><url>
<loc>/sessions/relation_algebra/</loc>
</url><url>
<loc>/sessions/relational-incorrectness-logic/</loc>
</url><url>
<loc>/sessions/relational_cardinality/</loc>
</url><url>
<loc>/sessions/relational_disjoint_set_forests/</loc>
</url><url>
<loc>/sessions/relational_forests/</loc>
</url><url>
<loc>/sessions/relational_method/</loc>
</url><url>
<loc>/sessions/relational_minimum_spanning_trees/</loc>
</url><url>
<loc>/sessions/relational_paths/</loc>
</url><url>
<loc>/sessions/rensets/</loc>
</url><url>
<loc>/sessions/rep_fin_groups/</loc>
</url><url>
<loc>/sessions/residuated_lattices/</loc>
</url><url>
<loc>/sessions/residuatedtransitionsystem/</loc>
</url><url>
<loc>/sessions/resolution_fol/</loc>
</url><url>
<loc>/sessions/rewrite_properties_reduction/</loc>
</url><url>
<loc>/sessions/rewriting_z/</loc>
</url><url>
<loc>/sessions/ribbon_proofs/</loc>
</url><url>
<loc>/sessions/ripemd-160-spark/</loc>
</url><url>
<loc>/sessions/risk_free_lending/</loc>
</url><url>
<loc>/sessions/robbins-conjecture/</loc>
</url><url>
<loc>/sessions/robdd/</loc>
</url><url>
<loc>/sessions/robinson_arithmetic/</loc>
</url><url>
<loc>/sessions/root_balanced_tree/</loc>
</url><url>
<loc>/sessions/roth_arithmetic_progressions/</loc>
</url><url>
<loc>/sessions/routing/</loc>
</url><url>
<loc>/sessions/roy_floyd_warshall/</loc>
</url><url>
<loc>/sessions/rsapss/</loc>
</url><url>
+ <loc>/sessions/s_finite_measure_monad/</loc>
+ </url><url>
<loc>/sessions/safe_distance/</loc>
</url><url>
<loc>/sessions/safe_ocl/</loc>
</url><url>
<loc>/sessions/safe_range_rc/</loc>
</url><url>
<loc>/sessions/satsolververification/</loc>
</url><url>
<loc>/sessions/saturation_framework/</loc>
</url><url>
<loc>/sessions/saturation_framework_extensions/</loc>
</url><url>
<loc>/sessions/sauer_shelah_lemma/</loc>
</url><url>
<loc>/sessions/sc_dom_components/</loc>
</url><url>
<loc>/sessions/scc_bloemen_sequential/</loc>
</url><url>
<loc>/sessions/schutz_spacetime/</loc>
</url><url>
<loc>/sessions/schwartz_zippel/</loc>
</url><url>
<loc>/sessions/sds_impossibility/</loc>
</url><url>
<loc>/search/</loc>
<priority>0.1</priority>
</url><url>
<loc>/sessions/secondary_sylow/</loc>
</url><url>
<loc>/sessions/security_protocol_refinement/</loc>
</url><url>
<loc>/sessions/selection_heap_sort/</loc>
</url><url>
<loc>/sessions/sensocialchoice/</loc>
</url><url>
<loc>/sessions/separata/</loc>
</url><url>
<loc>/sessions/separation_algebra/</loc>
</url><url>
<loc>/sessions/separation_logic_imperative_hol/</loc>
</url><url>
<loc>/sessions/separation_logic_unbounded/</loc>
</url><url>
<loc>/sessions/sepref_basic/</loc>
</url><url>
<loc>/sessions/sepref_iicf/</loc>
</url><url>
<loc>/sessions/sepref_prereq/</loc>
</url><url>
<loc>/sessions/sequentinvertibility/</loc>
</url><url>
<loc>/sessions/sequents/</loc>
</url><url>
<loc>/sessions/</loc>
</url><url>
<loc>/sessions/shadow_dom/</loc>
</url><url>
<loc>/sessions/shadow_sc_dom/</loc>
</url><url>
<loc>/sessions/shivers-cfa/</loc>
</url><url>
<loc>/sessions/shortestpath/</loc>
</url><url>
<loc>/sessions/show/</loc>
</url><url>
<loc>/sessions/sifpl/</loc>
</url><url>
<loc>/sessions/sifum_type_systems/</loc>
</url><url>
<loc>/sessions/sigma_commit_crypto/</loc>
</url><url>
<loc>/sessions/signature_groebner/</loc>
</url><url>
<loc>/sessions/simpl/</loc>
</url><url>
<loc>/sessions/simple_clause_learning/</loc>
</url><url>
<loc>/sessions/simple_firewall/</loc>
</url><url>
<loc>/sessions/simplex/</loc>
</url><url>
<loc>/sessions/simplicial_complexes_and_boolean_functions/</loc>
</url><url>
<loc>/sessions/simplifiedontologicalargument/</loc>
</url><url>
<loc>/sessions/skew_heap/</loc>
</url><url>
<loc>/sessions/skip_lists/</loc>
</url><url>
<loc>/sessions/sledgehammer/</loc>
</url><url>
<loc>/sessions/slicing/</loc>
</url><url>
<loc>/sessions/sliding_window_algorithm/</loc>
</url><url>
<loc>/sessions/sm/</loc>
</url><url>
<loc>/sessions/sm_base/</loc>
</url><url>
<loc>/sessions/smith_normal_form/</loc>
</url><url>
<loc>/sessions/sml/</loc>
</url><url>
<loc>/sessions/smooth_manifolds/</loc>
</url><url>
<loc>/sessions/solidity/</loc>
</url><url>
<loc>/sessions/sophomores_dream/</loc>
</url><url>
<loc>/sessions/sort_encodings/</loc>
</url><url>
<loc>/sessions/source_coding_theorem/</loc>
</url><url>
<loc>/sessions/sparcv8/</loc>
</url><url>
<loc>/sessions/speccheck/</loc>
</url><url>
<loc>/sessions/special_function_bounds/</loc>
</url><url>
<loc>/sessions/splay_tree/</loc>
</url><url>
<loc>/sessions/sqrt_babylonian/</loc>
</url><url>
<loc>/sessions/stable_matching/</loc>
</url><url>
<loc>/sessions/stalnaker_logic/</loc>
</url><url>
+ <loc>/sessions/standard_borel_spaces/</loc>
+ </url><url>
<loc>/sessions/statecharts/</loc>
</url><url>
<loc>/sessions/stateful_protocol_composition_and_typing/</loc>
</url><url>
<loc>/statistics/</loc>
</url><url>
<loc>/sessions/stellar_quorums/</loc>
</url><url>
<loc>/sessions/stern_brocot/</loc>
</url><url>
<loc>/sessions/stewart_apollonius/</loc>
</url><url>
<loc>/sessions/stirling_formula/</loc>
</url><url>
<loc>/sessions/stochastic_matrices/</loc>
</url><url>
<loc>/sessions/stone_algebras/</loc>
</url><url>
<loc>/sessions/stone_kleene_relation_algebras/</loc>
</url><url>
<loc>/sessions/stone_relation_algebras/</loc>
</url><url>
<loc>/sessions/store_buffer_reduction/</loc>
</url><url>
<loc>/sessions/stream-fusion/</loc>
</url><url>
<loc>/sessions/stream_fusion_code/</loc>
</url><url>
<loc>/sessions/strictomegacategories/</loc>
</url><url>
<loc>/sessions/strong_security/</loc>
</url><url>
<loc>/sessions/sturm_sequences/</loc>
</url><url>
<loc>/sessions/sturm_tarski/</loc>
</url><url>
<loc>/sessions/stuttering_equivalence/</loc>
</url><url>
<loc>/webapp/submit/</loc>
</url><url>
<loc>/sessions/subresultants/</loc>
</url><url>
<loc>/sessions/subset_boolean_algebras/</loc>
</url><url>
<loc>/sessions/sugar/</loc>
</url><url>
<loc>/sessions/sumsquares/</loc>
</url><url>
<loc>/sessions/sunflowers/</loc>
</url><url>
<loc>/sessions/supercalc/</loc>
</url><url>
<loc>/sessions/suppes_theorem/</loc>
</url><url>
<loc>/sessions/surprise_paradox/</loc>
</url><url>
<loc>/sessions/symmetric_polynomials/</loc>
</url><url>
<loc>/sessions/syntax_independent_logic/</loc>
</url><url>
<loc>/sessions/synthetic_completeness/</loc>
</url><url>
<loc>/sessions/system/</loc>
</url><url>
<loc>/sessions/szemeredi_regularity/</loc>
</url><url>
<loc>/sessions/szpilrajn/</loc>
</url><url>
<loc>/sessions/tail_recursive_functions/</loc>
</url><url>
<loc>/sessions/tarskis_geometry/</loc>
</url><url>
<loc>/sessions/taylor_models/</loc>
</url><url>
<loc>/sessions/tesl_language/</loc>
</url><url>
<loc>/sessions/three_circles/</loc>
</url><url>
<loc>/sessions/three_squares/</loc>
</url><url>
<loc>/sessions/timed_automata/</loc>
</url><url>
<loc>/sessions/tla/</loc>
</url><url>
<loc>/sessions/tools/</loc>
</url><url>
<loc>/sessions/topological_semantics/</loc>
</url><url>
<loc>/sessions/topology/</loc>
</url><url>
<loc>/sessions/tortoisehare/</loc>
</url><url>
<loc>/sessions/transcendence_series_hancl_rucki/</loc>
</url><url>
<loc>/sessions/transformer_semantics/</loc>
</url><url>
<loc>/sessions/transition_systems_and_automata/</loc>
</url><url>
<loc>/sessions/transitive-closure/</loc>
</url><url>
<loc>/sessions/transitive-closure-ii/</loc>
</url><url>
<loc>/sessions/transitive_models/</loc>
</url><url>
+ <loc>/sessions/transport/</loc>
+ </url><url>
<loc>/sessions/treaps/</loc>
</url><url>
<loc>/sessions/tree-automata/</loc>
</url><url>
<loc>/sessions/tree_decomposition/</loc>
</url><url>
<loc>/sessions/tree_enumeration/</loc>
</url><url>
<loc>/sessions/triangle/</loc>
</url><url>
<loc>/sessions/trie/</loc>
</url><url>
<loc>/sessions/tsirelsonbound/</loc>
</url><url>
<loc>/sessions/turans_graph_theorem/</loc>
</url><url>
<loc>/sessions/tutorial/</loc>
</url><url>
<loc>/sessions/twelvefold_way/</loc>
</url><url>
<loc>/sessions/two_generated_word_monoids_intersection/</loc>
</url><url>
<loc>/sessions/tycon/</loc>
</url><url>
<loc>/sessions/typeclass_hierarchy/</loc>
</url><url>
<loc>/sessions/types_tableaus_and_goedels_god/</loc>
</url><url>
<loc>/sessions/types_to_sets_extension/</loc>
</url><url>
<loc>/sessions/undirected_graph_theory/</loc>
</url><url>
<loc>/sessions/universal_hash_families/</loc>
</url><url>
<loc>/sessions/universal_turing_machine/</loc>
</url><url>
<loc>/sessions/updown_scheme/</loc>
</url><url>
<loc>/sessions/upf/</loc>
</url><url>
<loc>/sessions/upf_firewall/</loc>
</url><url>
<loc>/sessions/utp/</loc>
</url><url>
<loc>/sessions/utp-toolkit/</loc>
</url><url>
<loc>/sessions/valuation/</loc>
</url><url>
<loc>/sessions/van_der_waerden/</loc>
</url><url>
<loc>/sessions/van_emde_boas_trees/</loc>
</url><url>
<loc>/sessions/vectorspace/</loc>
</url><url>
<loc>/sessions/vericomp/</loc>
</url><url>
<loc>/sessions/verified-prover/</loc>
</url><url>
<loc>/sessions/verified_sat_based_ai_planning/</loc>
</url><url>
<loc>/sessions/verifythis2018/</loc>
</url><url>
<loc>/sessions/verifythis2019/</loc>
</url><url>
<loc>/sessions/vickrey_clarke_groves/</loc>
</url><url>
<loc>/sessions/virtual_substitution/</loc>
</url><url>
<loc>/sessions/volpanosmith/</loc>
</url><url>
<loc>/sessions/vydra_mdl/</loc>
</url><url>
<loc>/sessions/webassembly/</loc>
</url><url>
<loc>/sessions/weight_balanced_trees/</loc>
</url><url>
<loc>/sessions/weighted_arithmetic_geometric_mean/</loc>
</url><url>
<loc>/sessions/weighted_path_order/</loc>
</url><url>
<loc>/sessions/well_quasi_orders/</loc>
</url><url>
<loc>/sessions/wetzels_problem/</loc>
</url><url>
<loc>/sessions/whatandwhere_security/</loc>
</url><url>
<loc>/sessions/winding_number_eval/</loc>
</url><url>
<loc>/sessions/woot_strong_eventual_consistency/</loc>
</url><url>
<loc>/sessions/word_lib/</loc>
</url><url>
<loc>/sessions/workerwrapper/</loc>
</url><url>
<loc>/sessions/x86_semantics/</loc>
</url><url>
<loc>/sessions/xml/</loc>
</url><url>
<loc>/sessions/youngs_inequality/</loc>
</url><url>
<loc>/sessions/zeckendorf/</loc>
</url><url>
<loc>/sessions/zeta_3_irrational/</loc>
</url><url>
<loc>/sessions/zeta_function/</loc>
</url><url>
<loc>/sessions/zf/</loc>
</url><url>
<loc>/sessions/zf-ac/</loc>
</url><url>
<loc>/sessions/zf-coind/</loc>
</url><url>
<loc>/sessions/zf-constructible/</loc>
</url><url>
<loc>/sessions/zf-ex/</loc>
</url><url>
<loc>/sessions/zf-imp/</loc>
</url><url>
<loc>/sessions/zf-induct/</loc>
</url><url>
<loc>/sessions/zf-resid/</loc>
</url><url>
<loc>/sessions/zf-unity/</loc>
</url><url>
<loc>/sessions/zfc_in_hol/</loc>
</url>
</urlset>
diff --git a/web/statistics/index.html b/web/statistics/index.html
--- a/web/statistics/index.html
+++ b/web/statistics/index.html
@@ -1,383 +1,383 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Statistics - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<meta property="og:title" content="Statistics" />
-<meta property="og:description" content="767 Entries 466 Authors ~244,700 Lemmas ~3,969,000 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 23 2. Collections 18 3. Show 16 4. Jordan_Normal_Form 15 5. Coinductive 13 6. Deriving 13 7. Polynomial_Factorization 12 8." />
+<meta property="og:description" content="772 Entries 467 Authors ~247,700 Lemmas ~4,013,000 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 23 2. Collections 18 3. Show 16 4. Jordan_Normal_Form 15 5. Coinductive 13 6. Deriving 13 7. Polynomial_Factorization 12 8." />
<meta property="og:type" content="article" />
<meta property="og:url" content="/statistics/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Statistics"/>
-<meta name="twitter:description" content="767 Entries 466 Authors ~244,700 Lemmas ~3,969,000 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 23 2. Collections 18 3. Show 16 4. Jordan_Normal_Form 15 5. Coinductive 13 6. Deriving 13 7. Polynomial_Factorization 12 8."/>
+<meta name="twitter:description" content="772 Entries 467 Authors ~247,700 Lemmas ~4,013,000 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 23 2. Collections 18 3. Show 16 4. Jordan_Normal_Form 15 5. Coinductive 13 6. Deriving 13 7. Polynomial_Factorization 12 8."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li class="active" >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>S</span>tatistics
</h1>
<div>
</div>
</header>
<div>
<div>
<table>
<tr>
- <td class="statsnumber">767</td>
+ <td class="statsnumber">772</td>
<td><a href="../">Entries</a></td>
</tr>
<tr>
- <td class="statsnumber">466</td>
+ <td class="statsnumber">467</td>
<td><a href="../authors/">Authors</a></td>
</tr>
<tr>
<td class="statsnumber">
- ~244,700
+ ~247,700
</td>
<td>Lemmas</td>
</tr>
<tr>
<td class="statsnumber">
- ~3,969,000
+ ~4,013,000
</td>
<td>Lines of Code</td>
</tr>
</table>
<h4>Most used AFP entries:</h4>
<table id="most_used">
<tr>
<th></th>
<th>Name</th>
<th>Used by ? entries</th>
</tr>
<tr>
<td>1.</td>
<td><a href="../entries/List-Index.html">List-Index</a></td>
<td><a href="../dependencies/list-index/">23</a></td>
</tr>
<tr>
<td>2.</td>
<td><a href="../entries/Collections.html">Collections</a></td>
<td><a href="../dependencies/collections/">18</a></td>
</tr>
<tr>
<td>3.</td>
<td><a href="../entries/Show.html">Show</a></td>
<td><a href="../dependencies/show/">16</a></td>
</tr>
<tr>
<td>4.</td>
<td><a href="../entries/Jordan_Normal_Form.html">Jordan_Normal_Form</a></td>
<td><a href="../dependencies/jordan_normal_form/">15</a></td>
</tr>
<tr>
<td>5.</td>
<td><a href="../entries/Coinductive.html">Coinductive</a></td>
<td><a href="../dependencies/coinductive/">13</a></td>
</tr>
<tr>
<td>6.</td>
<td><a href="../entries/Deriving.html">Deriving</a></td>
<td><a href="../dependencies/deriving/">13</a></td>
</tr>
<tr>
<td>7.</td>
<td><a href="../entries/Polynomial_Factorization.html">Polynomial_Factorization</a></td>
<td><a href="../dependencies/polynomial_factorization/">12</a></td>
</tr>
<tr>
<td>8.</td>
<td><a href="../entries/Regular-Sets.html">Regular-Sets</a></td>
<td><a href="../dependencies/regular-sets/">12</a></td>
</tr>
<tr>
<td>9.</td>
<td><a href="../entries/Landau_Symbols.html">Landau_Symbols</a></td>
<td><a href="../dependencies/landau_symbols/">11</a></td>
</tr>
<tr>
<td>10.</td>
<td><a href="../entries/Abstract-Rewriting.html">Abstract-Rewriting</a></td>
<td><a href="../dependencies/abstract-rewriting/">10</a></td>
</tr>
<tr>
<td>11.</td>
<td><a href="../entries/Automatic_Refinement.html">Automatic_Refinement</a></td>
<td><a href="../dependencies/automatic_refinement/">10</a></td>
</tr>
<tr>
<td>12.</td>
<td><a href="../entries/Native_Word.html">Native_Word</a></td>
<td><a href="../dependencies/native_word/">10</a></td>
</tr>
</table>
<script>
const years = [2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021,2022,2023]
- const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,722,767]
- const no_loc = [60600,96300,130800,238300,353000,435200,516300,567400,737300,824600,1036200,1216500,1600900,1856900,2129500,2449000,2849300,3367100,3732300,3969000 ]
- const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,32,26,38,30,43,32,24]
- const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,273,299,337,367,410,442,466]
- const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','SCC_Bloemen_Sequential','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','Separation_Logic_Unbounded','CRYSTALS-Kyber','Implicational_Logic','Risk_Free_Lending','Padic_Field','Stalnaker_Logic','Safe_Range_RC','Maximum_Segment_Sum','Undirected_Graph_Theory','Query_Optimization','PAPP_Impossibility','Balog_Szemeredi_Gowers','Combinatorial_Enumeration_Algorithms','Turans_Graph_Theorem','Kneser_Cauchy_Davenport','Sauer_Shelah_Lemma','CHERI-C_Memory_Model','AOT','Multitape_To_Singletape_TM','Boolos_Curious_Inference_Automated','Birkhoff_Finite_Distributive_Lattices','Propositional_Logic_Class','Quantifier_Elimination_Hybrid','Binary_Code_Imprimitive','Two_Generated_Word_Monoids_Intersection','Cook_Levin','Synthetic_Completeness','StrictOmegaCategories','HoareForDivergence','Suppes_Theorem','Given_Clause_Loops','ABY3_Protocols','CVP_Hardness','Edwards_Elliptic_Curves_Group','Probability_Inequality_Completeness','Rensets','Expander_Graphs','No_FTL_observers_Gen_Rel','CommCSL','DigitsInBase','Distributed_Distinct_Elements','HyperHoareLogic','TsirelsonBound','Simple_Clause_Learning','Schwartz_Zippel','MHComputation','Three_Squares','MLSS_Decision_Proc','Tree_Enumeration','Multirelations_Heterogeneous','Directed_Sets','Efficient_Weighted_Path_Order','Crypto_Standards','Zeckendorf','DCR-ExecutionEquivalence','Executable_Randomized_Algorithms','Gray_Codes','Earley_Parser','Quantales_Converse','Polygonal_Number_Theorem','Catoids','Fixed_Length_Vector','Ceva','Euler_Polyhedron_Formula','ML_Unification','Hypergraph_Basics','Lovasz_Local','Relational_Cardinality']
- const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2023','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
- const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2081,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2032,254,2220,5959,3463,799,1540,684,6654,8,2625,27490,264,32555,5025,4380,208,9538,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,5997,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11862,2835,8575,1045,408,2940,2612,37929,3207,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,663,6748,1512,4355,1249,1916,6214,4972,10086,7261,538,3830,4591,202,853,2003,5274,10320,1524,150,5292,706,2217,10739,1463,1958,3067,11487,1860,1190,1219,2174,1144,14860,2212,1957,166,10685,6420,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4429,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,822,1302,875,2563,627,945,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5986,527,6650,2584,1772,5327,1092,4121,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1056,21228,9679,8665,3142,9156,695,435,13986,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6184,4106,8166,12091,3188,518,17581,2876,2418,5496,885,2453,1159,17387,576,703,5047,10687,4287,3811,5337,329,4108,1057,15501,3257,2582,553,8478,206,27172,8773,3324,2960,398,12811,9483,370,173,384,19029,2545,6119,3774,645,2415,4344,9355,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7595,3898,3243,4510,855,2289,5027,1349,276,4339,1475,3482,7119,9662,592,1728,852,2194,12198,4382,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8628,11278,4135,378,4711,1200,2103,639,14042,3160,3930,4869,468,1531,5570,5721,1993,4205,478,4124,3147,3472,88,480,1090,1883,2194,250,10669,822,7432,3105,5166,2782,8208,8127,2324,6164,940,6514,992,489,810,8949,3434,338,854,493,4593,9455,15962,6462,10342,787,3772,3253,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,9900,2667,541,1271,2825,4896,9770,2765,937,11918,2205,1743,7906,1386,449,685,1812,1235,3559,3578,2951,2218,1644,5182,4968,2767,17370,34354,3235,6018,1891,373,9969,30917,3018,3298,5306,4590,10509,986,15793,4437,11122,5556,3301,1264,2973,805,10229,2606,5735,3365,472,4879,3199,13317,987,787,4455,527,713,782,2321,2134,9936,2090,3734,5801,2350,4212,3808,176,1726,9694,7217,5069,5729,4562,14098,10292,6404,4470,1909,68341,2345,3937,3485,1706,3154,944,1033,597,370,691,764,2564,332,27826,24138,10943,3063,744,2353,1560,2537,1609,1242,1939,1338,12000,1034,1444,1902,2124,729,13319,3036,5074,9793,6176,1261,2899,2101,5904,12873,9015,4257,4725,426,11477,3546,1295,8100,16379,3523,7792,12655,15363,648,1761,2352,16434,1435,7700,3995,6542,4579,1788,3304,24539,745,365,26525,290,2404,15792,615,4039,3767,4958,17079,8442,15846,6578,4131,7221,1015,10340,384,9264,4094,15795,487,835,666,840,19737,1088,233,4435,7684,1962,4943,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29090,22137,225,1053,169,17516,4304,18639,1306,21773,13533,2621,1324,5954,913,2961,133,2203,455,2619,6076,20605,1882,9607,7685,4271,1385,2302,2946,3108,264,6316,777,757,2594,656,9228,633,8738,502,7222,5937,337,829,18644,18383,14310,730,719,201,1411,4183,816,401,1312,1820,5168,2337,2169,654,2031,3338,8754,4622,7330,95,3657,1527,414,5785,16082,1041,53749,351,3175,1961,2144,1373,2325,3656,431,2239,39749,534,3097,144,2696,19190,2366,2961,1593,799,2051,419,4072,23190,1844,135,888,3535,8765,2328,1286,51217,2400,1105,2001,1036,6140,3226,4780,6881,7843,1739,7492,8371,8943,818,6726,3268,6198,9443,1034,193,3098,5281,3002,7219,618,1263,43708,292,157,3889,497,6003,1765,1938,1397,404,467,2604,1570,259,3589,3204]
+ const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,722,772]
+ const no_loc = [60600,96300,130800,238300,353000,435200,516300,567400,737300,824600,1036200,1216500,1600900,1856900,2129500,2449000,2849300,3367100,3732300,4013000 ]
+ const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,32,26,38,30,43,32,25]
+ const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,273,299,337,367,410,442,467]
+ const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','SCC_Bloemen_Sequential','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','Separation_Logic_Unbounded','CRYSTALS-Kyber','Implicational_Logic','Risk_Free_Lending','Padic_Field','Stalnaker_Logic','Safe_Range_RC','Maximum_Segment_Sum','Undirected_Graph_Theory','Query_Optimization','PAPP_Impossibility','Balog_Szemeredi_Gowers','Combinatorial_Enumeration_Algorithms','Turans_Graph_Theorem','Kneser_Cauchy_Davenport','Sauer_Shelah_Lemma','CHERI-C_Memory_Model','AOT','Multitape_To_Singletape_TM','Boolos_Curious_Inference_Automated','Birkhoff_Finite_Distributive_Lattices','Propositional_Logic_Class','Quantifier_Elimination_Hybrid','Binary_Code_Imprimitive','Two_Generated_Word_Monoids_Intersection','Cook_Levin','Synthetic_Completeness','StrictOmegaCategories','HoareForDivergence','Suppes_Theorem','Given_Clause_Loops','ABY3_Protocols','CVP_Hardness','Edwards_Elliptic_Curves_Group','Probability_Inequality_Completeness','Rensets','Expander_Graphs','No_FTL_observers_Gen_Rel','CommCSL','DigitsInBase','Distributed_Distinct_Elements','HyperHoareLogic','TsirelsonBound','Simple_Clause_Learning','Schwartz_Zippel','MHComputation','Three_Squares','MLSS_Decision_Proc','Tree_Enumeration','Multirelations_Heterogeneous','Directed_Sets','Efficient_Weighted_Path_Order','Crypto_Standards','Zeckendorf','DCR-ExecutionEquivalence','Executable_Randomized_Algorithms','Gray_Codes','Earley_Parser','Quantales_Converse','S_Finite_Measure_Monad','Standard_Borel_Spaces','Polygonal_Number_Theorem','Catoids','Fixed_Length_Vector','Ceva','Coupledsim_Contrasim','IO_Language_Conformance','Euler_Polyhedron_Formula','ML_Unification','Hypergraph_Basics','Lovasz_Local','Relational_Cardinality','Transport']
+ const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2023','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
+ const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2081,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2032,254,2220,5959,3463,799,1540,684,6654,8,2625,27490,264,32555,5025,4380,208,9538,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,5997,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11862,2835,8575,1045,408,2940,2612,37929,3207,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,663,6748,1512,4355,1249,1916,6214,4972,10086,7261,538,3830,4591,202,853,2003,5274,10320,1524,150,5292,706,2217,10739,1463,1958,3067,11487,1860,1190,1219,2174,1144,14860,2212,1957,166,10685,6420,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4429,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,822,1302,875,2563,627,945,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5986,527,6650,2584,1772,5327,1092,4121,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1056,21228,9679,8665,3142,9156,695,435,13986,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6184,4106,8166,12091,3188,518,17581,2876,2418,5496,885,2453,1159,17387,576,703,5047,10687,4287,3811,5337,329,4108,1057,15501,3257,2582,553,8478,206,27172,8773,3324,2960,398,12811,9483,370,173,384,19029,2545,6119,3774,645,2415,4344,9355,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7595,3898,3243,4510,855,2289,5027,1349,276,4339,1475,3482,7119,9662,592,1728,852,2194,12198,4382,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8628,11278,4135,378,4711,1200,2103,639,14042,3160,3930,4869,468,1531,5570,5721,1993,4205,478,4124,3147,3472,88,480,1090,1883,2194,250,10669,822,7432,3105,5166,2782,8208,8127,2324,6164,940,6514,992,489,810,8949,3434,338,854,493,4593,9455,15962,6462,10342,787,3772,3253,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,9900,2667,541,1271,2825,4896,9770,2765,937,11918,2205,1743,7906,1386,449,685,1812,1235,3559,3578,2951,2218,1644,5182,4968,2767,17370,34354,3235,6018,1891,373,9969,30917,3018,3298,5306,4590,10509,986,15793,4437,11122,5556,3301,1264,2973,805,10229,2606,5735,3365,472,4879,3199,13317,987,787,4455,527,713,782,2321,2134,9936,2090,3734,5801,2350,4212,3808,176,1726,9694,7217,5069,5729,4562,14098,10292,6404,4470,1909,68341,2345,3937,3485,1706,3154,944,1033,597,370,691,764,2564,332,27826,24138,10943,3063,744,2353,1560,2537,1609,1242,1939,1338,12000,1034,1444,1902,2124,729,13319,3036,5074,9793,6176,1261,2899,2101,5904,12873,9015,4257,4725,426,11477,3546,1295,8100,16379,3523,7792,12655,15363,648,1761,2352,16434,1435,7700,3995,6542,4579,1788,3304,24539,745,365,26525,290,2404,15792,615,4039,3767,4958,17079,8442,15846,6578,4131,7221,1015,10340,384,9264,4094,15795,487,835,666,840,19737,1088,233,4435,7684,1962,4943,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29090,22137,225,1053,169,17516,4304,18639,1306,21773,13533,2621,1324,5954,913,2961,133,2203,455,2619,6076,20605,1882,9607,7685,4271,1385,2302,2946,3108,264,6316,777,757,2594,656,9228,633,8738,502,7222,5937,337,829,18644,18383,14310,730,719,201,1411,4183,816,401,1312,1820,5168,2337,2169,654,2031,3338,8754,4622,7330,95,3657,1527,414,5785,16082,1041,53749,351,3175,1961,2144,1373,2325,3656,431,2239,39749,534,3097,144,2696,19190,2366,2961,1593,799,2051,419,4072,23190,1844,135,888,3535,8765,2328,1286,51217,2400,1105,2001,1036,6140,3226,4780,6881,7843,1739,7492,8371,8943,818,6726,3268,6198,9443,1034,193,3098,5281,3002,7219,618,1263,43708,292,157,3889,497,6003,1765,10568,12604,1938,1397,404,467,5302,2898,2604,1570,259,3589,3204,12659]
</script>
<h4>Growth in number of entries:</h4>
<script src="../js/Chart.js"></script>
<div class="chart">
<canvas id="num-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("num-articles-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'Size of the AFP in # of entries',
data: no_articles,
backgroundColor: "rgba(46, 45, 78, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in lines of code:</h4>
<div class="chart">
<canvas id="loc-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'size of the AFP in lines of code',
data: no_loc,
backgroundColor: "rgba(101, 99, 136, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in number of authors:</h4>
<div class="chart">
<canvas id="author-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("author-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'new authors per year',
data: no_authors,
backgroundColor: "rgba(101, 99, 136, 1)"
},
{
label: 'number of authors contributing (cumulative)',
data: no_authors_series,
backgroundColor: "rgba(0, 15, 48, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Size of entries:</h4>
<div class="chart">
<canvas id="loc-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-articles-canvas"), {
type: 'bar',
data: {
labels: article_years_unique,
datasets: [{
label: 'loc per article',
data: loc_articles,
backgroundColor: 'rgba(101, 99, 136, 1)'
}]
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
xAxes: [{
categoryPercentage: 1,
barPercentage: 0.9,
ticks: {
autoSkip: false
}
}],
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
tooltips: {
callbacks: {
title: tooltipItem => all_articles[tooltipItem[0].index]
}
}
}
})
</script>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/automata-and-formal-languages/index.html b/web/topics/computer-science/automata-and-formal-languages/index.html
--- a/web/topics/computer-science/automata-and-formal-languages/index.html
+++ b/web/topics/computer-science/automata-and-formal-languages/index.html
@@ -1,629 +1,638 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Computer science/Automata and formal languages - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/automata-and-formal-languages/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Computer science/Automata and formal languages" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/automata-and-formal-languages/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Automata and formal languages"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>omputer science/<span class='first'>A</span>utomata and formal languages
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10003752.10003766">Theory of computation~Formal languages and automata theory</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68Q45">Computer scienece / Theory of computing / Formal languages and automata</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/IO_Language_Conformance.html">Conformance Relations between Input/Output Languages</a></h5>
+ <br>
+ by <a href="../../../authors/sachtleben">Robert Sachtleben</a>
+
+ </div>
+ <span class="date">Sep 01</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Cook_Levin.html">The Cook-Levin theorem</a></h5>
<br>
by <a href="../../../authors/balbach">Frank J. Balbach</a>
</div>
<span class="date">Jan 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Two_Generated_Word_Monoids_Intersection.html">Intersection of two monoids generated by two element codes</a></h5>
<br>
by <a href="../../../authors/holub">Štěpán Holub</a> and <a href="../../../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">Jan 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Binary_Code_Imprimitive.html">Binary codes that do not preserve primitivity</a></h5>
<br>
by <a href="../../../authors/holub">Štěpán Holub</a> and <a href="../../../authors/raska">Martin Raška</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Multitape_To_Singletape_TM.html">A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</a></h5>
<br>
by <a href="../../../authors/dalvit">Christian Dalvit</a> and <a href="../../../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Nov 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5>
<br>
by <a href="../../../authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">Aug 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5>
<br>
by <a href="../../../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Feb 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5>
<br>
by <a href="../../../authors/lochmann">Alexander Lochmann</a> and <a href="../../../authors/felgenhauer">Bertram Felgenhauer</a>
</div>
<span class="date">Feb 02</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5>
<br>
by <a href="../../../authors/lochmann">Alexander Lochmann</a>, <a href="../../../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../../../authors/sternagel">Christian Sternagel</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/sternagelt">Thomas Sternagel</a>
</div>
<span class="date">Dec 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5>
<br>
by <a href="../../../authors/holub">Štěpán Holub</a> and <a href="../../../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5>
<br>
by <a href="../../../authors/holub">Štěpán Holub</a>, <a href="../../../authors/raska">Martin Raška</a> and <a href="../../../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5>
<br>
by <a href="../../../authors/holub">Štěpán Holub</a>, <a href="../../../authors/raska">Martin Raška</a> and <a href="../../../authors/starosta">Štěpán Starosta</a>
</div>
<span class="date">May 24</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5>
<br>
by <a href="../../../authors/foster">Michael Foster</a>, <a href="../../../authors/brucker">Achim D. Brucker</a>, <a href="../../../authors/taylor">Ramsay G. Taylor</a> and <a href="../../../authors/derrick">John Derrick</a>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5>
<br>
by <a href="../../../authors/foster">Michael Foster</a>, <a href="../../../authors/brucker">Achim D. Brucker</a>, <a href="../../../authors/taylor">Ramsay G. Taylor</a> and <a href="../../../authors/derrick">John Derrick</a>
</div>
<span class="date">Sep 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5>
<br>
by <a href="../../../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">May 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5>
<br>
by <a href="../../../authors/dardinier">Thibault Dardinier</a>, <a href="../../../authors/heimes">Lukas Heimes</a>, <a href="../../../authors/raszyk">Martin Raszyk</a>, <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Apr 09</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5>
<br>
by <a href="../../../authors/sachtleben">Robert Sachtleben</a>
</div>
<span class="date">Aug 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5>
<br>
by <a href="../../../authors/buyse">Maxime Buyse</a> and <a href="../../../authors/jaskolka">Jason Jaskolka</a>
</div>
<span class="date">Aug 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5>
<br>
by <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5>
<br>
by <a href="../../../authors/seidl">Benedikt Seidl</a> and <a href="../../../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Apr 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5>
<br>
by <a href="../../../authors/xu">Jian Xu</a>, <a href="../../../authors/zhangx">Xingyuan Zhang</a>, <a href="../../../authors/urban">Christian Urban</a>, <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="../../../authors/regensburger">Franz Regensburger</a>
</div>
<span class="date">Feb 08</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5>
<br>
by <a href="../../../authors/kurz">Friedrich Kurz</a> and <a href="../../../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5>
<br>
by <a href="../../../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Jun 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5>
<br>
by <a href="../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">May 24</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5>
<br>
by <a href="../../../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Nov 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5>
<br>
by <a href="../../../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Buchi_Complementation.html">Büchi Complementation</a></h5>
<br>
by <a href="../../../authors/brunner">Julian Brunner</a>
</div>
<span class="date">Oct 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LocalLexing.html">Local Lexing</a></h5>
<br>
by <a href="../../../authors/obua">Steven Obua</a>
</div>
<span class="date">Apr 28</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5>
<br>
by <a href="../../../authors/ausaf">Fahad Ausaf</a>, <a href="../../../authors/dyckhoff">Roy Dyckhoff</a> and <a href="../../../authors/urban">Christian Urban</a>
</div>
<span class="date">May 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5>
<br>
by <a href="../../../authors/bortin">Maksym Bortin</a>
</div>
<span class="date">Apr 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAD.html">Kleene Algebras with Domain</a></h5>
<br>
by <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/guttmann">Walter Guttmann</a>, <a href="../../../authors/hoefner">Peter Höfner</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a>
</div>
<span class="date">Apr 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Timed_Automata.html">Timed Automata</a></h5>
<br>
by <a href="../../../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">Mar 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL.html">Linear Temporal Logic</a></h5>
<br>
by <a href="../../../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Mar 01</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5>
<br>
by <a href="../../../authors/sickert">Salomon Sickert</a>
</div>
<span class="date">Sep 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5>
<br>
by <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5>
<br>
by <a href="../../../authors/hoelzl">Johannes Hölzl</a>, <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Feb 05</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5>
<br>
by <a href="../../../authors/traytel">Dmitriy Traytel</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jun 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CAVA_Automata.html">The CAVA Automata Library</a></h5>
<br>
by <a href="../../../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5>
<br>
by <a href="../../../authors/schimpf">Alexander Schimpf</a> and <a href="../../../authors/lammich">Peter Lammich</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5>
<br>
by <a href="../../../authors/esparza">Javier Esparza</a>, <a href="../../../authors/lammich">Peter Lammich</a>, <a href="../../../authors/neumann">René Neumann</a>, <a href="../../../authors/nipkow">Tobias Nipkow</a>, <a href="../../../authors/schimpf">Alexander Schimpf</a> and <a href="../../../authors/smaus">Jan-Georg Smaus</a>
</div>
<span class="date">May 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regular_Algebras.html">Regular Algebras</a></h5>
<br>
by <a href="../../../authors/fosters">Simon Foster</a> and <a href="../../../authors/struth">Georg Struth</a>
</div>
<span class="date">May 21</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5>
<br>
by <a href="../../../authors/nipkow">Tobias Nipkow</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Jan 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5>
<br>
by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/struth">Georg Struth</a>
</div>
<span class="date">Jan 23</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5>
<br>
by <a href="../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Nov 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Kleene_Algebra.html">Kleene Algebra</a></h5>
<br>
by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a>
</div>
<span class="date">Jan 15</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5>
<br>
by <a href="../../../authors/merz">Stephan Merz</a>
</div>
<span class="date">May 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Markov_Models.html">Markov Models</a></h5>
<br>
by <a href="../../../authors/hoelzl">Johannes Hölzl</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5>
<br>
by <a href="../../../authors/wu">Chunhan Wu</a>, <a href="../../../authors/zhangx">Xingyuan Zhang</a> and <a href="../../../authors/urban">Christian Urban</a>
</div>
<span class="date">Aug 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KBPs.html">Knowledge-based programs</a></h5>
<br>
by <a href="../../../authors/gammie">Peter Gammie</a>
</div>
<span class="date">May 17</span>
</article>
<h2 class="head">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5>
<br>
by <a href="../../../authors/helke">Steffen Helke</a> and <a href="../../../authors/kammueller">Florian Kammüller</a>
</div>
<span class="date">Aug 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regular-Sets.html">Regular Sets and Expressions</a></h5>
<br>
by <a href="../../../authors/krauss">Alexander Krauss</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">May 12</span>
</article>
<h2 class="head">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5>
<br>
by <a href="../../../authors/berghofer">Stefan Berghofer</a> and <a href="../../../authors/reiter">Markus Reiter</a>
</div>
<span class="date">Dec 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Tree-Automata.html">Tree Automata</a></h5>
<br>
by <a href="../../../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Nov 25</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Functional-Automata.html">Functional Automata</a></h5>
<br>
by <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Mar 30</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/automata-and-formal-languages/index.xml b/web/topics/computer-science/automata-and-formal-languages/index.xml
--- a/web/topics/computer-science/automata-and-formal-languages/index.xml
+++ b/web/topics/computer-science/automata-and-formal-languages/index.xml
@@ -1,394 +1,401 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Automata and formal languages on Archive of Formal Proofs
</title>
<link>/topics/computer-science/automata-and-formal-languages/</link>
<description>
Recent content in Computer science/Automata and formal languages
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/automata-and-formal-languages/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Conformance Relations between Input/Output Languages</title>
+ <link>/entries/IO_Language_Conformance.html</link>
+ <pubDate>Fri, 01 Sep 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/IO_Language_Conformance.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>The Cook-Levin theorem</title>
<link>/entries/Cook_Levin.html</link>
<pubDate>Sun, 08 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Cook_Levin.html</guid>
<description></description>
</item>
<item>
<title>Binary codes that do not preserve primitivity</title>
<link>/entries/Binary_Code_Imprimitive.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Binary_Code_Imprimitive.html</guid>
<description></description>
</item>
<item>
<title>Intersection of two monoids generated by two element codes</title>
<link>/entries/Two_Generated_Word_Monoids_Intersection.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Two_Generated_Word_Monoids_Intersection.html</guid>
<description></description>
</item>
<item>
<title>A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</title>
<link>/entries/Multitape_To_Singletape_TM.html</link>
<pubDate>Wed, 30 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multitape_To_Singletape_TM.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/concurrency/index.html b/web/topics/computer-science/concurrency/index.html
--- a/web/topics/computer-science/concurrency/index.html
+++ b/web/topics/computer-science/concurrency/index.html
@@ -1,195 +1,204 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Computer science/Concurrency - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/concurrency/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Computer science/Concurrency" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/concurrency/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Concurrency"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>omputer science/<span class='first'>C</span>oncurrency
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10003752.10003753.10003761">Theory of computation~Concurrency</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68Q85">Computer science / Theory of computing / Models and methods for concurrent and distributed computing (process algebras, bisimulation, transition nets, etc.)</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by <a href="../../../authors/bisping">Benjamin Bisping</a> and <a href="../../../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">Aug 18</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/CommCSL.html">Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</a></h5>
<br>
by <a href="../../../authors/dardinier">Thibault Dardinier</a>
</div>
<span class="date">Mar 15</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5>
<br>
by <a href="../../../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Feb 28</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5>
<br>
by <a href="../../../authors/van">Hai Nguyen Van</a>, <a href="../../../authors/boulanger">Frédéric Boulanger</a> and <a href="../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Jul 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5>
<br>
by <a href="../../../authors/cohen">Ernie Cohen</a> and <a href="../../../authors/schirmer">Norbert Schirmer</a>
</div>
<span class="date">Jan 07</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5>
<br>
by <a href="../../../authors/overbeek">Roy Overbeek</a>
</div>
<span class="date">Dec 25</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5>
<br>
by <a href="../../../authors/fell">Julian Fell</a>, <a href="../../../authors/hayes">Ian J. Hayes</a> and <a href="../../../authors/velykis">Andrius Velykis</a>
</div>
<span class="date">Dec 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FLP.html">A Constructive Proof for FLP</a></h5>
<br>
by <a href="../../../authors/bisping">Benjamin Bisping</a>, <a href="../../../authors/brodmann">Paul-David Brodmann</a>, <a href="../../../authors/jungnickel">Tim Jungnickel</a>, <a href="../../../authors/rickmann">Christina Rickmann</a>, <a href="../../../authors/seidler">Henning Seidler</a>, <a href="../../../authors/stueber">Anke Stüber</a>, <a href="../../../authors/weidner">Arno Wilhelm-Weidner</a>, <a href="../../../authors/peters">Kirstin Peters</a> and <a href="../../../authors/nestmann">Uwe Nestmann</a>
</div>
<span class="date">May 18</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/concurrency/index.xml b/web/topics/computer-science/concurrency/index.xml
--- a/web/topics/computer-science/concurrency/index.xml
+++ b/web/topics/computer-science/concurrency/index.xml
@@ -1,156 +1,163 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Concurrency on Archive of Formal Proofs
</title>
<link>/topics/computer-science/concurrency/</link>
<description>
Recent content in Computer science/Concurrency
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/concurrency/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/index.xml b/web/topics/computer-science/index.xml
--- a/web/topics/computer-science/index.xml
+++ b/web/topics/computer-science/index.xml
@@ -1,3370 +1,3412 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science on Archive of Formal Proofs
</title>
<link>/topics/computer-science/</link>
<description>
Recent content in Computer science
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Mon, 14 Aug 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/topics/computer-science/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Conformance Relations between Input/Output Languages</title>
+ <link>/entries/IO_Language_Conformance.html</link>
+ <pubDate>Fri, 01 Sep 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/IO_Language_Conformance.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Fixed-length vectors</title>
<link>/entries/Fixed_Length_Vector.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Fixed_Length_Vector.html</guid>
<description></description>
</item>
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Earley Parser</title>
<link>/entries/Earley_Parser.html</link>
<pubDate>Sun, 16 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Earley_Parser.html</guid>
<description></description>
</item>
<item>
<title>Gray Codes for Arbitrary Numeral Systems</title>
<link>/entries/Gray_Codes.html</link>
<pubDate>Tue, 11 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Gray_Codes.html</guid>
<description></description>
</item>
<item>
<title>Executable Randomized Algorithms</title>
<link>/entries/Executable_Randomized_Algorithms.html</link>
<pubDate>Mon, 19 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Executable_Randomized_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>DCR Syntax and Execution Equivalent Markings</title>
<link>/entries/DCR-ExecutionEquivalence.html</link>
<pubDate>Fri, 16 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/DCR-ExecutionEquivalence.html</guid>
<description></description>
</item>
<item>
<title>Cryptographic Standards</title>
<link>/entries/Crypto_Standards.html</link>
<pubDate>Tue, 06 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Crypto_Standards.html</guid>
<description></description>
</item>
<item>
<title>A Verified Efficient Implementation of the Weighted Path Order</title>
<link>/entries/Efficient_Weighted_Path_Order.html</link>
<pubDate>Thu, 01 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Efficient_Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Tree Enumeration</title>
<link>/entries/Tree_Enumeration.html</link>
<pubDate>Tue, 09 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>The Halting Problem is Soluble in Malament-Hogarth Spacetimes</title>
<link>/entries/MHComputation.html</link>
<pubDate>Sat, 29 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/MHComputation.html</guid>
<description></description>
</item>
<item>
<title>The Schwartz-Zippel Lemma</title>
<link>/entries/Schwartz_Zippel.html</link>
<pubDate>Thu, 27 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Schwartz_Zippel.html</guid>
<description></description>
</item>
<item>
<title>Distributed Distinct Elements</title>
<link>/entries/Distributed_Distinct_Elements.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Distributed_Distinct_Elements.html</guid>
<description></description>
</item>
<item>
<title>Distributed Distinct Elements</title>
<link>/entries/Distributed_Distinct_Elements.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Distributed_Distinct_Elements.html</guid>
<description></description>
</item>
<item>
<title>Distributed Distinct Elements</title>
<link>/entries/Distributed_Distinct_Elements.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Distributed_Distinct_Elements.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</title>
<link>/entries/HyperHoareLogic.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/HyperHoareLogic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>Expander Graphs</title>
<link>/entries/Expander_Graphs.html</link>
<pubDate>Fri, 03 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/Expander_Graphs.html</guid>
<description></description>
</item>
<item>
<title>Expander Graphs</title>
<link>/entries/Expander_Graphs.html</link>
<pubDate>Fri, 03 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/Expander_Graphs.html</guid>
<description></description>
</item>
<item>
<title>Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</title>
<link>/entries/Rensets.html</link>
<pubDate>Tue, 28 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Rensets.html</guid>
<description></description>
</item>
<item>
<title>Hardness of Lattice Problems</title>
<link>/entries/CVP_Hardness.html</link>
<pubDate>Thu, 02 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/CVP_Hardness.html</guid>
<description></description>
</item>
<item>
<title>ABY3 Multiplication and Array Shuffling</title>
<link>/entries/ABY3_Protocols.html</link>
<pubDate>Fri, 27 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/ABY3_Protocols.html</guid>
<description></description>
</item>
<item>
<title>A Hoare Logic for Diverging Programs</title>
<link>/entries/HoareForDivergence.html</link>
<pubDate>Fri, 20 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/HoareForDivergence.html</guid>
<description></description>
</item>
<item>
<title>The Cook-Levin theorem</title>
<link>/entries/Cook_Levin.html</link>
<pubDate>Sun, 08 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Cook_Levin.html</guid>
<description></description>
</item>
<item>
<title>Binary codes that do not preserve primitivity</title>
<link>/entries/Binary_Code_Imprimitive.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Binary_Code_Imprimitive.html</guid>
<description></description>
</item>
<item>
<title>Intersection of two monoids generated by two element codes</title>
<link>/entries/Two_Generated_Word_Monoids_Intersection.html</link>
<pubDate>Tue, 03 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Two_Generated_Word_Monoids_Intersection.html</guid>
<description></description>
</item>
<item>
<title>A First Complete Algorithm for Real Quantifier Elimination in Isabelle/HOL</title>
<link>/entries/Quantifier_Elimination_Hybrid.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quantifier_Elimination_Hybrid.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</title>
<link>/entries/Multitape_To_Singletape_TM.html</link>
<pubDate>Wed, 30 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multitape_To_Singletape_TM.html</guid>
<description></description>
</item>
<item>
<title>A Formal CHERI-C Memory Model</title>
<link>/entries/CHERI-C_Memory_Model.html</link>
<pubDate>Fri, 25 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/CHERI-C_Memory_Model.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Enumeration Algorithms</title>
<link>/entries/Combinatorial_Enumeration_Algorithms.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorial_Enumeration_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Verification of Query Optimization Algorithms</title>
<link>/entries/Query_Optimization.html</link>
<pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
<guid>/entries/Query_Optimization.html</guid>
<description></description>
</item>
<item>
<title>Maximum Segment Sum</title>
<link>/entries/Maximum_Segment_Sum.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Maximum_Segment_Sum.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
<title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
<link>/entries/SCC_Bloemen_Sequential.html</link>
<pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/SCC_Bloemen_Sequential.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/programming-languages/index.xml b/web/topics/computer-science/programming-languages/index.xml
--- a/web/topics/computer-science/programming-languages/index.xml
+++ b/web/topics/computer-science/programming-languages/index.xml
@@ -1,688 +1,702 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Programming languages on Archive of Formal Proofs
</title>
<link>/topics/computer-science/programming-languages/</link>
<description>
Recent content in Computer science/Programming languages
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/programming-languages/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Formalization of Hyper Hoare Logic: A Logic to (Dis-)Prove Program Hyperproperties</title>
<link>/entries/HyperHoareLogic.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/HyperHoareLogic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of CommCSL: A Relational Concurrent Separation Logic for Proving Information Flow Security in Concurrent Programs</title>
<link>/entries/CommCSL.html</link>
<pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/CommCSL.html</guid>
<description></description>
</item>
<item>
<title>Renaming-Enriched Sets (Rensets) and Renaming-Based Recursion</title>
<link>/entries/Rensets.html</link>
<pubDate>Tue, 28 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Rensets.html</guid>
<description></description>
</item>
<item>
<title>A Hoare Logic for Diverging Programs</title>
<link>/entries/HoareForDivergence.html</link>
<pubDate>Fri, 20 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/HoareForDivergence.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/programming-languages/lambda-calculi/index.html b/web/topics/computer-science/programming-languages/lambda-calculi/index.html
--- a/web/topics/computer-science/programming-languages/lambda-calculi/index.html
+++ b/web/topics/computer-science/programming-languages/lambda-calculi/index.html
@@ -1,215 +1,225 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Computer science/Programming languages/Lambda calculi - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../../topics/computer-science/programming-languages/lambda-calculi/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Computer science/Programming languages/Lambda calculi" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/programming-languages/lambda-calculi/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Programming languages/Lambda calculi"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon">
<script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script>
<script src="../../../../js/header-search.js"></script>
<script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class="logo-link">
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../../">
<li >
Home
</li>
</a>
<a href="../../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../../download/">
<li >
Download
</li>
</a>
<a href="../../../../help/">
<li >
Help
</li>
</a>
<a href="../../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>omputer science/<span class='first'>P</span>rogramming languages/<span class='first'>L</span>ambda calculi
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10002950.10003714.10003732.10003733">Mathematics of computing~Lambda calculus</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68N18">Computer science / Theory of software / Functional programming and lambda calculus</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../../../../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5>
<br>
by <a href="../../../../authors/stark">Eugene W. Stark</a>
</div>
<span class="date">Feb 28</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5>
<br>
by <a href="../../../../authors/brun">Matthias Brun</a> and <a href="../../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">May 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5>
<br>
by <a href="../../../../authors/gheri">Lorenzo Gheri</a> and <a href="../../../../authors/popescu">Andrei Popescu</a>
</div>
<span class="date">Apr 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5>
<br>
by <a href="../../../../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Jan 15</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/LambdaMu.html">The LambdaMu-calculus</a></h5>
<br>
by <a href="../../../../authors/matache">Cristina Matache</a>, <a href="../../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../../authors/mulligan">Dominic P. Mulligan</a>
</div>
<span class="date">Aug 16</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5>
<br>
by <a href="../../../../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Jan 31</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/PCF.html">Logical Relations for PCF</a></h5>
<br>
by <a href="../../../../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Jul 01</span>
</article>
<h2 class="head">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5>
<br>
by <a href="../../../../authors/doczkal">Christian Doczkal</a>
</div>
<span class="date">Aug 29</span>
</article>
<h2 class="head">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5>
<br>
by <a href="../../../../authors/berghofer">Stefan Berghofer</a>
</div>
<span class="date">Aug 02</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/programming-languages/lambda-calculi/index.xml b/web/topics/computer-science/programming-languages/lambda-calculi/index.xml
--- a/web/topics/computer-science/programming-languages/lambda-calculi/index.xml
+++ b/web/topics/computer-science/programming-languages/lambda-calculi/index.xml
@@ -1,79 +1,86 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Programming languages/Lambda calculi on Archive of Formal Proofs
</title>
<link>/topics/computer-science/programming-languages/lambda-calculi/</link>
<description>
Recent content in Computer science/Programming languages/Lambda calculi
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/programming-languages/lambda-calculi/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/programming-languages/type-systems/index.html b/web/topics/computer-science/programming-languages/type-systems/index.html
--- a/web/topics/computer-science/programming-languages/type-systems/index.html
+++ b/web/topics/computer-science/programming-languages/type-systems/index.html
@@ -1,224 +1,234 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Computer science/Programming languages/Type systems - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../../topics/computer-science/programming-languages/type-systems/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Computer science/Programming languages/Type systems" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/programming-languages/type-systems/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Programming languages/Type systems"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon">
<script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script>
<script src="../../../../js/header-search.js"></script>
<script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class="logo-link">
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../../">
<li >
Home
</li>
</a>
<a href="../../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../../download/">
<li >
Download
</li>
</a>
<a href="../../../../help/">
<li >
Help
</li>
</a>
<a href="../../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>omputer science/<span class='first'>P</span>rogramming languages/<span class='first'>T</span>ype systems
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10011007.10011006.10011008.10011024.10011028">Software and its engineering~Data types and structures</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../../../../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5>
<br>
by <a href="../../../../authors/wassell">Mark Wassell</a>
</div>
<span class="date">Jun 18</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5>
<br>
by <a href="../../../../authors/fosters">Simon Foster</a> and <a href="../../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 20</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5>
<br>
by <a href="../../../../authors/rawson">Michael Rawson</a>
</div>
<span class="date">Jul 09</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5>
<br>
by <a href="../../../../authors/murray">Toby Murray</a>, <a href="../../../../authors/sison">Robert Sison</a>, <a href="../../../../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../../../../authors/rizkallah">Christine Rizkallah</a>
</div>
<span class="date">Jun 25</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Strong_Security.html">A Formalization of Strong Security</a></h5>
<br>
by <a href="../../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../../authors/lux">Alexander Lux</a>, <a href="../../../../authors/mantel">Heiko Mantel</a> and <a href="../../../../authors/sauer">Jens Sauer</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5>
<br>
by <a href="../../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../../authors/lux">Alexander Lux</a>, <a href="../../../../authors/mantel">Heiko Mantel</a> and <a href="../../../../authors/sauer">Jens Sauer</a>
</div>
<span class="date">Apr 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5>
<br>
by <a href="../../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../../authors/mantel">Heiko Mantel</a> and <a href="../../../../authors/schoepe">Daniel Schoepe</a>
</div>
<span class="date">Apr 23</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5>
<br>
by <a href="../../../../authors/popescu">Andrei Popescu</a> and <a href="../../../../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Sep 10</span>
</article>
<h2 class="head">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5>
<br>
by <a href="../../../../authors/snelting">Gregor Snelting</a> and <a href="../../../../authors/wasserrab">Daniel Wasserrab</a>
</div>
<span class="date">Sep 02</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/MiniML.html">Mini ML</a></h5>
<br>
by <a href="../../../../authors/naraschewski">Wolfgang Naraschewski</a> and <a href="../../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Mar 19</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/programming-languages/type-systems/index.xml b/web/topics/computer-science/programming-languages/type-systems/index.xml
--- a/web/topics/computer-science/programming-languages/type-systems/index.xml
+++ b/web/topics/computer-science/programming-languages/type-systems/index.xml
@@ -1,86 +1,93 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Programming languages/Type systems on Archive of Formal Proofs
</title>
<link>/topics/computer-science/programming-languages/type-systems/</link>
<description>
Recent content in Computer science/Programming languages/Type systems
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/programming-languages/type-systems/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/semantics-and-reasoning/index.html b/web/topics/computer-science/semantics-and-reasoning/index.html
--- a/web/topics/computer-science/semantics-and-reasoning/index.html
+++ b/web/topics/computer-science/semantics-and-reasoning/index.html
@@ -1,280 +1,298 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Computer science/Semantics and reasoning - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/semantics-and-reasoning/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Computer science/Semantics and reasoning" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/semantics-and-reasoning/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Semantics and reasoning"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>C</span>omputer science/<span class='first'>S</span>emantics and reasoning
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10003752.10010124">Theory of computation~Semantics and reasoning</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68Q55">Computer science / Theory of computing / Semantics in the theory of computing</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../../../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="../../../authors/hirata">Michikazu Hirata</a> and <a href="../../../authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Quantales_Converse.html">Modal quantales, involutive quantales, Dedekind Quantales</a></h5>
<br>
by <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/calk">Cameron Calk</a>
</div>
<span class="date">Jul 25</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CHERI-C_Memory_Model.html">A Formal CHERI-C Memory Model</a></h5>
<br>
by <a href="../../../authors/park">Seung Hoon Park</a>
</div>
<span class="date">Nov 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5>
<br>
by <a href="../../../authors/marmsoler">Diego Marmsoler</a> and <a href="../../../authors/brucker">Achim D. Brucker</a>
</div>
<span class="date">Jul 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by <a href="../../../authors/hirata">Michikazu Hirata</a>, <a href="../../../authors/minamide">Yasuhiko Minamide</a> and <a href="../../../authors/sato">Tetsuya Sato</a>
</div>
<span class="date">Feb 03</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Registers.html">Quantum and Classical Registers</a></h5>
<br>
by <a href="../../../authors/unruh">Dominique Unruh</a>
</div>
<span class="date">Oct 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5>
<br>
by <a href="../../../authors/verbeek">Freek Verbeek</a>, <a href="../../../authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="../../../authors/bockenek">Joshua Bockenek</a>, <a href="../../../authors/roessle">Ian Roessle</a>, <a href="../../../authors/weerwag">Timmy Weerwag</a> and <a href="../../../authors/ravindran">Binoy Ravindran</a>
</div>
<span class="date">Oct 13</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5>
<br>
by <a href="../../../authors/taha">Safouan Taha</a>, <a href="../../../authors/wolff">Burkhart Wolff</a> and <a href="../../../authors/ye">Lina Ye</a>
</div>
<span class="date">Nov 19</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Isabelle_C.html">Isabelle/C</a></h5>
<br>
by <a href="../../../authors/tuong">Frédéric Tuong</a> and <a href="../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5>
<br>
by <a href="../../../authors/tuong">Frédéric Tuong</a> and <a href="../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Oct 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5>
<br>
by <a href="../../../authors/van">Hai Nguyen Van</a>, <a href="../../../authors/boulanger">Frédéric Boulanger</a> and <a href="../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Jul 30</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5>
<br>
by <a href="../../../authors/taha">Safouan Taha</a>, <a href="../../../authors/ye">Lina Ye</a> and <a href="../../../authors/wolff">Burkhart Wolff</a>
</div>
<span class="date">Apr 26</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/QHLProver.html">Quantum Hoare Logic</a></h5>
<br>
by <a href="../../../authors/liu">Junyi Liu</a>, <a href="../../../authors/zhan">Bohua Zhan</a>, <a href="../../../authors/wang">Shuling Wang</a>, <a href="../../../authors/ying">Shenggang Ying</a>, <a href="../../../authors/liut">Tao Liu</a>, <a href="../../../authors/liy">Yangjia Li</a>, <a href="../../../authors/yingm">Mingsheng Ying</a> and <a href="../../../authors/zhann">Naijun Zhan</a>
</div>
<span class="date">Mar 24</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transformer_Semantics.html">Transformer Semantics</a></h5>
<br>
by <a href="../../../authors/struth">Georg Struth</a>
</div>
<span class="date">Dec 11</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5>
<br>
by <a href="../../../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Aug 08</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5>
<br>
by <a href="../../../authors/breitner">Joachim Breitner</a>
</div>
<span class="date">Jan 31</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5>
<br>
by <a href="../../../authors/lammich">Peter Lammich</a>
</div>
<span class="date">Jan 30</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/semantics-and-reasoning/index.xml b/web/topics/computer-science/semantics-and-reasoning/index.xml
--- a/web/topics/computer-science/semantics-and-reasoning/index.xml
+++ b/web/topics/computer-science/semantics-and-reasoning/index.xml
@@ -1,128 +1,142 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Semantics and reasoning on Archive of Formal Proofs
</title>
<link>/topics/computer-science/semantics-and-reasoning/</link>
<description>
Recent content in Computer science/Semantics and reasoning
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/computer-science/semantics-and-reasoning/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>A Formal CHERI-C Memory Model</title>
<link>/entries/CHERI-C_Memory_Model.html</link>
<pubDate>Fri, 25 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/CHERI-C_Memory_Model.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/index.html b/web/topics/index.html
--- a/web/topics/index.html
+++ b/web/topics/index.html
@@ -1,397 +1,397 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Archive of Formal Proofs </title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<meta property="og:title" content="Topics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Topics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script>
<script src="../js/header-search.js"></script>
<script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class="logo-link">
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../">
<li >
Home
</li>
</a>
<a href="../topics/">
<li >
Topics
</li>
</a>
<a href="../download/">
<li >
Download
</li>
</a>
<a href="../help/">
<li >
Help
</li>
</a>
<a href="../submission/">
<li >
Submission
</li>
</a>
<a href="../statistics/">
<li >
Statistics
</li>
</a>
<a href="../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>T</span>opics
</h1>
<div>
</div>
</header>
<div>
<h2>
<a href="../topics/computer-science">Computer science (1)</a>
</h2>
<ul>
<li><h3>
<a href="../topics/computer-science/algorithms">Algorithms (40)</a>
</h3></li>
<ul>
<li>
<a href="../topics/computer-science/algorithms/approximation">Approximation (3)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/concurrent">Concurrent (1)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/distributed">Distributed (14)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/geometry">Geometry (1)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/graph">Graph (17)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/mathematical">Mathematical (22)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/online">Online (1)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/optimization">Optimization (1)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/quantum-computing">Quantum computing (3)</a>
</li>
<li>
<a href="../topics/computer-science/algorithms/randomized">Randomized (15)</a>
</li>
</ul>
<li><h3>
<a href="../topics/computer-science/artificial-intelligence">Artificial intelligence (3)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/computer-science/automata-and-formal-languages">Automata and formal languages (54)</a>
+ <a href="../topics/computer-science/automata-and-formal-languages">Automata and formal languages (55)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/computer-science/concurrency">Concurrency (7)</a>
+ <a href="../topics/computer-science/concurrency">Concurrency (8)</a>
</h3></li>
<ul>
<li>
<a href="../topics/computer-science/concurrency/process-calculi">Process calculi (13)</a>
</li>
</ul>
<li><h3>
<a href="../topics/computer-science/data-management-systems">Data management systems (5)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/data-structures">Data structures (66)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/functional-programming">Functional programming (24)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/hardware">Hardware (2)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/machine-learning">Machine learning (2)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/networks">Networks (7)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/programming-languages">Programming languages (3)</a>
</h3></li>
<ul>
<li>
<a href="../topics/computer-science/programming-languages/compiling">Compiling (9)</a>
</li>
<li>
- <a href="../topics/computer-science/programming-languages/lambda-calculi">Lambda calculi (9)</a>
+ <a href="../topics/computer-science/programming-languages/lambda-calculi">Lambda calculi (10)</a>
</li>
<li>
<a href="../topics/computer-science/programming-languages/language-definitions">Language definitions (18)</a>
</li>
<li>
<a href="../topics/computer-science/programming-languages/logics">Logics (34)</a>
</li>
<li>
<a href="../topics/computer-science/programming-languages/misc">Misc (4)</a>
</li>
<li>
<a href="../topics/computer-science/programming-languages/static-analysis">Static analysis (9)</a>
</li>
<li>
- <a href="../topics/computer-science/programming-languages/type-systems">Type systems (10)</a>
+ <a href="../topics/computer-science/programming-languages/type-systems">Type systems (11)</a>
</li>
</ul>
<li><h3>
<a href="../topics/computer-science/security">Security (48)</a>
</h3></li>
<ul>
<li>
<a href="../topics/computer-science/security/cryptography">Cryptography (9)</a>
</li>
</ul>
<li><h3>
- <a href="../topics/computer-science/semantics-and-reasoning">Semantics and reasoning (16)</a>
+ <a href="../topics/computer-science/semantics-and-reasoning">Semantics and reasoning (18)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/computer-science/system-description-languages">System description languages (8)</a>
</h3></li>
<ul>
</ul>
</ul>
<h2>
<a href="../topics/logic">Logic (1)</a>
</h2>
<ul>
<li><h3>
<a href="../topics/logic/computability">Computability (10)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/logic/general-logic">General logic (6)</a>
</h3></li>
<ul>
<li>
<a href="../topics/logic/general-logic/classical-first-order-logic">Classical first-order logic (7)</a>
</li>
<li>
<a href="../topics/logic/general-logic/classical-propositional-logic">Classical propositional logic (6)</a>
</li>
<li>
<a href="../topics/logic/general-logic/decidability-of-theories">Decidability of theories (5)</a>
</li>
<li>
<a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logics of knowledge and belief (6)</a>
</li>
<li>
<a href="../topics/logic/general-logic/mechanization-of-proofs">Mechanization of proofs (14)</a>
</li>
<li>
- <a href="../topics/logic/general-logic/modal-logic">Modal logic (6)</a>
+ <a href="../topics/logic/general-logic/modal-logic">Modal logic (7)</a>
</li>
<li>
<a href="../topics/logic/general-logic/paraconsistent-logics">Paraconsistent logics (1)</a>
</li>
<li>
<a href="../topics/logic/general-logic/temporal-logic">Temporal logic (6)</a>
</li>
</ul>
<li><h3>
<a href="../topics/logic/philosophical-aspects">Philosophical aspects (11)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/logic/proof-theory">Proof theory (23)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/logic/rewriting">Rewriting (19)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/logic/set-theory">Set theory (13)</a>
</h3></li>
<ul>
</ul>
</ul>
<h2>
<a href="../topics/mathematics">Mathematics (1)</a>
</h2>
<ul>
<li><h3>
<a href="../topics/mathematics/algebra">Algebra (86)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/mathematics/analysis">Analysis (52)</a>
+ <a href="../topics/mathematics/analysis">Analysis (53)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/category-theory">Category theory (11)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/combinatorics">Combinatorics (41)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/mathematics/games-and-economics">Games and economics (16)</a>
+ <a href="../topics/mathematics/games-and-economics">Games and economics (17)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/geometry">Geometry (22)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/graph-theory">Graph theory (27)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/mathematics/measure-and-integration">Measure and integration (1)</a>
+ <a href="../topics/mathematics/measure-and-integration">Measure and integration (2)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/misc">Misc (4)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/number-theory">Number theory (44)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/mathematics/order">Order (8)</a>
+ <a href="../topics/mathematics/order">Order (9)</a>
</h3></li>
<ul>
</ul>
<li><h3>
<a href="../topics/mathematics/physics">Physics (6)</a>
</h3></li>
<ul>
<li>
<a href="../topics/mathematics/physics/quantum-information">Quantum information (3)</a>
</li>
</ul>
<li><h3>
- <a href="../topics/mathematics/probability-theory">Probability theory (20)</a>
+ <a href="../topics/mathematics/probability-theory">Probability theory (21)</a>
</h3></li>
<ul>
</ul>
<li><h3>
- <a href="../topics/mathematics/topology">Topology (6)</a>
+ <a href="../topics/mathematics/topology">Topology (7)</a>
</h3></li>
<ul>
</ul>
</ul>
<h2>
<a href="../topics/tools">Tools (23)</a>
</h2>
<ul>
</ul>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/general-logic/index.xml b/web/topics/logic/general-logic/index.xml
--- a/web/topics/logic/general-logic/index.xml
+++ b/web/topics/logic/general-logic/index.xml
@@ -1,415 +1,422 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic/General logic on Archive of Formal Proofs
</title>
<link>/topics/logic/general-logic/</link>
<description>
Recent content in Logic/General logic
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/logic/general-logic/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</title>
<link>/entries/Simple_Clause_Learning.html</link>
<pubDate>Thu, 20 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Clause_Learning.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Given Clause Loops</title>
<link>/entries/Given_Clause_Loops.html</link>
<pubDate>Wed, 25 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Given_Clause_Loops.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Synthetic Completeness</title>
<link>/entries/Synthetic_Completeness.html</link>
<pubDate>Mon, 09 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Synthetic_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Class-based Classical Propositional Logic</title>
<link>/entries/Propositional_Logic_Class.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Logic_Class.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>Abstract Object Theory</title>
<link>/entries/AOT.html</link>
<pubDate>Mon, 28 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/AOT.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/logic/general-logic/modal-logic/index.html b/web/topics/logic/general-logic/modal-logic/index.html
--- a/web/topics/logic/general-logic/modal-logic/index.html
+++ b/web/topics/logic/general-logic/modal-logic/index.html
@@ -1,186 +1,196 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Logic/General logic/Modal logic - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../../topics/logic/general-logic/modal-logic/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Logic/General logic/Modal logic" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/logic/general-logic/modal-logic/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Logic/General logic/Modal logic"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon">
<script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script>
<script src="../../../../js/header-search.js"></script>
<script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class="logo-link">
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../../">
<li >
Home
</li>
</a>
<a href="../../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../../download/">
<li >
Download
</li>
</a>
<a href="../../../../help/">
<li >
Help
</li>
</a>
<a href="../../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>L</span>ogic/<span class='first'>G</span>eneral logic/<span class='first'>M</span>odal logic
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10003752.10003790.10003793">Theory of computation~Modal and temporal logics</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=03B45">Mathematical logic and foundations / General logic / Modal logic (including the logic of norms)</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by <a href="../../../../authors/bisping">Benjamin Bisping</a> and <a href="../../../../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">Aug 18</span>
+ </article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5>
<br>
by <a href="../../../../authors/benzmueller">Christoph Benzmüller</a>
</div>
<span class="date">Nov 08</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5>
<br>
by <a href="../../../../authors/dardinier">Thibault Dardinier</a>, <a href="../../../../authors/heimes">Lukas Heimes</a>, <a href="../../../../authors/raszyk">Martin Raszyk</a>, <a href="../../../../authors/schneider">Joshua Schneider</a> and <a href="../../../../authors/traytel">Dmitriy Traytel</a>
</div>
<span class="date">Apr 09</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5>
<br>
by <a href="../../../../authors/from">Asta Halkjær From</a>
</div>
<span class="date">Dec 20</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5>
<br>
by <a href="../../../../authors/linker">Sven Linker</a>
</div>
<span class="date">Nov 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5>
<br>
by <a href="../../../../authors/bohrer">Rose Bohrer</a>
</div>
<span class="date">Feb 13</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5>
<br>
by <a href="../../../../authors/weber">Tjark Weber</a>, <a href="../../../../authors/eriksson">Lars-Henrik Eriksson</a>, <a href="../../../../authors/parrow">Joachim Parrow</a>, <a href="../../../../authors/borgstroem">Johannes Borgström</a> and <a href="../../../../authors/gutkovas">Ramunas Gutkovas</a>
</div>
<span class="date">Oct 25</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/general-logic/modal-logic/index.xml b/web/topics/logic/general-logic/modal-logic/index.xml
--- a/web/topics/logic/general-logic/modal-logic/index.xml
+++ b/web/topics/logic/general-logic/modal-logic/index.xml
@@ -1,58 +1,65 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic/General logic/Modal logic on Archive of Formal Proofs
</title>
<link>/topics/logic/general-logic/modal-logic/</link>
<description>
Recent content in Logic/General logic/Modal logic
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/logic/general-logic/modal-logic/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/logic/index.xml b/web/topics/logic/index.xml
--- a/web/topics/logic/index.xml
+++ b/web/topics/logic/index.xml
@@ -1,955 +1,962 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic on Archive of Formal Proofs
</title>
<link>/topics/logic/</link>
<description>
Recent content in Logic
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 01 Jun 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/topics/logic/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>A Verified Efficient Implementation of the Weighted Path Order</title>
<link>/entries/Efficient_Weighted_Path_Order.html</link>
<pubDate>Thu, 01 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Efficient_Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>MLSS Decision Procedure</title>
<link>/entries/MLSS_Decision_Proc.html</link>
<pubDate>Fri, 05 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/MLSS_Decision_Proc.html</guid>
<description></description>
</item>
<item>
<title>The Halting Problem is Soluble in Malament-Hogarth Spacetimes</title>
<link>/entries/MHComputation.html</link>
<pubDate>Sat, 29 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/MHComputation.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of the SCL(FOL) Calculus: Simple Clause Learning for First-Order Logic</title>
<link>/entries/Simple_Clause_Learning.html</link>
<pubDate>Thu, 20 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Clause_Learning.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Given Clause Loops</title>
<link>/entries/Given_Clause_Loops.html</link>
<pubDate>Wed, 25 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Given_Clause_Loops.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Synthetic Completeness</title>
<link>/entries/Synthetic_Completeness.html</link>
<pubDate>Mon, 09 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Synthetic_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Synthetic Completeness</title>
<link>/entries/Synthetic_Completeness.html</link>
<pubDate>Mon, 09 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Synthetic_Completeness.html</guid>
<description></description>
</item>
<item>
<title>The Cook-Levin theorem</title>
<link>/entries/Cook_Levin.html</link>
<pubDate>Sun, 08 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Cook_Levin.html</guid>
<description></description>
</item>
<item>
<title>Class-based Classical Propositional Logic</title>
<link>/entries/Propositional_Logic_Class.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Logic_Class.html</guid>
<description></description>
</item>
<item>
<title>Class-based Classical Propositional Logic</title>
<link>/entries/Propositional_Logic_Class.html</link>
<pubDate>Thu, 15 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Logic_Class.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>Automation of Boolos&#39; Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference_Automated.html</link>
<pubDate>Mon, 05 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference_Automated.html</guid>
<description></description>
</item>
<item>
<title>A Verified Translation of Multitape Turing Machines into Singletape Turing Machines</title>
<link>/entries/Multitape_To_Singletape_TM.html</link>
<pubDate>Wed, 30 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multitape_To_Singletape_TM.html</guid>
<description></description>
</item>
<item>
<title>Abstract Object Theory</title>
<link>/entries/AOT.html</link>
<pubDate>Mon, 28 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/AOT.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/analysis/index.html b/web/topics/mathematics/analysis/index.html
--- a/web/topics/mathematics/analysis/index.html
+++ b/web/topics/mathematics/analysis/index.html
@@ -1,609 +1,619 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Analysis - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/analysis/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Analysis" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/analysis/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Analysis"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>A</span>nalysis
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10002950.10003714">Mathematics of computing~Mathematical analysis</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></h5>
+ <br>
+ by <a href="../../../authors/hirata">Michikazu Hirata</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5>
<br>
by <a href="../../../authors/fleuriot">Jacques D. Fleuriot</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Mar 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 15</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Feb 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Jan 31</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5>
<br>
by <a href="../../../authors/smola">Filip Smola</a> and <a href="../../../authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">Dec 31</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5>
<br>
by <a href="../../../authors/fleuriot">Jacques D. Fleuriot</a>
</div>
<span class="date">Nov 08</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5>
<br>
by <a href="../../../authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="../../../authors/unruh">Dominique Unruh</a>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5>
<br>
by <a href="../../../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Sep 03</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Three_Circles.html">The Theorem of Three Circles</a></h5>
<br>
by <a href="../../../authors/thomson">Fox Thomson</a> and <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Aug 21</span>
</article>
<h2 class="head">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5>
<br>
by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">May 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5>
<br>
by <a href="../../../authors/unruh">Dominique Unruh</a> and <a href="../../../authors/caballero">José Manuel Rodríguez Caballero</a>
</div>
<span class="date">May 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Apr 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5>
<br>
by <a href="../../../authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">Apr 19</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/tan">Yong Kiam Tan</a>
</div>
<span class="date">Dec 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5>
<br>
by <a href="../../../authors/munive">Jonathan Julian Huerta y Munive</a>
</div>
<span class="date">Sep 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fourier.html">Fourier Series</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Laplace_Transform.html">Laplace Transform</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a>
</div>
<span class="date">Aug 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5>
<br>
by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Mar 27</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/zhan">Bohua Zhan</a>
</div>
<span class="date">Oct 22</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Budan_Fourier.html">The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</a></h5>
<br>
by <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Sep 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5>
<br>
by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">May 23</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Error_Function.html">The Error Function</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5>
<br>
by <a href="../../../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Jan 11</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Taylor_Models.html">Taylor Models</a></h5>
<br>
by <a href="../../../authors/traut">Christoph Traut</a> and <a href="../../../authors/immler">Fabian Immler</a>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5>
<br>
by <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Oct 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5>
<br>
by <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Oct 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Linear_Recurrences.html">Linear Recurrences</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Oct 12</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Mar 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Bernoulli.html">Bernoulli Numbers</a></h5>
<br>
by <a href="../../../authors/bulwahn">Lukas Bulwahn</a> and <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/E_Transcendental.html">The Transcendence of e</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 12</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5>
<br>
by <a href="../../../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lp.html">Lp spaces</a></h5>
<br>
by <a href="../../../authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">Oct 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Sep 01</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Mar 08</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Liouville_Numbers.html">Liouville numbers</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Dec 28</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 14</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Landau_Symbols.html">Landau Symbols</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jul 14</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sturm_Tarski.html">The Sturm–Tarski Theorem</a></h5>
<br>
by <a href="../../../authors/li">Wenda Li</a>
</div>
<span class="date">Sep 19</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Aug 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a>
</div>
<span class="date">Feb 07</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5>
<br>
by <a href="../../../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Feb 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jan 11</span>
</article>
<h2 class="head">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5>
<br>
by <a href="../../../authors/thiemann">René Thiemann</a>
</div>
<span class="date">Jan 03</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">Apr 26</span>
</article>
<h2 class="head">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5>
<br>
by <a href="../../../authors/grechuk">Bogdan Grechuk</a>
</div>
<span class="date">Jan 08</span>
</article>
<h2 class="head">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5>
<br>
by <a href="../../../authors/sternagel">Christian Sternagel</a>, <a href="../../../authors/thiemann">René Thiemann</a>, <a href="../../../authors/maletzky">Alexander Maletzky</a>, <a href="../../../authors/immler">Fabian Immler</a>, <a href="../../../authors/haftmann">Florian Haftmann</a>, <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/bentkamp">Alexander Bentkamp</a>
</div>
<span class="date">Aug 10</span>
</article>
<h2 class="head">2006</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5>
<br>
by <a href="../../../authors/porter">Benjamin Porter</a>
</div>
<span class="date">Mar 14</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Integration.html">Integration theory and random variables</a></h5>
<br>
by <a href="../../../authors/richter">Stefan Richter</a>
</div>
<span class="date">Nov 19</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/analysis/index.xml b/web/topics/mathematics/analysis/index.xml
--- a/web/topics/mathematics/analysis/index.xml
+++ b/web/topics/mathematics/analysis/index.xml
@@ -1,380 +1,387 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Analysis on Archive of Formal Proofs
</title>
<link>/topics/mathematics/analysis/</link>
<description>
Recent content in Mathematics/Analysis
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/analysis/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>The Sturm–Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/games-and-economics/index.html b/web/topics/mathematics/games-and-economics/index.html
--- a/web/topics/mathematics/games-and-economics/index.html
+++ b/web/topics/mathematics/games-and-economics/index.html
@@ -1,277 +1,287 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Games and economics - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/games-and-economics/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Games and economics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/games-and-economics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Games and economics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>G</span>ames and economics
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=91-XX">Game theory, economics, finance, and other social and behavioral sciences</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../entries/Coupledsim_Contrasim.html">Coupled Similarity and Contrasimilarity, and How to Compute Them</a></h5>
+ <br>
+ by <a href="../../../authors/bisping">Benjamin Bisping</a> and <a href="../../../authors/montanari">Luisa Montanari</a>
+
+ </div>
+ <span class="date">Aug 18</span>
+ </article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PAPP_Impossibility.html">The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</a></h5>
<br>
by <a href="../../../authors/delemazure">Théo Delemazure</a>, <a href="../../../authors/demeulemeester">Tom Demeulemeester</a>, <a href="../../../authors/eberl">Manuel Eberl</a>, <a href="../../../authors/israel">Jonas Israel</a> and <a href="../../../authors/lederer">Patrick Lederer</a>
</div>
<span class="date">Nov 10</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5>
<br>
by <a href="../../../authors/doty">Matthew Doty</a>
</div>
<span class="date">Sep 18</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5>
<br>
by <a href="../../../authors/ito">Yosuke Ito</a>
</div>
<span class="date">Jan 23</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5>
<br>
by <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Dec 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5>
<br>
by <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>
</div>
<span class="date">Apr 23</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5>
<br>
by <a href="../../../authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">Jul 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5>
<br>
by <a href="../../../authors/parsert">Julian Parsert</a> and <a href="../../../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Jul 04</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5>
<br>
by <a href="../../../authors/brandt">Felix Brandt</a>, <a href="../../../authors/eberl">Manuel Eberl</a>, <a href="../../../authors/saile">Christian Saile</a> and <a href="../../../authors/stricker">Christian Stricker</a>
</div>
<span class="date">Mar 22</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5>
<br>
by <a href="../../../authors/parsert">Julian Parsert</a> and <a href="../../../authors/kaliszyk">Cezary Kaliszyk</a>
</div>
<span class="date">Sep 01</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stable_Matching.html">Stable Matching</a></h5>
<br>
by <a href="../../../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Oct 24</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">May 04</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5>
<br>
by <a href="../../../authors/dittmann">Christoph Dittmann</a>
</div>
<span class="date">Nov 02</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5>
<br>
by <a href="../../../authors/caminati">Marco B. Caminati</a>, <a href="../../../authors/kerber">Manfred Kerber</a>, <a href="../../../authors/lange">Christoph Lange</a> and <a href="../../../authors/rowat">Colin Rowat</a>
</div>
<span class="date">Apr 30</span>
</article>
<h2 class="head">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5>
<br>
by <a href="../../../authors/gammie">Peter Gammie</a>
</div>
<span class="date">Nov 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5>
<br>
by <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Sep 01</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/games-and-economics/index.xml b/web/topics/mathematics/games-and-economics/index.xml
--- a/web/topics/mathematics/games-and-economics/index.xml
+++ b/web/topics/mathematics/games-and-economics/index.xml
@@ -1,128 +1,135 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Games and economics on Archive of Formal Proofs
</title>
<link>/topics/mathematics/games-and-economics/</link>
<description>
Recent content in Mathematics/Games and economics
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/games-and-economics/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</title>
<link>/entries/PAPP_Impossibility.html</link>
<pubDate>Thu, 10 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/PAPP_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/index.xml b/web/topics/mathematics/index.xml
--- a/web/topics/mathematics/index.xml
+++ b/web/topics/mathematics/index.xml
@@ -1,2453 +1,2495 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics on Archive of Formal Proofs
</title>
<link>/topics/mathematics/</link>
<description>
Recent content in Mathematics
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Fri, 22 Sep 2023 00:00:00 +0000</lastBuildDate>
+ <lastBuildDate>Wed, 11 Oct 2023 00:00:00 +0000</lastBuildDate>
<atom:link href="/topics/mathematics/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Cardinality and Representation of Stone Relation Algebras</title>
<link>/entries/Relational_Cardinality.html</link>
<pubDate>Fri, 22 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Cardinality.html</guid>
<description></description>
</item>
<item>
<title>General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</title>
<link>/entries/Lovasz_Local.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Lovasz_Local.html</guid>
<description></description>
</item>
<item>
<title>General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</title>
<link>/entries/Lovasz_Local.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Lovasz_Local.html</guid>
<description></description>
</item>
<item>
<title>Hypergraphs</title>
<link>/entries/Hypergraph_Basics.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Hypergraph_Basics.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Polyhedron Formula</title>
<link>/entries/Euler_Polyhedron_Formula.html</link>
<pubDate>Sat, 16 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Polyhedron_Formula.html</guid>
<description></description>
</item>
<item>
+ <title>Coupled Similarity and Contrasimilarity, and How to Compute Them</title>
+ <link>/entries/Coupledsim_Contrasim.html</link>
+ <pubDate>Fri, 18 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Coupledsim_Contrasim.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Ceva&#39;s Theorem</title>
<link>/entries/Ceva.html</link>
<pubDate>Wed, 16 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Ceva.html</guid>
<description></description>
</item>
<item>
<title>Catoids, Categories, Groupoids</title>
<link>/entries/Catoids.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Catoids.html</guid>
<description></description>
</item>
<item>
<title>Catoids, Categories, Groupoids</title>
<link>/entries/Catoids.html</link>
<pubDate>Mon, 14 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Catoids.html</guid>
<description></description>
</item>
<item>
<title>Polygonal Number Theorem</title>
<link>/entries/Polygonal_Number_Theorem.html</link>
<pubDate>Thu, 10 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Polygonal_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Polygonal Number Theorem</title>
<link>/entries/Polygonal_Number_Theorem.html</link>
<pubDate>Thu, 10 Aug 2023 00:00:00 +0000</pubDate>
<guid>/entries/Polygonal_Number_Theorem.html</guid>
<description></description>
</item>
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Gray Codes for Arbitrary Numeral Systems</title>
<link>/entries/Gray_Codes.html</link>
<pubDate>Tue, 11 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Gray_Codes.html</guid>
<description></description>
</item>
<item>
<title>Zeckendorf’s Theorem</title>
<link>/entries/Zeckendorf.html</link>
<pubDate>Mon, 12 Jun 2023 00:00:00 +0000</pubDate>
<guid>/entries/Zeckendorf.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Results on Directed Sets</title>
<link>/entries/Directed_Sets.html</link>
<pubDate>Wed, 24 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Directed_Sets.html</guid>
<description></description>
</item>
<item>
<title>Inner Structure, Determinism and Modal Algebra of Multirelations</title>
<link>/entries/Multirelations_Heterogeneous.html</link>
<pubDate>Mon, 22 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations_Heterogeneous.html</guid>
<description></description>
</item>
<item>
<title>Tree Enumeration</title>
<link>/entries/Tree_Enumeration.html</link>
<pubDate>Tue, 09 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Tree Enumeration</title>
<link>/entries/Tree_Enumeration.html</link>
<pubDate>Tue, 09 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Three Squares Theorem</title>
<link>/entries/Three_Squares.html</link>
<pubDate>Wed, 03 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Three_Squares.html</guid>
<description></description>
</item>
<item>
<title>The Halting Problem is Soluble in Malament-Hogarth Spacetimes</title>
<link>/entries/MHComputation.html</link>
<pubDate>Sat, 29 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/MHComputation.html</guid>
<description></description>
</item>
<item>
<title>The Schwartz-Zippel Lemma</title>
<link>/entries/Schwartz_Zippel.html</link>
<pubDate>Thu, 27 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/Schwartz_Zippel.html</guid>
<description></description>
</item>
<item>
<title>The CHSH inequality: Tsirelson&#39;s upper-bound and other results</title>
<link>/entries/TsirelsonBound.html</link>
<pubDate>Tue, 18 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/TsirelsonBound.html</guid>
<description></description>
</item>
<item>
<title>The CHSH inequality: Tsirelson&#39;s upper-bound and other results</title>
<link>/entries/TsirelsonBound.html</link>
<pubDate>Tue, 18 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/TsirelsonBound.html</guid>
<description></description>
</item>
<item>
<title>Positional Notation for Natural Numbers in an Arbitrary Base</title>
<link>/entries/DigitsInBase.html</link>
<pubDate>Mon, 03 Apr 2023 00:00:00 +0000</pubDate>
<guid>/entries/DigitsInBase.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers (GenRel)</title>
<link>/entries/No_FTL_observers_Gen_Rel.html</link>
<pubDate>Sun, 05 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers_Gen_Rel.html</guid>
<description></description>
</item>
<item>
<title>Expander Graphs</title>
<link>/entries/Expander_Graphs.html</link>
<pubDate>Fri, 03 Mar 2023 00:00:00 +0000</pubDate>
<guid>/entries/Expander_Graphs.html</guid>
<description></description>
</item>
<item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Group Law of Edwards Elliptic Curves</title>
<link>/entries/Edwards_Elliptic_Curves_Group.html</link>
<pubDate>Thu, 16 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Edwards_Elliptic_Curves_Group.html</guid>
<description></description>
</item>
<item>
<title>Hardness of Lattice Problems</title>
<link>/entries/CVP_Hardness.html</link>
<pubDate>Thu, 02 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/CVP_Hardness.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strict Omega Categories</title>
<link>/entries/StrictOmegaCategories.html</link>
<pubDate>Sat, 14 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/StrictOmegaCategories.html</guid>
<description></description>
</item>
<item>
<title>Birkhoff&#39;s Representation Theorem For Finite Distributive Lattices</title>
<link>/entries/Birkhoff_Finite_Distributive_Lattices.html</link>
<pubDate>Tue, 06 Dec 2022 00:00:00 +0000</pubDate>
<guid>/entries/Birkhoff_Finite_Distributive_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Abstract Object Theory</title>
<link>/entries/AOT.html</link>
<pubDate>Mon, 28 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/AOT.html</guid>
<description></description>
</item>
<item>
<title>Sauer-Shelah Lemma</title>
<link>/entries/Sauer_Shelah_Lemma.html</link>
<pubDate>Thu, 24 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sauer_Shelah_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Kneser&#39;s Theorem and the Cauchy–Davenport Theorem</title>
<link>/entries/Kneser_Cauchy_Davenport.html</link>
<pubDate>Mon, 21 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Kneser_Cauchy_Davenport.html</guid>
<description></description>
</item>
<item>
<title>Turán&#39;s Graph Theorem</title>
<link>/entries/Turans_Graph_Theorem.html</link>
<pubDate>Mon, 14 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Turans_Graph_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Enumeration Algorithms</title>
<link>/entries/Combinatorial_Enumeration_Algorithms.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorial_Enumeration_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>The Balog–Szemerédi–Gowers Theorem</title>
<link>/entries/Balog_Szemeredi_Gowers.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Balog_Szemeredi_Gowers.html</guid>
<description></description>
</item>
<item>
<title>The Balog–Szemerédi–Gowers Theorem</title>
<link>/entries/Balog_Szemeredi_Gowers.html</link>
<pubDate>Fri, 11 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/Balog_Szemeredi_Gowers.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Strategy-Proofness and Representation in Party-Approval Multi-Winner Elections</title>
<link>/entries/PAPP_Impossibility.html</link>
<pubDate>Thu, 10 Nov 2022 00:00:00 +0000</pubDate>
<guid>/entries/PAPP_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Undirected Graph Theory</title>
<link>/entries/Undirected_Graph_Theory.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Undirected_Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan–Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>The Sturm–Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/measure-and-integration/index.html b/web/topics/mathematics/measure-and-integration/index.html
--- a/web/topics/mathematics/measure-and-integration/index.html
+++ b/web/topics/mathematics/measure-and-integration/index.html
@@ -1,136 +1,146 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Measure and integration - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/measure-and-integration/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Measure and integration" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/measure-and-integration/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Measure and integration"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>M</span>easure and integration
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=28-XX">Measure and integration</a></p>
+ <h2 class="head">2023</h2>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="../../../authors/hirata">Michikazu Hirata</a> and <a href="../../../authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5>
<br>
by <a href="../../../authors/cousin">Marie Cousin</a>, <a href="../../../authors/echenim">Mnacho Echenim</a> and <a href="../../../authors/guiol">Hervé Guiol</a>
</div>
<span class="date">Nov 19</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/measure-and-integration/index.xml b/web/topics/mathematics/measure-and-integration/index.xml
--- a/web/topics/mathematics/measure-and-integration/index.xml
+++ b/web/topics/mathematics/measure-and-integration/index.xml
@@ -1,23 +1,30 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Measure and integration on Archive of Formal Proofs
</title>
<link>/topics/mathematics/measure-and-integration/</link>
<description>
Recent content in Mathematics/Measure and integration
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/measure-and-integration/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/order/index.html b/web/topics/mathematics/order/index.html
--- a/web/topics/mathematics/order/index.html
+++ b/web/topics/mathematics/order/index.html
@@ -1,203 +1,212 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Order - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/order/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Order" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/order/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Order"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>O</span>rder
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=06-XX">Order, lattices, ordered algebraic structures</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Transport.html">Transport via Partial Galois Connections and Equivalences</a></h5>
+ <br>
+ by <a href="../../../authors/kappelmann">Kevin Kappelmann</a>
+
+ </div>
+ <span class="date">Oct 11</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Quantales_Converse.html">Modal quantales, involutive quantales, Dedekind Quantales</a></h5>
<br>
by <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/calk">Cameron Calk</a>
</div>
<span class="date">Jul 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Directed_Sets.html">Formalizing Results on Directed Sets</a></h5>
<br>
by <a href="../../../authors/yamada">Akihisa Yamada</a> and <a href="../../../authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">May 24</span>
</article>
<h2 class="head">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5>
<br>
by <a href="../../../authors/zeller">Peter Zeller</a> and <a href="../../../authors/stevens">Lukas Stevens</a>
</div>
<span class="date">Jul 27</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5>
<br>
by <a href="../../../authors/yamada">Akihisa Yamada</a> and <a href="../../../authors/dubut">Jérémy Dubut</a>
</div>
<span class="date">Jun 27</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5>
<br>
by <a href="../../../authors/struth">Georg Struth</a>
</div>
<span class="date">Dec 11</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5>
<br>
by <a href="../../../authors/ghourabi">Fadoua Ghourabi</a>
</div>
<span class="date">Sep 29</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stone_Algebras.html">Stone Algebras</a></h5>
<br>
by <a href="../../../authors/guttmann">Walter Guttmann</a>
</div>
<span class="date">Sep 06</span>
</article>
<h2 class="head">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LatticeProperties.html">Lattice Properties</a></h5>
<br>
by <a href="../../../authors/preoteasa">Viorel Preoteasa</a>
</div>
<span class="date">Sep 22</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/order/index.xml b/web/topics/mathematics/order/index.xml
--- a/web/topics/mathematics/order/index.xml
+++ b/web/topics/mathematics/order/index.xml
@@ -1,72 +1,79 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Order on Archive of Formal Proofs
</title>
<link>/topics/mathematics/order/</link>
<description>
Recent content in Mathematics/Order
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/order/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Transport via Partial Galois Connections and Equivalences</title>
+ <link>/entries/Transport.html</link>
+ <pubDate>Wed, 11 Oct 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Transport.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Modal quantales, involutive quantales, Dedekind Quantales</title>
<link>/entries/Quantales_Converse.html</link>
<pubDate>Tue, 25 Jul 2023 00:00:00 +0000</pubDate>
<guid>/entries/Quantales_Converse.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Results on Directed Sets</title>
<link>/entries/Directed_Sets.html</link>
<pubDate>Wed, 24 May 2023 00:00:00 +0000</pubDate>
<guid>/entries/Directed_Sets.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/probability-theory/index.html b/web/topics/mathematics/probability-theory/index.html
--- a/web/topics/mathematics/probability-theory/index.html
+++ b/web/topics/mathematics/probability-theory/index.html
@@ -1,316 +1,325 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Probability theory - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/probability-theory/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Probability theory" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/probability-theory/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Probability theory"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>P</span>robability theory
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10002950.10003648">Mathematics of computing~Probability and statistics</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=60-XX">Probability theory and stochastic processes</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lovasz_Local.html">General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</a></h5>
<br>
by <a href="../../../authors/edmonds">Chelsea Edmonds</a>
</div>
<span class="date">Sep 20</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/S_Finite_Measure_Monad.html">S-Finite Measure Monad on Quasi-Borel Spaces</a></h5>
+ <br>
+ by <a href="../../../authors/hirata">Michikazu Hirata</a> and <a href="../../../authors/minamide">Yasuhiko Minamide</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Probability_Inequality_Completeness.html">A Sound and Complete Calculus for Probability Inequalities</a></h5>
<br>
by <a href="../../../authors/doty">Matthew Doty</a>
</div>
<span class="date">Feb 20</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Suppes_Theorem.html">Suppes&#39; Theorem For Probability Logic</a></h5>
<br>
by <a href="../../../authors/doty">Matthew Doty</a>
</div>
<span class="date">Jan 22</span>
</article>
<h2 class="head">2022</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5>
<br>
by <a href="../../../authors/hirata">Michikazu Hirata</a>, <a href="../../../authors/minamide">Yasuhiko Minamide</a> and <a href="../../../authors/sato">Tetsuya Sato</a>
</div>
<span class="date">Feb 03</span>
</article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5>
<br>
by <a href="../../../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../../../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5>
<br>
by <a href="../../../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../../../authors/abdulaziz">Mohammad Abdulaziz</a>
</div>
<span class="date">Dec 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5>
<br>
by <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Mar 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Feb 10</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5>
<br>
by <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/sefidgar">S. Reza Sefidgar</a>
</div>
<span class="date">Dec 17</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5>
<br>
by <a href="../../../authors/echenim">Mnacho Echenim</a>
</div>
<span class="date">Jul 16</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5>
<br>
by <a href="../../../authors/wimmer">Simon Wimmer</a>
</div>
<span class="date">May 25</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5>
<br>
by <a href="../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../authors/hoelzl">Johannes Hölzl</a>
</div>
<span class="date">May 24</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>
</div>
<span class="date">Jun 06</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_While.html">Probabilistic while loop</a></h5>
<br>
by <a href="../../../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CryptHOL.html">CryptHOL</a></h5>
<br>
by <a href="../../../authors/lochbihler">Andreas Lochbihler</a>
</div>
<span class="date">May 05</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5>
<br>
by <a href="../../../authors/hibon">Quentin Hibon</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Oct 19</span>
</article>
<h2 class="head">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Ergodic_Theory.html">Ergodic Theory</a></h5>
<br>
by <a href="../../../authors/gouezel">Sebastien Gouezel</a>
</div>
<span class="date">Dec 01</span>
</article>
<h2 class="head">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5>
<br>
by <a href="../../../authors/eberl">Manuel Eberl</a>, <a href="../../../authors/hoelzl">Johannes Hölzl</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Oct 09</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5>
<br>
by <a href="../../../authors/hupel">Lars Hupel</a>
</div>
<span class="date">Feb 13</span>
</article>
<h2 class="head">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Markov_Models.html">Markov Models</a></h5>
<br>
by <a href="../../../authors/hoelzl">Johannes Hölzl</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a>
</div>
<span class="date">Jan 03</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/probability-theory/index.xml b/web/topics/mathematics/probability-theory/index.xml
--- a/web/topics/mathematics/probability-theory/index.xml
+++ b/web/topics/mathematics/probability-theory/index.xml
@@ -1,156 +1,163 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Probability theory on Archive of Formal Proofs
</title>
<link>/topics/mathematics/probability-theory/</link>
<description>
Recent content in Mathematics/Probability theory
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/probability-theory/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>General Probabilistic Techniques for Combinatorics and the Lovasz Local Lemma</title>
<link>/entries/Lovasz_Local.html</link>
<pubDate>Wed, 20 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Lovasz_Local.html</guid>
<description></description>
</item>
<item>
+ <title>S-Finite Measure Monad on Quasi-Borel Spaces</title>
+ <link>/entries/S_Finite_Measure_Monad.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/S_Finite_Measure_Monad.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>A Sound and Complete Calculus for Probability Inequalities</title>
<link>/entries/Probability_Inequality_Completeness.html</link>
<pubDate>Mon, 20 Feb 2023 00:00:00 +0000</pubDate>
<guid>/entries/Probability_Inequality_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Suppes&#39; Theorem For Probability Logic</title>
<link>/entries/Suppes_Theorem.html</link>
<pubDate>Sun, 22 Jan 2023 00:00:00 +0000</pubDate>
<guid>/entries/Suppes_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/topology/index.html b/web/topics/mathematics/topology/index.html
--- a/web/topics/mathematics/topology/index.html
+++ b/web/topics/mathematics/topology/index.html
@@ -1,187 +1,196 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Mathematics/Topology - Archive of Formal Proofs</title>
<meta name="description" content="A collection of proof libraries, examples, and larger
scientific developments, mechanically checked in the theorem prover Isabelle.">
<link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/topology/index.xml" title="Archive of Formal Proofs" />
<meta property="og:title" content="Mathematics/Topology" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/topology/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Topology"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon">
<script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script>
<script src="../../../js/header-search.js"></script>
<script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class="logo-link">
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt="Logo of the Archive of Formal Proofs"
class="logo">
</a>
<ul>
<a href="../../../">
<li >
Home
</li>
</a>
<a href="../../../topics/">
<li >
Topics
</li>
</a>
<a href="../../../download/">
<li >
Download
</li>
</a>
<a href="../../../help/">
<li >
Help
</li>
</a>
<a href="../../../submission/">
<li >
Submission
</li>
</a>
<a href="../../../statistics/">
<li >
Statistics
</li>
</a>
<a href="../../../about/">
<li >
About
</li>
</a>
</ul>
</div>
</nav>
</div>
</aside>
<div class='content'>
<header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value=""
aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">
<img src="../../../images/search.svg" alt="Search"/>
</button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1>
<span class='first'>M</span>athematics/<span class='first'>T</span>opology
</h1>
<div>
</div>
</header>
<div>
<h2>Subject Classification</h2>
<p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10002950.10003741.10003742">Mathematics of computing~Topology</a></p>
<p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=54-XX">General topology</a></p>
<h2 class="head">2023</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Euler_Polyhedron_Formula.html">Euler&#39;s Polyhedron Formula</a></h5>
<br>
by <a href="../../../authors/paulson">Lawrence C. Paulson</a>
</div>
<span class="date">Sep 16</span>
</article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../entries/Standard_Borel_Spaces.html">Standard Borel Spaces</a></h5>
+ <br>
+ by <a href="../../../authors/hirata">Michikazu Hirata</a>
+
+ </div>
+ <span class="date">Aug 08</span>
+ </article>
<h2 class="head">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5>
<br>
by <a href="../../../authors/aransay">Jesús Aransay</a>, <a href="../../../authors/campo">Alejandro del Campo</a> and <a href="../../../authors/michaelis">Julius Michaelis</a>
</div>
<span class="date">Nov 29</span>
</article>
<h2 class="head">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5>
<br>
by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/zhan">Bohua Zhan</a>
</div>
<span class="date">Oct 22</span>
</article>
<h2 class="head">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5>
<br>
by <a href="../../../authors/gammie">Peter Gammie</a> and <a href="../../../authors/gioiosa">Gianpaolo Gioiosa</a>
</div>
<span class="date">Oct 26</span>
</article>
<h2 class="head">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Knot_Theory.html">Knot Theory</a></h5>
<br>
by <a href="../../../authors/prathamesh">T.V.H. Prathamesh</a>
</div>
<span class="date">Jan 20</span>
</article>
<h2 class="head">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Topology.html">Topology</a></h5>
<br>
by <a href="../../../authors/friedrich">Stefan Friedrich</a>
</div>
<span class="date">Apr 26</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/topology/index.xml b/web/topics/mathematics/topology/index.xml
--- a/web/topics/mathematics/topology/index.xml
+++ b/web/topics/mathematics/topology/index.xml
@@ -1,58 +1,65 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Topology on Archive of Formal Proofs
</title>
<link>/topics/mathematics/topology/</link>
<description>
Recent content in Mathematics/Topology
on Archive of Formal Proofs
</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
<atom:link href="/topics/mathematics/topology/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Euler&#39;s Polyhedron Formula</title>
<link>/entries/Euler_Polyhedron_Formula.html</link>
<pubDate>Sat, 16 Sep 2023 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Polyhedron_Formula.html</guid>
<description></description>
</item>
<item>
+ <title>Standard Borel Spaces</title>
+ <link>/entries/Standard_Borel_Spaces.html</link>
+ <pubDate>Tue, 08 Aug 2023 00:00:00 +0000</pubDate>
+ <guid>/entries/Standard_Borel_Spaces.html</guid>
+ <description></description>
+ </item>
+ <item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
</channel>
</rss>

File Metadata

Mime Type
application/octet-stream
Expires
Fri, May 10, 10:05 AM (1 d, 23 h)
Storage Engine
chunks
Storage Format
Chunks
Storage Handle
uaOw0hmpdBHu
Default Alt Text
(6 MB)

Event Timeline