nominal2: comparison Nominal/Nominal2_Base

equal deleted inserted replaced

-:b47301ebb3ca
+:e05c033d69c1
+(*  Title:      Nominal2_Base
+Authors:    Christian Urban, Brian Huffman, Cezary Kaliszyk
+Basic definitions and lemma infrastructure for
+Nominal Isabelle.
+*)
+theory Nominal2_Base
+imports Main
+"~~/src/HOL/Library/Infinite_Set"
+"~~/src/HOL/Quotient_Examples/FSet"
+"GPerm"
+keywords
+"atom_decl" "equivariance" :: thy_decl
+uses ("nominal_basics.ML")
+("nominal_thmdecls.ML")
+("nominal_permeq.ML")
+("nominal_library.ML")
+("nominal_atoms.ML")
+("nominal_eqvt.ML")
+begin
+section {* Atoms and Sorts *}
+text {* A simple implementation for atom_sorts is strings. *}
+(* types atom_sort = string *)
+text {* To deal with Church-like binding we use trees of
+strings as sorts. *}
+datatype atom_sort = Sort "string" "atom_sort list"
+datatype atom = Atom atom_sort nat
+text {* Basic projection function. *}
+primrec
+sort_of :: "atom \<Rightarrow> atom_sort"
+where
+"sort_of (Atom s n) = s"
+primrec
+nat_of :: "atom \<Rightarrow> nat"
+where
+"nat_of (Atom s n) = n"
+text {* There are infinitely many atoms of each sort. *}
+lemma INFM_sort_of_eq:
+shows "INFM a. sort_of a = s"
+proof -
+have "INFM i. sort_of (Atom s i) = s" by simp
+moreover have "inj (Atom s)" by (simp add: inj_on_def)
+ultimately show "INFM a. sort_of a = s" by (rule INFM_inj)
+qed
+lemma infinite_sort_of_eq:
+shows "infinite {a. sort_of a = s}"
+using INFM_sort_of_eq unfolding INFM_iff_infinite .
+lemma atom_infinite [simp]:
+shows "infinite (UNIV :: atom set)"
+using subset_UNIV infinite_sort_of_eq
+by (rule infinite_super)
+lemma obtain_atom:
+fixes X :: "atom set"
+assumes X: "finite X"
+obtains a where "a \<notin> X" "sort_of a = s"
+proof -
+from X have "MOST a. a \<notin> X"
+unfolding MOST_iff_cofinite by simp
+with INFM_sort_of_eq
+have "INFM a. sort_of a = s \<and> a \<notin> X"
+by (rule INFM_conjI)
+then obtain a where "a \<notin> X" "sort_of a = s"
+by (auto elim: INFM_E)
+then show ?thesis ..
+qed
+lemma atom_components_eq_iff:
+fixes a b :: atom
+shows "a = b \<longleftrightarrow> sort_of a = sort_of b \<and> nat_of a = nat_of b"
+by (induct a, induct b, simp)
+section {* Sort-Respecting Permutations *}
+definition "sort_respecting p \<longleftrightarrow> (\<forall>a. sort_of (gpermute p a) = sort_of a)"
+lemma sort_respecting_0[simp]:
+"sort_respecting (0\<Colon>atom gperm)"
+by (simp add: sort_respecting_def)
+typedef (open) perm = "{p::atom gperm. sort_respecting p}"
+by (auto intro: exI[of _ "0"])
+lemma perm_eq_rep:
+"p = q \<longleftrightarrow> Rep_perm p = Rep_perm q"
+by (simp add: Rep_perm_inject)
+definition mk_perm :: "atom gperm \<Rightarrow> perm" where
+"mk_perm p = Abs_perm (if sort_respecting p then p else 0)"
+lemma sort_respecting_Rep_perm [simp, intro]:
+"sort_respecting (Rep_perm p)"
+using Rep_perm [of p] by simp
+lemma Rep_perm_mk_perm [simp]:
+"Rep_perm (mk_perm p) = (if sort_respecting p then p else 0)"
+by (simp add: mk_perm_def Abs_perm_inverse)
+lemma mk_perm_Rep_perm [simp, code abstype]:
+"mk_perm (Rep_perm dxs) = dxs"
+by (simp add: mk_perm_def Rep_perm_inverse)
+instance perm :: size ..
+instantiation perm :: group_add
+begin
+definition "(0 :: perm) = mk_perm 0"
+definition "uminus p = mk_perm (uminus (Rep_perm p))"
+definition "p + q = mk_perm ((Rep_perm p) + (Rep_perm q))"
+definition "(p :: perm) - q = p + - q"
+lemma [simp]:
+"sort_respecting x \<Longrightarrow> sort_respecting y \<Longrightarrow> sort_respecting (x + y)"
+unfolding sort_respecting_def
+by descending (simp add: perm_add_apply)
+lemma [simp]:
+"sort_respecting y \<Longrightarrow> sort_respecting (- y)"
+unfolding sort_respecting_def
+by partiality_descending
+(auto, metis perm_apply_minus)
+lemma Rep_perm_0 [simp, code abstract]:
+"Rep_perm 0 = 0"
+by (simp add: zero_perm_def)
+lemma Rep_perm_uminus [simp, code abstract]:
+"Rep_perm (- p) = - (Rep_perm p)"
+by (simp add: uminus_perm_def)
+lemma Rep_perm_add [simp, code abstract]:
+"Rep_perm (p + q) = (Rep_perm p) + (Rep_perm q)"
+by (simp add: plus_perm_def)
+instance
+by default (auto simp add: perm_eq_rep add_assoc minus_perm_def)
+end
+definition swap :: "atom \<Rightarrow> atom \<Rightarrow> perm"  ("'(_ \<rightleftharpoons> _')")
+where "swap a b = (if sort_of a = sort_of b then mk_perm (gswap a b) else 0)"
+lemma sort_respecting_swap [simp]:
+"sort_of a = sort_of b \<Longrightarrow> sort_respecting (gswap a b)"
+unfolding sort_respecting_def
+by descending auto
+lemma Rep_swap [simp, code abstract]:
+"Rep_perm (swap a b) = (if sort_of a = sort_of b then gswap a b else 0)"
+by (simp add: swap_def)
+lemma swap_different_sorts [simp]:
+"sort_of a \<noteq> sort_of b \<Longrightarrow> (a \<rightleftharpoons> b) = 0"
+by (simp add: perm_eq_rep)
+lemma swap_cancel:
+shows "(a \<rightleftharpoons> b) + (a \<rightleftharpoons> b) = 0"
+and   "(a \<rightleftharpoons> b) + (b \<rightleftharpoons> a) = 0"
+by (simp_all add: perm_eq_rep)
+lemma swap_self [simp]:
+"(a \<rightleftharpoons> a) = 0"
+by (simp add: perm_eq_rep)
+lemma minus_swap [simp]:
+"- (a \<rightleftharpoons> b) = (a \<rightleftharpoons> b)"
+by (simp add: perm_eq_rep)
+lemma swap_commute:
+"(a \<rightleftharpoons> b) = (b \<rightleftharpoons> a)"
+by (simp add: perm_eq_rep swap_commute)
+lemma swap_triple:
+assumes "a \<noteq> b" and "c \<noteq> b"
+assumes "sort_of a = sort_of b" "sort_of b = sort_of c"
+shows "(a \<rightleftharpoons> c) + (b \<rightleftharpoons> c) + (a \<rightleftharpoons> c) = (a \<rightleftharpoons> b)"
+using assms by (simp add: perm_eq_rep swap_triple)
+section {* Permutation Types *}
+text {*
+Infix syntax for @{text permute} has higher precedence than
+addition, but lower than unary minus.
+*}
+class pt =
+fixes permute :: "perm \<Rightarrow> 'a \<Rightarrow> 'a" ("_ \<bullet> _" [76, 75] 75)
+assumes permute_zero [simp]: "0 \<bullet> x = x"
+assumes permute_plus [simp]: "(p + q) \<bullet> x = p \<bullet> (q \<bullet> x)"
+begin
+lemma permute_diff [simp]:
+shows "(p - q) \<bullet> x = p \<bullet> - q \<bullet> x"
+unfolding diff_minus by simp
+lemma permute_minus_cancel [simp]:
+shows "p \<bullet> - p \<bullet> x = x"
+and   "- p \<bullet> p \<bullet> x = x"
+unfolding permute_plus [symmetric] by simp_all
+lemma permute_swap_cancel [simp]:
+shows "(a \<rightleftharpoons> b) \<bullet> (a \<rightleftharpoons> b) \<bullet> x = x"
+unfolding permute_plus [symmetric]
+by (simp add: swap_cancel)
+lemma permute_swap_cancel2 [simp]:
+shows "(a \<rightleftharpoons> b) \<bullet> (b \<rightleftharpoons> a) \<bullet> x = x"
+unfolding permute_plus [symmetric]
+by (simp add: swap_commute)
+lemma inj_permute [simp]:
+shows "inj (permute p)"
+by (rule inj_on_inverseI)
+(rule permute_minus_cancel)
+lemma surj_permute [simp]:
+shows "surj (permute p)"
+by (rule surjI, rule permute_minus_cancel)
+lemma bij_permute [simp]:
+shows "bij (permute p)"
+by (rule bijI [OF inj_permute surj_permute])
+lemma inv_permute:
+shows "inv (permute p) = permute (- p)"
+by (rule inv_equality) (simp_all)
+lemma permute_minus:
+shows "permute (- p) = inv (permute p)"
+by (simp add: inv_permute)
+lemma permute_eq_iff [simp]:
+shows "p \<bullet> x = p \<bullet> y \<longleftrightarrow> x = y"
+by (rule inj_permute [THEN inj_eq])
+end
+subsection {* Permutations for atoms *}
+instantiation atom :: pt
+begin
+definition
+"p \<bullet> a = gpermute (Rep_perm p) a"
+instance
+by default (simp_all add: permute_atom_def)
+end
+lemma sort_of_permute [simp]:
+shows "sort_of (p \<bullet> a) = sort_of a"
+by (metis sort_respecting_Rep_perm sort_respecting_def permute_atom_def)
+lemma swap_atom:
+shows "(a \<rightleftharpoons> b) \<bullet> c =
+(if sort_of a = sort_of b
+then (if c = a then b else if c = b then a else c) else c)"
+by (auto simp add: permute_atom_def)
+lemma swap_atom_simps [simp]:
+"sort_of a = sort_of b \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> a = b"
+"sort_of a = sort_of b \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> b = a"
+"c \<noteq> a \<Longrightarrow> c \<noteq> b \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> c = c"
+unfolding swap_atom by simp_all
+lemma perm_eq_iff:
+fixes p q :: "perm"
+shows "p = q \<longleftrightarrow> (\<forall>a::atom. p \<bullet> a = q \<bullet> a)"
+unfolding permute_atom_def perm_eq_rep
+by (simp add: gperm_eq)
+subsection {* Permutations for permutations *}
+instantiation perm :: pt
+begin
+definition
+"p \<bullet> q = p + q - p"
+instance
+by default
+(simp_all add: permute_perm_def diff_minus minus_add add_assoc)
+end
+lemma permute_self:
+shows "p \<bullet> p = p"
+unfolding permute_perm_def
+by (simp add: diff_minus add_assoc)
+lemma pemute_minus_self:
+shows "- p \<bullet> p = p"
+unfolding permute_perm_def
+by (simp add: diff_minus add_assoc)
+subsection {* Permutations for functions *}
+instantiation "fun" :: (pt, pt) pt
+begin
+definition
+"p \<bullet> f = (\<lambda>x. p \<bullet> (f (- p \<bullet> x)))"
+instance
+by default
+(simp_all add: permute_fun_def minus_add)
+end
+lemma permute_fun_app_eq:
+shows "p \<bullet> (f x) = (p \<bullet> f) (p \<bullet> x)"
+unfolding permute_fun_def by simp
+subsection {* Permutations for booleans *}
+instantiation bool :: pt
+begin
+definition "p \<bullet> (b::bool) = b"
+instance
+by (default)
+(simp_all add: permute_bool_def)
+end
+lemma permute_boolE:
+fixes P::"bool"
+shows "p \<bullet> P \<Longrightarrow> P"
+by (simp add: permute_bool_def)
+lemma permute_boolI:
+fixes P::"bool"
+shows "P \<Longrightarrow> p \<bullet> P"
+by(simp add: permute_bool_def)
+subsection {* Permutations for sets *}
+instantiation "set" :: (pt) pt
+begin
+definition
+"p \<bullet> X = {p \<bullet> x | x. x \<in> X}"
+instance
+apply default
+apply (auto simp add: permute_set_def)
+done
+end
+lemma permute_set_eq:
+shows "p \<bullet> X = {x. - p \<bullet> x \<in> X}"
+unfolding permute_set_def
+by (auto) (metis permute_minus_cancel(1))
+lemma permute_set_eq_image:
+shows "p \<bullet> X = permute p ` X"
+unfolding permute_set_def by auto
+lemma permute_set_eq_vimage:
+shows "p \<bullet> X = permute (- p) -` X"
+unfolding permute_set_eq vimage_def
+by simp
+lemma permute_finite [simp]:
+shows "finite (p \<bullet> X) = finite X"
+unfolding permute_set_eq_vimage
+using bij_permute by (rule finite_vimage_iff)
+lemma swap_set_not_in:
+assumes a: "a \<notin> S" "b \<notin> S"
+shows "(a \<rightleftharpoons> b) \<bullet> S = S"
+unfolding permute_set_def
+using a by (auto simp add: swap_atom)
+lemma swap_set_in:
+assumes a: "a \<in> S" "b \<notin> S" "sort_of a = sort_of b"
+shows "(a \<rightleftharpoons> b) \<bullet> S \<noteq> S"
+unfolding permute_set_def
+using a by (auto simp add: swap_atom)
+lemma swap_set_in_eq:
+assumes a: "a \<in> S" "b \<notin> S" "sort_of a = sort_of b"
+shows "(a \<rightleftharpoons> b) \<bullet> S = (S - {a}) \<union> {b}"
+unfolding permute_set_def
+using a by (auto simp add: swap_atom)
+lemma swap_set_both_in:
+assumes a: "a \<in> S" "b \<in> S"
+shows "(a \<rightleftharpoons> b) \<bullet> S = S"
+unfolding permute_set_def
+using a by (auto simp add: swap_atom)
+lemma mem_permute_iff:
+shows "(p \<bullet> x) \<in> (p \<bullet> X) \<longleftrightarrow> x \<in> X"
+unfolding permute_set_def
+by auto
+lemma empty_eqvt:
+shows "p \<bullet> {} = {}"
+unfolding permute_set_def
+by (simp)
+lemma insert_eqvt:
+shows "p \<bullet> (insert x A) = insert (p \<bullet> x) (p \<bullet> A)"
+unfolding permute_set_eq_image image_insert ..
+subsection {* Permutations for @{typ unit} *}
+instantiation unit :: pt
+begin
+definition "p \<bullet> (u::unit) = u"
+instance
+by (default) (simp_all add: permute_unit_def)
+end
+subsection {* Permutations for products *}
+instantiation prod :: (pt, pt) pt
+begin
+primrec
+permute_prod
+where
+Pair_eqvt: "p \<bullet> (x, y) = (p \<bullet> x, p \<bullet> y)"
+instance
+by default auto
+end
+subsection {* Permutations for sums *}
+instantiation sum :: (pt, pt) pt
+begin
+primrec
+permute_sum
+where
+Inl_eqvt: "p \<bullet> (Inl x) = Inl (p \<bullet> x)"
+| Inr_eqvt: "p \<bullet> (Inr y) = Inr (p \<bullet> y)"
+instance
+by (default) (case_tac [!] x, simp_all)
+end
+subsection {* Permutations for @{typ "'a list"} *}
+instantiation list :: (pt) pt
+begin
+primrec
+permute_list
+where
+Nil_eqvt:  "p \<bullet> [] = []"
+| Cons_eqvt: "p \<bullet> (x # xs) = p \<bullet> x # p \<bullet> xs"
+instance
+by (default) (induct_tac [!] x, simp_all)
+end
+lemma set_eqvt:
+shows "p \<bullet> (set xs) = set (p \<bullet> xs)"
+by (induct xs) (simp_all add: empty_eqvt insert_eqvt)
+subsection {* Permutations for @{typ "'a option"} *}
+instantiation option :: (pt) pt
+begin
+primrec
+permute_option
+where
+None_eqvt: "p \<bullet> None = None"
+| Some_eqvt: "p \<bullet> (Some x) = Some (p \<bullet> x)"
+instance
+by (default) (induct_tac [!] x, simp_all)
+end
+subsection {* Permutations for @{typ "'a multiset"} *}
+instantiation multiset :: (pt) pt
+begin
+definition
+"p \<bullet> M = {# p \<bullet> x. x :# M #}"
+instance
+proof
+fix M :: "'a multiset" and p q :: "perm"
+show "0 \<bullet> M = M"
+unfolding permute_multiset_def
+by (induct_tac M) (simp_all)
+show "(p + q) \<bullet> M = p \<bullet> q \<bullet> M"
+unfolding permute_multiset_def
+by (induct_tac M) (simp_all)
+qed
+end
+lemma permute_multiset [simp]:
+fixes M N::"('a::pt) multiset"
+shows "(p \<bullet> {#}) = ({#} ::('a::pt) multiset)"
+and   "(p \<bullet> {# x #}) = {# p \<bullet> x #}"
+and   "(p \<bullet> (M + N)) = (p \<bullet> M) + (p \<bullet> N)"
+unfolding permute_multiset_def
+by (simp_all)
+subsection {* Permutations for @{typ "'a fset"} *}
+lemma permute_fset_rsp[quot_respect]:
+shows "(op = ===> list_eq ===> list_eq) permute permute"
+unfolding fun_rel_def
+by (simp add: set_eqvt[symmetric])
+instantiation fset :: (pt) pt
+begin
+quotient_definition
+"permute_fset :: perm \<Rightarrow> 'a fset \<Rightarrow> 'a fset"
+is
+"permute :: perm \<Rightarrow> 'a list \<Rightarrow> 'a list"
+instance
+proof
+fix x :: "'a fset" and p q :: "perm"
+have lst: "\<And>l :: 'a list. 0 \<bullet> l = l" by simp
+show "0 \<bullet> x = x" by (lifting lst)
+have lst: "\<And>p q :: perm. \<And>x :: 'a list. (p + q) \<bullet> x = p \<bullet> q \<bullet> x" by simp
+show "(p + q) \<bullet> x = p \<bullet> q \<bullet> x" by (lifting lst)
+qed
+end
+lemma permute_fset [simp]:
+fixes S::"('a::pt) fset"
+shows "(p \<bullet> {||}) = ({||} ::('a::pt) fset)"
+and   "(p \<bullet> insert_fset x S) = insert_fset (p \<bullet> x) (p \<bullet> S)"
+by (lifting permute_list.simps)
+lemma fset_eqvt:
+shows "p \<bullet> (fset S) = fset (p \<bullet> S)"
+by (lifting set_eqvt)
+subsection {* Permutations for @{typ char}, @{typ nat}, and @{typ int} *}
+instantiation char :: pt
+begin
+definition "p \<bullet> (c::char) = c"
+instance
+by (default) (simp_all add: permute_char_def)
+end
+instantiation nat :: pt
+begin
+definition "p \<bullet> (n::nat) = n"
+instance
+by (default) (simp_all add: permute_nat_def)
+end
+instantiation int :: pt
+begin
+definition "p \<bullet> (i::int) = i"
+instance
+by (default) (simp_all add: permute_int_def)
+end
+section {* Pure types *}
+text {* Pure types will have always empty support. *}
+class pure = pt +
+assumes permute_pure: "p \<bullet> x = x"
+text {* Types @{typ unit} and @{typ bool} are pure. *}
+instance unit :: pure
+proof qed (rule permute_unit_def)
+instance bool :: pure
+proof qed (rule permute_bool_def)
+text {* Other type constructors preserve purity. *}
+instance "fun" :: (pure, pure) pure
+by default (simp add: permute_fun_def permute_pure)
+instance set :: (pure) pure
+by default (simp add: permute_set_def permute_pure)
+instance prod :: (pure, pure) pure
+by default (induct_tac x, simp add: permute_pure)
+instance sum :: (pure, pure) pure
+by default (induct_tac x, simp_all add: permute_pure)
+instance list :: (pure) pure
+by default (induct_tac x, simp_all add: permute_pure)
+instance option :: (pure) pure
+by default (induct_tac x, simp_all add: permute_pure)
+subsection {* Types @{typ char}, @{typ nat}, and @{typ int} *}
+instance char :: pure
+proof qed (rule permute_char_def)
+instance nat :: pure
+proof qed (rule permute_nat_def)
+instance int :: pure
+proof qed (rule permute_int_def)
+section {* Infrastructure for Equivariance and Perm_simp *}
+subsection {* Basic functions about permutations *}
+use "nominal_basics.ML"
+subsection {* Eqvt infrastructure *}
+text {* Setup of the theorem attributes @{text eqvt} and @{text eqvt_raw} *}
+use "nominal_thmdecls.ML"
+setup "Nominal_ThmDecls.setup"
+lemmas [eqvt] =
+(* pt types *)
+permute_prod.simps
+permute_list.simps
+permute_option.simps
+permute_sum.simps
+(* sets *)
+empty_eqvt insert_eqvt set_eqvt
+(* fsets *)
+permute_fset fset_eqvt
+(* multisets *)
+permute_multiset
+subsection {* perm_simp infrastructure *}
+definition
+"unpermute p = permute (- p)"
+lemma eqvt_apply:
+fixes f :: "'a::pt \<Rightarrow> 'b::pt"
+and x :: "'a::pt"
+shows "p \<bullet> (f x) \<equiv> (p \<bullet> f) (p \<bullet> x)"
+unfolding permute_fun_def by simp
+lemma eqvt_lambda:
+fixes f :: "'a::pt \<Rightarrow> 'b::pt"
+shows "p \<bullet> f \<equiv> (\<lambda>x. p \<bullet> (f (unpermute p x)))"
+unfolding permute_fun_def unpermute_def by simp
+lemma eqvt_bound:
+shows "p \<bullet> unpermute p x \<equiv> x"
+unfolding unpermute_def by simp
+text {* provides perm_simp methods *}
+use "nominal_permeq.ML"
+method_setup perm_simp =
+{* Nominal_Permeq.args_parser >> Nominal_Permeq.perm_simp_meth *}
+{* pushes permutations inside. *}
+method_setup perm_strict_simp =
+{* Nominal_Permeq.args_parser >> Nominal_Permeq.perm_strict_simp_meth *}
+{* pushes permutations inside, raises an error if it cannot solve all permutations. *}
+subsubsection {* Equivariance for permutations and swapping *}
+lemma permute_eqvt:
+shows "p \<bullet> (q \<bullet> x) = (p \<bullet> q) \<bullet> (p \<bullet> x)"
+unfolding permute_perm_def by simp
+(* the normal version of this lemma would cause loops *)
+lemma permute_eqvt_raw [eqvt_raw]:
+shows "p \<bullet> permute \<equiv> permute"
+apply(simp add: fun_eq_iff permute_fun_def)
+apply(subst permute_eqvt)
+apply(simp)
+done
+lemma zero_perm_eqvt [eqvt]:
+shows "p \<bullet> (0::perm) = 0"
+unfolding permute_perm_def by simp
+lemma add_perm_eqvt [eqvt]:
+fixes p p1 p2 :: perm
+shows "p \<bullet> (p1 + p2) = p \<bullet> p1 + p \<bullet> p2"
+unfolding permute_perm_def
+by (simp add: perm_eq_iff)
+lemma swap_eqvt [eqvt]:
+shows "p \<bullet> (a \<rightleftharpoons> b) = (p \<bullet> a \<rightleftharpoons> p \<bullet> b)"
+unfolding permute_perm_def
+by (auto simp add: swap_atom perm_eq_iff)
+lemma uminus_eqvt [eqvt]:
+fixes p q::"perm"
+shows "p \<bullet> (- q) = - (p \<bullet> q)"
+unfolding permute_perm_def
+by (simp add: diff_minus minus_add add_assoc)
+subsubsection {* Equivariance of Logical Operators *}
+lemma eq_eqvt [eqvt]:
+shows "p \<bullet> (x = y) \<longleftrightarrow> (p \<bullet> x) = (p \<bullet> y)"
+unfolding permute_eq_iff permute_bool_def ..
+lemma Not_eqvt [eqvt]:
+shows "p \<bullet> (\<not> A) \<longleftrightarrow> \<not> (p \<bullet> A)"
+by (simp add: permute_bool_def)
+lemma conj_eqvt [eqvt]:
+shows "p \<bullet> (A \<and> B) \<longleftrightarrow> (p \<bullet> A) \<and> (p \<bullet> B)"
+by (simp add: permute_bool_def)
+lemma imp_eqvt [eqvt]:
+shows "p \<bullet> (A \<longrightarrow> B) \<longleftrightarrow> (p \<bullet> A) \<longrightarrow> (p \<bullet> B)"
+by (simp add: permute_bool_def)
+declare imp_eqvt[folded induct_implies_def, eqvt]
+lemma all_eqvt [eqvt]:
+shows "p \<bullet> (\<forall>x. P x) = (\<forall>x. (p \<bullet> P) x)"
+unfolding All_def
+by (perm_simp) (rule refl)
+declare all_eqvt[folded induct_forall_def, eqvt]
+lemma ex_eqvt [eqvt]:
+shows "p \<bullet> (\<exists>x. P x) = (\<exists>x. (p \<bullet> P) x)"
+unfolding Ex_def
+by (perm_simp) (rule refl)
+lemma ex1_eqvt [eqvt]:
+shows "p \<bullet> (\<exists>!x. P x) = (\<exists>!x. (p \<bullet> P) x)"
+unfolding Ex1_def
+by (perm_simp) (rule refl)
+lemma if_eqvt [eqvt]:
+shows "p \<bullet> (if b then x else y) = (if p \<bullet> b then p \<bullet> x else p \<bullet> y)"
+by (simp add: permute_fun_def permute_bool_def)
+lemma True_eqvt [eqvt]:
+shows "p \<bullet> True = True"
+unfolding permute_bool_def ..
+lemma False_eqvt [eqvt]:
+shows "p \<bullet> False = False"
+unfolding permute_bool_def ..
+lemma disj_eqvt [eqvt]:
+shows "p \<bullet> (A \<or> B) \<longleftrightarrow> (p \<bullet> A) \<or> (p \<bullet> B)"
+by (simp add: permute_bool_def)
+lemma all_eqvt2:
+shows "p \<bullet> (\<forall>x. P x) = (\<forall>x. p \<bullet> P (- p \<bullet> x))"
+by (perm_simp add: permute_minus_cancel) (rule refl)
+lemma ex_eqvt2:
+shows "p \<bullet> (\<exists>x. P x) = (\<exists>x. p \<bullet> P (- p \<bullet> x))"
+by (perm_simp add: permute_minus_cancel) (rule refl)
+lemma ex1_eqvt2:
+shows "p \<bullet> (\<exists>!x. P x) = (\<exists>!x. p \<bullet> P (- p \<bullet> x))"
+by (perm_simp add: permute_minus_cancel) (rule refl)
+lemma the_eqvt:
+assumes unique: "\<exists>!x. P x"
+shows "(p \<bullet> (THE x. P x)) = (THE x. (p \<bullet> P) x)"
+apply(rule the1_equality [symmetric])
+apply(rule_tac p="-p" in permute_boolE)
+apply(perm_simp add: permute_minus_cancel)
+apply(rule unique)
+apply(rule_tac p="-p" in permute_boolE)
+apply(perm_simp add: permute_minus_cancel)
+apply(rule theI'[OF unique])
+done
+lemma the_eqvt2:
+assumes unique: "\<exists>!x. P x"
+shows "(p \<bullet> (THE x. P x)) = (THE x. p \<bullet> P (- p \<bullet> x))"
+apply(rule the1_equality [symmetric])
+apply(simp add: ex1_eqvt2[symmetric])
+apply(simp add: permute_bool_def unique)
+apply(simp add: permute_bool_def)
+apply(rule theI'[OF unique])
+done
+subsubsection {* Equivariance of Set operators *}
+lemma mem_eqvt [eqvt]:
+shows "p \<bullet> (x \<in> A) \<longleftrightarrow> (p \<bullet> x) \<in> (p \<bullet> A)"
+unfolding permute_bool_def permute_set_def
+by (auto)
+lemma Collect_eqvt [eqvt]:
+shows "p \<bullet> {x. P x} = {x. (p \<bullet> P) x}"
+unfolding permute_set_eq permute_fun_def
+by (auto simp add: permute_bool_def)
+lemma inter_eqvt [eqvt]:
+shows "p \<bullet> (A \<inter> B) = (p \<bullet> A) \<inter> (p \<bullet> B)"
+unfolding Int_def
+by (perm_simp) (rule refl)
+lemma Bex_eqvt [eqvt]:
+shows "p \<bullet> (\<exists>x \<in> S. P x) = (\<exists>x \<in> (p \<bullet> S). (p \<bullet> P) x)"
+unfolding Bex_def
+by (perm_simp) (rule refl)
+lemma Ball_eqvt [eqvt]:
+shows "p \<bullet> (\<forall>x \<in> S. P x) = (\<forall>x \<in> (p \<bullet> S). (p \<bullet> P) x)"
+unfolding Ball_def
+by (perm_simp) (rule refl)
+lemma image_eqvt [eqvt]:
+shows "p \<bullet> (f ` A) = (p \<bullet> f) ` (p \<bullet> A)"
+unfolding image_def
+by (perm_simp) (rule refl)
+lemma Image_eqvt [eqvt]:
+shows "p \<bullet> (R `` A) = (p \<bullet> R) `` (p \<bullet> A)"
+unfolding Image_def
+by (perm_simp) (rule refl)
+lemma UNIV_eqvt [eqvt]:
+shows "p \<bullet> UNIV = UNIV"
+unfolding UNIV_def
+by (perm_simp) (rule refl)
+lemma union_eqvt [eqvt]:
+shows "p \<bullet> (A \<union> B) = (p \<bullet> A) \<union> (p \<bullet> B)"
+unfolding Un_def
+by (perm_simp) (rule refl)
+lemma Diff_eqvt [eqvt]:
+fixes A B :: "'a::pt set"
+shows "p \<bullet> (A - B) = (p \<bullet> A) - (p \<bullet> B)"
+unfolding set_diff_eq
+by (perm_simp) (rule refl)
+lemma Compl_eqvt [eqvt]:
+fixes A :: "'a::pt set"
+shows "p \<bullet> (- A) = - (p \<bullet> A)"
+unfolding Compl_eq_Diff_UNIV
+by (perm_simp) (rule refl)
+lemma subset_eqvt [eqvt]:
+shows "p \<bullet> (S \<subseteq> T) \<longleftrightarrow> (p \<bullet> S) \<subseteq> (p \<bullet> T)"
+unfolding subset_eq
+by (perm_simp) (rule refl)
+lemma psubset_eqvt [eqvt]:
+shows "p \<bullet> (S \<subset> T) \<longleftrightarrow> (p \<bullet> S) \<subset> (p \<bullet> T)"
+unfolding psubset_eq
+by (perm_simp) (rule refl)
+lemma vimage_eqvt [eqvt]:
+shows "p \<bullet> (f -` A) = (p \<bullet> f) -` (p \<bullet> A)"
+unfolding vimage_def
+by (perm_simp) (rule refl)
+lemma Union_eqvt [eqvt]:
+shows "p \<bullet> (\<Union> S) = \<Union> (p \<bullet> S)"
+unfolding Union_eq
+by (perm_simp) (rule refl)
+lemma Inter_eqvt [eqvt]:
+shows "p \<bullet> (\<Inter> S) = \<Inter> (p \<bullet> S)"
+unfolding Inter_eq
+by (perm_simp) (rule refl)
+(* FIXME: eqvt attribute *)
+lemma Sigma_eqvt:
+shows "(p \<bullet> (X \<times> Y)) = (p \<bullet> X) \<times> (p \<bullet> Y)"
+unfolding Sigma_def
+unfolding SUP_def
+by (perm_simp) (rule refl)
+text {*
+In order to prove that lfp is equivariant we need two
+auxiliary classes which specify that (op <=) and
+Inf are equivariant. Instances for bool and fun are
+given.
+*}
+class le_eqvt =  order +
+assumes le_eqvt [eqvt]: "p \<bullet> (x \<le> y) = ((p \<bullet> x) \<le> (p \<bullet> (y::('a::{pt, order}))))"
+class inf_eqvt = complete_lattice +
+assumes inf_eqvt [eqvt]: "p \<bullet> (Inf X) = Inf (p \<bullet> (X::('a::{pt, Inf}) set))"
+instantiation bool :: le_eqvt
+begin
+instance
+apply(default)
+apply perm_simp
+apply(rule refl)
+done
+end
+instantiation "fun" :: (pt, le_eqvt) le_eqvt
+begin
+instance
+apply(default)
+unfolding le_fun_def
+apply(perm_simp)
+apply(rule refl)
+done
+end
+instantiation bool :: inf_eqvt
+begin
+instance
+apply(default)
+apply(perm_simp)
+apply(rule refl)
+done
+end
+instantiation "fun" :: (pt, inf_eqvt) inf_eqvt
+begin
+instance
+apply(default)
+unfolding Inf_fun_def INF_def
+apply(perm_simp)
+apply(rule refl)
+done
+end
+lemma lfp_eqvt [eqvt]:
+fixes F::"('a \<Rightarrow> 'b) \<Rightarrow> ('a::pt \<Rightarrow> 'b::{inf_eqvt, le_eqvt})"
+shows "p \<bullet> (lfp F) = lfp (p \<bullet> F)"
+unfolding lfp_def
+by (perm_simp) (rule refl)
+lemma finite_eqvt [eqvt]:
+shows "p \<bullet> finite A = finite (p \<bullet> A)"
+unfolding finite_def
+by (perm_simp) (rule refl)
+subsubsection {* Equivariance for product operations *}
+lemma fst_eqvt [eqvt]:
+shows "p \<bullet> (fst x) = fst (p \<bullet> x)"
+by (cases x) simp
+lemma snd_eqvt [eqvt]:
+shows "p \<bullet> (snd x) = snd (p \<bullet> x)"
+by (cases x) simp
+lemma split_eqvt [eqvt]:
+shows "p \<bullet> (split P x) = split (p \<bullet> P) (p \<bullet> x)"
+unfolding split_def
+by (perm_simp) (rule refl)
+subsubsection {* Equivariance for list operations *}
+lemma append_eqvt [eqvt]:
+shows "p \<bullet> (xs @ ys) = (p \<bullet> xs) @ (p \<bullet> ys)"
+by (induct xs) auto
+lemma rev_eqvt [eqvt]:
+shows "p \<bullet> (rev xs) = rev (p \<bullet> xs)"
+by (induct xs) (simp_all add: append_eqvt)
+lemma map_eqvt [eqvt]:
+shows "p \<bullet> (map f xs) = map (p \<bullet> f) (p \<bullet> xs)"
+by (induct xs) (simp_all, simp only: permute_fun_app_eq)
+lemma removeAll_eqvt [eqvt]:
+shows "p \<bullet> (removeAll x xs) = removeAll (p \<bullet> x) (p \<bullet> xs)"
+by (induct xs) (auto)
+lemma filter_eqvt [eqvt]:
+shows "p \<bullet> (filter f xs) = filter (p \<bullet> f) (p \<bullet> xs)"
+apply(induct xs)
+apply(simp)
+apply(simp only: filter.simps permute_list.simps if_eqvt)
+apply(simp only: permute_fun_app_eq)
+done
+lemma distinct_eqvt [eqvt]:
+shows "p \<bullet> (distinct xs) = distinct (p \<bullet> xs)"
+apply(induct xs)
+apply(simp add: permute_bool_def)
+apply(simp add: conj_eqvt Not_eqvt mem_eqvt set_eqvt)
+done
+lemma length_eqvt [eqvt]:
+shows "p \<bullet> (length xs) = length (p \<bullet> xs)"
+by (induct xs) (simp_all add: permute_pure)
+subsubsection {* Equivariance for @{typ "'a option"} *}
+lemma option_map_eqvt[eqvt]:
+shows "p \<bullet> (Option.map f x) = Option.map (p \<bullet> f) (p \<bullet> x)"
+by (cases x) (simp_all, simp add: permute_fun_app_eq)
+subsubsection {* Equivariance for @{typ "'a fset"} *}
+lemma in_fset_eqvt [eqvt]:
+shows "(p \<bullet> (x |\<in>| S)) = ((p \<bullet> x) |\<in>| (p \<bullet> S))"
+unfolding in_fset
+by (perm_simp) (simp)
+lemma union_fset_eqvt [eqvt]:
+shows "(p \<bullet> (S |\<union>| T)) = ((p \<bullet> S) |\<union>| (p \<bullet> T))"
+by (induct S) (simp_all)
+lemma inter_list_eqvt [eqvt]:
+shows "p \<bullet> (inter_list S T) = inter_list (p \<bullet> S) (p \<bullet> T)"
+unfolding list_eq_def inter_list_def
+by perm_simp simp
+lemma inter_fset_eqvt [eqvt]:
+shows "(p \<bullet> (S |\<inter>| T)) = ((p \<bullet> S) |\<inter>| (p \<bullet> T))"
+by (lifting inter_list_eqvt)
+lemma sub_list_eqvt [eqvt]:
+shows "p \<bullet> (sub_list S T) = sub_list (p \<bullet> S) (p \<bullet> T)"
+unfolding sub_list_def
+by perm_simp simp
+lemma subset_fset_eqvt [eqvt]:
+shows "(p \<bullet> (S |\<subseteq>| T)) = ((p \<bullet> S) |\<subseteq>| (p \<bullet> T))"
+by (lifting sub_list_eqvt)
+lemma map_fset_eqvt [eqvt]:
+shows "p \<bullet> (map_fset f S) = map_fset (p \<bullet> f) (p \<bullet> S)"
+by (lifting map_eqvt)
+section {* Supp, Freshness and Supports *}
+context pt
+begin
+definition
+supp :: "'a \<Rightarrow> atom set"
+where
+"supp x = {a. infinite {b. (a \<rightleftharpoons> b) \<bullet> x \<noteq> x}}"
+definition
+fresh :: "atom \<Rightarrow> 'a \<Rightarrow> bool" ("_ \<sharp> _" [55, 55] 55)
+where
+"a \<sharp> x \<equiv> a \<notin> supp x"
+end
+lemma supp_conv_fresh:
+shows "supp x = {a. \<not> a \<sharp> x}"
+unfolding fresh_def by simp
+lemma swap_rel_trans:
+assumes "sort_of a = sort_of b"
+assumes "sort_of b = sort_of c"
+assumes "(a \<rightleftharpoons> c) \<bullet> x = x"
+assumes "(b \<rightleftharpoons> c) \<bullet> x = x"
+shows "(a \<rightleftharpoons> b) \<bullet> x = x"
+proof (cases)
+assume "a = b \<or> c = b"
+with assms show "(a \<rightleftharpoons> b) \<bullet> x = x" by auto
+next
+assume *: "\<not> (a = b \<or> c = b)"
+have "((a \<rightleftharpoons> c) + (b \<rightleftharpoons> c) + (a \<rightleftharpoons> c)) \<bullet> x = x"
+using assms by simp
+also have "(a \<rightleftharpoons> c) + (b \<rightleftharpoons> c) + (a \<rightleftharpoons> c) = (a \<rightleftharpoons> b)"
+using assms * by (simp add: swap_triple)
+finally show "(a \<rightleftharpoons> b) \<bullet> x = x" .
+qed
+lemma swap_fresh_fresh:
+assumes a: "a \<sharp> x"
+and     b: "b \<sharp> x"
+shows "(a \<rightleftharpoons> b) \<bullet> x = x"
+proof (cases)
+assume asm: "sort_of a = sort_of b"
+have "finite {c. (a \<rightleftharpoons> c) \<bullet> x \<noteq> x}" "finite {c. (b \<rightleftharpoons> c) \<bullet> x \<noteq> x}"
+using a b unfolding fresh_def supp_def by simp_all
+then have "finite ({c. (a \<rightleftharpoons> c) \<bullet> x \<noteq> x} \<union> {c. (b \<rightleftharpoons> c) \<bullet> x \<noteq> x})" by simp
+then obtain c
+where "(a \<rightleftharpoons> c) \<bullet> x = x" "(b \<rightleftharpoons> c) \<bullet> x = x" "sort_of c = sort_of b"
+by (rule obtain_atom) (auto)
+then show "(a \<rightleftharpoons> b) \<bullet> x = x" using asm by (rule_tac swap_rel_trans) (simp_all)
+next
+assume "sort_of a \<noteq> sort_of b"
+then show "(a \<rightleftharpoons> b) \<bullet> x = x" by simp
+qed
+subsection {* supp and fresh are equivariant *}
+lemma supp_eqvt [eqvt]:
+shows "p \<bullet> (supp x) = supp (p \<bullet> x)"
+unfolding supp_def
+by (perm_simp)
+(simp only: permute_eqvt[symmetric])
+lemma fresh_eqvt [eqvt]:
+shows "p \<bullet> (a \<sharp> x) = (p \<bullet> a) \<sharp> (p \<bullet> x)"
+unfolding fresh_def
+by (perm_simp) (rule refl)
+lemma fresh_permute_iff:
+shows "(p \<bullet> a) \<sharp> (p \<bullet> x) \<longleftrightarrow> a \<sharp> x"
+by (simp only: fresh_eqvt[symmetric] permute_bool_def)
+lemma fresh_permute_left:
+shows "a \<sharp> p \<bullet> x \<longleftrightarrow> - p \<bullet> a \<sharp> x"
+proof
+assume "a \<sharp> p \<bullet> x"
+then have "- p \<bullet> a \<sharp> - p \<bullet> p \<bullet> x" by (simp only: fresh_permute_iff)
+then show "- p \<bullet> a \<sharp> x" by simp
+next
+assume "- p \<bullet> a \<sharp> x"
+then have "p \<bullet> - p \<bullet> a \<sharp> p \<bullet> x" by (simp only: fresh_permute_iff)
+then show "a \<sharp> p \<bullet> x" by simp
+qed
+section {* supports *}
+definition
+supports :: "atom set \<Rightarrow> 'a::pt \<Rightarrow> bool" (infixl "supports" 80)
+where
+"S supports x \<equiv> \<forall>a b. (a \<notin> S \<and> b \<notin> S \<longrightarrow> (a \<rightleftharpoons> b) \<bullet> x = x)"
+lemma supp_is_subset:
+fixes S :: "atom set"
+and   x :: "'a::pt"
+assumes a1: "S supports x"
+and     a2: "finite S"
+shows "(supp x) \<subseteq> S"
+proof (rule ccontr)
+assume "\<not> (supp x \<subseteq> S)"
+then obtain a where b1: "a \<in> supp x" and b2: "a \<notin> S" by auto
+from a1 b2 have "\<forall>b. b \<notin> S \<longrightarrow> (a \<rightleftharpoons> b) \<bullet> x = x" unfolding supports_def by auto
+then have "{b. (a \<rightleftharpoons> b) \<bullet> x \<noteq> x} \<subseteq> S" by auto
+with a2 have "finite {b. (a \<rightleftharpoons> b) \<bullet> x \<noteq> x}" by (simp add: finite_subset)
+then have "a \<notin> (supp x)" unfolding supp_def by simp
+with b1 show False by simp
+qed
+lemma supports_finite:
+fixes S :: "atom set"
+and   x :: "'a::pt"
+assumes a1: "S supports x"
+and     a2: "finite S"
+shows "finite (supp x)"
+proof -
+have "(supp x) \<subseteq> S" using a1 a2 by (rule supp_is_subset)
+then show "finite (supp x)" using a2 by (simp add: finite_subset)
+qed
+lemma supp_supports:
+fixes x :: "'a::pt"
+shows "(supp x) supports x"
+unfolding supports_def
+proof (intro strip)
+fix a b
+assume "a \<notin> (supp x) \<and> b \<notin> (supp x)"
+then have "a \<sharp> x" and "b \<sharp> x" by (simp_all add: fresh_def)
+then show "(a \<rightleftharpoons> b) \<bullet> x = x" by (simp add: swap_fresh_fresh)
+qed
+lemma supports_fresh:
+fixes x :: "'a::pt"
+assumes a1: "S supports x"
+and     a2: "finite S"
+and     a3: "a \<notin> S"
+shows "a \<sharp> x"
+unfolding fresh_def
+proof -
+have "(supp x) \<subseteq> S" using a1 a2 by (rule supp_is_subset)
+then show "a \<notin> (supp x)" using a3 by auto
+qed
+lemma supp_is_least_supports:
+fixes S :: "atom set"
+and   x :: "'a::pt"
+assumes  a1: "S supports x"
+and      a2: "finite S"
+and      a3: "\<And>S'. finite S' \<Longrightarrow> (S' supports x) \<Longrightarrow> S \<subseteq> S'"
+shows "(supp x) = S"
+proof (rule equalityI)
+show "(supp x) \<subseteq> S" using a1 a2 by (rule supp_is_subset)
+with a2 have fin: "finite (supp x)" by (rule rev_finite_subset)
+have "(supp x) supports x" by (rule supp_supports)
+with fin a3 show "S \<subseteq> supp x" by blast
+qed
+lemma subsetCI:
+shows "(\<And>x. x \<in> A \<Longrightarrow> x \<notin> B \<Longrightarrow> False) \<Longrightarrow> A \<subseteq> B"
+by auto
+lemma finite_supp_unique:
+assumes a1: "S supports x"
+assumes a2: "finite S"
+assumes a3: "\<And>a b. \<lbrakk>a \<in> S; b \<notin> S; sort_of a = sort_of b\<rbrakk> \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> x \<noteq> x"
+shows "(supp x) = S"
+using a1 a2
+proof (rule supp_is_least_supports)
+fix S'
+assume "finite S'" and "S' supports x"
+show "S \<subseteq> S'"
+proof (rule subsetCI)
+fix a
+assume "a \<in> S" and "a \<notin> S'"
+have "finite (S \<union> S')"
+using `finite S` `finite S'` by simp
+then obtain b where "b \<notin> S \<union> S'" and "sort_of b = sort_of a"
+by (rule obtain_atom)
+then have "b \<notin> S" and "b \<notin> S'"  and "sort_of a = sort_of b"
+by simp_all
+then have "(a \<rightleftharpoons> b) \<bullet> x = x"
+using `a \<notin> S'` `S' supports x` by (simp add: supports_def)
+moreover have "(a \<rightleftharpoons> b) \<bullet> x \<noteq> x"
+using `a \<in> S` `b \<notin> S` `sort_of a = sort_of b`
+by (rule a3)
+ultimately show "False" by simp
+qed
+qed
+section {* Support w.r.t. relations *}
+text {*
+This definition is used for unquotient types, where
+alpha-equivalence does not coincide with equality.
+*}
+definition
+"supp_rel R x = {a. infinite {b. \<not>(R ((a \<rightleftharpoons> b) \<bullet> x) x)}}"
+section {* Finitely-supported types *}
+class fs = pt +
+assumes finite_supp: "finite (supp x)"
+lemma pure_supp:
+fixes x::"'a::pure"
+shows "supp x = {}"
+unfolding supp_def by (simp add: permute_pure)
+lemma pure_fresh:
+fixes x::"'a::pure"
+shows "a \<sharp> x"
+unfolding fresh_def by (simp add: pure_supp)
+instance pure < fs
+by default (simp add: pure_supp)
+subsection  {* Type @{typ atom} is finitely-supported. *}
+lemma supp_atom:
+shows "supp a = {a}"
+by (rule finite_supp_unique)
+(auto simp add: supports_def)
+lemma fresh_atom:
+shows "a \<sharp> b \<longleftrightarrow> a \<noteq> b"
+unfolding fresh_def supp_atom by simp
+instance atom :: fs
+by default (simp add: supp_atom)
+section {* Type @{typ perm} is finitely-supported. *}
+lemma perm_swap_eq:
+shows "(a \<rightleftharpoons> b) \<bullet> p = p \<longleftrightarrow> (p \<bullet> (a \<rightleftharpoons> b)) = (a \<rightleftharpoons> b)"
+unfolding permute_perm_def
+by (metis add_diff_cancel minus_perm_def)
+lemma supports_perm:
+shows "{a. p \<bullet> a \<noteq> a} supports p"
+unfolding supports_def
+unfolding perm_swap_eq
+by (simp add: swap_eqvt)
+lemma finite_perm_lemma:
+shows "finite {a::atom. p \<bullet> a \<noteq> a}"
+unfolding permute_atom_def
+using finite_gpermute_neq .
+lemma supp_perm:
+shows "supp p = {a. p \<bullet> a \<noteq> a}"
+apply (rule finite_supp_unique)
+apply (simp_all add: perm_swap_eq swap_eqvt supports_perm finite_perm_lemma)
+apply (auto simp add: perm_eq_iff swap_atom perm_swap_eq swap_eqvt)
+done
+lemma fresh_perm:
+shows "a \<sharp> p \<longleftrightarrow> p \<bullet> a = a"
+unfolding fresh_def
+by (simp add: supp_perm)
+lemma supp_swap:
+shows "supp (a \<rightleftharpoons> b) = (if a = b \<or> sort_of a \<noteq> sort_of b then {} else {a, b})"
+by (auto simp add: supp_perm swap_atom)
+lemma fresh_zero_perm:
+shows "a \<sharp> (0::perm)"
+unfolding fresh_perm by simp
+lemma supp_zero_perm:
+shows "supp (0::perm) = {}"
+unfolding supp_perm by simp
+lemma fresh_plus_perm:
+fixes p q::perm
+assumes "a \<sharp> p" "a \<sharp> q"
+shows "a \<sharp> (p + q)"
+using assms
+unfolding fresh_def
+by (auto simp add: supp_perm)
+lemma supp_plus_perm:
+fixes p q::perm
+shows "supp (p + q) \<subseteq> supp p \<union> supp q"
+by (auto simp add: supp_perm)
+lemma fresh_minus_perm:
+fixes p::perm
+shows "a \<sharp> (- p) \<longleftrightarrow> a \<sharp> p"
+unfolding fresh_def supp_perm
+by (simp) (metis permute_minus_cancel(1))
+lemma supp_minus_perm:
+fixes p::perm
+shows "supp (- p) = supp p"
+unfolding supp_conv_fresh
+by (simp add: fresh_minus_perm)
+lemma plus_perm_eq:
+fixes p q::"perm"
+assumes asm: "supp p \<inter> supp q = {}"
+shows "p + q = q + p"
+unfolding perm_eq_iff
+proof
+fix a::"atom"
+show "(p + q) \<bullet> a = (q + p) \<bullet> a"
+proof -
+{ assume "a \<notin> supp p" "a \<notin> supp q"
+then have "(p + q) \<bullet> a = (q + p) \<bullet> a"
+	by (simp add: supp_perm)
+}
+moreover
+{ assume a: "a \<in> supp p" "a \<notin> supp q"
+then have "p \<bullet> a \<in> supp p" by (simp add: supp_perm)
+then have "p \<bullet> a \<notin> supp q" using asm by auto
+with a have "(p + q) \<bullet> a = (q + p) \<bullet> a"
+	by (simp add: supp_perm)
+}
+moreover
+{ assume a: "a \<notin> supp p" "a \<in> supp q"
+then have "q \<bullet> a \<in> supp q" by (simp add: supp_perm)
+then have "q \<bullet> a \<notin> supp p" using asm by auto
+with a have "(p + q) \<bullet> a = (q + p) \<bullet> a"
+	by (simp add: supp_perm)
+}
+ultimately show "(p + q) \<bullet> a = (q + p) \<bullet> a"
+using asm by blast
+qed
+qed
+lemma supp_plus_perm_eq:
+fixes p q::perm
+assumes asm: "supp p \<inter> supp q = {}"
+shows "supp (p + q) = supp p \<union> supp q"
+proof -
+{ fix a::"atom"
+assume "a \<in> supp p"
+then have "a \<notin> supp q" using asm by auto
+then have "a \<in> supp (p + q)" using `a \<in> supp p`
+by (simp add: supp_perm)
+}
+moreover
+{ fix a::"atom"
+assume "a \<in> supp q"
+then have "a \<notin> supp p" using asm by auto
+then have "a \<in> supp (q + p)" using `a \<in> supp q`
+by (simp add: supp_perm)
+then have "a \<in> supp (p + q)" using asm plus_perm_eq
+by metis
+}
+ultimately have "supp p \<union> supp q \<subseteq> supp (p + q)"
+by blast
+then show "supp (p + q) = supp p \<union> supp q" using supp_plus_perm
+by blast
+qed
+instance perm :: fs
+by default (simp add: supp_perm finite_perm_lemma)
+section {* Finite Support instances for other types *}
+subsection {* Type @{typ "'a \<times> 'b"} is finitely-supported. *}
+lemma supp_Pair:
+shows "supp (x, y) = supp x \<union> supp y"
+by (simp add: supp_def Collect_imp_eq Collect_neg_eq)
+lemma fresh_Pair:
+shows "a \<sharp> (x, y) \<longleftrightarrow> a \<sharp> x \<and> a \<sharp> y"
+by (simp add: fresh_def supp_Pair)
+lemma supp_Unit:
+shows "supp () = {}"
+by (simp add: supp_def)
+lemma fresh_Unit:
+shows "a \<sharp> ()"
+by (simp add: fresh_def supp_Unit)
+instance prod :: (fs, fs) fs
+by default (auto simp add: supp_Pair finite_supp)
+subsection {* Type @{typ "'a + 'b"} is finitely supported *}
+lemma supp_Inl:
+shows "supp (Inl x) = supp x"
+by (simp add: supp_def)
+lemma supp_Inr:
+shows "supp (Inr x) = supp x"
+by (simp add: supp_def)
+lemma fresh_Inl:
+shows "a \<sharp> Inl x \<longleftrightarrow> a \<sharp> x"
+by (simp add: fresh_def supp_Inl)
+lemma fresh_Inr:
+shows "a \<sharp> Inr y \<longleftrightarrow> a \<sharp> y"
+by (simp add: fresh_def supp_Inr)
+instance sum :: (fs, fs) fs
+apply default
+apply (case_tac x)
+apply (simp_all add: supp_Inl supp_Inr finite_supp)
+done
+subsection {* Type @{typ "'a option"} is finitely supported *}
+lemma supp_None:
+shows "supp None = {}"
+by (simp add: supp_def)
+lemma supp_Some:
+shows "supp (Some x) = supp x"
+by (simp add: supp_def)
+lemma fresh_None:
+shows "a \<sharp> None"
+by (simp add: fresh_def supp_None)
+lemma fresh_Some:
+shows "a \<sharp> Some x \<longleftrightarrow> a \<sharp> x"
+by (simp add: fresh_def supp_Some)
+instance option :: (fs) fs
+apply default
+apply (induct_tac x)
+apply (simp_all add: supp_None supp_Some finite_supp)
+done
+subsubsection {* Type @{typ "'a list"} is finitely supported *}
+lemma supp_Nil:
+shows "supp [] = {}"
+by (simp add: supp_def)
+lemma fresh_Nil:
+shows "a \<sharp> []"
+by (simp add: fresh_def supp_Nil)
+lemma supp_Cons:
+shows "supp (x # xs) = supp x \<union> supp xs"
+by (simp add: supp_def Collect_imp_eq Collect_neg_eq)
+lemma fresh_Cons:
+shows "a \<sharp> (x # xs) \<longleftrightarrow> a \<sharp> x \<and> a \<sharp> xs"
+by (simp add: fresh_def supp_Cons)
+lemma supp_append:
+shows "supp (xs @ ys) = supp xs \<union> supp ys"
+by (induct xs) (auto simp add: supp_Nil supp_Cons)
+lemma fresh_append:
+shows "a \<sharp> (xs @ ys) \<longleftrightarrow> a \<sharp> xs \<and> a \<sharp> ys"
+by (induct xs) (simp_all add: fresh_Nil fresh_Cons)
+lemma supp_rev:
+shows "supp (rev xs) = supp xs"
+by (induct xs) (auto simp add: supp_append supp_Cons supp_Nil)
+lemma fresh_rev:
+shows "a \<sharp> rev xs \<longleftrightarrow> a \<sharp> xs"
+by (induct xs) (auto simp add: fresh_append fresh_Cons fresh_Nil)
+lemma supp_removeAll:
+fixes x::"atom"
+shows "supp (removeAll x xs) = supp xs - {x}"
+by (induct xs)
+(auto simp add: supp_Nil supp_Cons supp_atom)
+lemma supp_of_atom_list:
+fixes as::"atom list"
+shows "supp as = set as"
+by (induct as)
+(simp_all add: supp_Nil supp_Cons supp_atom)
+instance list :: (fs) fs
+apply default
+apply (induct_tac x)
+apply (simp_all add: supp_Nil supp_Cons finite_supp)
+done
+section {* Support and Freshness for Applications *}
+lemma fresh_conv_MOST:
+shows "a \<sharp> x \<longleftrightarrow> (MOST b. (a \<rightleftharpoons> b) \<bullet> x = x)"
+unfolding fresh_def supp_def
+unfolding MOST_iff_cofinite by simp
+lemma fresh_fun_app:
+assumes "a \<sharp> f" and "a \<sharp> x"
+shows "a \<sharp> f x"
+using assms
+unfolding fresh_conv_MOST
+unfolding permute_fun_app_eq
+by (elim MOST_rev_mp) (simp)
+lemma supp_fun_app:
+shows "supp (f x) \<subseteq> (supp f) \<union> (supp x)"
+using fresh_fun_app
+unfolding fresh_def
+by auto
+subsection {* Equivariance Predicate @{text eqvt} and @{text eqvt_at}*}
+definition
+"eqvt f \<equiv> \<forall>p. p \<bullet> f = f"
+lemma eqvt_boolI:
+fixes f::"bool"
+shows "eqvt f"
+unfolding eqvt_def
+by (simp add: permute_bool_def)
+text {* equivariance of a function at a given argument *}
+definition
+"eqvt_at f x \<equiv> \<forall>p. p \<bullet> (f x) = f (p \<bullet> x)"
+lemma eqvtI:
+shows "(\<And>p. p \<bullet> f \<equiv> f) \<Longrightarrow> eqvt f"
+unfolding eqvt_def
+by simp
+lemma eqvt_at_perm:
+assumes "eqvt_at f x"
+shows "eqvt_at f (q \<bullet> x)"
+proof -
+{ fix p::"perm"
+have "p \<bullet> (f (q \<bullet> x)) = p \<bullet> q \<bullet> (f x)"
+using assms by (simp add: eqvt_at_def)
+also have "\<dots> = (p + q) \<bullet> (f x)" by simp
+also have "\<dots> = f ((p + q) \<bullet> x)"
+using assms by (simp add: eqvt_at_def)
+finally have "p \<bullet> (f (q \<bullet> x)) = f (p \<bullet> q \<bullet> x)" by simp }
+then show "eqvt_at f (q \<bullet> x)" unfolding eqvt_at_def
+by simp
+qed
+lemma supp_fun_eqvt:
+assumes a: "eqvt f"
+shows "supp f = {}"
+using a
+unfolding eqvt_def
+unfolding supp_def
+by simp
+lemma fresh_fun_eqvt_app:
+assumes a: "eqvt f"
+shows "a \<sharp> x \<Longrightarrow> a \<sharp> f x"
+proof -
+from a have "supp f = {}" by (simp add: supp_fun_eqvt)
+then show "a \<sharp> x \<Longrightarrow> a \<sharp> f x"
+unfolding fresh_def
+using supp_fun_app by auto
+qed
+lemma supp_fun_app_eqvt:
+assumes a: "eqvt f"
+shows "supp (f x) \<subseteq> supp x"
+using fresh_fun_eqvt_app[OF a]
+unfolding fresh_def
+by auto
+lemma supp_eqvt_at:
+assumes asm: "eqvt_at f x"
+and     fin: "finite (supp x)"
+shows "supp (f x) \<subseteq> supp x"
+apply(rule supp_is_subset)
+unfolding supports_def
+unfolding fresh_def[symmetric]
+using asm
+apply(simp add: eqvt_at_def swap_fresh_fresh)
+apply(rule fin)
+done
+lemma finite_supp_eqvt_at:
+assumes asm: "eqvt_at f x"
+and     fin: "finite (supp x)"
+shows "finite (supp (f x))"
+apply(rule finite_subset)
+apply(rule supp_eqvt_at[OF asm fin])
+apply(rule fin)
+done
+lemma fresh_eqvt_at:
+assumes asm: "eqvt_at f x"
+and     fin: "finite (supp x)"
+and     fresh: "a \<sharp> x"
+shows "a \<sharp> f x"
+using fresh
+unfolding fresh_def
+using supp_eqvt_at[OF asm fin]
+by auto
+subsection {* helper functions for nominal_functions *}
+lemma THE_defaultI2:
+assumes "\<exists>!x. P x" "\<And>x. P x \<Longrightarrow> Q x"
+shows "Q (THE_default d P)"
+by (iprover intro: assms THE_defaultI')
+lemma the_default_eqvt:
+assumes unique: "\<exists>!x. P x"
+shows "(p \<bullet> (THE_default d P)) = (THE_default (p \<bullet> d) (p \<bullet> P))"
+apply(rule THE_default1_equality [symmetric])
+apply(rule_tac p="-p" in permute_boolE)
+apply(simp add: ex1_eqvt)
+apply(rule unique)
+apply(rule_tac p="-p" in permute_boolE)
+apply(rule subst[OF permute_fun_app_eq])
+apply(simp)
+apply(rule THE_defaultI'[OF unique])
+done
+lemma fundef_ex1_eqvt:
+fixes x::"'a::pt"
+assumes f_def: "f == (\<lambda>x::'a. THE_default (d x) (G x))"
+assumes eqvt: "eqvt G"
+assumes ex1: "\<exists>!y. G x y"
+shows "(p \<bullet> (f x)) = f (p \<bullet> x)"
+apply(simp only: f_def)
+apply(subst the_default_eqvt)
+apply(rule ex1)
+apply(rule THE_default1_equality [symmetric])
+apply(rule_tac p="-p" in permute_boolE)
+apply(perm_simp add: permute_minus_cancel)
+using eqvt[simplified eqvt_def]
+apply(simp)
+apply(rule ex1)
+apply(rule THE_defaultI2)
+apply(rule_tac p="-p" in permute_boolE)
+apply(perm_simp add: permute_minus_cancel)
+apply(rule ex1)
+apply(perm_simp)
+using eqvt[simplified eqvt_def]
+apply(simp)
+done
+lemma fundef_ex1_eqvt_at:
+fixes x::"'a::pt"
+assumes f_def: "f == (\<lambda>x::'a. THE_default (d x) (G x))"
+assumes eqvt: "eqvt G"
+assumes ex1: "\<exists>!y. G x y"
+shows "eqvt_at f x"
+unfolding eqvt_at_def
+using assms
+by (auto intro: fundef_ex1_eqvt)
+lemma fundef_ex1_prop:
+fixes x::"'a::pt"
+assumes f_def: "f \<equiv> (\<lambda>x::'a. THE_default (d x) (G x))"
+assumes P_all: "\<And>x y. G x y \<Longrightarrow> P x y"
+assumes ex1: "\<exists>!y. G x y"
+shows "P x (f x)"
+unfolding f_def
+using ex1
+apply(erule_tac ex1E)
+apply(rule THE_defaultI2)
+apply(blast)
+apply(rule P_all)
+apply(assumption)
+done
+section {* Support of Finite Sets of Finitely Supported Elements *}
+text {* support and freshness for atom sets *}
+lemma supp_finite_atom_set:
+fixes S::"atom set"
+assumes "finite S"
+shows "supp S = S"
+apply(rule finite_supp_unique)
+apply(simp add: supports_def)
+apply(simp add: swap_set_not_in)
+apply(rule assms)
+apply(simp add: swap_set_in)
+done
+lemma supp_cofinite_atom_set:
+fixes S::"atom set"
+assumes "finite (UNIV - S)"
+shows "supp S = (UNIV - S)"
+apply(rule finite_supp_unique)
+apply(simp add: supports_def)
+apply(simp add: swap_set_both_in)
+apply(rule assms)
+apply(subst swap_commute)
+apply(simp add: swap_set_in)
+done
+lemma fresh_finite_atom_set:
+fixes S::"atom set"
+assumes "finite S"
+shows "a \<sharp> S \<longleftrightarrow> a \<notin> S"
+unfolding fresh_def
+by (simp add: supp_finite_atom_set[OF assms])
+lemma fresh_minus_atom_set:
+fixes S::"atom set"
+assumes "finite S"
+shows "a \<sharp> S - T \<longleftrightarrow> (a \<notin> T \<longrightarrow> a \<sharp> S)"
+unfolding fresh_def
+by (auto simp add: supp_finite_atom_set assms)
+lemma Union_supports_set:
+shows "(\<Union>x \<in> S. supp x) supports S"
+proof -
+{ fix a b
+have "\<forall>x \<in> S. (a \<rightleftharpoons> b) \<bullet> x = x \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> S = S"
+unfolding permute_set_def by force
+}
+then show "(\<Union>x \<in> S. supp x) supports S"
+unfolding supports_def
+by (simp add: fresh_def[symmetric] swap_fresh_fresh)
+qed
+lemma Union_of_finite_supp_sets:
+fixes S::"('a::fs set)"
+assumes fin: "finite S"
+shows "finite (\<Union>x\<in>S. supp x)"
+using fin by (induct) (auto simp add: finite_supp)
+lemma Union_included_in_supp:
+fixes S::"('a::fs set)"
+assumes fin: "finite S"
+shows "(\<Union>x\<in>S. supp x) \<subseteq> supp S"
+proof -
+have eqvt: "eqvt (\<lambda>S. \<Union> supp ` S)"
+unfolding eqvt_def
+by (perm_simp) (simp)
+have "(\<Union>x\<in>S. supp x) = supp (\<Union>x\<in>S. supp x)"
+by (rule supp_finite_atom_set[symmetric]) (rule Union_of_finite_supp_sets[OF fin])
+also have "\<dots> = supp ((\<lambda>S. \<Union> supp ` S) S)" by simp
+also have "\<dots> \<subseteq> supp S" using eqvt
+by (rule supp_fun_app_eqvt)
+finally show "(\<Union>x\<in>S. supp x) \<subseteq> supp S" .
+qed
+lemma supp_of_finite_sets:
+fixes S::"('a::fs set)"
+assumes fin: "finite S"
+shows "(supp S) = (\<Union>x\<in>S. supp x)"
+apply(rule subset_antisym)
+apply(rule supp_is_subset)
+apply(rule Union_supports_set)
+apply(rule Union_of_finite_supp_sets[OF fin])
+apply(rule Union_included_in_supp[OF fin])
+done
+lemma finite_sets_supp:
+fixes S::"('a::fs set)"
+assumes "finite S"
+shows "finite (supp S)"
+using assms
+by (simp only: supp_of_finite_sets Union_of_finite_supp_sets)
+lemma supp_of_finite_union:
+fixes S T::"('a::fs) set"
+assumes fin1: "finite S"
+and     fin2: "finite T"
+shows "supp (S \<union> T) = supp S \<union> supp T"
+using fin1 fin2
+by (simp add: supp_of_finite_sets)
+lemma supp_of_finite_insert:
+fixes S::"('a::fs) set"
+assumes fin:  "finite S"
+shows "supp (insert x S) = supp x \<union> supp S"
+using fin
+by (simp add: supp_of_finite_sets)
+lemma fresh_finite_insert:
+fixes S::"('a::fs) set"
+assumes fin:  "finite S"
+shows "a \<sharp> (insert x S) \<longleftrightarrow> a \<sharp> x \<and> a \<sharp> S"
+using fin unfolding fresh_def
+by (simp add: supp_of_finite_insert)
+lemma supp_set_empty:
+shows "supp {} = {}"
+unfolding supp_def
+by (simp add: empty_eqvt)
+lemma fresh_set_empty:
+shows "a \<sharp> {}"
+by (simp add: fresh_def supp_set_empty)
+lemma supp_set:
+fixes xs :: "('a::fs) list"
+shows "supp (set xs) = supp xs"
+apply(induct xs)
+apply(simp add: supp_set_empty supp_Nil)
+apply(simp add: supp_Cons supp_of_finite_insert)
+done
+lemma fresh_set:
+fixes xs :: "('a::fs) list"
+shows "a \<sharp> (set xs) \<longleftrightarrow> a \<sharp> xs"
+unfolding fresh_def
+by (simp add: supp_set)
+subsection {* Type @{typ "'a multiset"} is finitely supported *}
+lemma set_of_eqvt[eqvt]:
+shows "p \<bullet> (set_of M) = set_of (p \<bullet> M)"
+by (induct M) (simp_all add: insert_eqvt empty_eqvt)
+lemma supp_set_of:
+shows "supp (set_of M) \<subseteq> supp M"
+apply (rule supp_fun_app_eqvt)
+unfolding eqvt_def
+apply(perm_simp)
+apply(simp)
+done
+lemma Union_finite_multiset:
+fixes M::"'a::fs multiset"
+shows "finite (\<Union>{supp x | x. x \<in># M})"
+proof -
+have "finite (\<Union>(supp ` {x. x \<in># M}))"
+by (induct M) (simp_all add: Collect_imp_eq Collect_neg_eq finite_supp)
+then show "finite (\<Union>{supp x | x. x \<in># M})"
+by (simp only: image_Collect)
+qed
+lemma Union_supports_multiset:
+shows "\<Union>{supp x | x. x :# M} supports M"
+proof -
+have sw: "\<And>a b. ((\<And>x. x :# M \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> x = x) \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> M = M)"
+unfolding permute_multiset_def
+apply(induct M)
+apply(simp_all)
+done
+show "(\<Union>{supp x | x. x :# M}) supports M"
+unfolding supports_def
+apply(clarify)
+apply(rule sw)
+apply(rule swap_fresh_fresh)
+apply(simp_all only: fresh_def)
+apply(auto)
+apply(metis neq0_conv)+
+done
+qed
+lemma Union_included_multiset:
+fixes M::"('a::fs multiset)"
+shows "(\<Union>{supp x | x. x \<in># M}) \<subseteq> supp M"
+proof -
+have "(\<Union>{supp x | x. x \<in># M}) = (\<Union>{supp x | x. x \<in> set_of M})" by simp
+also have "... \<subseteq> (\<Union>x \<in> set_of M. supp x)" by auto
+also have "... = supp (set_of M)" by (simp add: subst supp_of_finite_sets)
+also have " ... \<subseteq> supp M" by (rule supp_set_of)
+finally show "(\<Union>{supp x | x. x \<in># M}) \<subseteq> supp M" .
+qed
+lemma supp_of_multisets:
+fixes M::"('a::fs multiset)"
+shows "(supp M) = (\<Union>{supp x | x. x :# M})"
+apply(rule subset_antisym)
+apply(rule supp_is_subset)
+apply(rule Union_supports_multiset)
+apply(rule Union_finite_multiset)
+apply(rule Union_included_multiset)
+done
+lemma multisets_supp_finite:
+fixes M::"('a::fs multiset)"
+shows "finite (supp M)"
+by (simp only: supp_of_multisets Union_finite_multiset)
+lemma supp_of_multiset_union:
+fixes M N::"('a::fs) multiset"
+shows "supp (M + N) = supp M \<union> supp N"
+by (auto simp add: supp_of_multisets)
+lemma supp_empty_mset [simp]:
+shows "supp {#} = {}"
+unfolding supp_def
+by simp
+instance multiset :: (fs) fs
+apply (default)
+apply (rule multisets_supp_finite)
+done
+subsection {* Type @{typ "'a fset"} is finitely supported *}
+lemma supp_fset [simp]:
+shows "supp (fset S) = supp S"
+unfolding supp_def
+by (simp add: fset_eqvt fset_cong)
+lemma supp_empty_fset [simp]:
+shows "supp {||} = {}"
+unfolding supp_def
+by simp
+lemma fresh_empty_fset:
+shows "a \<sharp> {||}"
+unfolding fresh_def
+by (simp)
+lemma supp_insert_fset [simp]:
+fixes x::"'a::fs"
+and   S::"'a fset"
+shows "supp (insert_fset x S) = supp x \<union> supp S"
+apply(subst supp_fset[symmetric])
+apply(simp add: supp_of_finite_insert)
+done
+lemma fresh_insert_fset:
+fixes x::"'a::fs"
+and   S::"'a fset"
+shows "a \<sharp> insert_fset x S \<longleftrightarrow> a \<sharp> x \<and> a \<sharp> S"
+unfolding fresh_def
+by (simp)
+lemma fset_finite_supp:
+fixes S::"('a::fs) fset"
+shows "finite (supp S)"
+by (induct S) (simp_all add: finite_supp)
+lemma supp_union_fset:
+fixes S T::"'a::fs fset"
+shows "supp (S |\<union>| T) = supp S \<union> supp T"
+by (induct S) (auto)
+lemma fresh_union_fset:
+fixes S T::"'a::fs fset"
+shows "a \<sharp> S |\<union>| T \<longleftrightarrow> a \<sharp> S \<and> a \<sharp> T"
+unfolding fresh_def
+by (simp add: supp_union_fset)
+instance fset :: (fs) fs
+apply (default)
+apply (rule fset_finite_supp)
+done
+section {* Freshness and Fresh-Star *}
+lemma fresh_Unit_elim:
+shows "(a \<sharp> () \<Longrightarrow> PROP C) \<equiv> PROP C"
+by (simp add: fresh_Unit)
+lemma fresh_Pair_elim:
+shows "(a \<sharp> (x, y) \<Longrightarrow> PROP C) \<equiv> (a \<sharp> x \<Longrightarrow> a \<sharp> y \<Longrightarrow> PROP C)"
+by rule (simp_all add: fresh_Pair)
+(* this rule needs to be added before the fresh_prodD is *)
+(* added to the simplifier with mksimps                  *)
+lemma [simp]:
+shows "a \<sharp> x1 \<Longrightarrow> a \<sharp> x2 \<Longrightarrow> a \<sharp> (x1, x2)"
+by (simp add: fresh_Pair)
+lemma fresh_PairD:
+shows "a \<sharp> (x, y) \<Longrightarrow> a \<sharp> x"
+and   "a \<sharp> (x, y) \<Longrightarrow> a \<sharp> y"
+by (simp_all add: fresh_Pair)
+declaration {* fn _ =>
+let
+val mksimps_pairs = (@{const_name Nominal2_Base.fresh}, @{thms fresh_PairD}) :: mksimps_pairs
+in
+Simplifier.map_ss (fn ss => Simplifier.set_mksimps (mksimps mksimps_pairs) ss)
+end
+*}
+text {* The fresh-star generalisation of fresh is used in strong
+induction principles. *}
+definition
+fresh_star :: "atom set \<Rightarrow> 'a::pt \<Rightarrow> bool" ("_ \<sharp>* _" [80,80] 80)
+where
+"as \<sharp>* x \<equiv> \<forall>a \<in> as. a \<sharp> x"
+lemma fresh_star_supp_conv:
+shows "supp x \<sharp>* y \<Longrightarrow> supp y \<sharp>* x"
+by (auto simp add: fresh_star_def fresh_def)
+lemma fresh_star_perm_set_conv:
+fixes p::"perm"
+assumes fresh: "as \<sharp>* p"
+and     fin: "finite as"
+shows "supp p \<sharp>* as"
+apply(rule fresh_star_supp_conv)
+apply(simp add: supp_finite_atom_set fin fresh)
+done
+lemma fresh_star_atom_set_conv:
+assumes fresh: "as \<sharp>* bs"
+and     fin: "finite as" "finite bs"
+shows "bs \<sharp>* as"
+using fresh
+unfolding fresh_star_def fresh_def
+by (auto simp add: supp_finite_atom_set fin)
+lemma atom_fresh_star_disjoint:
+assumes fin: "finite bs"
+shows "as \<sharp>* bs \<longleftrightarrow> (as \<inter> bs = {})"
+unfolding fresh_star_def fresh_def
+by (auto simp add: supp_finite_atom_set fin)
+lemma fresh_star_Pair:
+shows "as \<sharp>* (x, y) = (as \<sharp>* x \<and> as \<sharp>* y)"
+by (auto simp add: fresh_star_def fresh_Pair)
+lemma fresh_star_list:
+shows "as \<sharp>* (xs @ ys) \<longleftrightarrow> as \<sharp>* xs \<and> as \<sharp>* ys"
+and   "as \<sharp>* (x # xs) \<longleftrightarrow> as \<sharp>* x \<and> as \<sharp>* xs"
+and   "as \<sharp>* []"
+by (auto simp add: fresh_star_def fresh_Nil fresh_Cons fresh_append)
+lemma fresh_star_set:
+fixes xs::"('a::fs) list"
+shows "as \<sharp>* set xs \<longleftrightarrow> as \<sharp>* xs"
+unfolding fresh_star_def
+by (simp add: fresh_set)
+lemma fresh_star_singleton:
+fixes a::"atom"
+shows "as \<sharp>* {a} \<longleftrightarrow> as \<sharp>* a"
+by (simp add: fresh_star_def fresh_finite_insert fresh_set_empty)
+lemma fresh_star_fset:
+fixes xs::"('a::fs) list"
+shows "as \<sharp>* fset S \<longleftrightarrow> as \<sharp>* S"
+by (simp add: fresh_star_def fresh_def)
+lemma fresh_star_Un:
+shows "(as \<union> bs) \<sharp>* x = (as \<sharp>* x \<and> bs \<sharp>* x)"
+by (auto simp add: fresh_star_def)
+lemma fresh_star_insert:
+shows "(insert a as) \<sharp>* x = (a \<sharp> x \<and> as \<sharp>* x)"
+by (auto simp add: fresh_star_def)
+lemma fresh_star_Un_elim:
+"((as \<union> bs) \<sharp>* x \<Longrightarrow> PROP C) \<equiv> (as \<sharp>* x \<Longrightarrow> bs \<sharp>* x \<Longrightarrow> PROP C)"
+unfolding fresh_star_def
+apply(rule)
+apply(erule meta_mp)
+apply(auto)
+done
+lemma fresh_star_insert_elim:
+"(insert a as \<sharp>* x \<Longrightarrow> PROP C) \<equiv> (a \<sharp> x \<Longrightarrow> as \<sharp>* x \<Longrightarrow> PROP C)"
+unfolding fresh_star_def
+by rule (simp_all add: fresh_star_def)
+lemma fresh_star_empty_elim:
+"({} \<sharp>* x \<Longrightarrow> PROP C) \<equiv> PROP C"
+by (simp add: fresh_star_def)
+lemma fresh_star_Unit_elim:
+shows "(a \<sharp>* () \<Longrightarrow> PROP C) \<equiv> PROP C"
+by (simp add: fresh_star_def fresh_Unit)
+lemma fresh_star_Pair_elim:
+shows "(a \<sharp>* (x, y) \<Longrightarrow> PROP C) \<equiv> (a \<sharp>* x \<Longrightarrow> a \<sharp>* y \<Longrightarrow> PROP C)"
+by (rule, simp_all add: fresh_star_Pair)
+lemma fresh_star_zero:
+shows "as \<sharp>* (0::perm)"
+unfolding fresh_star_def
+by (simp add: fresh_zero_perm)
+lemma fresh_star_plus:
+fixes p q::perm
+shows "\<lbrakk>a \<sharp>* p;  a \<sharp>* q\<rbrakk> \<Longrightarrow> a \<sharp>* (p + q)"
+unfolding fresh_star_def
+by (simp add: fresh_plus_perm)
+lemma fresh_star_permute_iff:
+shows "(p \<bullet> a) \<sharp>* (p \<bullet> x) \<longleftrightarrow> a \<sharp>* x"
+unfolding fresh_star_def
+by (metis mem_permute_iff permute_minus_cancel(1) fresh_permute_iff)
+lemma fresh_star_eqvt [eqvt]:
+shows "p \<bullet> (as \<sharp>* x) \<longleftrightarrow> (p \<bullet> as) \<sharp>* (p \<bullet> x)"
+unfolding fresh_star_def
+by (perm_simp) (rule refl)
+section {* Induction principle for permutations *}
+lemma smaller_supp:
+assumes a: "a \<in> supp p"
+shows "supp ((p \<bullet> a \<rightleftharpoons> a) + p) \<subset> supp p"
+proof -
+have "supp ((p \<bullet> a \<rightleftharpoons> a) + p) \<subseteq> supp p"
+unfolding supp_perm by (auto simp add: swap_atom)
+moreover
+have "a \<notin> supp ((p \<bullet> a \<rightleftharpoons> a) + p)" by (simp add: supp_perm)
+then have "supp ((p \<bullet> a \<rightleftharpoons> a) + p) \<noteq> supp p" using a by auto
+ultimately
+show "supp ((p \<bullet> a \<rightleftharpoons> a) + p) \<subset> supp p" by auto
+qed
+lemma perm_struct_induct[consumes 1, case_names zero swap]:
+assumes S: "supp p \<subseteq> S"
+and zero: "P 0"
+and swap: "\<And>p a b. \<lbrakk>P p; supp p \<subseteq> S; a \<in> S; b \<in> S; a \<noteq> b; sort_of a = sort_of b\<rbrakk> \<Longrightarrow> P ((a \<rightleftharpoons> b) + p)"
+shows "P p"
+proof -
+have "finite (supp p)" by (simp add: finite_supp)
+then show "P p" using S
+proof(induct A\<equiv>"supp p" arbitrary: p rule: finite_psubset_induct)
+case (psubset p)
+then have ih: "\<And>q. supp q \<subset> supp p \<Longrightarrow> P q" by auto
+have as: "supp p \<subseteq> S" by fact
+{ assume "supp p = {}"
+then have "p = 0" by (simp add: supp_perm perm_eq_iff)
+then have "P p" using zero by simp
+}
+moreover
+{ assume "supp p \<noteq> {}"
+then obtain a where a0: "a \<in> supp p" by blast
+then have a1: "p \<bullet> a \<in> S" "a \<in> S" "sort_of (p \<bullet> a) = sort_of a" "p \<bullet> a \<noteq> a"
+using as by (auto simp add: supp_atom supp_perm swap_atom)
+let ?q = "(p \<bullet> a \<rightleftharpoons> a) + p"
+have a2: "supp ?q \<subset> supp p" using a0 smaller_supp by simp
+then have "P ?q" using ih by simp
+moreover
+have "supp ?q \<subseteq> S" using as a2 by simp
+ultimately  have "P ((p \<bullet> a \<rightleftharpoons> a) + ?q)" using as a1 swap by simp
+moreover
+have "p = (p \<bullet> a \<rightleftharpoons> a) + ?q" by (simp add: perm_eq_iff)
+ultimately have "P p" by simp
+}
+ultimately show "P p" by blast
+qed
+qed
+lemma perm_simple_struct_induct[case_names zero swap]:
+assumes zero: "P 0"
+and     swap: "\<And>p a b. \<lbrakk>P p; a \<noteq> b; sort_of a = sort_of b\<rbrakk> \<Longrightarrow> P ((a \<rightleftharpoons> b) + p)"
+shows "P p"
+by (rule_tac S="supp p" in perm_struct_induct)
+(auto intro: zero swap)
+lemma perm_struct_induct2[consumes 1, case_names zero swap plus]:
+assumes S: "supp p \<subseteq> S"
+assumes zero: "P 0"
+assumes swap: "\<And>a b. \<lbrakk>sort_of a = sort_of b; a \<noteq> b; a \<in> S; b \<in> S\<rbrakk> \<Longrightarrow> P (a \<rightleftharpoons> b)"
+assumes plus: "\<And>p1 p2. \<lbrakk>P p1; P p2; supp p1 \<subseteq> S; supp p2 \<subseteq> S\<rbrakk> \<Longrightarrow> P (p1 + p2)"
+shows "P p"
+using S
+by (induct p rule: perm_struct_induct)
+(auto intro: zero plus swap simp add: supp_swap)
+lemma perm_simple_struct_induct2[case_names zero swap plus]:
+assumes zero: "P 0"
+assumes swap: "\<And>a b. \<lbrakk>sort_of a = sort_of b; a \<noteq> b\<rbrakk> \<Longrightarrow> P (a \<rightleftharpoons> b)"
+assumes plus: "\<And>p1 p2. \<lbrakk>P p1; P p2\<rbrakk> \<Longrightarrow> P (p1 + p2)"
+shows "P p"
+by (rule_tac S="supp p" in perm_struct_induct2)
+(auto intro: zero swap plus)
+lemma supp_perm_singleton:
+fixes p::"perm"
+shows "supp p \<subseteq> {b} \<longleftrightarrow> p = 0"
+proof -
+{ assume "supp p \<subseteq> {b}"
+then have "p = 0"
+by (induct p rule: perm_struct_induct) (simp_all)
+}
+then show "supp p \<subseteq> {b} \<longleftrightarrow> p = 0" by (auto simp add: supp_zero_perm)
+qed
+lemma supp_perm_pair:
+fixes p::"perm"
+shows "supp p \<subseteq> {a, b} \<longleftrightarrow> p = 0 \<or> p = (b \<rightleftharpoons> a)"
+proof -
+{ assume "supp p \<subseteq> {a, b}"
+then have "p = 0 \<or> p = (b \<rightleftharpoons> a)"
+apply (induct p rule: perm_struct_induct)
+apply (auto simp add: swap_cancel supp_zero_perm supp_swap)
+apply (simp add: swap_commute)
+done
+}
+then show "supp p \<subseteq> {a, b} \<longleftrightarrow> p = 0 \<or> p = (b \<rightleftharpoons> a)"
+by (auto simp add: supp_zero_perm supp_swap split: if_splits)
+qed
+lemma supp_perm_eq:
+assumes "(supp x) \<sharp>* p"
+shows "p \<bullet> x = x"
+proof -
+from assms have "supp p \<subseteq> {a. a \<sharp> x}"
+unfolding supp_perm fresh_star_def fresh_def by auto
+then show "p \<bullet> x = x"
+proof (induct p rule: perm_struct_induct)
+case zero
+show "0 \<bullet> x = x" by simp
+next
+case (swap p a b)
+then have "a \<sharp> x" "b \<sharp> x" "p \<bullet> x = x" by simp_all
+then show "((a \<rightleftharpoons> b) + p) \<bullet> x = x" by (simp add: swap_fresh_fresh)
+qed
+qed
+text {* same lemma as above, but proved with a different induction principle *}
+lemma supp_perm_eq_test:
+assumes "(supp x) \<sharp>* p"
+shows "p \<bullet> x = x"
+proof -
+from assms have "supp p \<subseteq> {a. a \<sharp> x}"
+unfolding supp_perm fresh_star_def fresh_def by auto
+then show "p \<bullet> x = x"
+proof (induct p rule: perm_struct_induct2)
+case zero
+show "0 \<bullet> x = x" by simp
+next
+case (swap a b)
+then have "a \<sharp> x" "b \<sharp> x" by simp_all
+then show "(a \<rightleftharpoons> b) \<bullet> x = x" by (simp add: swap_fresh_fresh)
+next
+case (plus p1 p2)
+have "p1 \<bullet> x = x" "p2 \<bullet> x = x" by fact+
+then show "(p1 + p2) \<bullet> x = x" by simp
+qed
+qed
+lemma perm_supp_eq:
+assumes a: "(supp p) \<sharp>* x"
+shows "p \<bullet> x = x"
+proof -
+from assms have "supp p \<subseteq> {a. a \<sharp> x}"
+unfolding supp_perm fresh_star_def fresh_def by auto
+then show "p \<bullet> x = x"
+proof (induct p rule: perm_struct_induct2)
+case zero
+show "0 \<bullet> x = x" by simp
+next
+case (swap a b)
+then have "a \<sharp> x" "b \<sharp> x" by simp_all
+then show "(a \<rightleftharpoons> b) \<bullet> x = x" by (simp add: swap_fresh_fresh)
+next
+case (plus p1 p2)
+have "p1 \<bullet> x = x" "p2 \<bullet> x = x" by fact+
+then show "(p1 + p2) \<bullet> x = x" by simp
+qed
+qed
+lemma supp_perm_perm_eq:
+assumes a: "\<forall>a \<in> supp x. p \<bullet> a = q \<bullet> a"
+shows "p \<bullet> x = q \<bullet> x"
+proof -
+from a have "\<forall>a \<in> supp x. (-q + p) \<bullet> a = a" by simp
+then have "\<forall>a \<in> supp x. a \<notin> supp (-q + p)"
+unfolding supp_perm by simp
+then have "supp x \<sharp>* (-q + p)"
+unfolding fresh_star_def fresh_def by simp
+then have "(-q + p) \<bullet> x = x" by (simp only: supp_perm_eq)
+then show "p \<bullet> x = q \<bullet> x"
+by (metis permute_minus_cancel(1) permute_plus)
+qed
+text {* disagreement set *}
+definition
+dset :: "perm \<Rightarrow> perm \<Rightarrow> atom set"
+where
+"dset p q = {a::atom. p \<bullet> a \<noteq> q \<bullet> a}"
+lemma ds_fresh:
+assumes "dset p q \<sharp>* x"
+shows "p \<bullet> x = q \<bullet> x"
+using assms
+unfolding dset_def fresh_star_def fresh_def
+by (auto intro: supp_perm_perm_eq)
+lemma atom_set_perm_eq:
+assumes a: "as \<sharp>* p"
+shows "p \<bullet> as = as"
+proof -
+from a have "supp p \<subseteq> {a. a \<notin> as}"
+unfolding supp_perm fresh_star_def fresh_def by auto
+then show "p \<bullet> as = as"
+proof (induct p rule: perm_struct_induct)
+case zero
+show "0 \<bullet> as = as" by simp
+next
+case (swap p a b)
+then have "a \<notin> as" "b \<notin> as" "p \<bullet> as = as" by simp_all
+then show "((a \<rightleftharpoons> b) + p) \<bullet> as = as" by (simp add: swap_set_not_in)
+qed
+qed
+section {* Avoiding of atom sets *}
+text {*
+For every set of atoms, there is another set of atoms
+avoiding a finitely supported c and there is a permutation
+which 'translates' between both sets.
+*}
+lemma at_set_avoiding_aux:
+fixes Xs::"atom set"
+and   As::"atom set"
+assumes b: "Xs \<subseteq> As"
+and     c: "finite As"
+shows "\<exists>p. (p \<bullet> Xs) \<inter> As = {} \<and> (supp p) = (Xs \<union> (p \<bullet> Xs))"
+proof -
+from b c have "finite Xs" by (rule finite_subset)
+then show ?thesis using b
+proof (induct rule: finite_subset_induct)
+case empty
+have "0 \<bullet> {} \<inter> As = {}" by simp
+moreover
+have "supp (0::perm) = {} \<union> 0 \<bullet> {}" by (simp add: supp_zero_perm)
+ultimately show ?case by blast
+next
+case (insert x Xs)
+then obtain p where
+p1: "(p \<bullet> Xs) \<inter> As = {}" and
+p2: "supp p = (Xs \<union> (p \<bullet> Xs))" by blast
+from `x \<in> As` p1 have "x \<notin> p \<bullet> Xs" by fast
+with `x \<notin> Xs` p2 have "x \<notin> supp p" by fast
+hence px: "p \<bullet> x = x" unfolding supp_perm by simp
+have "finite (As \<union> p \<bullet> Xs \<union> supp p)"
+using `finite As` `finite Xs`
+by (simp add: permute_set_eq_image finite_supp)
+then obtain y where "y \<notin> (As \<union> p \<bullet> Xs \<union> supp p)" "sort_of y = sort_of x"
+by (rule obtain_atom)
+hence y: "y \<notin> As" "y \<notin> p \<bullet> Xs" "y \<notin> supp p" "sort_of y = sort_of x"
+by simp_all
+hence py: "p \<bullet> y = y" "x \<noteq> y" using `x \<in> As`
+by (auto simp add: supp_perm)
+let ?q = "(x \<rightleftharpoons> y) + p"
+have q: "?q \<bullet> insert x Xs = insert y (p \<bullet> Xs)"
+unfolding insert_eqvt
+using `p \<bullet> x = x` `sort_of y = sort_of x`
+using `x \<notin> p \<bullet> Xs` `y \<notin> p \<bullet> Xs`
+by (simp add: swap_atom swap_set_not_in)
+have "?q \<bullet> insert x Xs \<inter> As = {}"
+using `y \<notin> As` `p \<bullet> Xs \<inter> As = {}`
+unfolding q by simp
+moreover
+have "supp (x \<rightleftharpoons> y) \<inter> supp p = {}" using px py `sort_of y = sort_of x`
+unfolding supp_swap by (simp add: supp_perm)
+then have "supp ?q = (supp (x \<rightleftharpoons> y) \<union> supp p)"
+by (simp add: supp_plus_perm_eq)
+then have "supp ?q = insert x Xs \<union> ?q \<bullet> insert x Xs"
+using p2 `sort_of y = sort_of x` `x \<noteq> y` unfolding q supp_swap
+by auto
+ultimately show ?case by blast
+qed
+qed
+lemma at_set_avoiding:
+assumes a: "finite Xs"
+and     b: "finite (supp c)"
+obtains p::"perm" where "(p \<bullet> Xs)\<sharp>*c" and "(supp p) = (Xs \<union> (p \<bullet> Xs))"
+using a b at_set_avoiding_aux [where Xs="Xs" and As="Xs \<union> supp c"]
+unfolding fresh_star_def fresh_def by blast
+lemma at_set_avoiding1:
+assumes "finite xs"
+and     "finite (supp c)"
+shows "\<exists>p. (p \<bullet> xs) \<sharp>* c"
+using assms
+apply(erule_tac c="c" in at_set_avoiding)
+apply(auto)
+done
+lemma at_set_avoiding2:
+assumes "finite xs"
+and     "finite (supp c)" "finite (supp x)"
+and     "xs \<sharp>* x"
+shows "\<exists>p. (p \<bullet> xs) \<sharp>* c \<and> supp x \<sharp>* p"
+using assms
+apply(erule_tac c="(c, x)" in at_set_avoiding)
+apply(simp add: supp_Pair)
+apply(rule_tac x="p" in exI)
+apply(simp add: fresh_star_Pair)
+apply(rule fresh_star_supp_conv)
+apply(auto simp add: fresh_star_def)
+done
+lemma at_set_avoiding3:
+assumes "finite xs"
+and     "finite (supp c)" "finite (supp x)"
+and     "xs \<sharp>* x"
+shows "\<exists>p. (p \<bullet> xs) \<sharp>* c \<and> supp x \<sharp>* p \<and> supp p = xs \<union> (p \<bullet> xs)"
+using assms
+apply(erule_tac c="(c, x)" in at_set_avoiding)
+apply(simp add: supp_Pair)
+apply(rule_tac x="p" in exI)
+apply(simp add: fresh_star_Pair)
+apply(rule fresh_star_supp_conv)
+apply(auto simp add: fresh_star_def)
+done
+lemma at_set_avoiding2_atom:
+assumes "finite (supp c)" "finite (supp x)"
+and     b: "a \<sharp> x"
+shows "\<exists>p. (p \<bullet> a) \<sharp> c \<and> supp x \<sharp>* p"
+proof -
+have a: "{a} \<sharp>* x" unfolding fresh_star_def by (simp add: b)
+obtain p where p1: "(p \<bullet> {a}) \<sharp>* c" and p2: "supp x \<sharp>* p"
+using at_set_avoiding2[of "{a}" "c" "x"] assms a by blast
+have c: "(p \<bullet> a) \<sharp> c" using p1
+unfolding fresh_star_def Ball_def
+by(erule_tac x="p \<bullet> a" in allE) (simp add: permute_set_def)
+hence "p \<bullet> a \<sharp> c \<and> supp x \<sharp>* p" using p2 by blast
+then show "\<exists>p. (p \<bullet> a) \<sharp> c \<and> supp x \<sharp>* p" by blast
+qed
+section {* Renaming permutations *}
+lemma set_renaming_perm:
+assumes b: "finite bs"
+shows "\<exists>q. (\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> bs \<union> (p \<bullet> bs)"
+using b
+proof (induct)
+case empty
+have "(\<forall>b \<in> {}. 0 \<bullet> b = p \<bullet> b) \<and> supp (0::perm) \<subseteq> {} \<union> p \<bullet> {}"
+by (simp add: permute_set_def supp_perm)
+then show "\<exists>q. (\<forall>b \<in> {}. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> {} \<union> p \<bullet> {}" by blast
+next
+case (insert a bs)
+then have " \<exists>q. (\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> bs \<union> p \<bullet> bs" by simp
+then obtain q where *: "\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b" and **: "supp q \<subseteq> bs \<union> p \<bullet> bs"
+by auto
+{ assume 1: "q \<bullet> a = p \<bullet> a"
+have "\<forall>b \<in> (insert a bs). q \<bullet> b = p \<bullet> b" using 1 * by simp
+moreover
+have "supp q \<subseteq> insert a bs \<union> p \<bullet> insert a bs"
+using ** by (auto simp add: insert_eqvt)
+ultimately
+have "\<exists>q. (\<forall>b \<in> insert a bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> insert a bs \<union> p \<bullet> insert a bs" by blast
+}
+moreover
+{ assume 2: "q \<bullet> a \<noteq> p \<bullet> a"
+def q' \<equiv> "((q \<bullet> a) \<rightleftharpoons> (p \<bullet> a)) + q"
+have "\<forall>b \<in> insert a bs. q' \<bullet> b = p \<bullet> b" using 2 * `a \<notin> bs` unfolding q'_def
+by (auto simp add: swap_atom)
+moreover
+{ have "{q \<bullet> a, p \<bullet> a} \<subseteq> insert a bs \<union> p \<bullet> insert a bs"
+	using **
+	apply (auto simp add: supp_perm insert_eqvt)
+	apply (subgoal_tac "q \<bullet> a \<in> bs \<union> p \<bullet> bs")
+	apply(auto)[1]
+	apply(subgoal_tac "q \<bullet> a \<in> {a. q \<bullet> a \<noteq> a}")
+	apply(blast)
+	apply(simp)
+	done
+then have "supp (q \<bullet> a \<rightleftharpoons> p \<bullet> a) \<subseteq> insert a bs \<union> p \<bullet> insert a bs" by (simp add: supp_swap)
+moreover
+have "supp q \<subseteq> insert a bs \<union> p \<bullet> insert a bs"
+	using ** by (auto simp add: insert_eqvt)
+ultimately
+have "supp q' \<subseteq> insert a bs \<union> p \<bullet> insert a bs"
+unfolding q'_def using supp_plus_perm by blast
+}
+ultimately
+have "\<exists>q. (\<forall>b \<in> insert a bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> insert a bs \<union> p \<bullet> insert a bs" by blast
+}
+ultimately show "\<exists>q. (\<forall>b \<in> insert a bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> insert a bs \<union> p \<bullet> insert a bs"
+by blast
+qed
+lemma set_renaming_perm2:
+shows "\<exists>q. (\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> bs \<union> (p \<bullet> bs)"
+proof -
+have "finite (bs \<inter> supp p)" by (simp add: finite_supp)
+then obtain q
+where *: "\<forall>b \<in> bs \<inter> supp p. q \<bullet> b = p \<bullet> b" and **: "supp q \<subseteq> (bs \<inter> supp p) \<union> (p \<bullet> (bs \<inter> supp p))"
+using set_renaming_perm by blast
+from ** have "supp q \<subseteq> bs \<union> (p \<bullet> bs)" by (auto simp add: inter_eqvt)
+moreover
+have "\<forall>b \<in> bs - supp p. q \<bullet> b = p \<bullet> b"
+apply(auto)
+apply(subgoal_tac "b \<notin> supp q")
+apply(simp add: fresh_def[symmetric])
+apply(simp add: fresh_perm)
+apply(clarify)
+apply(rotate_tac 2)
+apply(drule subsetD[OF **])
+apply(simp add: inter_eqvt supp_eqvt permute_self)
+done
+ultimately have "(\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> bs \<union> (p \<bullet> bs)" using * by auto
+then show "\<exists>q. (\<forall>b \<in> bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> bs \<union> (p \<bullet> bs)" by blast
+qed
+lemma list_renaming_perm:
+shows "\<exists>q. (\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set bs \<union> (p \<bullet> set bs)"
+proof (induct bs)
+case (Cons a bs)
+then have " \<exists>q. (\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set bs \<union> p \<bullet> (set bs)"  by simp
+then obtain q where *: "\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b" and **: "supp q \<subseteq> set bs \<union> p \<bullet> (set bs)"
+by (blast)
+{ assume 1: "a \<in> set bs"
+have "q \<bullet> a = p \<bullet> a" using * 1 by (induct bs) (auto)
+then have "\<forall>b \<in> set (a # bs). q \<bullet> b = p \<bullet> b" using * by simp
+moreover
+have "supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))" using ** by (auto simp add: insert_eqvt)
+ultimately
+have "\<exists>q. (\<forall>b \<in> set (a # bs). q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))" by blast
+}
+moreover
+{ assume 2: "a \<notin> set bs"
+def q' \<equiv> "((q \<bullet> a) \<rightleftharpoons> (p \<bullet> a)) + q"
+have "\<forall>b \<in> set (a # bs). q' \<bullet> b = p \<bullet> b"
+unfolding q'_def using 2 * `a \<notin> set bs` by (auto simp add: swap_atom)
+moreover
+{ have "{q \<bullet> a, p \<bullet> a} \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))"
+	using **
+	apply (auto simp add: supp_perm insert_eqvt)
+	apply (subgoal_tac "q \<bullet> a \<in> set bs \<union> p \<bullet> set bs")
+	apply(auto)[1]
+	apply(subgoal_tac "q \<bullet> a \<in> {a. q \<bullet> a \<noteq> a}")
+	apply(blast)
+	apply(simp)
+	done
+then have "supp (q \<bullet> a \<rightleftharpoons> p \<bullet> a) \<subseteq> set (a # bs) \<union> p \<bullet> set (a # bs)" by (simp add: supp_swap)
+moreover
+have "supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))"
+	using ** by (auto simp add: insert_eqvt)
+ultimately
+have "supp q' \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))"
+unfolding q'_def using supp_plus_perm by blast
+}
+ultimately
+have "\<exists>q. (\<forall>b \<in> set (a # bs).  q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))" by blast
+}
+ultimately show "\<exists>q. (\<forall>b \<in> set (a # bs). q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))"
+by blast
+next
+case Nil
+have "(\<forall>b \<in> set []. 0 \<bullet> b = p \<bullet> b) \<and> supp (0::perm) \<subseteq> set [] \<union> p \<bullet> set []"
+by (simp add: supp_zero_perm)
+then show "\<exists>q. (\<forall>b \<in> set []. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set [] \<union> p \<bullet> (set [])" by blast
+qed
+section {* Concrete Atoms Types *}
+text {*
+Class @{text at_base} allows types containing multiple sorts of atoms.
+Class @{text at} only allows types with a single sort.
+*}
+class at_base = pt +
+fixes atom :: "'a \<Rightarrow> atom"
+assumes atom_eq_iff [simp]: "atom a = atom b \<longleftrightarrow> a = b"
+assumes atom_eqvt: "p \<bullet> (atom a) = atom (p \<bullet> a)"
+declare atom_eqvt[eqvt]
+class at = at_base +
+assumes sort_of_atom_eq [simp]: "sort_of (atom a) = sort_of (atom b)"
+lemma sort_ineq [simp]:
+assumes "sort_of (atom a) \<noteq> sort_of (atom b)"
+shows "atom a \<noteq> atom b"
+using assms by metis
+lemma supp_at_base:
+fixes a::"'a::at_base"
+shows "supp a = {atom a}"
+by (simp add: supp_atom [symmetric] supp_def atom_eqvt)
+lemma fresh_at_base:
+shows  "sort_of a \<noteq> sort_of (atom b) \<Longrightarrow> a \<sharp> b"
+and "a \<sharp> b \<longleftrightarrow> a \<noteq> atom b"
+unfolding fresh_def
+apply(simp_all add: supp_at_base)
+apply(metis)
+done
+lemma fresh_atom_at_base:
+fixes b::"'a::at_base"
+shows "a \<sharp> atom b \<longleftrightarrow> a \<sharp> b"
+by (simp add: fresh_def supp_at_base supp_atom)
+lemma fresh_star_atom_at_base:
+fixes b::"'a::at_base"
+shows "as \<sharp>* atom b \<longleftrightarrow> as \<sharp>* b"
+by (simp add: fresh_star_def fresh_atom_at_base)
+instance at_base < fs
+proof qed (simp add: supp_at_base)
+lemma at_base_infinite [simp]:
+shows "infinite (UNIV :: 'a::at_base set)" (is "infinite ?U")
+proof
+obtain a :: 'a where "True" by auto
+assume "finite ?U"
+hence "finite (atom ` ?U)"
+by (rule finite_imageI)
+then obtain b where b: "b \<notin> atom ` ?U" "sort_of b = sort_of (atom a)"
+by (rule obtain_atom)
+from b(2) have "b = atom ((atom a \<rightleftharpoons> b) \<bullet> a)"
+unfolding atom_eqvt [symmetric]
+by (simp add: swap_atom)
+hence "b \<in> atom ` ?U" by simp
+with b(1) show "False" by simp
+qed
+lemma swap_at_base_simps [simp]:
+fixes x y::"'a::at_base"
+shows "sort_of (atom x) = sort_of (atom y) \<Longrightarrow> (atom x \<rightleftharpoons> atom y) \<bullet> x = y"
+and   "sort_of (atom x) = sort_of (atom y) \<Longrightarrow> (atom x \<rightleftharpoons> atom y) \<bullet> y = x"
+and   "atom x \<noteq> a \<Longrightarrow> atom x \<noteq> b \<Longrightarrow> (a \<rightleftharpoons> b) \<bullet> x = x"
+unfolding atom_eq_iff [symmetric]
+unfolding atom_eqvt [symmetric]
+by simp_all
+lemma obtain_at_base:
+assumes X: "finite X"
+obtains a::"'a::at_base" where "atom a \<notin> X"
+proof -
+have "inj (atom :: 'a \<Rightarrow> atom)"
+by (simp add: inj_on_def)
+with X have "finite (atom -` X :: 'a set)"
+by (rule finite_vimageI)
+with at_base_infinite have "atom -` X \<noteq> (UNIV :: 'a set)"
+by auto
+then obtain a :: 'a where "atom a \<notin> X"
+by auto
+thus ?thesis ..
+qed
+lemma obtain_fresh':
+assumes fin: "finite (supp x)"
+obtains a::"'a::at_base" where "atom a \<sharp> x"
+using obtain_at_base[where X="supp x"]
+by (auto simp add: fresh_def fin)
+lemma obtain_fresh:
+fixes x::"'b::fs"
+obtains a::"'a::at_base" where "atom a \<sharp> x"
+by (rule obtain_fresh') (auto simp add: finite_supp)
+lemma supp_finite_set_at_base:
+assumes a: "finite S"
+shows "supp S = atom ` S"
+apply(simp add: supp_of_finite_sets[OF a])
+apply(simp add: supp_at_base)
+apply(auto)
+done
+(* FIXME
+lemma supp_cofinite_set_at_base:
+assumes a: "finite (UNIV - S)"
+shows "supp S = atom ` (UNIV - S)"
+apply(rule finite_supp_unique)
+*)
+lemma fresh_finite_set_at_base:
+fixes a::"'a::at_base"
+assumes a: "finite S"
+shows "atom a \<sharp> S \<longleftrightarrow> a \<notin> S"
+unfolding fresh_def
+apply(simp add: supp_finite_set_at_base[OF a])
+apply(subst inj_image_mem_iff)
+apply(simp add: inj_on_def)
+apply(simp)
+done
+lemma fresh_at_base_permute_iff [simp]:
+fixes a::"'a::at_base"
+shows "atom (p \<bullet> a) \<sharp> p \<bullet> x \<longleftrightarrow> atom a \<sharp> x"
+unfolding atom_eqvt[symmetric]
+by (simp add: fresh_permute_iff)
+section {* Infrastructure for concrete atom types *}
+definition
+flip :: "'a::at_base \<Rightarrow> 'a \<Rightarrow> perm" ("'(_ \<leftrightarrow> _')")
+where
+"(a \<leftrightarrow> b) = (atom a \<rightleftharpoons> atom b)"
+lemma flip_self [simp]: "(a \<leftrightarrow> a) = 0"
+unfolding flip_def by (rule swap_self)
+lemma flip_commute: "(a \<leftrightarrow> b) = (b \<leftrightarrow> a)"
+unfolding flip_def by (rule swap_commute)
+lemma minus_flip [simp]: "- (a \<leftrightarrow> b) = (a \<leftrightarrow> b)"
+unfolding flip_def by (rule minus_swap)
+lemma add_flip_cancel: "(a \<leftrightarrow> b) + (a \<leftrightarrow> b) = 0"
+unfolding flip_def by (rule swap_cancel)
+lemma permute_flip_cancel [simp]: "(a \<leftrightarrow> b) \<bullet> (a \<leftrightarrow> b) \<bullet> x = x"
+unfolding permute_plus [symmetric] add_flip_cancel by simp
+lemma permute_flip_cancel2 [simp]: "(a \<leftrightarrow> b) \<bullet> (b \<leftrightarrow> a) \<bullet> x = x"
+by (simp add: flip_commute)
+lemma flip_eqvt [eqvt]:
+fixes a b c::"'a::at_base"
+shows "p \<bullet> (a \<leftrightarrow> b) = (p \<bullet> a \<leftrightarrow> p \<bullet> b)"
+unfolding flip_def
+by (simp add: swap_eqvt atom_eqvt)
+lemma flip_at_base_simps [simp]:
+shows "sort_of (atom a) = sort_of (atom b) \<Longrightarrow> (a \<leftrightarrow> b) \<bullet> a = b"
+and   "sort_of (atom a) = sort_of (atom b) \<Longrightarrow> (a \<leftrightarrow> b) \<bullet> b = a"
+and   "\<lbrakk>a \<noteq> c; b \<noteq> c\<rbrakk> \<Longrightarrow> (a \<leftrightarrow> b) \<bullet> c = c"
+and   "sort_of (atom a) \<noteq> sort_of (atom b) \<Longrightarrow> (a \<leftrightarrow> b) \<bullet> x = x"
+unfolding flip_def
+unfolding atom_eq_iff [symmetric]
+unfolding atom_eqvt [symmetric]
+by simp_all
+text {* the following two lemmas do not hold for at_base,
+only for single sort atoms from at *}
+lemma permute_flip_at:
+fixes a b c::"'a::at"
+shows "(a \<leftrightarrow> b) \<bullet> c = (if c = a then b else if c = b then a else c)"
+unfolding flip_def
+apply (rule atom_eq_iff [THEN iffD1])
+apply (subst atom_eqvt [symmetric])
+apply (simp add: swap_atom)
+done
+lemma flip_at_simps [simp]:
+fixes a b::"'a::at"
+shows "(a \<leftrightarrow> b) \<bullet> a = b"
+and   "(a \<leftrightarrow> b) \<bullet> b = a"
+unfolding permute_flip_at by simp_all
+lemma flip_fresh_fresh:
+fixes a b::"'a::at_base"
+assumes "atom a \<sharp> x" "atom b \<sharp> x"
+shows "(a \<leftrightarrow> b) \<bullet> x = x"
+using assms
+by (simp add: flip_def swap_fresh_fresh)
+subsection {* Syntax for coercing at-elements to the atom-type *}
+syntax
+"_atom_constrain" :: "logic \<Rightarrow> type \<Rightarrow> logic" ("_:::_" [4, 0] 3)
+translations
+"_atom_constrain a t" => "CONST atom (_constrain a t)"
+subsection {* A lemma for proving instances of class @{text at}. *}
+setup {* Sign.add_const_constraint (@{const_name "permute"}, NONE) *}
+setup {* Sign.add_const_constraint (@{const_name "atom"}, NONE) *}
+text {*
+New atom types are defined as subtypes of @{typ atom}.
+*}
+lemma exists_eq_simple_sort:
+shows "\<exists>a. a \<in> {a. sort_of a = s}"
+by (rule_tac x="Atom s 0" in exI, simp)
+lemma exists_eq_sort:
+shows "\<exists>a. a \<in> {a. sort_of a \<in> range sort_fun}"
+by (rule_tac x="Atom (sort_fun x) y" in exI, simp)
+lemma at_base_class:
+fixes sort_fun :: "'b \<Rightarrow> atom_sort"
+fixes Rep :: "'a \<Rightarrow> atom" and Abs :: "atom \<Rightarrow> 'a"
+assumes type: "type_definition Rep Abs {a. sort_of a \<in> range sort_fun}"
+assumes atom_def: "\<And>a. atom a = Rep a"
+assumes permute_def: "\<And>p a. p \<bullet> a = Abs (p \<bullet> Rep a)"
+shows "OFCLASS('a, at_base_class)"
+proof
+interpret type_definition Rep Abs "{a. sort_of a \<in> range sort_fun}" by (rule type)
+have sort_of_Rep: "\<And>a. sort_of (Rep a) \<in> range sort_fun" using Rep by simp
+fix a b :: 'a and p p1 p2 :: perm
+show "0 \<bullet> a = a"
+unfolding permute_def by (simp add: Rep_inverse)
+show "(p1 + p2) \<bullet> a = p1 \<bullet> p2 \<bullet> a"
+unfolding permute_def by (simp add: Abs_inverse sort_of_Rep)
+show "atom a = atom b \<longleftrightarrow> a = b"
+unfolding atom_def by (simp add: Rep_inject)
+show "p \<bullet> atom a = atom (p \<bullet> a)"
+unfolding permute_def atom_def by (simp add: Abs_inverse sort_of_Rep)
+qed
+(*
+lemma at_class:
+fixes s :: atom_sort
+fixes Rep :: "'a \<Rightarrow> atom" and Abs :: "atom \<Rightarrow> 'a"
+assumes type: "type_definition Rep Abs {a. sort_of a \<in> range (\<lambda>x::unit. s)}"
+assumes atom_def: "\<And>a. atom a = Rep a"
+assumes permute_def: "\<And>p a. p \<bullet> a = Abs (p \<bullet> Rep a)"
+shows "OFCLASS('a, at_class)"
+proof
+interpret type_definition Rep Abs "{a. sort_of a \<in> range (\<lambda>x::unit. s)}" by (rule type)
+have sort_of_Rep: "\<And>a. sort_of (Rep a) = s" using Rep by (simp add: image_def)
+fix a b :: 'a and p p1 p2 :: perm
+show "0 \<bullet> a = a"
+unfolding permute_def by (simp add: Rep_inverse)
+show "(p1 + p2) \<bullet> a = p1 \<bullet> p2 \<bullet> a"
+unfolding permute_def by (simp add: Abs_inverse sort_of_Rep)
+show "sort_of (atom a) = sort_of (atom b)"
+unfolding atom_def by (simp add: sort_of_Rep)
+show "atom a = atom b \<longleftrightarrow> a = b"
+unfolding atom_def by (simp add: Rep_inject)
+show "p \<bullet> atom a = atom (p \<bullet> a)"
+unfolding permute_def atom_def by (simp add: Abs_inverse sort_of_Rep)
+qed
+*)
+lemma at_class:
+fixes s :: atom_sort
+fixes Rep :: "'a \<Rightarrow> atom" and Abs :: "atom \<Rightarrow> 'a"
+assumes type: "type_definition Rep Abs {a. sort_of a = s}"
+assumes atom_def: "\<And>a. atom a = Rep a"
+assumes permute_def: "\<And>p a. p \<bullet> a = Abs (p \<bullet> Rep a)"
+shows "OFCLASS('a, at_class)"
+proof
+interpret type_definition Rep Abs "{a. sort_of a = s}" by (rule type)
+have sort_of_Rep: "\<And>a. sort_of (Rep a) = s" using Rep by (simp add: image_def)
+fix a b :: 'a and p p1 p2 :: perm
+show "0 \<bullet> a = a"
+unfolding permute_def by (simp add: Rep_inverse)
+show "(p1 + p2) \<bullet> a = p1 \<bullet> p2 \<bullet> a"
+unfolding permute_def by (simp add: Abs_inverse sort_of_Rep)
+show "sort_of (atom a) = sort_of (atom b)"
+unfolding atom_def by (simp add: sort_of_Rep)
+show "atom a = atom b \<longleftrightarrow> a = b"
+unfolding atom_def by (simp add: Rep_inject)
+show "p \<bullet> atom a = atom (p \<bullet> a)"
+unfolding permute_def atom_def by (simp add: Abs_inverse sort_of_Rep)
+qed
+lemma at_class_sort:
+fixes s :: atom_sort
+fixes Rep :: "'a \<Rightarrow> atom" and Abs :: "atom \<Rightarrow> 'a"
+fixes a::"'a"
+assumes type: "type_definition Rep Abs {a. sort_of a = s}"
+assumes atom_def: "\<And>a. atom a = Rep a"
+shows "sort_of (atom a) = s"
+using atom_def type
+unfolding type_definition_def by simp
+setup {* Sign.add_const_constraint
+(@{const_name "permute"}, SOME @{typ "perm \<Rightarrow> 'a::pt \<Rightarrow> 'a"}) *}
+setup {* Sign.add_const_constraint
+(@{const_name "atom"}, SOME @{typ "'a::at_base \<Rightarrow> atom"}) *}
+section {* The freshness lemma according to Andy Pitts *}
+lemma freshness_lemma:
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "\<exists>a. atom a \<sharp> (h, h a)"
+shows  "\<exists>x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x"
+proof -
+from a obtain b where a1: "atom b \<sharp> h" and a2: "atom b \<sharp> h b"
+by (auto simp add: fresh_Pair)
+show "\<exists>x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x"
+proof (intro exI allI impI)
+fix a :: 'a
+assume a3: "atom a \<sharp> h"
+show "h a = h b"
+proof (cases "a = b")
+assume "a = b"
+thus "h a = h b" by simp
+next
+assume "a \<noteq> b"
+hence "atom a \<sharp> b" by (simp add: fresh_at_base)
+with a3 have "atom a \<sharp> h b"
+by (rule fresh_fun_app)
+with a2 have d1: "(atom b \<rightleftharpoons> atom a) \<bullet> (h b) = (h b)"
+by (rule swap_fresh_fresh)
+from a1 a3 have d2: "(atom b \<rightleftharpoons> atom a) \<bullet> h = h"
+by (rule swap_fresh_fresh)
+from d1 have "h b = (atom b \<rightleftharpoons> atom a) \<bullet> (h b)" by simp
+also have "\<dots> = ((atom b \<rightleftharpoons> atom a) \<bullet> h) ((atom b \<rightleftharpoons> atom a) \<bullet> b)"
+by (rule permute_fun_app_eq)
+also have "\<dots> = h a"
+using d2 by simp
+finally show "h a = h b"  by simp
+qed
+qed
+qed
+lemma freshness_lemma_unique:
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "\<exists>a. atom a \<sharp> (h, h a)"
+shows "\<exists>!x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x"
+proof (rule ex_ex1I)
+from a show "\<exists>x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x"
+by (rule freshness_lemma)
+next
+fix x y
+assume x: "\<forall>a. atom a \<sharp> h \<longrightarrow> h a = x"
+assume y: "\<forall>a. atom a \<sharp> h \<longrightarrow> h a = y"
+from a x y show "x = y"
+by (auto simp add: fresh_Pair)
+qed
+text {* packaging the freshness lemma into a function *}
+definition
+fresh_fun :: "('a::at \<Rightarrow> 'b::pt) \<Rightarrow> 'b"
+where
+"fresh_fun h = (THE x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x)"
+lemma fresh_fun_apply:
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "\<exists>a. atom a \<sharp> (h, h a)"
+assumes b: "atom a \<sharp> h"
+shows "fresh_fun h = h a"
+unfolding fresh_fun_def
+proof (rule the_equality)
+show "\<forall>a'. atom a' \<sharp> h \<longrightarrow> h a' = h a"
+proof (intro strip)
+fix a':: 'a
+assume c: "atom a' \<sharp> h"
+from a have "\<exists>x. \<forall>a. atom a \<sharp> h \<longrightarrow> h a = x" by (rule freshness_lemma)
+with b c show "h a' = h a" by auto
+qed
+next
+fix fr :: 'b
+assume "\<forall>a. atom a \<sharp> h \<longrightarrow> h a = fr"
+with b show "fr = h a" by auto
+qed
+lemma fresh_fun_apply':
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "atom a \<sharp> h" "atom a \<sharp> h a"
+shows "fresh_fun h = h a"
+apply (rule fresh_fun_apply)
+apply (auto simp add: fresh_Pair intro: a)
+done
+lemma fresh_fun_eqvt:
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "\<exists>a. atom a \<sharp> (h, h a)"
+shows "p \<bullet> (fresh_fun h) = fresh_fun (p \<bullet> h)"
+using a
+apply (clarsimp simp add: fresh_Pair)
+apply (subst fresh_fun_apply', assumption+)
+apply (drule fresh_permute_iff [where p=p, THEN iffD2])
+apply (drule fresh_permute_iff [where p=p, THEN iffD2])
+apply (simp only: atom_eqvt permute_fun_app_eq [where f=h])
+apply (erule (1) fresh_fun_apply' [symmetric])
+done
+lemma fresh_fun_supports:
+fixes h :: "'a::at \<Rightarrow> 'b::pt"
+assumes a: "\<exists>a. atom a \<sharp> (h, h a)"
+shows "(supp h) supports (fresh_fun h)"
+apply (simp add: supports_def fresh_def [symmetric])
+apply (simp add: fresh_fun_eqvt [OF a] swap_fresh_fresh)
+done
+notation fresh_fun (binder "FRESH " 10)
+lemma FRESH_f_iff:
+fixes P :: "'a::at \<Rightarrow> 'b::pure"
+fixes f :: "'b \<Rightarrow> 'c::pure"
+assumes P: "finite (supp P)"
+shows "(FRESH x. f (P x)) = f (FRESH x. P x)"
+proof -
+obtain a::'a where "atom a \<sharp> P" using P by (rule obtain_fresh')
+show "(FRESH x. f (P x)) = f (FRESH x. P x)"
+apply (subst fresh_fun_apply' [where a=a, OF _ pure_fresh])
+apply (cut_tac `atom a \<sharp> P`)
+apply (simp add: fresh_conv_MOST)
+apply (elim MOST_rev_mp, rule MOST_I, clarify)
+apply (simp add: permute_fun_def permute_pure fun_eq_iff)
+apply (subst fresh_fun_apply' [where a=a, OF `atom a \<sharp> P` pure_fresh])
+apply (rule refl)
+done
+qed
+lemma FRESH_binop_iff:
+fixes P :: "'a::at \<Rightarrow> 'b::pure"
+fixes Q :: "'a::at \<Rightarrow> 'c::pure"
+fixes binop :: "'b \<Rightarrow> 'c \<Rightarrow> 'd::pure"
+assumes P: "finite (supp P)"
+and     Q: "finite (supp Q)"
+shows "(FRESH x. binop (P x) (Q x)) = binop (FRESH x. P x) (FRESH x. Q x)"
+proof -
+from assms have "finite (supp (P, Q))" by (simp add: supp_Pair)
+then obtain a::'a where "atom a \<sharp> (P, Q)" by (rule obtain_fresh')
+then have "atom a \<sharp> P" and "atom a \<sharp> Q" by (simp_all add: fresh_Pair)
+show ?thesis
+apply (subst fresh_fun_apply' [where a=a, OF _ pure_fresh])
+apply (cut_tac `atom a \<sharp> P` `atom a \<sharp> Q`)
+apply (simp add: fresh_conv_MOST)
+apply (elim MOST_rev_mp, rule MOST_I, clarify)
+apply (simp add: permute_fun_def permute_pure fun_eq_iff)
+apply (subst fresh_fun_apply' [where a=a, OF `atom a \<sharp> P` pure_fresh])
+apply (subst fresh_fun_apply' [where a=a, OF `atom a \<sharp> Q` pure_fresh])
+apply (rule refl)
+done
+qed
+lemma FRESH_conj_iff:
+fixes P Q :: "'a::at \<Rightarrow> bool"
+assumes P: "finite (supp P)" and Q: "finite (supp Q)"
+shows "(FRESH x. P x \<and> Q x) \<longleftrightarrow> (FRESH x. P x) \<and> (FRESH x. Q x)"
+using P Q by (rule FRESH_binop_iff)
+lemma FRESH_disj_iff:
+fixes P Q :: "'a::at \<Rightarrow> bool"
+assumes P: "finite (supp P)" and Q: "finite (supp Q)"
+shows "(FRESH x. P x \<or> Q x) \<longleftrightarrow> (FRESH x. P x) \<or> (FRESH x. Q x)"
+using P Q by (rule FRESH_binop_iff)
+section {* Library functions for the nominal infrastructure *}
+use "nominal_library.ML"
+section {* Automation for creating concrete atom types *}
+text {* at the moment only single-sort concrete atoms are supported *}
+use "nominal_atoms.ML"
+section {* automatic equivariance procedure for inductive definitions *}
+use "nominal_eqvt.ML"
+end

changeset 3139	e05c033d69c1
child 3147	d24e70483051