text‹\chapter[Semantics Equivalence]{Equivalence of the Operational and Denotational Semantics}›
theory Coinductive_Prop
imports
SymbolicPrimitive
Operational
Denotational
begin
section ‹Stepwise denotational interpretation of TESL atoms›
text ‹
In order to prove the equivalence of the denotational and operational semantics,
we need to be able to ignore the past (for which the constraints are encoded
in the context) and consider only the satisfaction of the constraints from
a given instant index.
For this purpose, we define an interpretation of TESL formulae for a suffix of a run.
That interpretation is closely related to the denotational semantics as
defined in the preceding chapters.
›
fun TESL_interpretation_atomic_stepwise
:: ‹('τ::linordered_field) TESL_atomic ⇒ nat ⇒ 'τ run set› (‹⟦ _ ⟧⇩T⇩E⇩S⇩L⇗≥ _⇖›)
where
‹⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∃n≥i. ticks ((Rep_run ρ) n C⇩1) ∧ time ((Rep_run ρ) n C⇩2) = τ}›
| ‹⟦ C⇩1 sporadic♯ ⦇τ⇩v⇩a⇩r(C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∃n≥i. ticks ((Rep_run ρ) n C⇩1)
∧ time ((Rep_run ρ) n C⇩2) = time ((Rep_run ρ) n⇩p⇩a⇩s⇩t C⇩p⇩a⇩s⇩t) + δτ }›
| ‹⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. R (time ((Rep_run ρ) n C⇩1), time ((Rep_run ρ) n C⇩2))}›
| ‹⟦ master implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. ticks ((Rep_run ρ) n master) ⟶ ticks ((Rep_run ρ) n slave)}›
| ‹⟦ master implies not slave ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. ticks ((Rep_run ρ) n master) ⟶ ¬ ticks ((Rep_run ρ) n slave)}›
| ‹⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. ticks ((Rep_run ρ) n master) ⟶
(let measured_time = time ((Rep_run ρ) n measuring) in
∀m ≥ n. first_time ρ measuring m (measured_time + δτ)
⟶ ticks ((Rep_run ρ) m slave)
)
}›
| ‹⟦ master time-delayed⨝ by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. ticks ((Rep_run ρ) n master) ⟶
(let measured_time = time ((Rep_run ρ) n measuring) in
∃m ≥ n. ticks ((Rep_run ρ) m slave)
∧ time ((Rep_run ρ) m measuring) = measured_time + δτ
)
}›
| ‹⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. (run_tick_count ρ C⇩2 n) ≤ (run_tick_count ρ C⇩1 n)}›
| ‹⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. (run_tick_count ρ C⇩2 n) ≤ (run_tick_count_strictly ρ C⇩1 n)}›
| ‹⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ i⇖ =
{ρ. ∀n≥i. ticks ((Rep_run ρ) n C⇩1) ⟶ (∀m≥n. ¬ ticks ((Rep_run ρ) m C⇩2))}›
text ‹
The denotational interpretation of TESL formulae can be unfolded into the
stepwise interpretation.
›
lemma TESL_interp_unfold_stepwise_sporadicon:
‹⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L = ⋃ {Y. ∃n::nat. Y = ⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_sporadicon_tvar:
‹⟦ C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2 ⟧⇩T⇩E⇩S⇩L = ⋃ {Y. ∃n::nat. Y = ⟦ C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
proof (induction τ⇩e⇩x⇩p⇩r)
case (AddDelay x1a τ)
then show ?case
proof (induction x1a)
case (TSchematic xa)
then show ?case
proof (induction xa)
case (Pair K n')
then show ?case by auto
qed
qed
qed
lemma TESL_interp_unfold_stepwise_tagrelgen:
‹⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat. Y = ⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_implies:
‹⟦ master implies slave ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat. Y = ⟦ master implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_implies_not:
‹⟦ master implies not slave ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat. Y = ⟦ master implies not slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_timedelayed:
‹⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat.
Y = ⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_timedelayed_tvar:
‹⟦ master time-delayed⨝ by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat.
Y = ⟦ master time-delayed⨝ by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_weakly_precedes:
‹⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat. Y = ⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_strictly_precedes:
‹⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L
= ⋂ {Y. ∃n::nat. Y = ⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
lemma TESL_interp_unfold_stepwise_kills:
‹⟦ master kills slave ⟧⇩T⇩E⇩S⇩L = ⋂ {Y. ∃n::nat. Y = ⟦ master kills slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
by auto
text ‹
Positive atomic formulae (the ones that create ticks from nothing) are unfolded
as the union of the stepwise interpretations.
›
theorem TESL_interp_unfold_stepwise_positive_atoms:
assumes ‹positive_atom φ›
shows ‹⟦ φ::'τ::linordered_field TESL_atomic ⟧⇩T⇩E⇩S⇩L
= ⋃ {Y. ∃n::nat. Y = ⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
proof (cases φ)
case SporadicOn thus ?thesis using TESL_interp_unfold_stepwise_sporadicon by simp
next
case SporadicOnTvar thus ?thesis using TESL_interp_unfold_stepwise_sporadicon_tvar by simp
next
case TagRelation thus ?thesis using assms by simp
next
case Implies thus ?thesis using assms by simp
next
case ImpliesNot thus ?thesis using assms by simp
next
case TimeDelayedBy thus ?thesis using assms by simp
next
case RelaxedTimeDelayed thus ?thesis using assms by simp
next
case WeaklyPrecedes thus ?thesis using assms by simp
next
case StrictlyPrecedes thus ?thesis using assms by simp
next
case Kills thus ?thesis using assms by simp
qed
text ‹
Negative atomic formulae are unfolded
as the intersection of the stepwise interpretations.
›
theorem TESL_interp_unfold_stepwise_negative_atoms:
assumes ‹¬ positive_atom φ›
shows ‹⟦ φ ⟧⇩T⇩E⇩S⇩L = ⋂ {Y. ∃n::nat. Y = ⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖}›
proof (cases φ)
case SporadicOn thus ?thesis using assms by simp
next
case SporadicOnTvar thus ?thesis using assms by simp
next
case TagRelation
thus ?thesis using TESL_interp_unfold_stepwise_tagrelgen by simp
next
case Implies
thus ?thesis using TESL_interp_unfold_stepwise_implies by simp
next
case ImpliesNot
thus ?thesis using TESL_interp_unfold_stepwise_implies_not by simp
next
case TimeDelayedBy
thus ?thesis using TESL_interp_unfold_stepwise_timedelayed by simp
next
case RelaxedTimeDelayed
thus ?thesis using TESL_interp_unfold_stepwise_timedelayed_tvar by simp
next
case WeaklyPrecedes
thus ?thesis
using TESL_interp_unfold_stepwise_weakly_precedes by simp
next
case StrictlyPrecedes
thus ?thesis
using TESL_interp_unfold_stepwise_strictly_precedes by simp
next
case Kills
thus ?thesis
using TESL_interp_unfold_stepwise_kills by simp
qed
text ‹
Some useful lemmas for reasoning on properties of sequences.
›
lemma forall_nat_expansion:
‹(∀n ≥ (n⇩0::nat). P n) = (P n⇩0 ∧ (∀n ≥ Suc n⇩0. P n))›
proof -
have ‹(∀n ≥ (n⇩0::nat). P n) = (∀n. (n = n⇩0 ∨ n > n⇩0) ⟶ P n)›
using le_less by blast
also have ‹... = (P n⇩0 ∧ (∀n > n⇩0. P n))› by blast
finally show ?thesis using Suc_le_eq by simp
qed
lemma exists_nat_expansion:
‹(∃n ≥ (n⇩0::nat). P n) = (P n⇩0 ∨ (∃n ≥ Suc n⇩0. P n))›
proof -
have ‹(∃n ≥ (n⇩0::nat). P n) = (∃n. (n = n⇩0 ∨ n > n⇩0) ∧ P n)›
using le_less by blast
also have ‹... = (∃n. (P n⇩0) ∨ (n > n⇩0 ∧ P n))› by blast
finally show ?thesis using Suc_le_eq by simp
qed
lemma forall_nat_set_suc:‹{x. ∀m ≥ n. P x m} = {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}›
proof
{ fix x assume h:‹x ∈ {x. ∀m ≥ n. P x m}›
hence ‹P x n› by simp
moreover from h have ‹x ∈ {x. ∀m ≥ Suc n. P x m}› by simp
ultimately have ‹x ∈ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}› by simp
} thus ‹{x. ∀m ≥ n. P x m} ⊆ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}› ..
next
{ fix x assume h:‹x ∈ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}›
hence ‹P x n› by simp
moreover from h have ‹∀m ≥ Suc n. P x m› by simp
ultimately have ‹∀m ≥ n. P x m› using forall_nat_expansion by blast
hence ‹x ∈ {x. ∀m ≥ n. P x m}› by simp
} thus ‹{x. P x n} ∩ {x. ∀m ≥ Suc n. P x m} ⊆ {x. ∀m ≥ n. P x m}› ..
qed
lemma exists_nat_set_suc:‹{x. ∃m ≥ n. P x m} = {x. P x n} ∪ {x. ∃m ≥ Suc n. P x m}›
proof
{ fix x assume h:‹x ∈ {x. ∃m ≥ n. P x m}›
hence ‹x ∈ {x. ∃m. (m = n ∨ m ≥ Suc n) ∧ P x m}›
using Suc_le_eq antisym_conv2 by fastforce
hence ‹x ∈ {x. P x n} ∪ {x. ∃m ≥ Suc n. P x m}› by blast
} thus ‹{x. ∃m ≥ n. P x m} ⊆ {x. P x n} ∪ {x. ∃m ≥ Suc n. P x m}› ..
next
{ fix x assume h:‹x ∈ {x. P x n} ∪ {x. ∃m ≥ Suc n. P x m}›
hence ‹x ∈ {x. ∃m ≥ n. P x m}› using Suc_leD by blast
} thus ‹{x. P x n} ∪ {x. ∃m ≥ Suc n. P x m} ⊆ {x. ∃m ≥ n. P x m}› ..
qed
section ‹Coinduction Unfolding Properties›
text ‹
The following lemmas show how to shorten a suffix, i.e. to unfold one instant
in the construction of a run. They correspond to the rules of the operational
semantics.
›
lemma TESL_interp_stepwise_sporadicon_coind_unfold:
‹⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇓ n @ τ ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term sporadic_on_e2}›
∪ ⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
unfolding TESL_interpretation_atomic_stepwise.simps(1)
symbolic_run_interpretation_primitive.simps(1,6)
using exists_nat_set_suc[of ‹n› ‹λρ n. ticks (Rep_run ρ n C⇩1)
∧ time (Rep_run ρ n C⇩2) = τ›]
by (simp add: Collect_conj_eq)
lemma TESL_interp_stepwise_sporadicon_tvar_coind_unfold:
‹⟦ C⇩1 sporadic♯ ⦇τ⇩v⇩a⇩r(K, n') ⊕ τ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇓ n @♯ ⦇τ⇩v⇩a⇩r(K, n') ⊕ τ⦈ ⟧⇩p⇩r⇩i⇩m
∪ ⟦ C⇩1 sporadic♯ ⦇τ⇩v⇩a⇩r(K, n') ⊕ τ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ ρ. ∃m≥n. ticks ((Rep_run ρ) m C⇩1) = True ∧ time ((Rep_run ρ) m C⇩2) = time ((Rep_run ρ) n' K) + τ }
= { ρ. ticks ((Rep_run ρ) n C⇩1) = True ∧ time ((Rep_run ρ) n C⇩2) = time ((Rep_run ρ) n' K) + τ
∨ (∃m≥Suc n. ticks ((Rep_run ρ) m C⇩1) = True ∧ time ((Rep_run ρ) m C⇩2) = time ((Rep_run ρ) n' K) + τ) }›
using Suc_leD not_less_eq_eq by fastforce
then show ?thesis by auto
qed
lemma TESL_interp_stepwise_sporadicon_tvar_coind_unfold2:
‹⟦ C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇓ n @♯ τ⇩e⇩x⇩p⇩r ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term sporadic_on_tvar_e2}›
∪ ⟦ C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
from tag_expr.exhaust obtain v τ where ‹ τ⇩e⇩x⇩p⇩r=⦇ v ⊕ τ ⦈› by blast
moreover from tag_var.exhaust obtain K n where ‹v=τ⇩v⇩a⇩r(K, n)› by auto
ultimately have ‹τ⇩e⇩x⇩p⇩r=⦇ τ⇩v⇩a⇩r(K, n) ⊕ τ ⦈› by simp
thus ?thesis using TESL_interp_stepwise_sporadicon_tvar_coind_unfold by blast
qed
lemma TESL_interp_stepwise_tagrel_coind_unfold:
‹⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ― ‹rule @{term tagrel_e}›
⟦ ⌊τ⇩v⇩a⇩r(C⇩1, n), τ⇩v⇩a⇩r(C⇩2, n)⌋ ∈ R ⟧⇩p⇩r⇩i⇩m
∩ ⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ρ. ∀m≥n. R (time ((Rep_run ρ) m C⇩1), time ((Rep_run ρ) m C⇩2))}
= {ρ. R (time ((Rep_run ρ) n C⇩1), time ((Rep_run ρ) n C⇩2))}
∩ {ρ. ∀m≥Suc n. R (time ((Rep_run ρ) m C⇩1), time ((Rep_run ρ) m C⇩2))}›
using forall_nat_set_suc[of ‹n› ‹λx y. R (time ((Rep_run x) y C⇩1),
time ((Rep_run x) y C⇩2))›] by simp
thus ?thesis by auto
qed
lemma TESL_interp_stepwise_implies_coind_unfold:
‹⟦ master implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
( ⟦ master ¬⇑ n ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term implies_e1}›
∪ ⟦ master ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ slave ⇑ n ⟧⇩p⇩r⇩i⇩m) ― ‹rule @{term implies_e2}›
∩ ⟦ master implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ρ. ∀m≥n. ticks ((Rep_run ρ) m master) ⟶ ticks ((Rep_run ρ) m slave)}
= {ρ. ticks ((Rep_run ρ) n master) ⟶ ticks ((Rep_run ρ) n slave)}
∩ {ρ. ∀m≥Suc n. ticks ((Rep_run ρ) m master)
⟶ ticks ((Rep_run ρ) m slave)}›
using forall_nat_set_suc[of ‹n› ‹λx y. ticks ((Rep_run x) y master)
⟶ ticks ((Rep_run x) y slave)›] by simp
thus ?thesis by auto
qed
lemma TESL_interp_stepwise_implies_not_coind_unfold:
‹⟦ master implies not slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
( ⟦ master ¬⇑ n ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term implies_not_e1}›
∪ ⟦ master ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ slave ¬⇑ n ⟧⇩p⇩r⇩i⇩m) ― ‹rule @{term implies_not_e2}›
∩ ⟦ master implies not slave ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ρ. ∀m≥n. ticks ((Rep_run ρ) m master) ⟶ ¬ ticks ((Rep_run ρ) m slave)}
= {ρ. ticks ((Rep_run ρ) n master) ⟶ ¬ ticks ((Rep_run ρ) n slave)}
∩ {ρ. ∀m≥Suc n. ticks ((Rep_run ρ) m master)
⟶ ¬ ticks ((Rep_run ρ) m slave)}›
using forall_nat_set_suc[of ‹n› ‹λx y. ticks ((Rep_run x) y master)
⟶ ¬ticks ((Rep_run x) y slave)›] by simp
thus ?thesis by auto
qed
lemma TESL_interp_stepwise_timedelayed_coind_unfold:
‹⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
( ⟦ master ¬⇑ n ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term timedelayed_e1}›
∪ (⟦ master ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ measuring @ n ⊕ δτ ⇒ slave ⟧⇩p⇩r⇩i⇩m))
― ‹rule @{term timedelayed_e2}›
∩ ⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
let ?prop = ‹λρ m. ticks ((Rep_run ρ) m master) ⟶
(let measured_time = time ((Rep_run ρ) m measuring) in
∀p ≥ m. first_time ρ measuring p (measured_time + δτ)
⟶ ticks ((Rep_run ρ) p slave))›
have ‹{ρ. ∀m ≥ n. ?prop ρ m} = {ρ. ?prop ρ n} ∩ {ρ. ∀m ≥ Suc n. ?prop ρ m}›
using forall_nat_set_suc[of ‹n› ?prop] by blast
also have ‹... = {ρ. ?prop ρ n}
∩ ⟦ master time-delayed by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
finally show ?thesis by auto
qed
lemma nat_set_suc:‹{x. ∀m ≥ n. P x m} = {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}›
proof
{ fix x
assume h:‹x ∈ {x. ∀m ≥ n. P x m}›
hence ‹P x n› by simp
moreover from h have ‹x ∈ {x. ∀m ≥ Suc n. P x m}› by simp
ultimately have ‹x ∈ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}› by simp
} thus ‹{x. ∀m ≥ n. P x m} ⊆ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}› ..
next
{ fix x
assume h:‹x ∈ {x. P x n} ∩ {x. ∀m ≥ Suc n. P x m}›
hence ‹P x n› by simp
moreover from h have ‹∀m ≥ Suc n. P x m› by simp
ultimately have ‹∀m ≥ n. P x m› using forall_nat_expansion by blast
hence ‹x ∈ {x. ∀m ≥ n. P x m}› by simp
} thus ‹{x. P x n} ∩ {x. ∀m ≥ Suc n. P x m} ⊆ {x. ∀m ≥ n. P x m}› ..
qed
lemma TESL_interp_stepwise_timedelayed_tvar_coind_unfold:
‹⟦ master time-delayed⨝ by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
( ⟦ master ¬⇑ n ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term timedelayed_tvar_e1}›
∪ (⟦ master ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ slave sporadic♯ ⦇τ⇩v⇩a⇩r(measuring, n) ⊕ δτ⦈ on measuring ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖))
― ‹rule @{term timedelayed_tvar_e2}›
∩ ⟦ master time-delayed⨝ by δτ on measuring implies slave ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ ρ. ∀m≥n. ticks ((Rep_run ρ) m master) ⟶
(let measured_time = time ((Rep_run ρ) m measuring) in
∃p ≥ m. ticks ((Rep_run ρ) p slave)
∧ time ((Rep_run ρ) p measuring) = measured_time + δτ)}
= { ρ. ticks ((Rep_run ρ) n master) ⟶
(let measured_time = time ((Rep_run ρ) n measuring) in
∃p ≥ n. ticks ((Rep_run ρ) p slave)
∧ time ((Rep_run ρ) p measuring) = measured_time + δτ)}
∩ { ρ. ∀m≥Suc n. ticks ((Rep_run ρ) m master) ⟶
(let measured_time = time ((Rep_run ρ) m measuring) in
∃p ≥ m. ticks ((Rep_run ρ) p slave)
∧ time ((Rep_run ρ) p measuring) = measured_time + δτ)}›
using nat_set_suc[of ‹n› ‹λx y. ticks ((Rep_run x) y master) ⟶
(let measured_time = time ((Rep_run x) y measuring) in
∃p ≥ y. ticks ((Rep_run x) p slave)
∧ time ((Rep_run x) p measuring) = measured_time + δτ)›] by simp
then show ?thesis by auto
qed
lemma TESL_interp_stepwise_weakly_precedes_coind_unfold:
‹⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ― ‹rule @{term weakly_precedes_e}›
⟦ (⌈#⇧≤ C⇩2 n, #⇧≤ C⇩1 n⌉ ∈ (λ(x,y). x≤y)) ⟧⇩p⇩r⇩i⇩m
∩ ⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ρ. ∀p≥n. (run_tick_count ρ C⇩2 p) ≤ (run_tick_count ρ C⇩1 p)}
= {ρ. (run_tick_count ρ C⇩2 n) ≤ (run_tick_count ρ C⇩1 n)}
∩ {ρ. ∀p≥Suc n. (run_tick_count ρ C⇩2 p) ≤ (run_tick_count ρ C⇩1 p)}›
using forall_nat_set_suc[of ‹n› ‹λρ n. (run_tick_count ρ C⇩2 n)
≤ (run_tick_count ρ C⇩1 n)›]
by simp
thus ?thesis by auto
qed
lemma TESL_interp_stepwise_strictly_precedes_coind_unfold:
‹⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ― ‹rule @{term strictly_precedes_e}›
⟦ (⌈#⇧≤ C⇩2 n, #⇧< C⇩1 n⌉ ∈ (λ(x,y). x≤y)) ⟧⇩p⇩r⇩i⇩m
∩ ⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
have ‹{ρ. ∀p≥n. (run_tick_count ρ C⇩2 p) ≤ (run_tick_count_strictly ρ C⇩1 p)}
= {ρ. (run_tick_count ρ C⇩2 n) ≤ (run_tick_count_strictly ρ C⇩1 n)}
∩ {ρ. ∀p≥Suc n. (run_tick_count ρ C⇩2 p) ≤ (run_tick_count_strictly ρ C⇩1 p)}›
using forall_nat_set_suc[of ‹n› ‹λρ n. (run_tick_count ρ C⇩2 n)
≤ (run_tick_count_strictly ρ C⇩1 n)›]
by simp
thus ?thesis by auto
qed
lemma TESL_interp_stepwise_kills_coind_unfold:
‹⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ =
( ⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ― ‹rule @{term kills_e1}›
∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ¬⇑ ≥ n ⟧⇩p⇩r⇩i⇩m) ― ‹rule @{term kills_e2}›
∩ ⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
proof -
let ?kills = ‹λn ρ. ∀p≥n. ticks ((Rep_run ρ) p C⇩1)
⟶ (∀m≥p. ¬ ticks ((Rep_run ρ) m C⇩2))›
let ?ticks = ‹λn ρ c. ticks ((Rep_run ρ) n c)›
let ?dead = ‹λn ρ c. ∀m ≥ n. ¬ticks ((Rep_run ρ) m c)›
have ‹⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = {ρ. ?kills n ρ}› by simp
also have ‹... = ({ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ})
∪ ({ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2})›
proof
{ fix ρ::‹'τ::linordered_field run›
assume ‹ρ ∈ {ρ. ?kills n ρ}›
hence ‹?kills n ρ› by simp
hence ‹(?ticks n ρ C⇩1 ∧ ?dead n ρ C⇩2) ∨ (¬?ticks n ρ C⇩1 ∧ ?kills (Suc n) ρ)›
using Suc_leD by blast
hence ‹ρ ∈ ({ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2})
∪ ({ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ})›
by blast
} thus ‹{ρ. ?kills n ρ}
⊆ {ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ}
∪ {ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2}› by blast
next
{ fix ρ::‹'τ::linordered_field run›
assume ‹ρ ∈ ({ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ})
∪ ({ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2})›
hence ‹¬ ?ticks n ρ C⇩1 ∧ ?kills (Suc n) ρ
∨ ?ticks n ρ C⇩1 ∧ ?dead n ρ C⇩2› by blast
moreover have ‹((¬ ?ticks n ρ C⇩1) ∧ (?kills (Suc n) ρ)) ⟶ ?kills n ρ›
using dual_order.antisym not_less_eq_eq by blast
ultimately have ‹?kills n ρ ∨ ?ticks n ρ C⇩1 ∧ ?dead n ρ C⇩2› by blast
hence ‹?kills n ρ› using le_trans by blast
} thus ‹({ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ})
∪ ({ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2})
⊆ {ρ. ?kills n ρ}› by blast
qed
also have ‹... = {ρ. ¬ ?ticks n ρ C⇩1} ∩ {ρ. ?kills (Suc n) ρ}
∪ {ρ. ?ticks n ρ C⇩1} ∩ {ρ. ?dead n ρ C⇩2} ∩ {ρ. ?kills (Suc n) ρ}›
using Collect_cong Collect_disj_eq by auto
also have ‹... = ⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ¬⇑ ≥ n ⟧⇩p⇩r⇩i⇩m
∩ ⟦ C⇩1 kills C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
finally show ?thesis by blast
qed
text ‹
The stepwise interpretation of a TESL formula is the intersection of the
interpretation of its atomic components.
›
fun TESL_interpretation_stepwise
::‹'τ::linordered_field TESL_formula ⇒ nat ⇒ 'τ run set›
(‹⟦⟦ _ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ _⇖›)
where
‹⟦⟦ [] ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = {ρ. True}›
| ‹⟦⟦ φ # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
lemma TESL_interpretation_stepwise_fixpoint:
‹⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ⋂ ((λφ. ⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖) ` set Φ)›
by (induction Φ, simp, auto)
text ‹
The global interpretation of a TESL formula is its interpretation starting
at the first instant.
›
lemma TESL_interpretation_stepwise_zero:
‹⟦ φ ⟧⇩T⇩E⇩S⇩L = ⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ 0⇖›
proof (induction φ)
case (SporadicOn x1 x2 x3)
then show ?case by simp
next
case (SporadicOnTvar C⇩1 τ⇩e⇩x⇩p⇩r C⇩2)
then show ?case
proof (induction τ⇩e⇩x⇩p⇩r)
case (AddDelay τ⇩v⇩a⇩r⇩0 δτ)
then show ?case
proof (induction τ⇩v⇩a⇩r⇩0)
case (TSchematic tuple)
then show ?case
proof (induction tuple)
case (Pair C⇩p⇩a⇩s⇩t n⇩p⇩a⇩s⇩t)
then show ?case by simp
qed
qed
qed
next
case (TagRelation x1 x2 x3)
then show ?case by simp
next
case (Implies x1 x2)
then show ?case by simp
next
case (ImpliesNot x1 x2)
then show ?case by simp
next
case (TimeDelayedBy x1 x2 x3 x4)
then show ?case by simp
next
case (RelaxedTimeDelayed x1 x2 x3 x4)
then show ?case by simp
next
case (WeaklyPrecedes x1 x2)
then show ?case by simp
next
case (StrictlyPrecedes x1 x2)
then show ?case by simp
next
case (Kills x1 x2)
then show ?case by simp
qed
lemma TESL_interpretation_stepwise_zero':
‹⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L = ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ 0⇖›
by (induction Φ, simp, simp add: TESL_interpretation_stepwise_zero)
lemma TESL_interpretation_stepwise_cons_morph:
‹⟦ φ ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ⟦⟦ φ # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
by auto
theorem TESL_interp_stepwise_composition:
shows ‹⟦⟦ Φ⇩1 @ Φ⇩2 ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ⟦⟦ Φ⇩1 ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ⇩2 ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
by (induction Φ⇩1, simp, auto)
section ‹Interpretation of configurations›
text ‹
The interpretation of a configuration of the operational semantics abstract
machine is the intersection of:
▪ the interpretation of its context (the past),
▪ the interpretation of its present from the current instant,
▪ the interpretation of its future from the next instant.
›
fun configuration_interpretation
::‹'τ::linordered_field config ⇒ 'τ run set› (‹⟦ _ ⟧⇩c⇩o⇩n⇩f⇩i⇩g› 71)
where
‹⟦ Γ, n ⊨ Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g = ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
lemma configuration_interp_composition:
‹⟦ Γ⇩1, n ⊨ Ψ⇩1 ▹ Φ⇩1 ⟧⇩c⇩o⇩n⇩f⇩i⇩g ∩ ⟦ Γ⇩2, n ⊨ Ψ⇩2 ▹ Φ⇩2 ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ (Γ⇩1 @ Γ⇩2), n ⊨ (Ψ⇩1 @ Ψ⇩2) ▹ (Φ⇩1 @ Φ⇩2) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
using TESL_interp_stepwise_composition symrun_interp_expansion
by (simp add: TESL_interp_stepwise_composition
symrun_interp_expansion inf_assoc inf_left_commute)
text ‹
When there are no remaining constraints on the present, the interpretation of
a configuration is the same as the configuration at the next instant of its future.
This corresponds to the introduction rule of the operational semantics.
›
lemma configuration_interp_stepwise_instant_cases:
‹⟦ Γ, n ⊨ [] ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g = ⟦ Γ, Suc n ⊨ Φ ▹ [] ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ [] ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g = ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ [] ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ Γ, Suc n ⊨ Φ ▹ [] ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ [] ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ [] ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ [] ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
ultimately show ?thesis by blast
qed
text ‹
The following lemmas use the unfolding properties of the stepwise denotational
semantics to give rewriting rules for the interpretation of configurations that
match the elimination rules of the operational semantics.
›
lemma configuration_interp_stepwise_sporadicon_cases:
‹⟦ Γ, n ⊨ ((C⇩1 sporadic τ on C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ Γ, n ⊨ Ψ ▹ ((C⇩1 sporadic τ on C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @ τ) # Γ), n ⊨ Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 sporadic τ on C⇩2) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 sporadic τ on C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ Γ, n ⊨ Ψ ▹ ((C⇩1 sporadic τ on C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 sporadic τ on C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @ τ) # Γ), n ⊨ Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @ τ) # Γ) ⟧⟧⇩p⇩r⇩i⇩m
∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
ultimately show ?thesis
proof -
have ‹(⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇓ n @ τ ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)
∩ (⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖)
= ⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m)›
using TESL_interp_stepwise_sporadicon_coind_unfold by blast
hence ‹⟦⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @ τ) # Γ) ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∪ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦ C⇩1 sporadic τ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
= ⟦⟦ (C⇩1 sporadic τ on C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m› by auto
thus ?thesis by auto
qed
qed
lemma configuration_interp_stepwise_sporadicon_tvar_cases:
‹⟦ Γ, n ⊨ ((C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ Γ, n ⊨ Ψ ▹ ((C⇩1 sporadic♯ τ⇩e⇩x⇩p⇩r on C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @♯ τ⇩e⇩x⇩p⇩r) # Γ), n ⊨ Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
from tag_expr.exhaust obtain v δτ where ‹ τ⇩e⇩x⇩p⇩r=⦇ v ⊕ δτ ⦈› by blast
moreover from tag_var.exhaust obtain C⇩p⇩a⇩s⇩t n⇩p⇩a⇩s⇩t where ‹v=τ⇩v⇩a⇩r(C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t)› by auto
ultimately have *:‹τ⇩e⇩x⇩p⇩r=⦇ τ⇩v⇩a⇩r(C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈› by simp
show ?thesis
proof -
have ‹(⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇓ n @♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ ⟧⇩p⇩r⇩i⇩m
∪ ⟦ C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)
∩ (⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖)
= ⟦ C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m)›
using TESL_interp_stepwise_sporadicon_tvar_coind_unfold[of ‹C⇩1› ‹C⇩p⇩a⇩s⇩t› ‹n⇩p⇩a⇩s⇩t› ‹δτ› ‹C⇩2› ‹n›]
Int_commute by blast
then have ‹⟦⟦ (C⇩1 ⇑ n) # (C⇩2 ⇓ n @♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈) # Γ ⟧⟧⇩p⇩r⇩i⇩m
∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∪ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦ C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
by auto
then have ‹⟦ Γ, n ⊨ ((C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇓ n @♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈) # Γ), n ⊨ Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ Γ, n ⊨ Ψ ▹ ((C⇩1 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩p⇩a⇩s⇩t, n⇩p⇩a⇩s⇩t) ⊕ δτ ⦈ on C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
by auto
then show ?thesis using *
by blast
qed
qed
lemma configuration_interp_stepwise_tagrel_cases:
‹⟦ Γ, n ⊨ ((time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((⌊τ⇩v⇩a⇩r(C⇩1, n), τ⇩v⇩a⇩r(C⇩2, n)⌋ ∈ R) # Γ), n
⊨ Ψ ▹ ((time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((⌊τ⇩v⇩a⇩r(C⇩1, n), τ⇩v⇩a⇩r(C⇩2, n)⌋ ∈ R) # Γ), n
⊨ Ψ ▹ ((time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (⌊τ⇩v⇩a⇩r(C⇩1, n), τ⇩v⇩a⇩r(C⇩2, n)⌋ ∈ R) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
ultimately show ?thesis
proof -
have ‹⟦ ⌊τ⇩v⇩a⇩r(C⇩1, n), τ⇩v⇩a⇩r(C⇩2, n)⌋ ∈ R ⟧⇩p⇩r⇩i⇩m
∩ ⟦ time-relation ⌊C⇩1, C⇩2⌋ ∈ R ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ = ⟦⟦ (time-relation ⌊C⇩1, C⇩2⌋ ∈ R) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_tagrel_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
thus ?thesis by auto
qed
qed
lemma configuration_interp_stepwise_implies_cases:
‹⟦ Γ, n ⊨ ((C⇩1 implies C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 implies C⇩2) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 implies C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 implies C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ ((C⇩1 ⇑ n) # (C⇩2 ⇑ n) # Γ) ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 implies C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
ultimately show ?thesis
proof -
have f1: ‹(⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇑ n ⟧⇩p⇩r⇩i⇩m)
∩ ⟦ C⇩1 implies C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)
= ⟦⟦ (C⇩1 implies C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
using TESL_interp_stepwise_implies_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
have ‹⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩2 ⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ⇑ n ⟧⇩p⇩r⇩i⇩m) ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m›
by force
hence ‹⟦ Γ, n ⊨ ((C⇩1 implies C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩2 ⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m)
∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ (C⇩1 implies C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)›
using f1 by (simp add: inf_left_commute inf_assoc)
thus ?thesis by (simp add: Int_Un_distrib2 inf_assoc)
qed
qed
lemma configuration_interp_stepwise_implies_not_cases:
‹⟦ Γ, n ⊨ ((C⇩1 implies not C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies not C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies not C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 implies not C⇩2) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 implies not C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies not C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 implies not C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((C⇩1 ⇑ n) # (C⇩2 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 implies not C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ ((C⇩1 ⇑ n) # (C⇩2 ¬⇑ n) # Γ) ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 implies not C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
ultimately show ?thesis
proof -
have f1: ‹(⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ¬⇑ n ⟧⇩p⇩r⇩i⇩m)
∩ ⟦ C⇩1 implies not C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)
= ⟦⟦ (C⇩1 implies not C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
using TESL_interp_stepwise_implies_not_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
have ‹⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩2 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 ¬⇑ n ⟧⇩p⇩r⇩i⇩m) ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m›
by force
then have ‹⟦ Γ, n ⊨ ((C⇩1 implies not C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m
∩ ⟦⟦ (C⇩2 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m) ∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 implies not C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)›
using f1 by (simp add: inf_left_commute inf_assoc)
thus ?thesis by (simp add: Int_Un_distrib2 inf_assoc)
qed
qed
lemma configuration_interp_stepwise_timedelayed_cases:
‹⟦ Γ, n ⊨ ((C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 @ n ⊕ δτ ⇒ C⇩3) # Γ), n
⊨ Ψ ▹ ((C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have 1:‹⟦ Γ, n ⊨ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((C⇩1 ¬⇑ n) # Γ), n
⊨ Ψ ▹ ((C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ ((C⇩1 ⇑ n) # (C⇩2 @ n ⊕ δτ ⇒ C⇩3) # Γ), n
⊨ Ψ ▹ ((C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ⇑ n) # (C⇩2 @ n ⊕ δτ ⇒ C⇩3) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
ultimately show ?thesis
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ (⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖)›
using 1 by blast
hence ‹⟦ Γ, n ⊨ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 @ n ⊕ δτ ⇒ C⇩3 ⟧⇩p⇩r⇩i⇩m)
∩ (⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ (⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖))›
using TESL_interpretation_stepwise_cons_morph
TESL_interp_stepwise_timedelayed_coind_unfold
proof -
have ‹⟦⟦ (C⇩1 time-delayed by δτ on C⇩2 implies C⇩3) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
= (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩2 @ n ⊕ δτ ⇒ C⇩3 ⟧⇩p⇩r⇩i⇩m)
∩ ⟦ C⇩1 time-delayed by δτ on C⇩2 implies C⇩3 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_timedelayed_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
then show ?thesis
by (simp add: Int_assoc Int_left_commute)
qed
then show ?thesis by (simp add: inf_assoc inf_sup_distrib2)
qed
qed
lemma configuration_interp_stepwise_timedelayed_tvar_cases:
‹⟦ Γ, n ⊨ ((C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # Γ), n
⊨ (C⇩3 sporadic♯ ⦇τ⇩v⇩a⇩r(C⇩2, n) ⊕ δτ⦈ on C⇩2) # Ψ
▹ ((C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩3 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩2, n) ⊕ δτ ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖)
∩ ⟦ C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
= ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦ C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_timedelayed_tvar_coind_unfold[of ‹C⇩1› ‹δτ› ‹C⇩2› ‹C⇩3› ‹n›]
Int_assoc by blast
then have ‹⟦ Γ, n ⊨ (C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ (⟦ C⇩1 ¬⇑ n ⟧⇩p⇩r⇩i⇩m ∪ ⟦ C⇩1 ⇑ n ⟧⇩p⇩r⇩i⇩m ∩ ⟦ C⇩3 sporadic♯ ⦇ τ⇩v⇩a⇩r (C⇩2, n) ⊕ δτ ⦈ on C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ n⇖)
∩ ⟦ C⇩1 time-delayed⨝ by δτ on C⇩2 implies C⇩3 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖
∩ (⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m)›
by force
then show ?thesis
by auto
qed
lemma configuration_interp_stepwise_weakly_precedes_cases:
‹⟦ Γ, n ⊨ ((C⇩1 weakly precedes C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((⌈#⇧≤ C⇩2 n, #⇧≤ C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ), n
⊨ Ψ ▹ ((C⇩1 weakly precedes C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 weakly precedes C⇩2) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 weakly precedes C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((⌈#⇧≤ C⇩2 n, #⇧≤ C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ), n
⊨ Ψ ▹ ((C⇩1 weakly precedes C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (⌈#⇧≤ C⇩2 n, #⇧≤ C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ ⟧⟧⇩p⇩r⇩i⇩m
∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ (C⇩1 weakly precedes C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
ultimately show ?thesis
proof -
have ‹⟦ ⌈#⇧≤ C⇩2 n, #⇧≤ C⇩1 n⌉ ∈ (λ(x,y). x≤y) ⟧⇩p⇩r⇩i⇩m
∩ ⟦ C⇩1 weakly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
= ⟦⟦ (C⇩1 weakly precedes C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_weakly_precedes_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
thus ?thesis by auto
qed
qed
lemma configuration_interp_stepwise_strictly_precedes_cases:
‹⟦ Γ, n ⊨ ((C⇩1 strictly precedes C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((⌈#⇧≤ C⇩2 n, #⇧< C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ), n
⊨ Ψ ▹ ((C⇩1 strictly precedes C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ (C⇩1 strictly precedes C⇩2) # Ψ ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 strictly precedes C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((⌈#⇧≤ C⇩2 n, #⇧< C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ), n
⊨ Ψ ▹ ((C⇩1 strictly precedes C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (⌈#⇧≤ C⇩2 n, #⇧< C⇩1 n⌉ ∈ (λ(x,y). x≤y)) # Γ ⟧⟧⇩p⇩r⇩i⇩m
∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 strictly precedes C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
ultimately show ?thesis
proof -
have ‹⟦ ⌈#⇧≤ C⇩2 n, #⇧< C⇩1 n⌉ ∈ (λ(x,y). x≤y) ⟧⇩p⇩r⇩i⇩m
∩ ⟦ C⇩1 strictly precedes C⇩2 ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
= ⟦⟦ (C⇩1 strictly precedes C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_strictly_precedes_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
thus ?thesis by auto
qed
qed
lemma configuration_interp_stepwise_kills_cases:
‹⟦ Γ, n ⊨ ((C⇩1 kills C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 kills C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
∪ ⟦ ((C⇩1 ⇑ n) # (C⇩2 ¬⇑ ≥ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 kills C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g›
proof -
have ‹⟦ Γ, n ⊨ ((C⇩1 kills C⇩2) # Ψ) ▹ Φ ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ (C⇩1 kills C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖ ∩ ⟦⟦ Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖›
by simp
moreover have ‹⟦ ((C⇩1 ¬⇑ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 kills C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ¬⇑ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 kills C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
moreover have ‹⟦ ((C⇩1 ⇑ n) # (C⇩2 ¬⇑ ≥ n) # Γ), n ⊨ Ψ ▹ ((C⇩1 kills C⇩2) # Φ) ⟧⇩c⇩o⇩n⇩f⇩i⇩g
= ⟦⟦ (C⇩1 ⇑ n) # (C⇩2 ¬⇑ ≥ n) # Γ ⟧⟧⇩p⇩r⇩i⇩m ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
∩ ⟦⟦ (C⇩1 kills C⇩2) # Φ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖› by simp
ultimately show ?thesis
proof -
have ‹⟦⟦ (C⇩1 kills C⇩2) # Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖
= (⟦ (C⇩1 ¬⇑ n) ⟧⇩p⇩r⇩i⇩m ∪ ⟦ (C⇩1 ⇑ n) ⟧⇩p⇩r⇩i⇩m ∩ ⟦ (C⇩2 ¬⇑ ≥ n) ⟧⇩p⇩r⇩i⇩m)
∩ ⟦ (C⇩1 kills C⇩2) ⟧⇩T⇩E⇩S⇩L⇗≥ Suc n⇖ ∩ ⟦⟦ Ψ ⟧⟧⇩T⇩E⇩S⇩L⇗≥ n⇖›
using TESL_interp_stepwise_kills_coind_unfold
TESL_interpretation_stepwise_cons_morph by blast
thus ?thesis by auto
qed
qed
end