Theory After_CSP_PTick_Laws
chapter ‹Operational Semantics Laws›
theory After_CSP_PTick_Laws
imports Basic_CSP_PTick_Laws
"HOL-CSP_OpSem"
begin
section ‹Behaviour of \<^const>‹initials››
subsection ‹\<^const>‹TickSwap››
lemma initials_TickSwap :
‹(TickSwap P)⇧0 = ( if P = ⊥ then UNIV
else {ev a |a. ev a ∈ P⇧0} ∪ {✓((s, r)) |r s. ✓((r, s)) ∈ P⇧0})›
by (auto simp add: TickSwap_is_Renaming initials_Renaming image_iff
map_event⇩p⇩t⇩i⇩c⇩k_eq_tick_iff map_event⇩p⇩t⇩i⇩c⇩k_eq_ev_iff
tick_eq_map_event⇩p⇩t⇩i⇩c⇩k_iff ev_eq_map_event⇩p⇩t⇩i⇩c⇩k_iff)
(metis tick_swap.elims)
subsection ‹Sequential Composition›
lemma initials_Seq⇩p⇩t⇩i⇩c⇩k :
‹(P ❙;⇩✓ Q)⇧0 = ( if P = ⊥ then UNIV
else {ev a |a. ev a ∈ P⇧0} ∪ (⋃r∈{r. ✓(r) ∈ P⇧0}. (Q r)⇧0))›
(is ‹_ = (if _ then _ else ?rhs)›)
proof (split if_split, intro conjI impI)
show ‹P = ⊥ ⟹ (P ❙;⇩✓ Q)⇧0 = UNIV› by simp
next
show ‹(P ❙;⇩✓ Q)⇧0 = {ev a |a. ev a ∈ P⇧0} ∪ (⋃r∈{r. ✓(r) ∈ P⇧0}. (Q r)⇧0)› if ‹P ≠ ⊥›
proof (intro subset_antisym subsetI)
fix e assume ‹e ∈ (P ❙;⇩✓ Q)⇧0›
from event⇩p⇩t⇩i⇩c⇩k.exhaust consider a where ‹e = ev a› | r where ‹e = ✓(r)› by blast
thus ‹e ∈ ?rhs›
proof cases
from ‹e ∈ (P ❙;⇩✓ Q)⇧0› ‹P ≠ ⊥› show ‹e = ev a ⟹ e ∈ ?rhs› for a
by (auto simp add: image_iff initials_def Seq⇩p⇩t⇩i⇩c⇩k_projs Cons_eq_append_conv BOT_iff_Nil_D intro: D_T dest: initials_memD)
(use initials_memI in ‹blast dest: initials_memD›)
next
from ‹e ∈ (P ❙;⇩✓ Q)⇧0› ‹P ≠ ⊥› show ‹e = ✓(r) ⟹ e ∈ ?rhs› for r
by (auto simp add: image_iff initials_def Seq⇩p⇩t⇩i⇩c⇩k_projs BOT_iff_Nil_D Cons_eq_append_conv)
qed
next
show ‹e ∈ ?rhs ⟹ e ∈ (P ❙;⇩✓ Q)⇧0› for e
by (simp add: initials_def Seq⇩p⇩t⇩i⇩c⇩k_projs, elim disjE exE conjE)
(fastforce, metis list.simps(8) self_append_conv2 tickFree_Nil)
qed
qed
subsection ‹Synchronization Product›
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_locale) initials_Sync⇩p⇩t⇩i⇩c⇩k :
‹(P ⟦S⟧⇩✓ Q)⇧0 =
(if P = ⊥ ∨ Q = ⊥ then UNIV else
{ev a |a. a ∈ S ∧ ev a ∈ P⇧0 ∧ ev a ∈ Q⇧0 ∨ a ∉ S ∧ (ev a ∈ P⇧0 ∨ ev a ∈ Q⇧0)} ∪
{✓(r_s) |r_s r s. tick_join r s = Some r_s ∧ ✓(r) ∈ P⇧0 ∧ ✓(s) ∈ Q⇧0})›
(is ‹(P ⟦S⟧⇩✓ Q)⇧0 = (if P = ⊥ ∨ Q = ⊥ then UNIV else ?rhs_ev ∪ ?rhs_tick)›)
proof (split if_split, intro conjI impI)
show ‹P = ⊥ ∨ Q = ⊥ ⟹ (P ⟦S⟧⇩✓ Q)⇧0 = UNIV›
by (metis Sync⇩p⇩t⇩i⇩c⇩k_is_BOT_iff initials_BOT)
next
show ‹(P ⟦S⟧⇩✓ Q)⇧0 = ?rhs_ev ∪ ?rhs_tick› if non_BOT : ‹¬ (P = ⊥ ∨ Q = ⊥)›
proof (intro subset_antisym subsetI)
show ‹e ∈ ?rhs_ev ∪ ?rhs_tick ⟹ e ∈ (P ⟦S⟧⇩✓ Q)⇧0› for e
proof (elim UnE)
assume ‹e ∈ ?rhs_ev›
then consider a where ‹e = ev a› ‹a ∈ S› ‹ev a ∈ P⇧0› ‹ev a ∈ Q⇧0›
| a where ‹e = ev a› ‹a ∉ S› ‹ev a ∈ P⇧0 ∨ ev a ∈ Q⇧0› by blast
thus ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
proof cases
fix a assume ‹e = ev a› ‹a ∈ S› ‹ev a ∈ P⇧0› ‹ev a ∈ Q⇧0›
have * : ‹[ev a] setinterleaves⇩✓⇘tick_join⇙ (([ev a], [ev a]), S)›
by (simp add: ‹a ∈ S›)
from ‹ev a ∈ P⇧0› ‹ev a ∈ Q⇧0› show ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: ‹e = ev a› initials_def T_Sync⇩p⇩t⇩i⇩c⇩k) (use "*" in blast)
next
fix a assume ‹e = ev a› ‹a ∉ S› ‹ev a ∈ P⇧0 ∨ ev a ∈ Q⇧0›
from ‹ev a ∈ P⇧0 ∨ ev a ∈ Q⇧0› show ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
proof (elim disjE)
assume ‹ev a ∈ P⇧0›
have * : ‹[ev a] setinterleaves⇩✓⇘tick_join⇙ (([ev a], []), S)›
by (simp add: ‹a ∉ S›)
from ‹ev a ∈ P⇧0› show ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: ‹e = ev a› initials_def T_Sync⇩p⇩t⇩i⇩c⇩k) (meson "*" is_processT1_TR)
next
assume ‹ev a ∈ Q⇧0›
have * : ‹[ev a] setinterleaves⇩✓⇘tick_join⇙ (([], [ev a]), S)›
by (simp add: ‹a ∉ S›)
from ‹ev a ∈ Q⇧0› show ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: ‹e = ev a› initials_def T_Sync⇩p⇩t⇩i⇩c⇩k) (meson "*" is_processT1_TR)
qed
qed
next
assume ‹e ∈ ?rhs_tick›
then obtain r_s r s where ‹tick_join r s = Some r_s›
‹e = ✓(r_s)› ‹✓(r) ∈ P⇧0› ‹✓(s) ∈ Q⇧0› by blast
have * : ‹[✓(r_s)] setinterleaves⇩✓⇘tick_join⇙ (([✓(r)], [✓(s)]), S)›
by (simp add: ‹tick_join r s = Some r_s›)
from ‹✓(r) ∈ P⇧0› ‹✓(s) ∈ Q⇧0› show ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: ‹e = ✓(r_s)› initials_def T_Sync⇩p⇩t⇩i⇩c⇩k) (use "*" in blast)
qed
next
fix e assume ‹e ∈ (P ⟦S⟧⇩✓ Q)⇧0›
then consider t_P t_Q where ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q›
‹[e] setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
| (div) t u t_P t_Q
where ‹[e] = t @ u› ‹ftF u› ‹tF t ∨ u = []›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨ t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
unfolding initials_def T_Sync⇩p⇩t⇩i⇩c⇩k by blast
thus ‹e ∈ ?rhs_ev ∪ ?rhs_tick›
proof cases
show ‹t_P ∈ 𝒯 P ⟹ t_Q ∈ 𝒯 Q ⟹
[e] setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S) ⟹
e ∈ ?rhs_ev ∪ ?rhs_tick› for t_P t_Q
by (cases e; cases t_P; cases t_Q)
(auto simp add: initials_def setinterleaving⇩p⇩t⇩i⇩c⇩k_simps
split: if_split_asm option.split_asm event⇩p⇩t⇩i⇩c⇩k.splits
dest!: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k)
next
case div
have ‹t ≠ []› by (metis BOT_iff_Nil_D Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k div(4,5) non_BOT)
hence ‹t = [e] ∧ u = []›
by (metis append_Cons append_Nil div(1) list.inject neq_Nil_conv)
with div(4, 5) non_BOT show ‹e ∈ ?rhs_ev ∪ ?rhs_tick›
by (cases e; cases t_P; cases t_Q)
(auto simp add: initials_def setinterleaving⇩p⇩t⇩i⇩c⇩k_simps BOT_iff_Nil_D
split: if_split_asm event⇩p⇩t⇩i⇩c⇩k.splits option.split_asm
dest!: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k intro: D_T)
qed
qed
qed
section ‹Laws of After›
subsection ‹Sequential Composition›
locale AfterDuplicated_same_events = AfterDuplicated Ψ⇩α Ψ⇩β
for Ψ⇩α :: ‹('a, 'r ) process⇩p⇩t⇩i⇩c⇩k ⇒ 'a ⇒ ('a, 'r ) process⇩p⇩t⇩i⇩c⇩k›
and Ψ⇩β :: ‹('a, 's) process⇩p⇩t⇩i⇩c⇩k ⇒ 'a ⇒ ('a, 's) process⇩p⇩t⇩i⇩c⇩k›
begin
notation After⇩α.After (infixl ‹after⇩α› 86)
notation After⇩β.After (infixl ‹after⇩β› 86)
lemma not_skippable_or_not_initialR_After_Seq⇩p⇩t⇩i⇩c⇩k:
‹(P ❙;⇩✓ Q) after⇩β a = (if ev a ∈ P⇧0 then P after⇩α a ❙;⇩✓ Q else Ψ⇩β (P ❙;⇩✓ Q) a)›
if ‹range tick ∩ P⇧0 = {} ∨ (∀r. ✓(r) ∈ P⇧0 ⟶ ev a ∉ (Q r)⇧0)›
proof (cases ‹P = ⊥›)
show ‹P = ⊥ ⟹ (P ❙;⇩✓ Q) after⇩β a =
(if ev a ∈ P⇧0 then P after⇩α a ❙;⇩✓ Q else Ψ⇩β (P ❙;⇩✓ Q) a)›
by (simp add: After.After_BOT)
next
note denot_projs = After.After_projs Seq⇩p⇩t⇩i⇩c⇩k_projs
assume non_BOT: ‹P ≠ ⊥›
with that have $ : ‹ev a ∈ (P ❙;⇩✓ Q)⇧0 ⟷ ev a ∈ P⇧0›
by (auto simp add: initials_Seq⇩p⇩t⇩i⇩c⇩k)
show ‹(P ❙;⇩✓ Q) after⇩β a = (if ev a ∈ P⇧0 then P after⇩α a ❙;⇩✓ Q else Ψ⇩β (P ❙;⇩✓ Q) a)›
proof (split if_split, intro conjI impI)
from "$" show ‹ev a ∉ P⇧0 ⟹ (P ❙;⇩✓ Q) after⇩β a = Ψ⇩β (P ❙;⇩✓ Q) a›
by (simp add: After⇩β.not_initial_After)
next
assume initial_P : ‹ev a ∈ P⇧0›
show ‹(P ❙;⇩✓ Q) after⇩β a = P after⇩α a ❙;⇩✓ Q›
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (D_P) t' u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' ∈ 𝒟 P› ‹tF t'› ‹ftF u›
| (D_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹u ∈ 𝒟 (Q r)›
by (auto simp add: denot_projs "$" initial_P)
thus ‹t ∈ 𝒟 (P after⇩α a ❙;⇩✓ Q)›
proof cases
case D_P with non_BOT initial_P show ‹t ∈ 𝒟 (P after⇩α a ❙;⇩✓ Q)›
by (cases t') (auto simp add: BOT_iff_Nil_D denot_projs)
next
case D_Q with initial_P show ‹t ∈ 𝒟 (P after⇩α a ❙;⇩✓ Q)›
by (cases t', simp_all add: BOT_iff_Nil_D denot_projs)
(metis D_T disjoint_iff initials_memI rangeI that, blast)
qed
next
fix t assume ‹t ∈ 𝒟 (P after⇩α a ❙;⇩✓ Q)›
then consider (D_P) t' u where ‹t = map (ev ∘ of_ev) t' @ u› ‹ev a # t' ∈ 𝒟 P› ‹tF t'› ‹ftF u›
| (D_Q) t' r u where ‹t = map (ev ∘ of_ev) t' @ u› ‹ev a # t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹u ∈ 𝒟 (Q r)›
by (auto simp add: denot_projs initial_P)
thus ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
proof cases
case D_P thus ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs "$" initial_P Cons_eq_append_conv Cons_eq_map_conv)
(metis event⇩p⇩t⇩i⇩c⇩k.disc(1) event⇩p⇩t⇩i⇩c⇩k.sel(1) tickFree_Cons_iff)
next
case D_Q thus ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs "$" initial_P Cons_eq_append_conv Cons_eq_map_conv)
(metis append_Cons event⇩p⇩t⇩i⇩c⇩k.sel(1) is_ev_def tickFree_Cons_iff)
qed
next
fix t X assume ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)› ‹t ∉ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (F_P) t' where ‹ev a # t = map (ev ∘ of_ev) t'›
‹(t', ref_Seq⇩p⇩t⇩i⇩c⇩k X) ∈ ℱ P› ‹tF t'›
| (F_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' @ [✓(r)] ∈ 𝒯 P›
‹tF t'› ‹(u, X) ∈ ℱ (Q r)›
by (auto simp add: denot_projs "$" initial_P)
(metis (mono_tags, lifting) comp_apply list.simps(9) tickFree_Cons_iff)
thus ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q)›
proof cases
case F_P thus ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q)›
by (auto simp add: denot_projs initial_P)
next
case F_Q thus ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q)›
by (cases t', auto simp add:denot_projs initial_P intro: initials_memI)
(metis F_T Int_iff empty_iff initials_memI rangeI that)
qed
next
fix t X assume ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q)› ‹t ∉ 𝒟 (P after⇩α a ❙;⇩✓ Q)›
then consider (F_P) t' where ‹t = map (ev ∘ of_ev) t'›
‹(ev a # t', ref_Seq⇩p⇩t⇩i⇩c⇩k X) ∈ ℱ P› ‹tF t'›
| (F_Q) t' r u where ‹t = map (ev ∘ of_ev) t' @ u› ‹ev a # t' @ [✓(r)] ∈ 𝒯 P›
‹tF t'› ‹(u, X) ∈ ℱ (Q r)›
by (auto simp add: denot_projs initial_P)
thus ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
proof cases
case F_P thus ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs "$" initial_P Cons_eq_map_conv)
(metis event⇩p⇩t⇩i⇩c⇩k.disc(1) event⇩p⇩t⇩i⇩c⇩k.sel(1) tickFree_Cons_iff)
next
case F_Q thus ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs "$" initial_P Cons_eq_append_conv Cons_eq_map_conv)
(metis append_Cons event⇩p⇩t⇩i⇩c⇩k.disc(1) event⇩p⇩t⇩i⇩c⇩k.sel(1) tickFree_Cons_iff)
qed
qed
qed
qed
lemma skippable_not_initialL_After_Seq⇩p⇩t⇩i⇩c⇩k:
‹(P ❙;⇩✓ Q) after⇩β a = ( if (∃r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0)
then ⊓r∈{r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0}. Q r after⇩β a
else Ψ⇩β (P ❙;⇩✓ Q) a)›
(is ‹(P ❙;⇩✓ Q) after⇩β a = (if ?prem then ?rhs else _)›) if ‹ev a ∉ P⇧0›
proof -
note denot_projs = After.After_projs Seq⇩p⇩t⇩i⇩c⇩k_projs GlobalNdet_projs
from initials_BOT ‹ev a ∉ P⇧0› have non_BOT : ‹P ≠ ⊥› by blast
with ‹ev a ∉ P⇧0› have $ : ‹ev a ∈ (P ❙;⇩✓ Q)⇧0 ⟷ ?prem›
by (auto simp add: initials_Seq⇩p⇩t⇩i⇩c⇩k)
show ‹(P ❙;⇩✓ Q) after⇩β a = (if ?prem then ?rhs else Ψ⇩β (P ❙;⇩✓ Q) a)›
proof (split if_split, intro conjI impI)
show ‹¬ ?prem ⟹ (P ❙;⇩✓ Q) after⇩β a = Ψ⇩β (P ❙;⇩✓ Q) a›
by (rule After⇩β.not_initial_After, use "$" in blast)
next
show ‹(P ❙;⇩✓ Q) after⇩β a = ?rhs› if ?prem
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (D_P) t' u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' ∈ 𝒟 P› ‹tF t'› ‹ftF u›
| (D_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹u ∈ 𝒟 (Q r)›
by (auto simp add: denot_projs ‹?prem› "$" ‹ev a ∉ P⇧0›)
thus ‹t ∈ 𝒟 ?rhs›
proof cases
case D_P with non_BOT ‹ev a ∉ P⇧0› show ‹t ∈ 𝒟 ?rhs›
by (simp add: denot_projs Cons_eq_append_conv Cons_eq_map_conv BOT_iff_Nil_D)
(metis D_T event⇩p⇩t⇩i⇩c⇩k.collapse(1) initials_memI tickFree_Cons_iff)
next
case D_Q with ‹ev a ∉ P⇧0› show ‹t ∈ 𝒟 ?rhs›
by (simp add: denot_projs Cons_eq_append_conv Cons_eq_map_conv)
(metis D_T append_Nil event⇩p⇩t⇩i⇩c⇩k.collapse(1) initials_memI
is_processT3_TR_append tickFree_Cons_iff)
qed
next
from ‹?prem› show ‹t ∈ 𝒟 ?rhs ⟹ t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)› for t
by (simp add: denot_projs "$" Cons_eq_append_conv)
(metis append_Nil initials_memD tickFree_Nil)
next
fix t X assume ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)› ‹t ∉ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (F_P) t' where ‹ev a # t = map (ev ∘ of_ev) t'›
‹(t', ref_Seq⇩p⇩t⇩i⇩c⇩k X) ∈ ℱ P› ‹tF t'›
| (F_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u›
‹t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹(u, X) ∈ ℱ (Q r)›
by (simp add: denot_projs "$" ‹?prem›) metis
thus ‹(t, X) ∈ ℱ ?rhs›
proof cases
case F_P with ‹ev a ∉ P⇧0› show ‹(t, X) ∈ ℱ ?rhs›
by (cases t', simp_all add: denot_projs ‹?prem›)
(use F_T initials_memI in blast)
next
case F_Q with ‹ev a ∉ P⇧0› ‹?prem› show ‹(t, X) ∈ ℱ ?rhs›
by (cases t', auto simp add: denot_projs intro: initials_memI)
(metis F_T initials_memI)
qed
next
from ‹?prem› show ‹(t, X) ∈ ℱ ?rhs ⟹ t ∉ 𝒟 ?rhs ⟹
(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)› for t X
by (simp add: denot_projs "$" Cons_eq_append_conv Cons_eq_map_conv split: if_split_asm)
(metis initials_memD self_append_conv2 tickFree_Nil)
qed
qed
qed
lemma skippable_initialL_initialR_After_Seq⇩p⇩t⇩i⇩c⇩k:
‹(P ❙;⇩✓ Q) after⇩β a = (P after⇩α a ❙;⇩✓ Q) ⊓ (⊓r∈{r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0}. Q r after⇩β a)›
(is ‹(P ❙;⇩✓ Q) after⇩β a = (P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs›)
if assms : ‹∃r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0› ‹ev a ∈ P⇧0›
proof (cases ‹P = ⊥›)
show ‹P = ⊥ ⟹ (P ❙;⇩✓ Q) after⇩β a = (P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs›
by (simp add: After.After_BOT)
next
note denot_projs = After.After_projs Seq⇩p⇩t⇩i⇩c⇩k_projs GlobalNdet_projs Ndet_projs
show ‹(P ❙;⇩✓ Q) after⇩β a = (P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs› if ‹P ≠ ⊥›
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (D_P) t' u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' ∈ 𝒟 P› ‹tF t'› ‹ftF u›
| (D_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u› ‹t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹u ∈ 𝒟 (Q r)›
by (auto simp add: denot_projs initials_Seq⇩p⇩t⇩i⇩c⇩k assms split: if_split_asm)
thus ‹t ∈ 𝒟 ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
proof cases
case D_P with ‹P ≠ ⊥› show ‹t ∈ 𝒟 ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
by (auto simp add: denot_projs assms Cons_eq_append_conv BOT_iff_Nil_D)
next
case D_Q thus ‹t ∈ 𝒟 ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
by (auto simp add: denot_projs assms Cons_eq_append_conv)
(meson D_T initials_memI, blast)
qed
next
from ‹P ≠ ⊥› show ‹t ∈ 𝒟 ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs) ⟹ t ∈ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)› for t
by (auto simp add: denot_projs assms initials_Seq⇩p⇩t⇩i⇩c⇩k Cons_eq_append_conv Cons_eq_map_conv)
(metis event⇩p⇩t⇩i⇩c⇩k.disc(1) event⇩p⇩t⇩i⇩c⇩k.sel(1) tickFree_Cons_iff,
metis Cons_eq_appendI append_T_imp_tickFree event⇩p⇩t⇩i⇩c⇩k.sel(1) list.distinct(1),
metis append_Nil initials_memD tickFree_Nil)
next
fix t X assume ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)› ‹t ∉ 𝒟 ((P ❙;⇩✓ Q) after⇩β a)›
then consider (F_P) t' where ‹ev a # t = map (ev ∘ of_ev) t'›
‹(t', ref_Seq⇩p⇩t⇩i⇩c⇩k X) ∈ ℱ P› ‹tF t'›
| (F_Q) t' r u where ‹ev a # t = map (ev ∘ of_ev) t' @ u›
‹t' @ [✓(r)] ∈ 𝒯 P› ‹tF t'› ‹(u, X) ∈ ℱ (Q r)›
by (simp add: denot_projs assms initials_Seq⇩p⇩t⇩i⇩c⇩k split: if_split_asm) meson+
thus ‹(t, X) ∈ ℱ ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
proof cases
case F_P thus ‹(t, X) ∈ ℱ ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
by (auto simp add: denot_projs assms)
next
case F_Q with assms show ‹(t, X) ∈ ℱ ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
by (cases t', simp_all add: denot_projs)
(meson F_T initials_memI, blast)
qed
next
fix t X assume ‹(t, X) ∈ ℱ ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)› ‹t ∉ 𝒟 ((P after⇩α a ❙;⇩✓ Q) ⊓ ?rhs)›
hence ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q) ∧ t ∉ 𝒟 (P after⇩α a ❙;⇩✓ Q) ∨
(t, X) ∈ ℱ ?rhs ∧ t ∉ 𝒟 ?rhs› by (simp add: Ndet_projs)
thus ‹(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
proof (elim disjE conjE)
show ‹(t, X) ∈ ℱ (P after⇩α a ❙;⇩✓ Q) ⟹ t ∉ 𝒟 (P after⇩α a ❙;⇩✓ Q) ⟹
(t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs assms initials_Seq⇩p⇩t⇩i⇩c⇩k ‹P ≠ ⊥› Cons_eq_append_conv Cons_eq_map_conv)
(metis (no_types, lifting) Cons_eq_appendI event⇩p⇩t⇩i⇩c⇩k.sel(1) is_ev_def tickFree_Cons_iff)
next
from assms show ‹(t, X) ∈ ℱ ?rhs ⟹ t ∉ 𝒟 ?rhs ⟹ (t, X) ∈ ℱ ((P ❙;⇩✓ Q) after⇩β a)›
by (simp add: denot_projs initials_Seq⇩p⇩t⇩i⇩c⇩k ‹P ≠ ⊥›
Cons_eq_append_conv Cons_eq_map_conv split: if_split_asm)
(metis append_Nil initials_memD tickFree_Nil)
qed
qed
qed
lemma not_initialL_not_initialR_After_Seq⇩p⇩t⇩i⇩c⇩k:
‹ev a ∉ P⇧0 ⟹ (⋀r. ✓(r) ∈ P⇧0 ⟹ ev a ∉ (Q r)⇧0) ⟹
(P ❙;⇩✓ Q) after⇩β a = Ψ⇩β (P ❙;⇩✓ Q) a›
by (meson skippable_not_initialL_After_Seq⇩p⇩t⇩i⇩c⇩k)
lemma After_Seq⇩p⇩t⇩i⇩c⇩k:
‹(P ❙;⇩✓ Q) after⇩β a =
( if ∀r. ✓(r) ∈ P⇧0 ⟶ ev a ∉ (Q r)⇧0
then if ev a ∈ P⇧0 then P after⇩α a ❙;⇩✓ Q else Ψ⇩β (P ❙;⇩✓ Q) a
else if ev a ∈ P⇧0
then (P after⇩α a ❙;⇩✓ Q) ⊓ (⊓r∈{r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0}. Q r after⇩β a)
else ⊓r∈{r. ✓(r) ∈ P⇧0 ∧ ev a ∈ (Q r)⇧0}. Q r after⇩β a)›
by (simp add: not_skippable_or_not_initialR_After_Seq⇩p⇩t⇩i⇩c⇩k
skippable_initialL_initialR_After_Seq⇩p⇩t⇩i⇩c⇩k skippable_not_initialL_After_Seq⇩p⇩t⇩i⇩c⇩k)
end
subsection ‹Synchronization Product›
text ‹Because of the types, we have to extend the ⬚‹locale›.›
locale After_Sync⇩p⇩t⇩i⇩c⇩k_locale = Sync⇩p⇩t⇩i⇩c⇩k_locale tick_join +
After⇩l⇩h⇩s : After Ψ⇩l⇩h⇩s + After⇩r⇩h⇩s : After Ψ⇩r⇩h⇩s + After⇩p⇩t⇩i⇩c⇩k : After Ψ⇩p⇩t⇩i⇩c⇩k
for tick_join :: ‹'r ⇒ 's ⇒ 't option›
and Ψ⇩l⇩h⇩s :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, 'a] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
and Ψ⇩r⇩h⇩s :: ‹[('a, 's) process⇩p⇩t⇩i⇩c⇩k, 'a] ⇒ ('a, 's) process⇩p⇩t⇩i⇩c⇩k›
and Ψ⇩p⇩t⇩i⇩c⇩k :: ‹[('a, 't) process⇩p⇩t⇩i⇩c⇩k, 'a] ⇒ ('a, 't) process⇩p⇩t⇩i⇩c⇩k›
begin
notation After⇩l⇩h⇩s.After (infixl ‹after⇩l⇩h⇩s› 86)
notation After⇩r⇩h⇩s.After (infixl ‹after⇩r⇩h⇩s› 86)
notation After⇩p⇩t⇩i⇩c⇩k.After (infixl ‹after⇩p⇩t⇩i⇩c⇩k› 86)
sublocale After_Sync⇩p⇩t⇩i⇩c⇩k_locale_sym :
After_Sync⇩p⇩t⇩i⇩c⇩k_locale ‹λs r. tick_join r s› Ψ⇩r⇩h⇩s Ψ⇩l⇩h⇩s Ψ⇩p⇩t⇩i⇩c⇩k
by unfold_locales
lemma initialL_not_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q› (is ‹?lhs = ?rhs›)
if initial_hyps: ‹ev a ∈ P⇧0› ‹ev a ∉ Q⇧0› and notin: ‹a ∉ S›
proof (cases ‹P = ⊥ ∨ Q = ⊥›)
show ‹P = ⊥ ∨ Q = ⊥ ⟹ ?lhs = ?rhs›
by (elim disjE) (simp_all add: After⇩p⇩t⇩i⇩c⇩k.After_BOT After⇩l⇩h⇩s.After_BOT)
next
from initial_hyps and notin have init : ‹ev a ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
show ‹?lhs = ?rhs› if non_BOT : ‹¬ (P = ⊥ ∨ Q = ⊥)›
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ?lhs›
with init have ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)› by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After)
then obtain u v t_P t_Q
where * : ‹ev a # t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨ t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(4, 5) non_BOT have ‹u ≠ []›
by (auto simp add: BOT_iff_Nil_D dest: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k)
with "*"(1) obtain u' where ‹u = ev a # u'› ‹t = u' @ v›
by (cases u) simp_all
from "*"(4, 5) initial_hyps(2) obtain t_P'
where ‹t_P = ev a # t_P'› ‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
by (cases t_P; cases t_Q)
(auto simp add: setinterleaving⇩p⇩t⇩i⇩c⇩k_simps ‹u = ev a # u'›
split: event⇩p⇩t⇩i⇩c⇩k.splits if_split_asm option.split_asm
intro: D_T initials_memI)
moreover from ‹t_P = ev a # t_P'› "*"(2, 5)
have ‹t_P' ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒯 Q ∨
t_P' ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒟 Q›
by (simp add: After⇩l⇩h⇩s.After_projs initial_hyps(1))
moreover from "*"(2) have ‹tF u'› by (simp add: ‹u = ev a # u'›)
ultimately show ‹t ∈ 𝒟 ?rhs›
using "*"(3) by (auto simp add: ‹t = u' @ v› D_Sync⇩p⇩t⇩i⇩c⇩k)
next
fix t assume ‹t ∈ 𝒟 ?rhs›
then obtain u v t_P t_Q
where * : ‹t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒯 Q ∨
t_P ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒟 Q›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
have ‹ev a # t = (ev a # u) @ v› by (simp add: "*"(1))
moreover from "*"(2) have ‹tF (ev a # u)› by simp
moreover from "*"(4)
have ‹ev a # u setinterleaves⇩✓⇘tick_join⇙ ((ev a # t_P, t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinL)
moreover from "*"(5) have ‹ev a # t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨
ev a # t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
by (simp add: After⇩l⇩h⇩s.After_projs initial_hyps(1))
ultimately have ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
using "*"(3) unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
thus ‹t ∈ 𝒟 ?lhs›
by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After init)
next
fix t X assume ‹(t, X) ∈ ℱ ?lhs›
‹t ∉ 𝒟 ?lhs›
hence ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)› ‹ev a # t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)›
by (simp_all add: After⇩p⇩t⇩i⇩c⇩k.After_projs init)
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(2, 3) initial_hyps(2) obtain t_P'
where ‹t_P = ev a # t_P'› ‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
by (metis Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE F_T initials_memI)
moreover from "*"(1) have ‹(t_P', X_P) ∈ ℱ (P after⇩l⇩h⇩s a)›
by (simp add: ‹t_P = ev a # t_P'› After⇩l⇩h⇩s.F_After initial_hyps(1))
ultimately show ‹(t, X) ∈ ℱ ?rhs›
using "*"(2, 4) by (auto simp add: Sync⇩p⇩t⇩i⇩c⇩k_projs)
next
fix t X assume ‹(t, X) ∈ ℱ ?rhs›
‹t ∉ 𝒟 ?rhs›
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ (P after⇩l⇩h⇩s a)› ‹(t_Q, X_Q) ∈ ℱ Q›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(1) have ‹(ev a # t_P, X_P) ∈ ℱ P›
by (simp add: After⇩l⇩h⇩s.F_After initial_hyps(1))
moreover from "*"(3)
have ‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((ev a # t_P, t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinL)
ultimately have ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)›
using "*"(2, 4) by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k)
thus ‹(t, X) ∈ ℱ ?lhs› by (simp add: After⇩p⇩t⇩i⇩c⇩k.F_After init)
qed
qed
lemma (in After_Sync⇩p⇩t⇩i⇩c⇩k_locale) not_initialL_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = P ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a› (is ‹?lhs = ?rhs›)
if initial_hyps: ‹ev a ∉ P⇧0› ‹ev a ∈ Q⇧0› and notin: ‹a ∉ S›
using After_Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.initialL_not_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k
[OF ‹ev a ∈ Q⇧0› ‹ev a ∉ P⇧0› ‹a ∉ S›]
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k_sym)
lemma not_initialL_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹ev a ∉ P⇧0 ⟹ a ∈ S ⟹
(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = (if Q = ⊥ then ⊥ else Ψ⇩p⇩t⇩i⇩c⇩k (P ⟦S⟧⇩✓ Q) a)›
by (simp add: After⇩p⇩t⇩i⇩c⇩k.After_BOT, rule impI)
(subst After⇩p⇩t⇩i⇩c⇩k.not_initial_After, auto simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
lemma not_initialR_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹ev a ∉ Q⇧0 ⟹ a ∈ S ⟹
(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = (if P = ⊥ then ⊥ else Ψ⇩p⇩t⇩i⇩c⇩k (P ⟦S⟧⇩✓ Q) a)›
by (simp add: After⇩p⇩t⇩i⇩c⇩k.After_BOT, rule impI)
(subst After⇩p⇩t⇩i⇩c⇩k.not_initial_After, auto simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
lemma initialL_initialR_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a› (is ‹?lhs = ?rhs›)
if initial_hyps: ‹ev a ∈ P⇧0› ‹ev a ∈ Q⇧0› and inside: ‹a ∈ S›
proof (cases ‹P = ⊥ ∨ Q = ⊥›)
show ‹P = ⊥ ∨ Q = ⊥ ⟹ ?lhs = ?rhs›
by (elim disjE) (simp_all add: After.After_BOT)
next
from initial_hyps inside have init : ‹ev a ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
show ‹?lhs = ?rhs› if non_BOT : ‹¬ (P = ⊥ ∨ Q = ⊥)›
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ((P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a)›
hence ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)› by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After init)
then obtain u v t_P t_Q
where * : ‹ev a # t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨ t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(4, 5) non_BOT have ‹u ≠ []›
by (auto simp add: BOT_iff_Nil_D dest: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k)
with "*"(1) obtain u' where ‹u = ev a # u'› ‹t = u' @ v›
by (cases u) simp_all
from "*"(4) inside initial_hyps(1, 2) ‹u = ev a # u'›
obtain t_P' t_Q' where ‹t_P = ev a # t_P'› ‹t_Q = ev a # t_Q'›
‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q'), S)›
by (metis (no_types, opaque_lifting) Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
moreover from "*"(2) have ‹tF u'› by (simp add: ‹u = ev a # u'›)
moreover from "*"(5)
have ‹t_P' ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q' ∈ 𝒯 (Q after⇩r⇩h⇩s a) ∨
t_P' ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q' ∈ 𝒟 (Q after⇩r⇩h⇩s a)›
by (simp add: ‹t_P = ev a # t_P'› ‹t_Q = ev a # t_Q'›
After.After_projs initial_hyps)
ultimately show ‹t ∈ 𝒟 ?rhs›
using "*"(3) by (auto simp add: ‹t = u' @ v› D_Sync⇩p⇩t⇩i⇩c⇩k)
next
fix t assume ‹t ∈ 𝒟 ?rhs›
then obtain u v t_P t_Q
where * : ‹t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒯 (Q after⇩r⇩h⇩s a) ∨
t_P ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒟 (Q after⇩r⇩h⇩s a)›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(1) have ‹ev a # t = (ev a # u) @ v› by simp
moreover from "*"(2) have ‹tF (ev a # u)› by simp
moreover from "*"(4) have ‹ev a # u setinterleaves⇩✓⇘tick_join⇙
((ev a # t_P, ev a # t_Q), S)›
by (simp add: inside)
moreover from "*"(5) have ‹ev a # t_P ∈ 𝒟 P ∧ ev a # t_Q ∈ 𝒯 Q ∨
ev a # t_P ∈ 𝒯 P ∧ ev a # t_Q ∈ 𝒟 Q›
by (simp add: After.After_projs initial_hyps)
ultimately have ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k using "*"(3) by blast
thus ‹t ∈ 𝒟 ?lhs› by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After init)
next
fix t X assume ‹(t, X) ∈ ℱ ?lhs› ‹t ∉ 𝒟 ?lhs›
hence ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)› ‹ev a # t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)›
by (simp_all add: After.After_projs init)
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(3) obtain t_P' t_Q'
where ‹t_P = ev a # t_P'› ‹t_Q = ev a # t_Q'›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q'), S)›
by (metis (no_types) Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE inside)
moreover from "*"(1, 2) have ‹(t_P', X_P) ∈ ℱ (P after⇩l⇩h⇩s a)›
‹(t_Q', X_Q) ∈ ℱ (Q after⇩r⇩h⇩s a)›
by (simp_all add: ‹t_P = ev a # t_P'› ‹t_Q = ev a # t_Q'›
After.F_After initial_hyps)
ultimately show ‹(t, X) ∈ ℱ ?rhs›
by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k intro!: "*"(4))
next
fix t X assume ‹(t, X) ∈ ℱ ?rhs› ‹t ∉ 𝒟 ?rhs›
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ (P after⇩l⇩h⇩s a)›
‹(t_Q, X_Q) ∈ ℱ (Q after⇩r⇩h⇩s a)›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(1, 2) have ‹(ev a # t_P, X_P) ∈ ℱ P›
‹(ev a # t_Q, X_Q) ∈ ℱ Q›
by (simp_all add: After.F_After initial_hyps)
moreover from "*"(3) have ‹ev a # t setinterleaves⇩✓⇘tick_join⇙
((ev a # t_P, ev a # t_Q), S)›
by (simp add: inside)
ultimately have ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)›
using "*"(4) by (simp (no_asm) add: F_Sync⇩p⇩t⇩i⇩c⇩k) blast
thus ‹(t, X) ∈ ℱ ?lhs› by (simp add: After⇩p⇩t⇩i⇩c⇩k.F_After init)
qed
qed
lemma initialL_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k:
‹(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = (P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q) ⊓ (P ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a)›
(is ‹?lhs = ?rhs1 ⊓ ?rhs2›)
if initial_hyps: ‹ev a ∈ P⇧0› ‹ev a ∈ Q⇧0› and notin: ‹a ∉ S›
proof (cases ‹P = ⊥ ∨ Q = ⊥›)
show ‹P = ⊥ ∨ Q = ⊥ ⟹ ?lhs = ?rhs1 ⊓ ?rhs2›
by (elim disjE) (simp_all add: After.After_BOT)
next
from initial_hyps(1) notin have init : ‹ev a ∈ (P ⟦S⟧⇩✓ Q)⇧0›
by (simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
show ‹?lhs = ?rhs1 ⊓ ?rhs2› if non_BOT : ‹¬ (P = ⊥ ∨ Q = ⊥)›
proof (rule Process_eq_optimizedI)
fix t assume ‹t ∈ 𝒟 ?lhs›
hence ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After init)
then obtain u v t_P t_Q
where * : ‹ev a # t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨ t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(4, 5) non_BOT have ‹u ≠ []›
by (auto simp add: BOT_iff_Nil_D dest: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k)
with "*"(1) obtain u' where ‹u = ev a # u'› ‹t = u' @ v›
by (cases u) simp_all
from "*"(2) have ‹tF u'› by (simp add: ‹u = ev a # u'›)
from "*"(4) notin ‹u = ev a # u'›
consider t_P' where ‹t_P = ev a # t_P'›
‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
| t_Q' where ‹t_Q = ev a # t_Q'›
‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q'), S)›
by (metis (no_types) Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ‹t ∈ 𝒟 (?rhs1 ⊓ ?rhs2)›
proof cases
fix t_P' assume $ : ‹t_P = ev a # t_P'›
‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
from "*"(5) have ‹t_P' ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒯 Q ∨
t_P' ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒟 Q›
by (simp add: "$"(1) After⇩l⇩h⇩s.After_projs initial_hyps(1))
with "$"(2) "*"(3) ‹tF u'› have ‹t ∈ 𝒟 ?rhs1›
by (auto simp add: ‹t = u' @ v› D_Sync⇩p⇩t⇩i⇩c⇩k)
thus ‹t ∈ 𝒟 (?rhs1 ⊓ ?rhs2)› by (simp add: D_Ndet)
next
fix t_Q' assume $ : ‹t_Q = ev a # t_Q'›
‹u' setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q'), S)›
from "*"(5) have ‹t_P ∈ 𝒟 P ∧ t_Q' ∈ 𝒯 (Q after⇩r⇩h⇩s a) ∨
t_P ∈ 𝒯 P ∧ t_Q' ∈ 𝒟 (Q after⇩r⇩h⇩s a)›
by (simp add: "$"(1) After⇩r⇩h⇩s.After_projs initial_hyps(2))
with "$"(2) "*"(3) ‹tF u'› have ‹t ∈ 𝒟 ?rhs2›
by (auto simp add: ‹t = u' @ v› D_Sync⇩p⇩t⇩i⇩c⇩k)
thus ‹t ∈ 𝒟 (?rhs1 ⊓ ?rhs2)› by (simp add: D_Ndet)
qed
next
fix t assume ‹t ∈ 𝒟 (?rhs1 ⊓ ?rhs2)›
then consider ‹t ∈ 𝒟 ?rhs1› | ‹t ∈ 𝒟 ?rhs2›
by (auto simp add: D_Ndet)
hence ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
proof cases
assume ‹t ∈ 𝒟 ?rhs1›
then obtain u v t_P t_Q
where * : ‹t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒯 Q ∨
t_P ∈ 𝒯 (P after⇩l⇩h⇩s a) ∧ t_Q ∈ 𝒟 Q›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(1) have ‹ev a # t = (ev a # u) @ v› by simp
moreover from "*"(2) have ‹tF (ev a # u)› by simp
moreover from "*"(4)
have ‹ev a # u setinterleaves⇩✓⇘tick_join⇙ ((ev a # t_P, t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinL)
moreover from "*"(5) have ‹ev a # t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨
ev a # t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
by (simp add: After⇩l⇩h⇩s.After_projs initial_hyps(1))
ultimately show ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
using "*"(3) unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
next
assume ‹t ∈ 𝒟 ?rhs2›
then obtain u v t_P t_Q
where * : ‹t = u @ v› ‹tF u› ‹ftF v›
‹u setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 (Q after⇩r⇩h⇩s a) ∨
t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 (Q after⇩r⇩h⇩s a)›
unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(1) have ‹ev a # t = (ev a # u) @ v› by simp
moreover from "*"(2) have ‹tF (ev a # u)› by simp
moreover from "*"(4) have ‹ev a # u setinterleaves⇩✓⇘tick_join⇙ ((t_P, ev a # t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinR)
moreover from "*"(5) have ‹t_P ∈ 𝒟 P ∧ ev a # t_Q ∈ 𝒯 Q ∨
t_P ∈ 𝒯 P ∧ ev a # t_Q ∈ 𝒟 Q›
by (simp add: After⇩r⇩h⇩s.After_projs initial_hyps(2))
ultimately show ‹ev a # t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
using "*"(3) unfolding D_Sync⇩p⇩t⇩i⇩c⇩k by blast
qed
thus ‹t ∈ 𝒟 ?lhs› by (simp add: After⇩p⇩t⇩i⇩c⇩k.D_After init)
next
fix t X assume ‹(t, X) ∈ ℱ ?lhs› ‹t ∉ 𝒟 ?lhs›
hence ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)› ‹ev a # t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)›
by (simp_all add: After⇩p⇩t⇩i⇩c⇩k.After_projs init)
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(3) notin
consider t_P' where ‹t_P = ev a # t_P'›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
| t_Q' where ‹t_Q = ev a # t_Q'›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q'), S)›
by (metis (no_types) Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ‹(t, X) ∈ ℱ (?rhs1 ⊓ ?rhs2)›
proof cases
fix t_P' assume $ : ‹t_P = ev a # t_P'›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P', t_Q), S)›
from "*"(1) have ‹(t_P', X_P) ∈ ℱ (P after⇩l⇩h⇩s a)›
by (simp add: "$"(1) After⇩l⇩h⇩s.F_After initial_hyps(1))
with "$"(2) "*"(2, 4) have ‹(t, X) ∈ ℱ ?rhs1›
by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k)
thus ‹(t, X) ∈ ℱ (?rhs1 ⊓ ?rhs2)› by (simp add: F_Ndet)
next
fix t_Q' assume $ : ‹t_Q = ev a # t_Q'›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q'), S)›
from "*"(2) have ‹(t_Q', X_Q) ∈ ℱ (Q after⇩r⇩h⇩s a)›
by (simp add: "$"(1) After⇩r⇩h⇩s.F_After initial_hyps(2))
with "$"(2) "*"(1, 4) have ‹(t, X) ∈ ℱ ?rhs2›
by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k)
thus ‹(t, X) ∈ ℱ (?rhs1 ⊓ ?rhs2)› by (simp add: F_Ndet)
qed
next
fix t X assume ‹(t, X) ∈ ℱ (?rhs1 ⊓ ?rhs2)› ‹t ∉ 𝒟 (?rhs1 ⊓ ?rhs2)›
then consider ‹(t, X) ∈ ℱ ?rhs1› ‹t ∉ 𝒟 ?rhs1›
| ‹(t, X) ∈ ℱ ?rhs2› ‹t ∉ 𝒟 ?rhs2›
by (auto simp add: Ndet_projs)
hence ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)›
proof cases
assume ‹(t, X) ∈ ℱ ?rhs1› ‹t ∉ 𝒟 ?rhs1›
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ (P after⇩l⇩h⇩s a)› ‹(t_Q, X_Q) ∈ ℱ Q›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(1) have ‹(ev a # t_P, X_P) ∈ ℱ P›
by (simp add: After⇩l⇩h⇩s.F_After initial_hyps(1))
moreover from "*"(3)
have ‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((ev a # t_P, t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinL)
ultimately show ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)›
by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k intro!: "*"(2, 4))
next
assume ‹(t, X) ∈ ℱ ?rhs2› ‹t ∉ 𝒟 ?rhs2›
then obtain t_P t_Q X_P X_Q
where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ (Q after⇩r⇩h⇩s a)›
‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), S)›
‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "*"(2) have ‹(ev a # t_Q, X_Q) ∈ ℱ Q›
by (simp add: After⇩r⇩h⇩s.F_After initial_hyps(2))
moreover from "*"(3)
have ‹ev a # t setinterleaves⇩✓⇘tick_join⇙ ((t_P, ev a # t_Q), S)›
by (metis notin rev.simps(2) rev_setinterleaves⇩p⇩t⇩i⇩c⇩k_rev_rev_iff
setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_notinR)
ultimately show ‹(ev a # t, X) ∈ ℱ (P ⟦S⟧⇩✓ Q)›
by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k intro!: "*"(1, 4))
qed
thus ‹(t, X) ∈ ℱ ?lhs› by (simp add: After⇩p⇩t⇩i⇩c⇩k.F_After init)
qed
qed
lemma not_initialL_not_initialR_After_Sync⇩p⇩t⇩i⇩c⇩k :
‹ev a ∉ P⇧0 ⟹ ev a ∉ Q⇧0 ⟹ (P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a = Ψ⇩p⇩t⇩i⇩c⇩k (P ⟦S⟧⇩✓ Q) a›
by (subst After⇩p⇩t⇩i⇩c⇩k.not_initial_After) (auto simp add: initials_Sync⇩p⇩t⇩i⇩c⇩k)
text ‹Finally, the monster theorem !›
theorem After_Sync⇩p⇩t⇩i⇩c⇩k:
‹(P ⟦S⟧⇩✓ Q) after⇩p⇩t⇩i⇩c⇩k a =
( if P = ⊥ ∨ Q = ⊥ then ⊥
else if ev a ∈ P⇧0 ∧ ev a ∈ Q⇧0
then if a ∈ S then P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a
else (P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q) ⊓ (P ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a)
else if ev a ∈ P⇧0 ∧ a ∉ S then P after⇩l⇩h⇩s a ⟦S⟧⇩✓ Q
else if ev a ∈ Q⇧0 ∧ a ∉ S then P ⟦S⟧⇩✓ Q after⇩r⇩h⇩s a
else Ψ⇩p⇩t⇩i⇩c⇩k (P ⟦S⟧⇩✓ Q) a)›
by (auto simp add: After⇩p⇩t⇩i⇩c⇩k.After_BOT initialL_not_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k
initialL_initialR_in_After_Sync⇩p⇩t⇩i⇩c⇩k initialL_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k
not_initialL_initialR_not_in_After_Sync⇩p⇩t⇩i⇩c⇩k not_initialL_not_initialR_After_Sync⇩p⇩t⇩i⇩c⇩k
not_initialR_in_After_Sync⇩p⇩t⇩i⇩c⇩k not_initialL_in_After_Sync⇩p⇩t⇩i⇩c⇩k)
end
end