Theory CSP_PTick_Monotonicities

(***********************************************************************************
 * Copyright (c) 2025 Université Paris-Saclay
 *
 * Author: Benoît Ballenghien, Université Paris-Saclay,
 *         CNRS, ENS Paris-Saclay, LMF
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 ***********************************************************************************)


chapter ‹Monotonicity Properties›

(*<*)
theory CSP_PTick_Monotonicities
  imports Sequential_Composition_Generalized_Cont
    Synchronization_Product_Generalized_Cont
begin
  (*>*)


subsection ‹Sequential Composition›

lemma mono_Seq⇩p⇩t⇩i⇩c⇩k_FD : ‹P ⊑⇩F⇩D P' ⟹ (⋀r. Q r ⊑⇩F⇩D Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩F⇩D P' ❙;⇩✓ Q'›
proof (rule trans_FD[of _ ‹P' ❙;⇩✓ Q›])
  show ‹P ⊑⇩F⇩D P' ⟹ (⋀r. Q r ⊑⇩F⇩D Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩F⇩D P' ❙;⇩✓ Q›
    unfolding refine_defs Seq⇩p⇩t⇩i⇩c⇩k_projs
    by (auto simp add: subset_iff T_F_spec[symmetric])
next
  show ‹P ⊑⇩F⇩D P' ⟹ (⋀r. Q r ⊑⇩F⇩D Q' r) ⟹ P' ❙;⇩✓ Q ⊑⇩F⇩D P' ❙;⇩✓ Q'›
    unfolding less_eq_process⇩p⇩t⇩i⇩c⇩k_def Seq⇩p⇩t⇩i⇩c⇩k_projs
    by (simp add: subset_iff T_F_spec[symmetric]) metis
qed

lemma mono_Seq⇩p⇩t⇩i⇩c⇩k_DT : ‹P ⊑⇩D⇩T P' ⟹ (⋀r. Q r ⊑⇩D⇩T Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩D⇩T P' ❙;⇩✓ Q'›
proof (rule trans_DT[of _ ‹P' ❙;⇩✓ Q›])
  show ‹P ❙;⇩✓ Q ⊑⇩D⇩T P' ❙;⇩✓ Q› if ‹P ⊑⇩D⇩T P'›
  proof (rule trace_divergence_refine_optimizedI)
    from ‹P ⊑⇩D⇩T P'› show ‹s ∈ 𝒟 (P' ❙;⇩✓ Q) ⟹ s ∈ 𝒟 (P ❙;⇩✓ Q)› for s
      by (auto simp add: refine_defs Seq⇩p⇩t⇩i⇩c⇩k_projs)
  next
    from ‹P ⊑⇩D⇩T P'› show ‹s ∈ 𝒯 (P' ❙;⇩✓ Q) ⟹ s ∈ 𝒯 (P ❙;⇩✓ Q)› for s
      by (auto simp add: Seq⇩p⇩t⇩i⇩c⇩k_projs refine_defs)
  qed
next
  show ‹(⋀r. Q r ⊑⇩D⇩T Q' r) ⟹ P' ❙;⇩✓ Q ⊑⇩D⇩T P' ❙;⇩✓ Q'›
    by (simp add: refine_defs Seq⇩p⇩t⇩i⇩c⇩k_projs) blast
qed


lemma mono_Seq⇩p⇩t⇩i⇩c⇩k_F_right : ‹(⋀r. Q r ⊑⇩F Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩F P ❙;⇩✓ Q'›
  by (auto simp add: failure_refine_def Seq⇩p⇩t⇩i⇩c⇩k_projs) blast

lemma mono_Seq⇩p⇩t⇩i⇩c⇩k_D_right : ‹(⋀r. Q r ⊑⇩D Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩D P ❙;⇩✓ Q'›
  by (simp add: divergence_refine_def Seq⇩p⇩t⇩i⇩c⇩k_projs) blast

lemma  mono_Seq⇩p⇩t⇩i⇩c⇩k_T_right : ‹(⋀r. Q r ⊑⇩T Q' r) ⟹ P ❙;⇩✓ Q ⊑⇩T P ❙;⇩✓ Q'›
  by (simp add: trace_refine_def Seq⇩p⇩t⇩i⇩c⇩k_projs) blast

text ‹Left Sequence monotonicity doesn't hold for \<^term>‹(⊑⇩F)›, \<^term>‹(⊑⇩D)› and \<^term>‹(⊑⇩T)›.›

lemmas monos_Seq⇩p⇩t⇩i⇩c⇩k = mono_Seq⇩p⇩t⇩i⇩c⇩k mono_Seq⇩p⇩t⇩i⇩c⇩k_FD mono_Seq⇩p⇩t⇩i⇩c⇩k_DT
  mono_Seq⇩p⇩t⇩i⇩c⇩k_F_right mono_Seq⇩p⇩t⇩i⇩c⇩k_D_right mono_Seq⇩p⇩t⇩i⇩c⇩k_T_right



subsection ‹Multiple Sequential Composition›

lemma mono_MultiSeq⇩p⇩t⇩i⇩c⇩k :
  ‹(⋀x r. x ∈ set L ⟹ P x r ⊑ Q x r) ⟹
   (SEQ⇩✓ l ∈@ L. P l) r ⊑ (SEQ⇩✓ l ∈@ L. Q l) r›
  by (induct L arbitrary: r, simp_all add: fun_belowI mono_Seq⇩p⇩t⇩i⇩c⇩k)

lemma mono_MultiSeq⇩p⇩t⇩i⇩c⇩k_FD :
  ‹(⋀x r. x ∈ set L ⟹ P x r ⊑⇩F⇩D Q x r) ⟹
   (SEQ⇩✓ l ∈@ L. P l) r ⊑⇩F⇩D (SEQ⇩✓ l ∈@ L. Q l) r›
  and mono_MultiSeq⇩p⇩t⇩i⇩c⇩k_DT :
  ‹(⋀x r. x ∈ set L ⟹ P x r ⊑⇩D⇩T Q x r) ⟹
   (SEQ⇩✓ l ∈@ L. P l) r ⊑⇩D⇩T (SEQ⇩✓ l ∈@ L. Q l) r›
  by (induct L arbitrary: r, simp_all add: monos_Seq⇩p⇩t⇩i⇩c⇩k)

lemmas monos_MultiSeq⇩p⇩t⇩i⇩c⇩k =
  mono_MultiSeq⇩p⇩t⇩i⇩c⇩k mono_MultiSeq⇩p⇩t⇩i⇩c⇩k_FD mono_MultiSeq⇩p⇩t⇩i⇩c⇩k_FD



subsection ‹Synchronization Product›

context Sync⇩p⇩t⇩i⇩c⇩k_locale begin

lemma mono_Sync⇩p⇩t⇩i⇩c⇩k_DT :
  ‹P ⊑⇩D⇩T P' ⟹ Q ⊑⇩D⇩T Q' ⟹ P ⟦A⟧⇩✓ Q ⊑⇩D⇩T P' ⟦A⟧⇩✓ Q'›
  by (simp add: refine_defs T_Sync⇩p⇩t⇩i⇩c⇩k D_Sync⇩p⇩t⇩i⇩c⇩k) blast

lemma mono_Sync⇩p⇩t⇩i⇩c⇩k_FD : ‹P ⟦A⟧⇩✓ Q ⊑⇩F⇩D P' ⟦A⟧⇩✓ Q'›
  if ‹P ⊑⇩F⇩D P'› and ‹Q ⊑⇩F⇩D Q'›
proof -
  from ‹P ⊑⇩F⇩D P'› ‹Q ⊑⇩F⇩D Q'› have ‹P ⊑⇩D⇩T P'› ‹Q ⊑⇩D⇩T Q'›
    by (simp_all add: le_ref2T refine_defs)
  with mono_Sync⇩p⇩t⇩i⇩c⇩k_DT have ‹P ⟦A⟧⇩✓ Q ⊑⇩D⇩T P' ⟦A⟧⇩✓ Q'› by blast
  hence * : ‹P ⟦A⟧⇩✓ Q ⊑⇩D P' ⟦A⟧⇩✓ Q'› by (simp add: leDT_imp_leD)
  show ‹P ⟦A⟧⇩✓ Q ⊑⇩F⇩D P' ⟦A⟧⇩✓ Q'›
  proof (rule leF_leD_imp_leFD[OF _ "*"],
      unfold failure_refine_def, safe)
    fix t X assume ‹(t, X) ∈ ℱ (P' ⟦A⟧⇩✓ Q')›
    then consider ‹t ∈ 𝒟 (P' ⟦A⟧⇩✓ Q')›
      | (fail) t_P t_Q X_P X_Q
      where ‹(t_P, X_P) ∈ ℱ P'› ‹(t_Q, X_Q) ∈ ℱ Q'›
        ‹t setinterleaves⇩✓⇘tick_join⇙ ((t_P, t_Q), A)›
        ‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k tick_join X_P A X_Q›
      unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
    thus ‹(t, X) ∈ ℱ (P ⟦A⟧⇩✓ Q)›
    proof cases
      show ‹t ∈ 𝒟 (P' ⟦A⟧⇩✓ Q') ⟹ (t, X) ∈ ℱ (P ⟦A⟧⇩✓ Q)›
        using "*" D_F unfolding divergence_refine_def by blast
    next
      case fail
      from fail(1, 2) ‹P ⊑⇩F⇩D P'› ‹Q ⊑⇩F⇩D Q'›
      have ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
        unfolding refine_defs by auto
      with fail(3, 4) show ‹(t, X) ∈ ℱ (P ⟦A⟧⇩✓ Q)›
        by (auto simp add: F_Sync⇩p⇩t⇩i⇩c⇩k)
    qed
  qed
qed




lemmas monos_Sync⇩p⇩t⇩i⇩c⇩k = mono_Sync⇩p⇩t⇩i⇩c⇩k mono_Sync⇩p⇩t⇩i⇩c⇩k_FD mono_Sync⇩p⇩t⇩i⇩c⇩k_DT


end


subsection ‹Multiple Synchronization Product›

lemma mono_MultiSync⇩p⇩t⇩i⇩c⇩k :
  ‹(⋀l. l ∈ set L ⟹ P l ⊑ Q l) ⟹ ❙⟦S❙⟧⇩✓ l ∈@ L. P l ⊑ ❙⟦S❙⟧⇩✓ l ∈@ L. Q l›
  by (induct L rule: induct_list012)
    (simp_all add: Sync⇩R⇩l⇩i⇩s⇩t.mono_Sync⇩p⇩t⇩i⇩c⇩k mono_Renaming)

lemma mono_MultiSync⇩p⇩t⇩i⇩c⇩k_FD :
  ‹(⋀l. l ∈ set L ⟹ P l ⊑⇩F⇩D Q l) ⟹ ❙⟦S❙⟧⇩✓ l ∈@ L. P l ⊑⇩F⇩D ❙⟦S❙⟧⇩✓ l ∈@ L. Q l›
  by (induct L rule: induct_list012)
    (simp_all add: Sync⇩R⇩l⇩i⇩s⇩t.mono_Sync⇩p⇩t⇩i⇩c⇩k_FD mono_Renaming_FD)


lemma mono_MultiSync⇩p⇩t⇩i⇩c⇩k_DT :
  ‹(⋀l. l ∈ set L ⟹ P l ⊑⇩D⇩T Q l) ⟹ ❙⟦S❙⟧⇩✓ l ∈@ L. P l ⊑⇩D⇩T ❙⟦S❙⟧⇩✓ l ∈@ L. Q l›
  by (induct L rule: induct_list012)
    (simp_all add: Sync⇩R⇩l⇩i⇩s⇩t.mono_Sync⇩p⇩t⇩i⇩c⇩k_DT mono_Renaming_DT)


lemmas monos_MultiSync⇩p⇩t⇩i⇩c⇩k =
  mono_MultiSync⇩p⇩t⇩i⇩c⇩k mono_MultiSync⇩p⇩t⇩i⇩c⇩k_FD mono_MultiSync⇩p⇩t⇩i⇩c⇩k_DT




(*<*)
end
  (*>*)