Theory Synchronization_Product_Generalized_Associativity
section ‹Associativity›
theory Synchronization_Product_Generalized_Associativity
imports CSP_PTick_Renaming
begin
subsection ‹Motivation›
text ‹
The classical synchronization product is associative: @{thm Sync_assoc[of P A Q R]}
but in our generalization such a law cannot be obtained in all generality.
We already encountered a similar issue for the commutativity:
we have to find a setup in which the different combinations of the ticks
that we need make sense, and prove the quasi-associativity.
›
subsection ‹Formalization›
locale Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale =
Sync⇩p⇩t⇩i⇩c⇩k⇩1 : Sync⇩p⇩t⇩i⇩c⇩k_locale ‹(⊗✓1)› +
Sync⇩p⇩t⇩i⇩c⇩k⇩2 : Sync⇩p⇩t⇩i⇩c⇩k_locale ‹(⊗✓2)› +
Sync⇩p⇩t⇩i⇩c⇩k⇩3 : Sync⇩p⇩t⇩i⇩c⇩k_locale ‹(⊗✓3)› +
Sync⇩p⇩t⇩i⇩c⇩k⇩4 : Sync⇩p⇩t⇩i⇩c⇩k_locale ‹(⊗✓4)›
for tick_join1 :: ‹'r ⇒ 's ⇒ 't option› (infixl ‹⊗✓1› 100)
and tick_join2 :: ‹'t ⇒ 'u ⇒ 'v option› (infixl ‹⊗✓2› 100)
and tick_join3 :: ‹'r ⇒ 'w ⇒ 'x option› (infixl ‹⊗✓3› 100)
and tick_join4 :: ‹'s ⇒ 'u ⇒ 'w option› (infixl ‹⊗✓4› 100) +
fixes tick_assoc_ren :: ‹'v ⇒ 'x› (‹⊗✓2⇒⊗✓3›)
and tick_assoc_ren_conv :: ‹'x ⇒ 'v› (‹⊗✓3⇒⊗✓2›)
assumes None_assms_tick_join :
‹r ⊗✓1 s = ◇ ⟹ s ⊗✓4 u = ◇ ∨ r ⊗✓3 ⌈s ⊗✓4 u⌉ = ◇›
‹r ⊗✓1 s ≠ ◇ ⟹ ⌈r ⊗✓1 s⌉ ⊗✓2 u = ◇ ⟹ s ⊗✓4 u = ◇ ∨ r ⊗✓3 ⌈s ⊗✓4 u⌉ = ◇›
‹s ⊗✓4 u = ◇ ⟹ r ⊗✓1 s = ◇ ∨ ⌈r ⊗✓1 s⌉ ⊗✓2 u = ◇›
‹s ⊗✓4 u ≠ ◇ ⟹ r ⊗✓3 ⌈s ⊗✓4 u⌉ = ◇ ⟹ r ⊗✓1 s = ◇ ∨ ⌈r ⊗✓1 s⌉ ⊗✓2 u = ◇›
and tick_assoc_ren_hyp :
‹r ⊗✓1 s = ⌊t⌋ ⟹ t ⊗✓2 u = ⌊v⌋ ⟹ ⌈r ⊗✓3 ⌈s ⊗✓4 u⌉⌉ = ⊗✓2⇒⊗✓3 v›
and tick_assoc_ren_conv_hyp :
‹s ⊗✓4 u = ⌊w⌋ ⟹ r ⊗✓3 w = ⌊x⌋ ⟹ ⌈⌈r ⊗✓1 s⌉ ⊗✓2 u⌉ = ⊗✓3⇒⊗✓2 x›
begin
text ‹There is a symmetry over the variables.›
sublocale Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale_sym :
Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale ‹λu s. s ⊗✓4 u› ‹λw r. r ⊗✓3 w› ‹λu t. t ⊗✓2 u›
‹λs r. r ⊗✓1 s› ‹⊗✓3⇒⊗✓2› ‹⊗✓2⇒⊗✓3›
by unfold_locales
(fact None_assms_tick_join tick_assoc_ren_hyp tick_assoc_ren_conv_hyp)+
end
subsection ‹First Properties›
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) tick_assoc_ren_tick_assoc_ren_conv :
‹∃r s u w. s ⊗✓4 u = ⌊w⌋ ∧ r ⊗✓3 w = ⌊x⌋ ⟹
⊗✓2⇒⊗✓3 (⊗✓3⇒⊗✓2 x) = x›
by (metis None_assms_tick_join(1,2) option.collapse option.distinct(1)
option.sel tick_assoc_ren_hyp tick_assoc_ren_conv_hyp)
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) tick_assoc_ren_conv_tick_assoc_ren :
‹∃r s t u. r ⊗✓1 s = ⌊t⌋ ∧ t ⊗✓2 u = ⌊v⌋ ⟹ ⊗✓3⇒⊗✓2 (⊗✓2⇒⊗✓3 v) = v›
by (metis Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale_sym.tick_assoc_ren_tick_assoc_ren_conv)
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) inj_on_tick_assoc_ren :
‹inj_on ⊗✓2⇒⊗✓3 {v. ∃r s t u. r ⊗✓1 s = ⌊t⌋ ∧ t ⊗✓2 u = ⌊v⌋}›
by (rule inj_onI, simp) (metis tick_assoc_ren_conv_tick_assoc_ren)
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) inj_on_tick_assoc_ren_conv :
‹inj_on ⊗✓3⇒⊗✓2 {x. ∃r s u w. s ⊗✓4 u = ⌊w⌋ ∧ r ⊗✓3 w = ⌊x⌋}›
by (rule inj_onI, simp) (metis tick_assoc_ren_tick_assoc_ren_conv)
subsection ‹Associativity for the Traces›
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_left :
‹⟦t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s), A);
t⇩v setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A)⟧ ⟹
∃t⇩w. map (map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3) t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A) ∧
t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)›
proof -
let ?map = ‹λt. map ev (map of_ev t)›
let ?map_event = ‹λt. map (map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3) t›
show ‹⟦t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s), A);
t⇩v setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A)⟧ ⟹ ?thesis›
proof (induct ‹((⊗✓2), t⇩t, A, t⇩u)› arbitrary: t⇩r t⇩s t⇩t t⇩u t⇩v)
case Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil
thus ?case
by (cases t⇩r; cases t⇩s)
(auto intro: Nil_setinterleaves⇩p⇩t⇩i⇩c⇩k simp add: setinterleaving⇩p⇩t⇩i⇩c⇩k_simps
split: if_split_asm event⇩p⇩t⇩i⇩c⇩k.split_asm option.split_asm)
next
case (ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil a t⇩t)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil.prems(2)
have ‹a ∉ A› ‹tF t⇩t› ‹set t⇩t ∩ ev ` A = {}› ‹t⇩v = ?map (ev a # t⇩t)›
and $ : ‹?map t⇩t setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, []), A)›
by (auto simp add: setinterleaves⇩p⇩t⇩i⇩c⇩k_NilR_iff split: if_split_asm)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil.prems(1)
consider (mv_left) t⇩r' where ‹t⇩r = ev a # t⇩r'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s), A)›
| (mv_right) t⇩s' where ‹t⇩s = ev a # t⇩s'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s'), A)›
by (auto simp add: ‹a ∉ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ?case
proof cases
case mv_left
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil.hyps[OF ‹a ∉ A› mv_left(2) "$"]
obtain t⇩w where * : ‹?map_event (?map t⇩t) setinterleaves⇩✓⇘(⊗✓3)⇙((t⇩r', t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, []), A)› by blast
from "*"(1) have ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
by (cases t⇩w, auto simp add: mv_left(1) ‹a ∉ A› ‹t⇩v = ?map (ev a # t⇩t)›
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
with "*"(2) show ?thesis by blast
next
case mv_right
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil.hyps[OF ‹a ∉ A› mv_right(2) "$"]
obtain t⇩w where * : ‹?map_event (?map t⇩t) setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s', []), A)› by blast
from "*"(2) have ‹ev a # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, []), A)›
by (simp add: ‹a ∉ A› ‹t⇩v = ?map (ev a # t⇩t)› mv_right(1))
moreover from "*"(1)
have ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev a # t⇩w), A)›
by (cases t⇩r, auto simp add: ‹a ∉ A› ‹t⇩v = ?map (ev a # t⇩t)› setinterleaving⇩p⇩t⇩i⇩c⇩k_simps
split: event⇩p⇩t⇩i⇩c⇩k.split)
ultimately show ?thesis by blast
qed
next
case (tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil r t⇩t)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_Nil.prems(2) have False by simp
thus ?case ..
next
case (Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev b t⇩u)
from Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)[THEN setinterleaves⇩p⇩t⇩i⇩c⇩k_imp_lengthLR_le]
have ‹t⇩r = []› ‹t⇩s = []› by simp_all
from Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(2)
have ‹b ∉ A› ‹tF t⇩u› ‹set t⇩u ∩ ev ` A = {}› ‹t⇩v = ?map (ev b # t⇩u)›
and $ : ‹?map t⇩u setinterleaves⇩✓⇘(⊗✓2)⇙ (([], t⇩u), A)›
by (auto simp add: setinterleaves⇩p⇩t⇩i⇩c⇩k_NilL_iff split: if_split_asm)
from Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps[OF ‹b ∉ A› Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1) "$"]
obtain t⇩w where ‹?map_event (?map t⇩u) setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev b # t⇩w), A) ∧
ev b # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (simp add: ‹t⇩v = ?map (ev b # t⇩u)› ‹t⇩r = []› ‹t⇩s = []› ‹b ∉ A›)
thus ?case ..
next
case (Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick r⇩u t⇩u)
from Nil_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.prems(2) have False by simp
thus ?case ..
next
case (ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev a t⇩t b t⇩u)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(2)
consider (mv_both) t⇩v' where ‹a ∈ A› ‹b ∈ A› ‹a = b› ‹t⇩v = ev b # t⇩v'› ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A)›
| (mvR_inL) t⇩v' where ‹a ∈ A› ‹b ∉ A› ‹t⇩v = ev b # t⇩v'› ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((ev a # t⇩t, t⇩u), A)›
| (mvL_inR) t⇩v' where ‹a ∉ A› ‹b ∈ A› ‹t⇩v = ev a # t⇩v'› ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, ev b # t⇩u), A)›
| (mvR_notin) t⇩v' where ‹a ∉ A› ‹b ∉ A› ‹t⇩v = ev b # t⇩v'› ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((ev a # t⇩t, t⇩u), A)›
| (mvL_notin) t⇩v' where ‹a ∉ A› ‹b ∉ A› ‹t⇩v = ev a # t⇩v'› ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, ev b # t⇩u), A)›
by (auto split: if_split_asm)
thus ?case
proof cases
case mv_both
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
obtain t⇩r' t⇩s' where ‹t⇩r = ev a # t⇩r'› ‹t⇩s = ev a # t⇩s'›
‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s'), A)›
by (auto simp add: ‹a ∈ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(1)[OF mv_both(1-3) ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s'), A)› mv_both(5)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r', t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s', t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev a # t⇩w), A) ∧
ev a # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (simp add: mv_both(2-4) ‹t⇩s = ev a # t⇩s'› ‹t⇩r = ev a # t⇩r'›)
thus ?thesis ..
next
case mvR_inL
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
obtain t⇩r' t⇩s' where ‹t⇩r = ev a # t⇩r'› ‹t⇩s = ev a # t⇩s'›
‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s'), A)›
by (auto simp add: ‹a ∈ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(2)[OF mvR_inL(1, 2) ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1) mvR_inL(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev b # t⇩w), A) ∧
ev b # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (simp add: ‹t⇩r = ev a # t⇩r'› ‹t⇩s = ev a # t⇩s'› mvR_inL(1-3))
thus ?thesis ..
next
case mvL_inR
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
consider (mv_left) t⇩r' where ‹t⇩r = ev a # t⇩r'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s), A)›
| (mv_right) t⇩s' where ‹t⇩s = ev a # t⇩s'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s'), A)›
by (auto simp add: ‹a ∉ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ?thesis
proof cases
case mv_left
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(3)[OF mvL_inR(1, 2) mv_left(2) mvL_inR(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r', t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A) ∧
t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩w) (auto simp add: mvL_inR(1-3) mv_left(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
next
case mv_right
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(3)[OF mvL_inR(1, 2) mv_right(2) mvL_inR(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s', ev b # t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev a # t⇩w), A) ∧
ev a # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩r) (auto simp add: mvL_inR(1-3) mv_right(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
qed
next
case mvR_notin
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
consider (mv_left) t⇩r' where ‹t⇩r = ev a # t⇩r'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s), A)›
| (mv_right) t⇩s' where ‹t⇩s = ev a # t⇩s'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s'), A)›
by (auto simp add: ‹a ∉ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ?thesis
proof cases
case mv_left
from mv_left(2) have ‹ev a # t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s), A)›
by (cases t⇩s) (auto simp add: mv_left(1) mvR_notin(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(5)[OF mvR_notin(1, 2) this mvR_notin(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev b # t⇩w), A) ∧
ev b # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩s) (auto simp add: mvR_notin(1-3) mv_left(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
next
case mv_right
from mv_right(2) have ‹ev a # t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s), A)›
by (cases t⇩r) (auto simp add: mv_right(1) mvR_notin(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(5)[OF mvR_notin(1, 2) this mvR_notin(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev b # t⇩w), A) ∧
ev b # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩r) (auto simp add: mvR_notin(1-3) mv_right(1)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
qed
next
case mvL_notin
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
consider (mv_left) t⇩r' where ‹t⇩r = ev a # t⇩r'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s), A)›
| (mv_right) t⇩s' where ‹t⇩s = ev a # t⇩s'› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s'), A)›
by (auto simp add: ‹a ∉ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ?thesis
proof cases
case mv_left
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(4)[OF mvL_notin(1, 2) mv_left(2) mvL_notin(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r', t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A) ∧
t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩w) (auto simp add: mv_left(1) mvL_notin(1, 3)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
next
case mv_right
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps(4)[OF mvL_notin(1, 2) mv_right(2) mvL_notin(4)]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s', ev b # t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev a # t⇩w), A) ∧
ev a # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (cases t⇩r) (auto simp add: mv_right(1) mvL_notin(1, 3)
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
thus ?thesis ..
qed
qed
next
case (ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick a t⇩t s t⇩u)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.prems(2) obtain t⇩v'
where ‹a ∉ A› ‹t⇩v = ev a # t⇩v'›
and $ : ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, ✓(s) # t⇩u), A)›
by (auto split: if_split_asm)
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.prems(1)
have ‹t⇩r ≠ [] ∧ hd t⇩r = ev a ∧ t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((tl t⇩r, t⇩s), A) ∨
t⇩s ≠ [] ∧ hd t⇩s = ev a ∧ t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, tl t⇩s), A)›
by (auto simp add: ‹a ∉ A› elim: Cons_ev_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
thus ?case
proof (elim disjE conjE)
assume ‹t⇩r ≠ []› ‹hd t⇩r = ev a› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((tl t⇩r, t⇩s), A)›
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.hyps[OF ‹a ∉ A› this(3) "$"]
obtain t⇩w where * : ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙((tl t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ✓(s) # t⇩u), A)› by blast
from "*"(1) have ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
by (subst list.collapse[OF ‹t⇩r ≠ []›, symmetric])
(cases t⇩w, auto simp add: ‹a ∉ A› ‹hd t⇩r = ev a› ‹t⇩v = ev a # t⇩v'›
setinterleaving⇩p⇩t⇩i⇩c⇩k_simps split: event⇩p⇩t⇩i⇩c⇩k.split)
with "*"(2) show ?case by blast
next
assume ‹t⇩s ≠ []› ‹hd t⇩s = ev a› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, tl t⇩s), A)›
from ev_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.hyps[OF ‹a ∉ A› this(3) "$"]
obtain t⇩w where * : ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((tl t⇩s, ✓(s) # t⇩u), A)› by blast
from "*"(2) have ‹ev a # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ✓(s) # t⇩u), A)›
by (subst list.collapse[OF ‹t⇩s ≠ []›, symmetric])
(simp add: ‹a ∉ A› ‹t⇩v = ev a # t⇩v'› ‹hd t⇩s = ev a›)
moreover from "*"(1)
have ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev a # t⇩w), A)›
by (cases t⇩r, auto simp add: ‹a ∉ A› ‹t⇩v = ev a # t⇩v'› setinterleaving⇩p⇩t⇩i⇩c⇩k_simps
split: event⇩p⇩t⇩i⇩c⇩k.split)
ultimately show ?case by blast
qed
next
case (tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev r⇩t t⇩t b t⇩u)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1)
obtain r⇩r r⇩s t⇩r' t⇩s' where ‹(r⇩r ⊗✓1 r⇩s) = ⌊r⇩t⌋› ‹t⇩r = ✓(r⇩r) # t⇩r'› ‹t⇩s = ✓(r⇩s) # t⇩s'›
by (auto elim: Cons_tick_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(2) obtain t⇩v'
where ‹b ∉ A› ‹t⇩v = ev b # t⇩v'›
and $ : ‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((✓(r⇩t) # t⇩t, t⇩u), A)›
by (auto split: if_split_asm)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.hyps[OF ‹b ∉ A› tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_ev.prems(1) "$"]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ev b # t⇩w), A) ∧
ev b # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ev b # t⇩u), A)›
by (simp add: ‹b ∉ A› ‹t⇩v = ev b # t⇩v'› ‹t⇩r = ✓(r⇩r) # t⇩r'› ‹t⇩s = ✓(r⇩s) # t⇩s'›)
thus ?case ..
next
case (tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick r⇩t t⇩t r⇩u t⇩u)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.prems(1)
obtain r⇩r r⇩s t⇩r' t⇩s' where ‹r⇩r ⊗✓1 r⇩s = ⌊r⇩t⌋› ‹t⇩r = ✓(r⇩r) # t⇩r'› ‹t⇩s = ✓(r⇩s) # t⇩s'›
‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s'), A)›
by (auto elim: Cons_tick_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.prems(2)
obtain r⇩v t⇩v' where ‹r⇩t ⊗✓2 r⇩u = ⌊r⇩v⌋› ‹t⇩v = ✓(r⇩v) # t⇩v'›
‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A)›
by (auto split: option.split_asm)
from ‹r⇩r ⊗✓1 r⇩s = ⌊r⇩t⌋› ‹r⇩t ⊗✓2 r⇩u = ⌊r⇩v⌋› obtain r⇩w where ‹r⇩s ⊗✓4 r⇩u = ⌊r⇩w⌋›
by (metis None_assms_tick_join(3) not_None_eq option.sel)
from ‹r⇩s ⊗✓4 r⇩u = ⌊r⇩w⌋› ‹r⇩r ⊗✓1 r⇩s = ⌊r⇩t⌋› ‹r⇩t ⊗✓2 r⇩u = ⌊r⇩v⌋›
obtain r⇩x where ‹r⇩r ⊗✓3 r⇩w = ⌊r⇩x⌋›
by (metis None_assms_tick_join(4) option.distinct(1) option.exhaust_sel option.sel)
have ‹⊗✓2⇒⊗✓3 r⇩v = r⇩x›
by (metis ‹r⇩r ⊗✓1 r⇩s = ⌊r⇩t⌋› ‹r⇩r ⊗✓3 r⇩w = ⌊r⇩x⌋› ‹r⇩s ⊗✓4 r⇩u = ⌊r⇩w⌋›
‹r⇩t ⊗✓2 r⇩u = ⌊r⇩v⌋› tick_assoc_ren_hyp option.sel)
from tick_setinterleaving⇩p⇩t⇩i⇩c⇩k_tick.hyps
[OF ‹r⇩t ⊗✓2 r⇩u = ⌊r⇩v⌋› ‹t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r', t⇩s'), A)›
‹t⇩v' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A)›]
obtain t⇩w where ‹?map_event t⇩v' setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r', t⇩w), A)›
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s', t⇩u), A)› by blast
hence ‹?map_event t⇩v setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, ✓(r⇩w) # t⇩w), A) ∧
✓(r⇩w) # t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, ✓(r⇩u) # t⇩u), A)›
by (simp add: ‹t⇩r = ✓(r⇩r) # t⇩r'› ‹t⇩s = ✓(r⇩s) # t⇩s'› ‹t⇩v = ✓(r⇩v) # t⇩v'›
‹r⇩s ⊗✓4 r⇩u = ⌊r⇩w⌋› ‹r⇩r ⊗✓3 r⇩w = ⌊r⇩x⌋› ‹⊗✓2⇒⊗✓3 r⇩v = r⇩x›)
thus ?case ..
qed
qed
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_right :
‹t⇩w setinterleaves⇩✓⇘(⊗✓4)⇙ ((t⇩s, t⇩u), A) ⟹
t⇩x setinterleaves⇩✓⇘(⊗✓3)⇙ ((t⇩r, t⇩w), A) ⟹
∃t⇩t. map (map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓3⇒⊗✓2) t⇩x setinterleaves⇩✓⇘(⊗✓2)⇙ ((t⇩t, t⇩u), A) ∧
t⇩t setinterleaves⇩✓⇘(⊗✓1)⇙ ((t⇩r, t⇩s), A)›
by (subst (1 2) setinterleaves⇩p⇩t⇩i⇩c⇩k_sym, subst (asm) (1 2) setinterleaves⇩p⇩t⇩i⇩c⇩k_sym)
(fact Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale_sym.setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_left)
subsection ‹Associativity›
context Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale
begin
notation Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k (‹(_ ⟦_⟧⇩✓⇩1 _)› [70, 0, 71] 70)
notation Sync⇩p⇩t⇩i⇩c⇩k⇩2.Sync⇩p⇩t⇩i⇩c⇩k (‹(_ ⟦_⟧⇩✓⇩2 _)› [70, 0, 71] 70)
notation Sync⇩p⇩t⇩i⇩c⇩k⇩3.Sync⇩p⇩t⇩i⇩c⇩k (‹(_ ⟦_⟧⇩✓⇩3 _)› [70, 0, 71] 70)
notation Sync⇩p⇩t⇩i⇩c⇩k⇩4.Sync⇩p⇩t⇩i⇩c⇩k (‹(_ ⟦_⟧⇩✓⇩4 _)› [70, 0, 71] 70)
lemma Sync⇩p⇩t⇩i⇩c⇩k_assoc_oneside :
‹P ⟦S⟧⇩✓⇩3 (Q ⟦S⟧⇩✓⇩4 R) ⊑⇩F⇩D RenamingTick (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R) ⊗✓2⇒⊗✓3› (is ‹?lhs ⊑⇩F⇩D ?rhs›)
proof -
let ?map_event = ‹λt. map (map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3) t›
let ?map_event_conv = ‹λt. map (map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓3⇒⊗✓2) t›
show ‹?lhs ⊑⇩F⇩D ?rhs›
proof (rule failure_divergence_refine_optimizedI)
fix t assume ‹t ∈ 𝒟 ?rhs›
then obtain t⇩1 t⇩2 where ‹t = ?map_event t⇩1 @ t⇩2›
‹tF t⇩1› ‹ftF t⇩2› ‹t⇩1 ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
unfolding D_Renaming by blast
from ‹t⇩1 ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)› obtain t⇩1⇩1 t⇩1⇩2 t_P_Q t_R
where * : ‹t⇩1 = t⇩1⇩1 @ t⇩1⇩2› ‹tF t⇩1⇩1› ‹ftF t⇩1⇩2›
‹t⇩1⇩1 setinterleaves⇩✓⇘(⊗✓2)⇙ ((t_P_Q, t_R), S)›
‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q) ∧ t_R ∈ 𝒯 R ∨
t_P_Q ∈ 𝒯 (P ⟦S⟧⇩✓⇩1 Q) ∧ t_P_Q ∉ 𝒟 (P ⟦S⟧⇩✓⇩1 Q) ∧ t_R ∈ 𝒟 R›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩2.D_Sync⇩p⇩t⇩i⇩c⇩k using D_T by blast
from "*"(5) show ‹t ∈ 𝒟 ?lhs›
proof (elim disjE conjE)
assume ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)› ‹t_R ∈ 𝒯 R›
from ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)› obtain t_P_Q⇩1 t_P_Q⇩2 t_P t_Q
where ** : ‹t_P_Q = t_P_Q⇩1 @ t_P_Q⇩2› ‹tF t_P_Q⇩1› ‹ftF t_P_Q⇩2›
‹t_P_Q⇩1 setinterleaves⇩✓⇘(⊗✓1)⇙ ((t_P, t_Q), S)›
‹t_P ∈ 𝒟 P ∧ t_Q ∈ 𝒯 Q ∨ t_P ∈ 𝒯 P ∧ t_Q ∈ 𝒟 Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩1.D_Sync⇩p⇩t⇩i⇩c⇩k by blast
from "*"(4)[unfolded "**"(1), THEN setinterleaves⇩p⇩t⇩i⇩c⇩k_appendL]
obtain t⇩1⇩1⇩1 t⇩1⇩1⇩2 t_R⇩1 t_R⇩2
where *** : ‹t⇩1⇩1 = t⇩1⇩1⇩1 @ t⇩1⇩1⇩2› ‹t_R = t_R⇩1 @ t_R⇩2›
‹t⇩1⇩1⇩1 setinterleaves⇩✓⇘(⊗✓2)⇙ ((t_P_Q⇩1, t_R⇩1), S)›
‹t⇩1⇩1⇩2 setinterleaves⇩✓⇘(⊗✓2)⇙ ((t_P_Q⇩2, t_R⇩2), S)› by blast
from setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_left[OF "**"(4) "***"(3)]
obtain t_Q_R where **** : ‹?map_event t⇩1⇩1⇩1 setinterleaves⇩✓⇘(⊗✓3)⇙ ((t_P, t_Q_R), S)›
‹t_Q_R setinterleaves⇩✓⇘(⊗✓4)⇙ ((t_Q, t_R⇩1), S)› by blast
have ‹tF (?map_event t⇩1)›
by (simp add: ‹tF t⇩1› map_event⇩p⇩t⇩i⇩c⇩k_tickFree)
moreover have ‹ftF (?map_event (t⇩1⇩1⇩2 @ t⇩1⇩2) @ t⇩2)›
by (metis "*"(1) "***"(1) ‹ftF t⇩2› ‹tF t⇩1› front_tickFree_append
map_event⇩p⇩t⇩i⇩c⇩k_tickFree tickFree_append_iff)
moreover from "**"(5)
have ‹t_P ∈ 𝒟 P ∧ t_Q_R ∈ 𝒯 (Q ⟦S⟧⇩✓⇩4 R) ∨ t_P ∈ 𝒯 P ∧ t_Q_R ∈ 𝒟 (Q ⟦S⟧⇩✓⇩4 R)›
proof (elim disjE conjE)
assume ‹t_P ∈ 𝒟 P› ‹t_Q ∈ 𝒯 Q›
hence ‹t_P ∈ 𝒟 P ∧ t_Q_R ∈ 𝒯 (Q ⟦S⟧⇩✓⇩4 R)›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩4.T_Sync⇩p⇩t⇩i⇩c⇩k)
(metis "****"(2) "***"(2) ‹t_R ∈ 𝒯 R› is_processT3_TR_append)
thus ?thesis ..
next
assume ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒟 Q›
from "**"(2, 4) have ‹tF t_Q› by (simp add: tickFree_setinterleaves⇩p⇩t⇩i⇩c⇩k_iff)
with "****"(2) setinterleaves⇩p⇩t⇩i⇩c⇩k_tickFree_imp have ‹tF t_Q_R› by blast
moreover from "***"(2) ‹t_R ∈ 𝒯 R› is_processT3_TR_append have ‹t_R⇩1 ∈ 𝒯 R› by blast
ultimately have ‹t_P ∈ 𝒯 P ∧ t_Q_R ∈ 𝒟 (Q ⟦S⟧⇩✓⇩4 R)›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩4.D_Sync⇩p⇩t⇩i⇩c⇩k
using "****"(2) ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒟 Q› front_tickFree_Nil by blast
thus ?thesis ..
qed
ultimately show ‹t ∈ 𝒟 ?lhs›
using "****"(1) by (auto simp add: ‹t = ?map_event t⇩1 @ t⇩2›
"*"(1) "***"(1) Sync⇩p⇩t⇩i⇩c⇩k⇩3.D_Sync⇩p⇩t⇩i⇩c⇩k)
next
assume ‹t_P_Q ∈ 𝒯 (P ⟦S⟧⇩✓⇩1 Q)› ‹t_P_Q ∉ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)› ‹t_R ∈ 𝒟 R›
from this(1, 2) obtain t_P t_Q
where ** : ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q› ‹t_P_Q setinterleaves⇩✓⇘(⊗✓1)⇙ ((t_P, t_Q), S)›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_left[OF "**"(3) "*"(4)] obtain t_Q'
where *** : ‹?map_event t⇩1⇩1 setinterleaves⇩✓⇘(⊗✓3)⇙ ((t_P, t_Q'), S)›
‹t_Q' setinterleaves⇩✓⇘(⊗✓4)⇙ ((t_Q, t_R), S)› by blast
from "*"(2) "**"(2) "***" ‹t_R ∈ 𝒟 R› have ‹t_Q' ∈ 𝒟 (Q ⟦S⟧⇩✓⇩4 R)›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩4.D_Sync⇩p⇩t⇩i⇩c⇩k)
(metis append.right_neutral front_tickFree_Nil
map_event⇩p⇩t⇩i⇩c⇩k_tickFree tickFree_setinterleaves⇩p⇩t⇩i⇩c⇩k_iff)
moreover have ‹t = ?map_event t⇩1⇩1 @ (?map_event t⇩1⇩2 @ t⇩2)›
by (simp add: "*"(1) ‹t = ?map_event t⇩1 @ t⇩2›)
moreover have ‹tF (?map_event t⇩1⇩1)›
by (simp add: "*"(2) map_event⇩p⇩t⇩i⇩c⇩k_tickFree)
moreover from "*"(1) ‹ftF t⇩2› ‹tF t⇩1› have ‹ftF (?map_event t⇩1⇩2 @ t⇩2)›
using front_tickFree_append map_event⇩p⇩t⇩i⇩c⇩k_tickFree tickFree_append_iff by blast
ultimately show ‹t ∈ 𝒟 ?lhs›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩3.D_Sync⇩p⇩t⇩i⇩c⇩k using "**"(1) "***"(1) by blast
qed
next
fix t X assume ‹(t, X) ∈ ℱ ?rhs› ‹𝒟 ?rhs ⊆ 𝒟 ?lhs›
then consider ‹t ∈ 𝒟 ?rhs›
| t⇩1 where ‹t = ?map_event t⇩1› ‹t ∉ 𝒟 ?rhs›
‹(t⇩1, map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 -` X) ∈ ℱ (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
unfolding Renaming_projs by blast
thus ‹(t, X) ∈ ℱ ?lhs›
proof cases
assume ‹t ∈ 𝒟 ?rhs›
with ‹𝒟 ?rhs ⊆ 𝒟 ?lhs› have ‹t ∈ 𝒟 ?lhs› by blast
thus ‹(t, X) ∈ ℱ ?lhs› by (fact is_processT8)
next
fix t⇩1 assume * : ‹t = ?map_event t⇩1› ‹t ∉ 𝒟 ?rhs›
‹(t⇩1, map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 -` X) ∈ ℱ (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
from "*"(1) ‹t ∉ 𝒟 ?rhs› have ‹t⇩1 ∉ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
by (cases ‹tF t⇩1›, simp_all add: D_Renaming)
(use front_tickFree_Nil in blast,
metis D_imp_front_tickFree front_tickFree_append_iff is_processT9
map_append map_event⇩p⇩t⇩i⇩c⇩k_front_tickFree
nonTickFree_n_frontTickFree non_tickFree_tick tickFree_Nil)
with "*"(3) obtain t_P_Q X_P_Q t_R X_R
where ** : ‹(t_P_Q, X_P_Q) ∈ ℱ (P ⟦S⟧⇩✓⇩1 Q)› ‹(t_R, X_R) ∈ ℱ R›
‹t⇩1 setinterleaves⇩✓⇘(⊗✓2)⇙ ((t_P_Q, t_R), S)›
‹map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 -` X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓2) X_P_Q S X_R›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩2.Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from "**"(1) consider ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)›
| (fail) t_P X_P t_Q X_Q where ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
‹t_P_Q setinterleaves⇩✓⇘(⊗✓1)⇙ ((t_P, t_Q), S)›
‹X_P_Q ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓1) X_P S X_Q›
unfolding Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
thus ‹(t, X) ∈ ℱ ?lhs›
proof cases
assume ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)›
have ‹t⇩1 ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
proof (cases ‹tF t_P_Q›)
assume ‹tF t_P_Q›
with "**"(3)[THEN setinterleaves⇩p⇩t⇩i⇩c⇩k_tickFree_imp[rotated]] have ‹tF t⇩1› by simp
with "**"(3) "**"(2)[THEN F_T] ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)›
show ‹t⇩1 ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩2.D_Sync⇩p⇩t⇩i⇩c⇩k)
(meson front_tickFree_Nil self_append_conv)
next
assume ‹¬ tF t_P_Q›
then obtain t_P_Q' r where ‹tF t_P_Q'› ‹t_P_Q = t_P_Q' @ [✓(r)]›
by (metis D_imp_front_tickFree ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)› butlast_snoc
front_tickFree_iff_tickFree_butlast nonTickFree_n_frontTickFree)
moreover from "**"(2,3) ‹¬ tF t_P_Q› obtain t_R' s
where ‹tF t_R'› ‹t_R = t_R' @ [✓(s)]›
by (metis F_imp_front_tickFree butlast_snoc front_tickFree_iff_tickFree_butlast
nonTickFree_n_frontTickFree setinterleaves⇩p⇩t⇩i⇩c⇩k_tickFree_imp)
ultimately obtain r_s t⇩1' where ‹t⇩1 = t⇩1' @ [✓(r_s)]›
‹t⇩1' setinterleaves⇩✓⇘(⊗✓2)⇙ ((t_P_Q', t_R'), S)›
using "**"(3) by (auto elim!: setinterleaves⇩p⇩t⇩i⇩c⇩k_snoc_tick_snoc_tickE)
moreover have ‹t_P_Q' ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)›
by (metis D_imp_front_tickFree ‹¬ tF t_P_Q› ‹t_P_Q = t_P_Q' @ [✓(r)]›
‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)› butlast_snoc div_butlast_when_non_tickFree_iff)
moreover have ‹t_R' ∈ 𝒯 R›
using "**"(2) F_T ‹t_R = t_R' @ [✓(s)]› is_processT3_TR_append by blast
ultimately have ‹t⇩1' ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩2.D_Sync⇩p⇩t⇩i⇩c⇩k)
(metis "**"(3) D_imp_front_tickFree ‹tF t_R'› ‹t_P_Q ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q)›
‹t_R = t_R' @ [✓(s)]› append.right_neutral butlast_snoc front_tickFree_charn
front_tickFree_setinterleaves⇩p⇩t⇩i⇩c⇩k_iff tickFree_Nil tickFree_append_iff)
thus ‹t⇩1 ∈ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)›
by (simp add: ‹t⇩1 = t⇩1' @ [✓(r_s)]›)
(metis "*"(3) F_imp_front_tickFree ‹t⇩1 = t⇩1' @ [✓(r_s)]› butlast_snoc
div_butlast_when_non_tickFree_iff non_tickFree_tick tickFree_append_iff)
qed
with ‹t⇩1 ∉ 𝒟 (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R)› show ‹(t, X) ∈ ℱ ?lhs› ..
next
case fail
from setinterleaves⇩p⇩t⇩i⇩c⇩k_assoc_left[OF fail(3) "**"(3)] obtain t_Q'
where *** : ‹?map_event t⇩1 setinterleaves⇩✓⇘(⊗✓3)⇙ ((t_P, t_Q'), S)›
‹t_Q' setinterleaves⇩✓⇘(⊗✓4)⇙ ((t_Q, t_R), S)› by blast
from "**"(2) "***"(2) fail(2)
have ‹(t_Q', super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R) ∈ ℱ (Q ⟦S⟧⇩✓⇩4 R)›
by (auto simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩4.F_Sync⇩p⇩t⇩i⇩c⇩k)
moreover have ‹t setinterleaves⇩✓⇘(⊗✓3)⇙ ((t_P, t_Q'), S)›
by (simp add: "*"(1) "***"(1))
have ‹X ⊆ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
proof (rule subsetI)
fix e assume ‹e ∈ X›
show ‹e ∈ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
proof (cases e)
fix a assume ‹e = ev a›
obtain a' where ‹map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 (ev a') = ev a› by simp
with ‹e ∈ X› have ‹ev a' ∈ map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 -` X›
by (simp add: ‹e = ev a›)
with **(4)[THEN set_mp, OF this] fail(4)
‹map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 (ev a') = ev a›
show ‹e ∈ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
by (auto simp add: ‹e = ev a› subset_iff super_ref_Sync⇩p⇩t⇩i⇩c⇩k_def)
next
fix r_s_t assume ‹e = ✓(r_s_t)›
show ‹e ∈ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
proof (cases ‹∃r s t s_t. s ⊗✓4 t = ⌊s_t⌋ ∧ r ⊗✓3 s_t = ⌊r_s_t⌋›)
assume ‹∃r s t s_t. s ⊗✓4 t = ⌊s_t⌋ ∧ r ⊗✓3 s_t = ⌊r_s_t⌋›
then obtain r s t s_t
where $ : ‹s ⊗✓4 t = ⌊s_t⌋› ‹r ⊗✓3 s_t = ⌊r_s_t⌋› by blast
then obtain r' s' t' r_s'
where $$ : ‹r' ⊗✓1 s' = ⌊r_s'⌋› ‹r_s' ⊗✓2 t' = ⌊⊗✓3⇒⊗✓2 r_s_t⌋›
by (metis None_assms_tick_join(1,2) option.collapse option.discI
option.sel tick_assoc_ren_conv_hyp)
have ‹✓(⊗✓3⇒⊗✓2 r_s_t) ∈ map_event⇩p⇩t⇩i⇩c⇩k id ⊗✓2⇒⊗✓3 -` X›
by (metis ‹e = ✓(r_s_t)› ‹e ∈ X› "$" event⇩p⇩t⇩i⇩c⇩k.simps(10)
tick_assoc_ren_tick_assoc_ren_conv vimage_eq)
from **(4)[THEN set_mp, OF this] fail(4)[THEN set_mp, of ‹✓(r_s')›]
show ‹e ∈ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
by (simp add: ‹e = ✓(r_s_t)› subset_iff super_ref_Sync⇩p⇩t⇩i⇩c⇩k_def)
(metis (no_types, lifting) "$$" None_assms_tick_join(3,4)
Sync⇩p⇩t⇩i⇩c⇩k⇩2.inj_tick_join option.collapse option.discI
option.sel tick_assoc_ren_hyp tick_assoc_ren_tick_assoc_ren_conv)
next
assume ‹∄r s t s_t. s ⊗✓4 t = ⌊s_t⌋ ∧ r ⊗✓3 s_t = ⌊r_s_t⌋›
thus ‹e ∈ super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓3) X_P S (super_ref_Sync⇩p⇩t⇩i⇩c⇩k (⊗✓4) X_Q S X_R)›
by (simp add: ‹e = ✓(r_s_t)› super_ref_Sync⇩p⇩t⇩i⇩c⇩k_def) blast
qed
qed
qed
ultimately show ‹(t, X) ∈ ℱ ?lhs›
using "*"(1) "***"(1) fail(1) by (auto simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩3.F_Sync⇩p⇩t⇩i⇩c⇩k)
qed
qed
qed
qed
end
lemma (in Sync⇩p⇩t⇩i⇩c⇩k_locale) strict_ticks_of_Sync⇩p⇩t⇩i⇩c⇩k_subset :
‹❙✓❙s(P ⟦S⟧⇩✓ Q) ⊆ {r_s |r_s r s. r ⊗✓ s = ⌊r_s⌋ ∧
r ∈ ❙✓❙s(P) ∧ s ∈ ❙✓❙s(Q)}› (is ‹_ ⊆ ?S›)
proof (rule subsetI, elim strict_ticks_of_memE)
fix t r_s assume ‹t @ [✓(r_s)] ∈ 𝒯 (P ⟦S⟧⇩✓ Q)› ‹t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)›
from ‹t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)› have ‹t @ [✓(r_s)] ∉ 𝒟 (P ⟦S⟧⇩✓ Q)› by (meson is_processT9)
with ‹t @ [✓(r_s)] ∈ 𝒯 (P ⟦S⟧⇩✓ Q)› obtain t_P t_Q
where ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q› ‹t @ [✓(r_s)] setinterleaves⇩✓⇘(⊗✓)⇙ ((t_P, t_Q), S)›
unfolding Sync⇩p⇩t⇩i⇩c⇩k_projs by blast
from this(3) show ‹r_s ∈ ?S›
proof (elim snoc_tick_setinterleaves⇩p⇩t⇩i⇩c⇩kE)
fix t_P' t_Q' r s
assume * : ‹r ⊗✓ s = Some r_s› ‹t_P = t_P' @ [✓(r)]› ‹t_Q = t_Q' @ [✓(s)]›
‹t setinterleaves⇩✓⇘(⊗✓)⇙ ((t_P', t_Q'), S)›
have ‹t_P' ∉ 𝒟 P ∧ t_Q' ∉ 𝒟 Q›
proof (rule ccontr)
assume ‹¬ (t_P' ∉ 𝒟 P ∧ t_Q' ∉ 𝒟 Q)›
with ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q› have ‹t ∈ 𝒟 (P ⟦S⟧⇩✓ Q)›
by (simp add: D_Sync⇩p⇩t⇩i⇩c⇩k "*"(2,3,4))
(metis "*"(4) append.right_neutral append_T_imp_tickFree front_tickFree_Nil
is_processT3_TR_append not_Cons_self2 setinterleaves⇩p⇩t⇩i⇩c⇩k_tickFree_imp)
with ‹t ∉ 𝒟 (P ⟦S⟧⇩✓ Q)› show False ..
qed
with "*"(2, 3) ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q› have ‹r ∈ ❙✓❙s(P)› ‹s ∈ ❙✓❙s(Q)›
by (metis is_processT9 strict_ticks_of_memI)+
with "*"(1) show ‹r_s ∈ ?S› by blast
qed
qed
theorem (in Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale) Sync⇩p⇩t⇩i⇩c⇩k_assoc :
‹P ⟦S⟧⇩✓⇩3 (Q ⟦S⟧⇩✓⇩4 R) = RenamingTick (P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R) ⊗✓2⇒⊗✓3› (is ‹?lhs = ?rhs›)
proof (rule FD_antisym)
show ‹?lhs ⊑⇩F⇩D ?rhs› by (fact Sync⇩p⇩t⇩i⇩c⇩k_assoc_oneside)
next
from Sync⇩p⇩t⇩i⇩c⇩k_assoc_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k_assoc_oneside[of R S Q P]
have ‹Sync⇩p⇩t⇩i⇩c⇩k⇩2.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k R S
(Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k Q S P) ⊑⇩F⇩D
RenamingTick (Sync⇩p⇩t⇩i⇩c⇩k⇩3.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k
(Sync⇩p⇩t⇩i⇩c⇩k⇩4.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k R S Q) S P) ⊗✓3⇒⊗✓2› .
also have ‹Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k Q S P = P ⟦S⟧⇩✓⇩1 Q›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩1.Sync⇩p⇩t⇩i⇩c⇩k_sym)
also have ‹Sync⇩p⇩t⇩i⇩c⇩k⇩2.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k R S P_Q = P_Q ⟦S⟧⇩✓⇩2 R› for P_Q
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩2.Sync⇩p⇩t⇩i⇩c⇩k_sym)
also have ‹Sync⇩p⇩t⇩i⇩c⇩k⇩4.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k R S Q = Q ⟦S⟧⇩✓⇩4 R›
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩4.Sync⇩p⇩t⇩i⇩c⇩k_sym)
also have ‹Sync⇩p⇩t⇩i⇩c⇩k⇩3.Sync⇩p⇩t⇩i⇩c⇩k_locale_sym.Sync⇩p⇩t⇩i⇩c⇩k Q_R S P = P ⟦S⟧⇩✓⇩3 Q_R› for Q_R
by (simp add: Sync⇩p⇩t⇩i⇩c⇩k⇩3.Sync⇩p⇩t⇩i⇩c⇩k_sym)
finally have ‹P ⟦S⟧⇩✓⇩1 Q ⟦S⟧⇩✓⇩2 R ⊑⇩F⇩D RenamingTick ?lhs ⊗✓3⇒⊗✓2› .
hence ‹?rhs ⊑⇩F⇩D RenamingTick (RenamingTick ?lhs ⊗✓3⇒⊗✓2) ⊗✓2⇒⊗✓3›
by (fact mono_Renaming_FD)
also have ‹… = RenamingTick ?lhs (⊗✓2⇒⊗✓3 ∘ ⊗✓3⇒⊗✓2)›
by (simp add: RenamingTick_comp)
also have ‹… = RenamingTick ?lhs id›
proof (rule RenamingTick_is_restrictable_on_strict_ticks_of)
fix r_s_t assume ‹r_s_t ∈ ❙✓❙s(P ⟦S⟧⇩✓⇩3 (Q ⟦S⟧⇩✓⇩4 R))›
with Sync⇩p⇩t⇩i⇩c⇩k⇩3.strict_ticks_of_Sync⇩p⇩t⇩i⇩c⇩k_subset obtain r s_t
where ‹r ⊗✓3 s_t = ⌊r_s_t⌋› ‹r ∈ ❙✓❙s(P)› ‹s_t ∈ ❙✓❙s(Q ⟦S⟧⇩✓⇩4 R)› by blast
from this(3) Sync⇩p⇩t⇩i⇩c⇩k⇩4.strict_ticks_of_Sync⇩p⇩t⇩i⇩c⇩k_subset obtain s t
where ‹s ⊗✓4 t = ⌊s_t⌋› ‹s ∈ ❙✓❙s(Q)› ‹t ∈ ❙✓❙s(R)› by blast
from ‹r ⊗✓3 s_t = ⌊r_s_t⌋› ‹s ⊗✓4 t = ⌊s_t⌋›
show ‹(⊗✓2⇒⊗✓3 ∘ ⊗✓3⇒⊗✓2) r_s_t = id r_s_t›
by (auto intro!: tick_assoc_ren_tick_assoc_ren_conv)
qed
also have ‹… = ?lhs› by simp
finally show ‹?rhs ⊑⇩F⇩D ?lhs› .
qed
end