Theory Synchronization_Product_Generalized_Interpretations

(***********************************************************************************
 * Copyright (c) 2025 Université Paris-Saclay
 *
 * Author: Benoît Ballenghien, Université Paris-Saclay,
 *         CNRS, ENS Paris-Saclay, LMF
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 ***********************************************************************************)


chapter ‹Declensions of the Generalized Synchronization Product›

(*<*)
theory Synchronization_Product_Generalized_Interpretations
  imports Synchronization_Product_Generalized_Commutativity
    Synchronization_Product_Generalized_Associativity
    Read_Write_CSP_PTick_Laws
    Operational_Semantics_CSP_PTick_Laws
begin
  (*>*)

unbundle option_type_syntax


section ‹Interpretations›

text ‹
For practical reasons, we directly interpret \<^locale>‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale›.
Then, the laws of associativity will be derived
manually (instead of globally interpreting the locale \<^locale>‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale›).
›

subsection ‹Classical Version›

text (in Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale) ‹
The following interpretation is initially the reason we wanted the parameter
\<^term>‹tick_join› to be of type \<^typ>‹'r ⇒ 's ⇒ 't option› instead of
just \<^typ>‹'r ⇒ 's ⇒ 't› (we wanted the operator \<^const>‹Sync› already defined in
\<^session>‹HOL-CSP› to indeed be a particular case of the new one).
›

interpretation Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale
  ‹λr s. if r = s then ⌊r⌋ else ◇›
  ‹λs r. if s = r then ⌊s⌋ else ◇› id id
  by unfold_locales (auto split: if_split_asm)

notation Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Sync⇩_p⇩_t⇩_i⇩_c⇩_k  (‹(_ ⟦_⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c _)› [70, 0, 71] 70)
notation Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Inter⇩_p⇩_t⇩_i⇩_c⇩_k (‹(_ |||⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c _)› [72, 73] 72)
notation Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Par⇩_p⇩_t⇩_i⇩_c⇩_k   (‹(_ ||⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c _)›  [74, 75] 74)



subsection ‹Product Type›

interpretation Sync⇩_P⇩_a⇩_i⇩_r : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale
  ‹λr s. ⌊(r, s)⌋› ‹λs r. ⌊(s, r)⌋› prod.swap prod.swap
  by unfold_locales (auto split: if_split_asm)

notation Sync⇩_P⇩_a⇩_i⇩_r.Sync⇩_p⇩_t⇩_i⇩_c⇩_k  (‹(_ ⟦_⟧⇩_✓⇩_P⇩_a⇩_i⇩_r _)› [70, 0, 71] 70)
notation Sync⇩_P⇩_a⇩_i⇩_r.Inter⇩_p⇩_t⇩_i⇩_c⇩_k (‹(_ |||⇩_✓⇩_P⇩_a⇩_i⇩_r _)› [72, 73] 72)
notation Sync⇩_P⇩_a⇩_i⇩_r.Par⇩_p⇩_t⇩_i⇩_c⇩_k   (‹(_ ||⇩_✓⇩_P⇩_a⇩_i⇩_r _)›  [74, 75] 74)



subsection ‹List Type›

subsubsection ‹Pair›

interpretation Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale
  ‹λr s. ⌊[r, s]⌋› ‹λs r. ⌊[s, r]⌋›
  ‹λrs. [rs ! Suc 0, rs ! 0]› ‹λrs. [rs ! Suc 0, rs ! 0]›
  by unfold_locales (auto intro: inj_onI) 

notation Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k  (‹(_ ⟦_⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t _)› [70, 0, 71] 70)
notation Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.Inter⇩_p⇩_t⇩_i⇩_c⇩_k (‹(_ |||⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t _)› [72, 73] 72)
notation Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.Par⇩_p⇩_t⇩_i⇩_c⇩_k   (‹(_ ||⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t _)›  [74, 75] 74)



subsubsection ‹Right List›

text ‹
Here, we want to have one process of type \<^typ>‹('a, 'r) process⇩_p⇩_t⇩_i⇩_c⇩_k› on the left hand side,
and one of type \<^typ>‹('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› on the right hand side.
›

interpretation Sync⇩_R⇩_l⇩_i⇩_s⇩_t : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale
  ‹λr s. ⌊r # s⌋› ‹λs r. ⌊s @ [r]⌋›
  ‹rotate1› ‹λrs. if rs = [] then [] else last rs # butlast rs›
  ― ‹\<^term>‹λrs. last rs # butlast rs› is not injective.›
  by unfold_locales (auto intro: inj_onI) 

notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k  (‹(_ ⟦_⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t _)› [70, 0, 71] 70)
notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Inter⇩_p⇩_t⇩_i⇩_c⇩_k (‹(_ |||⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t _)› [72, 73] 72)
notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Par⇩_p⇩_t⇩_i⇩_c⇩_k   (‹(_ ||⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t _)›  [74, 75] 74)



subsubsection ‹Left List›

text ‹
Here, we want to have one process of type \<^typ>‹('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k›
on the left hand side, and one of type \<^typ>‹('a, 'r) process⇩_p⇩_t⇩_i⇩_c⇩_k› on the right hand side.
There is no need to do a new interpretation, the operator we are looking for is actually
the symmetric of the one we defined just above.
›

notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k  (‹(_ ⟦_⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t _)› [70, 0, 71] 70)
notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Inter⇩_p⇩_t⇩_i⇩_c⇩_k (‹(_ |||⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t _)› [72, 73] 72)
notation Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Par⇩_p⇩_t⇩_i⇩_c⇩_k   (‹(_ ||⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t _)›  [74, 75] 74)



subsubsection ‹Arbitrary Lists›

text ‹
We believed for a long time that it was not possible to handle the case
where both processes have their ticks of type \<^typ>‹'r list›.
Indeed the concatenation on the lists is not injective, resulting in
the impossibility of interpreting \<^locale>‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale›.
But it turns out that by adding some control on the length of the lists,
we actually can!
›

paragraph ‹Control on one side›

context fixes lenL :: nat begin

global_interpretation Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale 
  ‹λr s. if length r = lenL then ⌊r @ s⌋ else ◇›
  ‹λs r. if length r = lenL then ⌊s @ r⌋ else ◇›
  ‹λrs. drop lenL rs @ take lenL rs›
  ‹λrs. rev (take lenL (rev rs)) @ rev (drop lenL (rev rs))›
  by unfold_locales (auto split: if_split_asm)

end

abbreviation Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, 'a set, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(⟦_⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L) _)› [70, 0, 0, 71] 70)
  where ‹P ⇘lenL⇙⟦A⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k lenL P A Q›

abbreviation Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L) _)› [72, 0, 73] 72)
  where ‹P ⇘lenL⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Inter⇩_p⇩_t⇩_i⇩_c⇩_k lenL P Q›

abbreviation Par⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L) _)› [74, 0, 75] 75)
  where ‹P ⇘lenL⇙||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Par⇩_p⇩_t⇩_i⇩_c⇩_k lenL P Q›


text ‹
The control is done on the left process, so with the symmetric version
of this operator we control the ticks length of the right one.
›

abbreviation Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, 'a set, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(⟦_⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R) _)› [70, 0, 0, 71] 70)
  where ‹P ⇘lenL⇙⟦A⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k lenL P A Q›

abbreviation Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R) _)› [72, 0, 73] 72)
  where ‹P ⇘lenL⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Inter⇩_p⇩_t⇩_i⇩_c⇩_k lenL P Q›

abbreviation Par⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R) _)› [74, 0, 75] 75)
  where ‹P ⇘lenL⇙||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_sym.Par⇩_p⇩_t⇩_i⇩_c⇩_k lenL P Q›



paragraph ‹Control on both sides›

context fixes lenL :: nat and lenR :: nat begin

global_interpretation Sync⇩_L⇩_i⇩_s⇩_t⇩_s : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale 
  ‹λr s. if length r = lenL ∧ length s = lenR then ⌊r @ s⌋ else ◇›
  ‹λs r. if length s = lenR ∧ length r = lenL then ⌊s @ r⌋ else ◇›
  ‹λrs. drop lenL rs @ take lenL rs›
  ‹λrs. drop lenR rs @ take lenR rs›
  by unfold_locales (auto split: if_split_asm)

end


abbreviation Sync⇩_L⇩_i⇩_s⇩_t⇩_s_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, 'a set, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(⟦_⟧⇩_✓)⇘_⇙ _)› [70, 0, 0, 0, 71] 70)
  where ‹P ⇘lenL⇙⟦A⟧⇩_✓⇘lenR⇙ Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k lenL lenR P A Q›

abbreviation Inter⇩_L⇩_i⇩_s⇩_t⇩_s_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(|||⇩_✓)⇘_⇙ _)› [72, 0, 0, 73] 72)
  where ‹P ⇘lenL⇙|||⇩_✓⇘lenR⇙ Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Inter⇩_p⇩_t⇩_i⇩_c⇩_k lenL lenR P Q›

abbreviation Par⇩_L⇩_i⇩_s⇩_t⇩_s_syntax ::
  ‹[('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k, nat, nat, ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k]
   ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k› (‹(_ ⇘_⇙(||⇩_✓)⇘_⇙ _)› [74, 0, 0, 75] 75)
  where ‹P ⇘lenL⇙||⇩_✓⇘lenR⇙ Q ≡ Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Par⇩_p⇩_t⇩_i⇩_c⇩_k lenL lenR P Q›



section ‹Associativities›

subsection ‹Classical Version›

lemma Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_assoc :
  ‹P ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c (Q ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c R) = P ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c R›
proof -
  let ?f = ‹λr s. if r = s then ⌊r⌋ else ◇›
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale ?f ?f ?f ?f id id
    by (unfold_locales) (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[simplified Renaming_id])
qed



subsection ‹Product Type›

lemma Sync⇩_P⇩_a⇩_i⇩_r_assoc :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r (Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r R) = RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r R) (λ((r, s), t). (r, s, t))›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale ‹λr s. ⌊(r, s)⌋› ‹λr s. ⌊(r, s)⌋› ‹λr s. ⌊(r, s)⌋›
    ‹λr s. ⌊(r, s)⌋› ‹λ((r, s), t). (r, s, t)› ‹λ(r, s, t). ((r, s), t)›
    by unfold_locales auto
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc")
qed



subsection ‹List Type›

lemma Sync⇩_R⇩_l⇩_i⇩_s⇩_t_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_assoc :
  ‹P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t (Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t R) = (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q) ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale ‹λr s. ⌊[r, s]⌋› ‹λr s. ⌊r @ [s]⌋›
    ‹λr s. ⌊r # s⌋› ‹λr s. ⌊[r, s]⌋› id id
    by unfold_locales auto
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed


lemma Sync⇩_R⇩_l⇩_i⇩_s⇩_t_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_assoc :
  ‹P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t (Q ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R) = (P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q) ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale ‹λr s. ⌊r # s⌋› ‹λr s. ⌊r @ [s]⌋›
    ‹λr s. ⌊r # s⌋› ‹λr s. ⌊r @ [s]⌋› id id
    by unfold_locales auto
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed


lemma Sync⇩_R⇩_l⇩_i⇩_s⇩_t_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_assoc :
  ‹P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t (Q ⇘lenQ⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L R) = (P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q) ⇘Suc lenQ⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale
    ‹λr s. ⌊r # s⌋›
    ‹λr s. if length r = Suc lenQ then ⌊r @ s⌋ else ◇›
    ‹λr s. ⌊r # s⌋›
    ‹λr s. if length r = lenQ then ⌊r @ s⌋ else ◇› id id
    by unfold_locales (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed

lemma Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_assoc :
  ‹P ⇘Suc lenQ⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R (Q ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R) = (P ⇘lenQ⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q) ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale
    ‹λr s. if length s = lenQ then ⌊r @ s⌋ else ◇›
    ‹λr s. ⌊r @ [s]⌋›
    ‹λr s. if length s = Suc lenQ then ⌊r @ s⌋ else ◇›
    ‹λr s. ⌊r @ [s]⌋› id id
    by unfold_locales (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed


lemma Sync⇩_L⇩_i⇩_s⇩_t⇩_s_assoc :
  ‹P ⇘lenP⇙⟦S⟧⇩_✓⇘lenQ + lenR⇙ (Q ⇘lenQ⇙⟦S⟧⇩_✓⇘lenR⇙ R) =
   P ⇘lenP⇙⟦S⟧⇩_✓⇘lenQ⇙ Q ⇘lenP + lenQ⇙⟦S⟧⇩_✓⇘lenR⇙ R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale
    ‹λr s. if length r = lenP ∧ length s = lenQ then ⌊r @ s⌋ else ◇›
    ‹λr s. if length r = lenP + lenQ ∧ length s = lenR then ⌊r @ s⌋ else ◇›
    ‹λr s. if length r = lenP ∧ length s = lenQ + lenR then ⌊r @ s⌋ else ◇›
    ‹λr s. if length r = lenQ ∧ length s = lenR then ⌊r @ s⌋ else ◇› id id
    by unfold_locales (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed


lemma Sync⇩_R⇩_l⇩_i⇩_s⇩_t_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_assoc :
  ‹P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t (Q ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t R) = (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q) ⇘Suc (Suc 0)⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale
    ‹λr s. ⌊[r, s]⌋›
    ‹λr s. if length r = Suc (Suc 0) then ⌊r @ s⌋ else ◇›
    ‹λr s. ⌊r # s⌋›
    ‹λr s. ⌊r # s⌋› id id
    by unfold_locales (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed

lemma Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_assoc :
  ‹P ⇘Suc (Suc 0)⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R (Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t R) = (P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q) ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t R›
proof -
  interpret * : Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc_locale
    ‹λr s. ⌊r @ [s]⌋›
    ‹λr s. ⌊r @ [s]⌋›
    ‹λr s. if length s = Suc (Suc 0) then ⌊r @ s⌋ else ◇›
    ‹λr s. ⌊[r, s]⌋› id id
    by unfold_locales (auto split: if_split_asm)
  show ?thesis by (fact "*.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_assoc"[unfolded Renaming_id])
qed



section ‹Properties›

subsection ‹Actual Generalization›

text ‹
We can actually recover the classical synchronization product defined in
session \<^session>‹HOL-CSP› as a particular case of our generalization.
›

theorem Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_is_Sync : ‹P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q = P ⟦A⟧ Q›
proof (rule Process_eq_optimizedI)
  show ‹t ∈ 𝒟 (P ⟦A⟧ Q) ⟹ t ∈ 𝒟 (P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q)› for t
    by (simp add: D_Sync Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.D_Sync⇩_p⇩_t⇩_i⇩_c⇩_k'
        flip: setinterleaves_is_setinterleaves⇩_p⇩_t⇩_i⇩_c⇩_k)
      (metis setinterleaving_sym)
next
  show ‹t ∈ 𝒟 (P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q) ⟹ t ∈ 𝒟 (P ⟦A⟧ Q)› for t
    by (simp add: D_Sync Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.D_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
        flip: setinterleaves_is_setinterleaves⇩_p⇩_t⇩_i⇩_c⇩_k)
      (metis setinterleaving_sym)
next
  fix t X assume ‹(t, X) ∈ ℱ (P ⟦A⟧ Q)› ‹t ∉ 𝒟 (P ⟦A⟧ Q)›
  then obtain t_P t_Q X_P X_Q
    where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
      ‹t setinterleaves ((t_P, t_Q), range tick ∪ ev ` A)›
      ‹X = (X_P ∪ X_Q) ∩ (range tick ∪ ev ` A) ∪ X_P ∩ X_Q›
    unfolding Sync_projs by blast
  from "*"(4) have ‹X ⊆ super_ref_Sync⇩_p⇩_t⇩_i⇩_c⇩_k (λr s. if r = s then ⌊r⌋ else ◇) X_P A X_Q›
    by (auto simp add: super_ref_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_def subset_iff)
      (metis event⇩_p⇩_t⇩_i⇩_c⇩_k.exhaust)
  with "*"(1-3) show ‹(t, X) ∈ ℱ (P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q)›
    by (auto simp add: Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.F_Sync⇩_p⇩_t⇩_i⇩_c⇩_k setinterleaves_is_setinterleaves⇩_p⇩_t⇩_i⇩_c⇩_k)
next
  fix t X assume ‹(t, X) ∈ ℱ (P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q)› ‹t ∉ 𝒟 (P ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q)›
  then obtain t_P t_Q X_P X_Q
    where * : ‹(t_P, X_P) ∈ ℱ P› ‹(t_Q, X_Q) ∈ ℱ Q›
      ‹t setinterleaves⇩_✓⇘λr s. if r = s then ⌊r⌋ else ◇⇙ ((t_P, t_Q), A)›
      ‹X ⊆ super_ref_Sync⇩_p⇩_t⇩_i⇩_c⇩_k (λr s. if r = s then ⌊r⌋ else ◇) X_P A X_Q›
    unfolding Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_projs by blast
  from "*"(1-3) have ‹(t, (X_P ∪ X_Q) ∩ (range tick ∪ ev ` A) ∪ X_P ∩ X_Q) ∈ ℱ (P ⟦A⟧ Q)›
    by (simp add: F_Sync setinterleaves_is_setinterleaves⇩_p⇩_t⇩_i⇩_c⇩_k) blast
  moreover from "*"(4) have ‹X ⊆ (X_P ∪ X_Q) ∩ (range tick ∪ ev ` A) ∪ X_P ∩ X_Q›
    by (auto simp add: super_ref_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_def subset_iff split: if_split_asm)
  ultimately show ‹(t, X) ∈ ℱ (P ⟦A⟧ Q)› by (meson is_processT4)
qed



subsection ‹Other Properties›

lemma ‹Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k lenL lenR Q A P = P ⇘lenL⇙⟦A⟧⇩_✓⇘lenR⇙ Q›
  by (simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_sym)


corollary TickSwap_Sync⇩_P⇩_a⇩_i⇩_r [simp] : ‹TickSwap (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) = Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r P›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_commute TickSwap_is_Renaming)

lemma TickSwap_is_Sync⇩_P⇩_a⇩_i⇩_r_iff [simp] :
  ‹TickSwap P = Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r R ⟷ P = R ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q›
  by (simp add: TickSwap_eq_iff_eq_TickSwap)

corollary Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_commute : ‹P ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q = Q ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c P›
  by (fact Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_commute[simplified])


lemma ‹RenamingTick (P ⇘lenL⇙⟦S⟧⇩_✓⇘lenR⇙ Q) (λr_s. drop lenL r_s @ take lenL r_s) =
       Q ⇘lenR⇙⟦S⟧⇩_✓⇘lenL⇙ P›
  by (fact Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_commute)



section ‹Ticks Length and Conversions›

text ‹
Through \<^const>‹RenamingTick›, conversions can be established between the interpretations.
For this, we sometimes need an assumption about the length of the ticks.
›

subsection ‹Ticks Length›

subsubsection ‹Definition and first Properties›

definition is_ticks_length ::
  ‹nat ⇒ ('a, 'r list) process⇩_p⇩_t⇩_i⇩_c⇩_k ⇒ bool› (‹(length⇩_✓)⇘_⇙('(_'))›)
  where ‹length⇩_✓⇘n⇙(P) ≡ ∀rs ∈ ❙✓❙s(P). length rs = n›

text ‹
We might imagine \<^term>‹ ∀rs ∈ ✓s(P). length rs = n› instead.
But when the process \<^term>‹P› has divergences, the predicate would not hold.
Additionally, we only need the control about traces that are not divergences.
›

lemma is_ticks_lengthI : ‹(⋀rs. rs ∈ ❙✓❙s(P) ⟹ length rs = n) ⟹ length⇩_✓⇘n⇙(P)›
  by (simp add: is_ticks_length_def)

lemma is_ticks_lengthD : ‹length⇩_✓⇘n⇙(P) ⟹ rs ∈ ❙✓❙s(P) ⟹ length rs = n›
  by (simp add: is_ticks_length_def)


lemma is_ticks_length_unique :
  ―‹Not suitable for simplifier.›
  ‹length⇩_✓⇘n⇙(P) ⟷ ❙✓❙s(P) = {} ∨ (∀m. length⇩_✓⇘m⇙(P) ⟷ m = n)›
  by (auto simp add: is_ticks_length_def)

lemma empty_strict_ticks_of_imp_is_ticks_length :
  ‹❙✓❙s(P) = {} ⟹ length⇩_✓⇘n⇙(P)›
  using is_ticks_length_unique by blast

lemma nonempty_strict_ticks_of_imp_is_ticks_length_unique :
  ‹❙✓❙s(P) ≠ {} ⟹ length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘m⇙(P) ⟹ m = n› 
  using is_ticks_length_unique by blast



subsubsection ‹Behaviour›

named_theorems is_ticks_length_simp
named_theorems is_ticks_length_intro

paragraph ‹Constant Processes›

lemma is_ticks_length_STOP [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(STOP)› by (simp add: empty_strict_ticks_of_imp_is_ticks_length)

lemma is_ticks_length_BOT [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(⊥)› by (simp add: empty_strict_ticks_of_imp_is_ticks_length)

lemma is_ticks_length_SKIP_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(SKIP rs) ⟷ length rs = n›
  by (simp add: is_ticks_length_def)

lemma is_ticks_length_SKIPS_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(SKIPS R) ⟷ (∀rs ∈ R. length rs = n)›
  by (simp add: is_ticks_length_def strict_ticks_of_def SKIPS_projs)



paragraph ‹Binary (or less) Operators›

lemma is_ticks_length_Ndet [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P ⊓ Q)›
  by (simp add: is_ticks_length_def)
    (meson Un_iff strict_ticks_of_Ndet_subset subset_iff)

lemma is_ticks_length_Det [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P □ Q)›
  by (simp add: is_ticks_length_def)
    (meson Un_iff strict_ticks_of_Det_subset subset_iff)

lemma is_ticks_length_Sliding [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P ⊳ Q)›
  by (simp add: is_ticks_length_def)                
    (meson Un_iff strict_ticks_of_Sliding_subset subset_iff)


lemma is_ticks_length_Sync [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P ⟦S⟧ Q)›
  by (simp add: is_ticks_length_def)
    (meson Int_iff strict_ticks_of_Sync_subset subset_iff)


lemma is_ticks_length_Seq [is_ticks_length_intro] :
  ‹non_terminating P ∨ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P ❙; Q)›
proof (elim disjE)
  show ‹non_terminating P ⟹ length⇩_✓⇘n⇙(P ❙; Q)›
    by (metis is_ticks_length_def non_terminating_Seq non_terminating_is_right
        non_tickFree_tick strict_ticks_of_memE tickFree_append_iff)
next
  from strict_ticks_of_Seq_subset[of P Q]
  show ‹length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P ❙; Q)›
    by (auto simp add: is_ticks_length_def split: if_split_asm)
qed


lemma is_ticks_length_Hiding [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P \ S)› if ‹length⇩_✓⇘n⇙(P)›
proof (rule is_ticks_lengthI)
  fix rs assume ‹rs ∈ ❙✓❙s(P \ S)›
  then obtain t t' where ‹t = t' @ [✓(rs)]› ‹t ∈ 𝒯 (P \ S)› ‹t ∉ 𝒟 (P \ S)›
    by (metis is_processT9 strict_ticks_of_memE)
  from this(2, 3) obtain u where ‹t = trace_hide u (ev ` S)› ‹u ∈ 𝒯 P›
    unfolding T_Hiding D_Hiding using F_T by fast
  from this(1) this(2)[THEN T_imp_front_tickFree] obtain u' where ‹u = u' @ [✓(rs)]›
    by (cases u rule: rev_cases, simp_all add: ‹t = t' @ [✓(rs)]› split: if_split_asm)
      (metis Hiding_tickFree front_tickFree_nonempty_append_imp list.distinct(1)
        non_tickFree_tick tickFree_append_iff)
  from ‹t ∉ 𝒟 (P \ S)› mem_D_imp_mem_D_Hiding[of u P S]
  have ‹u ∉ 𝒟 P› unfolding ‹t = trace_hide u (ev ` S)› by blast
  with ‹u ∈ 𝒯 P› ‹u = u' @ [✓(rs)]› have ‹rs ∈ ❙✓❙s(P)›
    by (simp add: strict_ticks_of_memI)
  with that show ‹length rs = n› by (simp add: is_ticks_lengthD)
qed


lemma is_ticks_length_Interrupt [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘n⇙(P △ Q)›
  by (simp add: is_ticks_length_def)
    (meson Un_iff strict_ticks_of_Interrupt_subset subsetD)


― ‹Missing lemma from \<^session>‹HOL-CSPM››
lemma strict_ticks_Throw_subset :
  ‹❙✓❙s(P Θ a∈A. Q a) ⊆ ❙✓❙s(P) ∪ (⋃a∈A ∩ α(P). ❙✓❙s(Q a))›
proof (rule subsetI)
  fix r assume ‹r ∈ ❙✓❙s(P Θ a∈A. Q a)›
  then obtain t where ‹t @ [✓(r)] ∈ 𝒯 (P Θ a∈A. Q a)› ‹t @ [✓(r)] ∉ 𝒟 (P Θ a∈A. Q a)›
    by (meson is_processT9 strict_ticks_of_memE)
  then consider ‹t @ [✓(r)] ∈ 𝒯 P› ‹t @ [✓(r)] ∉ 𝒟 P›
    | t1 a t2 where ‹t @ [✓(r)] = t1 @ ev a # t2› ‹t1 @ [ev a] ∈ 𝒯 P›
      ‹a ∈ A› ‹t2 ∈ 𝒯 (Q a)› ‹t2 ∉ 𝒟 (Q a)›
    by (simp add: Throw_projs)
      (metis (no_types, lifting) append_T_imp_tickFree
        front_tickFree_single is_processT9 not_Cons_self2)
  thus ‹r ∈ ❙✓❙s(P) ∪ (⋃a∈A ∩ α(P). ❙✓❙s(Q a))›
  proof cases
    show ‹t @ [✓(r)] ∈ 𝒯 P ⟹ t @ [✓(r)] ∉ 𝒟 P ⟹ r ∈ ❙✓❙s(P) ∪ (⋃a∈A ∩ α(P). ❙✓❙s(Q a))›
      by (simp add: strict_ticks_of_memI)
  next
    show ‹⟦t @ [✓(r)] = t1 @ ev a # t2; t1 @ [ev a] ∈ 𝒯 P; a ∈ A; t2 ∈ 𝒯 (Q a); t2 ∉ 𝒟 (Q a)⟧
           ⟹ r ∈ ❙✓❙s(P) ∪ (⋃a∈A ∩ α(P). ❙✓❙s(Q a))› for t1 a t2
      by (cases t2 rule: rev_cases, simp_all)
        (meson IntI events_of_memI in_set_conv_decomp strict_ticks_of_memI)
  qed
qed

lemma is_ticks_length_Throw [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P Θ a ∈ A. Q a)›
  if ‹length⇩_✓⇘n⇙(P)› ‹⋀a. a ∈ α(P) ⟹ length⇩_✓⇘n⇙(Q a)›
proof -
  from that have ‹∀rs∈❙✓❙s(P) ∪ (⋃a∈A ∩ α(P). ❙✓❙s(Q a)). length rs = n›
    by (auto simp add: is_ticks_length_def)
  with strict_ticks_Throw_subset show ‹length⇩_✓⇘n⇙(P Θ a ∈ A. Q a)›
    unfolding is_ticks_length_def by fast
qed

lemma is_ticks_length_Renaming [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(Renaming P f g) › if ‹⋀r. r ∈ ❙✓❙s(P) ⟹ length (g r) = n›
proof (rule is_ticks_lengthI)
  fix rs assume ‹rs ∈ ❙✓❙s(Renaming P f g)›
  then obtain t where ‹t @ [✓(rs)] ∈ 𝒯 (Renaming P f g)›
    ‹t @ [✓(rs)] ∉ 𝒟 (Renaming P f g)›
    by (meson is_processT9 strict_ticks_of_memE)
  then obtain u where * : ‹t @ [✓(rs)] = map (map_event⇩_p⇩_t⇩_i⇩_c⇩_k f g) u› and ‹u ∈ 𝒯 P›
    by (auto simp add: Renaming_projs)
  from this(1) ‹u ∈ 𝒯 P› append_T_imp_tickFree obtain u' r
    where ‹rs = g r› ‹u = u' @ [✓(r)]› ‹tF u'›
    by (cases u rule: rev_cases) (auto simp add: tick_eq_map_event⇩_p⇩_t⇩_i⇩_c⇩_k_iff)
  from "*" ‹t @ [✓(rs)] ∉ 𝒟 (Renaming P f g)› this(2, 3) front_tickFree_Cons_iff
  have ‹u' ∉ 𝒟 P› by (auto simp add: D_Renaming)
  moreover from ‹u ∈ 𝒯 P› have ‹u' @ [✓(r)] ∈ 𝒯 P›
    by (simp add: ‹u = u' @ [✓(r)]›)
  ultimately have ‹r ∈ ❙✓❙s(P)› by (meson is_processT9 strict_ticks_of_memI)
  with that have ‹length (g r) = n› by blast
  thus ‹length rs = n› by (simp add: ‹rs = g r›)
qed



paragraph ‹Architectural Operators›

lemma is_ticks_length_GlobalNdet [is_ticks_length_intro] :
  ‹(⋀a. a ∈ A ⟹ length⇩_✓⇘n⇙(P a)) ⟹ length⇩_✓⇘n⇙(⊓a ∈ A. P a)›
  by (simp add: is_ticks_length_def)
    (metis (no_types, lifting) UN_E strict_ticks_of_GlobalNdet_subset subsetD)

lemma is_ticks_length_GlobalDet [is_ticks_length_intro] :
  ‹(⋀a. a ∈ A ⟹ length⇩_✓⇘n⇙(P a)) ⟹ length⇩_✓⇘n⇙(□a ∈ A. P a)›
  by (simp add: is_ticks_length_def)
    (metis (no_types, lifting) UN_E strict_ticks_of_GlobalDet_subset subsetD)

lemma is_ticks_length_MultiSync [is_ticks_length_intro] :
  ‹(⋀m. m ∈ set_mset M ⟹ length⇩_✓⇘n⇙(P m)) ⟹ length⇩_✓⇘n⇙(❙⟦S❙⟧ m ∈# M. P m)›
  by (induct M rule: induct_subset_mset_empty_single)
    (simp_all add: is_ticks_length_STOP is_ticks_length_Sync)

lemma is_ticks_length_MultiSeq [is_ticks_length_intro] :
  ‹L ≠ [] ⟹ length⇩_✓⇘n⇙(P (last L)) ⟹ length⇩_✓⇘n⇙(SEQ l ∈@ L. P l)›
  by (induct L rule: rev_induct)
    (simp_all add: is_ticks_length_Seq)


paragraph ‹Communications›

lemma is_ticks_length_write0_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(e → P) ⟷ length⇩_✓⇘n⇙(P)›
  by (simp add: is_ticks_length_def strict_ticks_of_write0)

lemma is_ticks_length_write_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(c❙!e → P) ⟷ length⇩_✓⇘n⇙(P)›
  by (simp add: is_ticks_length_def strict_ticks_of_write)

lemma is_ticks_length_Mprefix_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(□a ∈ A → P a) = (∀a ∈ A. length⇩_✓⇘n⇙(P a))› 
  by (auto simp add: is_ticks_length_def strict_ticks_of_Mprefix)

lemma is_ticks_length_read_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(c❙?a∈A → P a) = (∀b ∈ c ` A. length⇩_✓⇘n⇙(P (inv_into A c b)))›
  by (simp add: read_def is_ticks_length_Mprefix_iff)

corollary ‹inj_on c A ⟹ length⇩_✓⇘n⇙(c❙?a∈A → P a) = (∀a ∈ A. length⇩_✓⇘n⇙(P a))›
  by (simp add: is_ticks_length_read_iff)

lemma is_ticks_length_Mndetprefix_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(⊓a ∈ A → P a) = (∀a ∈ A. length⇩_✓⇘n⇙(P a))› 
  by (auto simp add: is_ticks_length_def strict_ticks_of_Mndetprefix)

lemma is_ticks_length_ndet_write_iff [is_ticks_length_simp] :
  ‹length⇩_✓⇘n⇙(c❙!❙!a∈A → P a) = (∀b ∈ c ` A. length⇩_✓⇘n⇙(P (inv_into A c b)))›
  by (simp add: ndet_write_def is_ticks_length_Mndetprefix_iff)

corollary ‹inj_on c A ⟹ length⇩_✓⇘n⇙(c❙!❙!a∈A → P a) = (∀a ∈ A. length⇩_✓⇘n⇙(P a))›
  by (simp add: is_ticks_length_ndet_write_iff)



paragraph ‹Generalizations›

lemma strict_ticks_of_Seq⇩_p⇩_t⇩_i⇩_c⇩_k_subset : ‹❙✓❙s(P ❙;⇩_✓ Q) ⊆ ⋃ {❙✓❙s(Q r) |r. r ∈ ❙✓❙s(P)}›
  by (auto simp add: Seq⇩_p⇩_t⇩_i⇩_c⇩_k_projs append_eq_map_conv elim!: strict_ticks_of_memE)
    (metis tickFree_Nil non_tickFree_tick tickFree_map_ev_comp
           front_tickFree_charn tickFree_append_iff tickFree_append_iff
           last_snoc[of ‹map (ev ∘ of_ev) _ @ _›] last_snoc[of _ ‹✓(_)›]
           butlast_snoc[of ‹map (ev ∘ of_ev) _ @ _›] butlast_snoc[of _ ‹✓(_)›]
           append.assoc[of ‹map (ev ∘ of_ev) _› _ ‹[_]›] tickFree_imp_front_tickFree
           T_imp_front_tickFree is_processT9 strict_ticks_of_memI,
      metis butlast_append butlast_snoc front_tickFree_iff_tickFree_butlast non_tickFree_tick
            tickFree_append_iff tickFree_imp_front_tickFree tickFree_map_ev_comp)


lemma non_terminating_Seq⇩_p⇩_t⇩_i⇩_c⇩_k :
  ‹P ❙;⇩_✓ Q = RenamingTick P g› if ‹non_terminating P›
proof -
  from ‹non_terminating P› have £ : ‹𝒟 P = {}› ‹t @ [✓(r)] ∉ 𝒯 P› for t r
    by (force simp add: non_terminating_is_right nonterminating_implies_div_free)+
  show ‹P ❙;⇩_✓ Q = RenamingTick P g›
  proof (rule Process_eq_optimizedI)
    show ‹t ∈ 𝒟 (P ❙;⇩_✓ Q) ⟹ t ∈ 𝒟 (RenamingTick P g)›
      and ‹t ∈ 𝒟 (RenamingTick P g) ⟹ t ∈ 𝒟 (P ❙;⇩_✓ Q)› for t
      by (simp_all add: Seq⇩_p⇩_t⇩_i⇩_c⇩_k_projs Renaming_projs "£")
  next
    fix t X assume ‹(t, X) ∈ ℱ (P ❙;⇩_✓ Q)›
    then obtain t' where * : ‹t = map (ev ∘ of_ev) t'›
      ‹(t', ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k X) ∈ ℱ P› ‹tF t'›
      by (auto simp add: Seq⇩_p⇩_t⇩_i⇩_c⇩_k_projs Renaming_projs "£")
    have $ : ‹t = map (map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g) t'›
      by (simp add: "*"(1, 3) tickFree_map_map_event⇩_p⇩_t⇩_i⇩_c⇩_k_is)
    have $$ : ‹map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g -` X ⊆ ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k X›
      by (simp add: subset_iff ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k_def image_iff)
        (metis Int_iff event⇩_p⇩_t⇩_i⇩_c⇩_k.exhaust event⇩_p⇩_t⇩_i⇩_c⇩_k.sel(1) event⇩_p⇩_t⇩_i⇩_c⇩_k.simps(9) id_apply rangeI)
    show ‹(t, X) ∈ ℱ (RenamingTick P g)›
      by (simp add: Renaming_projs) (metis "$" "$$" "*"(2) is_processT4)
  next
    fix t X assume ‹(t, X) ∈ ℱ (RenamingTick P g)›
    then obtain t' where * : ‹t = map (map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g) t'›
      ‹(t', map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g -` X) ∈ ℱ P›
      by (auto simp add: Renaming_projs "£")
    from "*"(2) F_T non_terminating_is_right ‹non_terminating P› have ‹tF t'› by blast
    have ‹(t', map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g -` X ∪ range tick) ∈ ℱ P›
      by (rule is_processT5[OF "*"(2)]) (use "£"(2) F_T in blast)
    moreover have ‹ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k X ⊆ map_event⇩_p⇩_t⇩_i⇩_c⇩_k id g -` X ∪ range tick›
      by (auto simp add: ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k_def)
    ultimately have ‹(t', ref_Seq⇩_p⇩_t⇩_i⇩_c⇩_k X) ∈ ℱ P›
      by (metis is_processT4)
    moreover have ‹t = map (ev ∘ of_ev) t'›
      by (simp add: "*"(1) ‹tF t'› tickFree_map_map_event⇩_p⇩_t⇩_i⇩_c⇩_k_is)
    ultimately show ‹(t, X) ∈ ℱ (P ❙;⇩_✓ Q)›
      by (auto simp add: Seq⇩_p⇩_t⇩_i⇩_c⇩_k_projs ‹tF t'›)
  qed
qed



lemma is_ticks_length_Seq⇩_p⇩_t⇩_i⇩_c⇩_k [is_ticks_length_intro] :
  ‹non_terminating P ∨ (∀r∈❙✓❙s(P). length⇩_✓⇘n⇙(Q r)) ⟹ length⇩_✓⇘n⇙(P ❙;⇩_✓ Q)›
proof (elim disjE)
  assume ‹non_terminating P›
  hence ‹❙✓❙s(P) = {}›
    by (metis (full_types) non_terminating_Seq strict_ticks_of_BOT
                           strict_ticks_of_Seq_subset subset_empty)
  show ‹non_terminating P ⟹ length⇩_✓⇘n⇙(P ❙;⇩_✓ Q)›
    by (subst non_terminating_Seq⇩_p⇩_t⇩_i⇩_c⇩_k, assumption)
      (rule is_ticks_length_Renaming, simp add: is_ticks_length_Renaming ‹❙✓❙s(P) = {}›)
next
  from strict_ticks_of_Seq⇩_p⇩_t⇩_i⇩_c⇩_k_subset[of P Q]
  show ‹∀r∈❙✓❙s(P). length⇩_✓⇘n⇙(Q r) ⟹ length⇩_✓⇘n⇙(P ❙;⇩_✓ Q)›
    by (auto simp add: is_ticks_length_def)
qed



lemma is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k :
  ‹length⇩_✓⇘n⇙(Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale.Sync⇩_p⇩_t⇩_i⇩_c⇩_k tick_join P A Q)›
  ― ‹We cannot work directly inside the locale since in this context
      the types of ticks \<^typ>‹'t› cannot be set to \<^typ>‹'r list›.›
  if ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale tick_join›
    and ‹⋀r s. r ∈ ❙✓❙s(P) ⟹ s ∈ ❙✓❙s(Q) ⟹
       case tick_join r s of ◇ ⇒ True | ⌊r_s⌋ ⇒ length r_s = n›
proof -
  interpret Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale tick_join
    by (fact ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale tick_join›)
  show ‹length⇩_✓⇘n⇙(P ⟦A⟧⇩_✓ Q)›
  proof (rule is_ticks_lengthI)
    fix rs assume ‹rs ∈ ❙✓❙s(P ⟦A⟧⇩_✓ Q)›
    then obtain t where ‹t @ [✓(rs)] ∈ 𝒯 (P ⟦A⟧⇩_✓ Q)› ‹t @ [✓(rs)] ∉ 𝒟 (P ⟦A⟧⇩_✓ Q)›
      by (meson is_processT9 strict_ticks_of_memE)
    then obtain t_P t_Q where ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q›
      and "*" : ‹t @ [✓(rs)] setinterleaves⇩_✓⇘tick_join⇙ ((t_P, t_Q), A)›
      unfolding Sync⇩_p⇩_t⇩_i⇩_c⇩_k_projs by blast
    with ‹t @ [✓(rs)] ∉ 𝒟 (P ⟦A⟧⇩_✓ Q)› have ‹t_P ∉ 𝒟 P› ‹t_Q ∉ 𝒟 Q›
      by (simp add: D_Sync⇩_p⇩_t⇩_i⇩_c⇩_k', use front_tickFree_Nil in blast)+
    from "*" obtain r s t_P' t_Q'
      where ‹tick_join r s = ⌊rs⌋› ‹t_P = t_P' @ [✓(r)]› ‹t_Q = t_Q' @ [✓(s)]›
      by (blast elim: snoc_tick_setinterleaves⇩_p⇩_t⇩_i⇩_c⇩_kE)
    from this(2, 3) ‹t_P ∉ 𝒟 P› ‹t_Q ∉ 𝒟 Q› ‹t_P ∈ 𝒯 P› ‹t_Q ∈ 𝒯 Q›
    have ‹r ∈ ❙✓❙s(P)› ‹s ∈ ❙✓❙s(Q)› by (metis strict_ticks_of_memI)+
    from that(2)[OF this, unfolded ‹tick_join r s = ⌊rs⌋›] show ‹length rs = n› by simp 
  qed
qed



lemma is_ticks_length_One_RenamingTick_singl [is_ticks_length_simp] :
  ‹length⇩_✓⇘Suc 0⇙(RenamingTick P (λr. [r]))›
  by (simp add: is_ticks_length_Renaming)

lemma is_ticks_length_Two_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t [is_ticks_length_simp] :
  ‹length⇩_✓⇘Suc (Suc 0)⇙(P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q)›
  by (simp add: is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k[OF Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms])


lemma is_ticks_length_Suc_Sync⇩_R⇩_l⇩_i⇩_s⇩_t [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(Q) ⟹ length⇩_✓⇘Suc n⇙(P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q)›
  by (rule is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k[OF Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms])
    (simp add: is_ticks_lengthD)

text ‹The equivalence is false.›

lemma False if ‹⋀P Q n. length⇩_✓⇘Suc n⇙(P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q) ⟹ length⇩_✓⇘n⇙(Q)›
  using that[of 0 STOP ‹SKIP [undefined]›]
  by (simp add: is_ticks_length_STOP is_ticks_length_SKIP_iff)


lemma is_ticks_length_Suc_Sync⇩_L⇩_l⇩_i⇩_s⇩_t [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘Suc n⇙(P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q)›
  by (rule is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [OF Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms])
    (simp add: is_ticks_lengthD)

lemma is_ticks_length_sum_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L [is_ticks_length_intro] :
  ‹length⇩_✓⇘m⇙(Q) ⟹ length⇩_✓⇘n + m⇙(P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q)›
  by (rule is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k[OF Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms])
    (simp add: is_ticks_lengthD)

lemma is_ticks_length_sum_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R [is_ticks_length_intro] :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘n + m⇙(P ⇘m⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q)›
  by (rule is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [OF Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms])
    (simp add: is_ticks_lengthD)

lemma is_ticks_length_sum_Sync⇩_L⇩_i⇩_s⇩_t⇩_s [is_ticks_length_intro] :
  ‹length⇩_✓⇘n + m⇙(P ⇘n⇙⟦S⟧⇩_✓⇘m⇙ Q)›
  by (rule is_ticks_length_Sync⇩_p⇩_t⇩_i⇩_c⇩_k[OF Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms]) simp



subsection ‹Conversions›

lemma Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_R⇩_l⇩_i⇩_s⇩_t :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t RenamingTick Q (λs. [s])›
  by (rule Sync⇩_R⇩_l⇩_i⇩_s⇩_t.inj_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_inj_RenamingTick
      [of id ‹λs. [s]›, simplified, symmetric])
    (auto intro: inj_onI)

lemma Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_l⇩_i⇩_s⇩_t :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q›
  by (rule Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.inj_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_inj_RenamingTick
      [of ‹λr. [r]› id, simplified, symmetric])
    (auto intro: inj_onI)


lemma Sync⇩_R⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L :
  ‹P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⇘Suc 0⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q›
  by (rule Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.inj_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_inj_RenamingTick
      [of ‹λr. [r]› id ‹Suc 0›, simplified, symmetric])
    (auto intro: inj_onI)

lemma Sync⇩_L⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R :
  ‹P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q = P ⇘Suc 0⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R RenamingTick Q (λs. [s])›
  by (rule Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.inj_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_inj_RenamingTick
      [of id ‹λs. [s]› ‹Suc 0›, simplified, symmetric])
    (auto intro: inj_onI)


lemma Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹length⇩_✓⇘m⇙(Q) ⟹ P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q = P ⇘n⇙⟦S⟧⇩_✓⇘m⇙ Q›
  by (auto intro!: Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_same_tick_join_on_strict_ticks_of
      Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms
      dest: is_ticks_lengthD)

lemma Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹length⇩_✓⇘n⇙(P) ⟹ P ⇘m⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q = P ⇘n⇙⟦S⟧⇩_✓⇘m⇙ Q›
  by (auto intro!: Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_same_tick_join_on_strict_ticks_of
      Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale_axioms
      dest: is_ticks_lengthD)

corollary Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_is_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R :
  ‹length⇩_✓⇘n⇙(P) ⟹ length⇩_✓⇘m⇙(Q) ⟹ P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q = P ⇘m⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q›
  by (simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s)


corollary Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⇘Suc 0⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L RenamingTick Q (λs. [s])›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_R⇩_l⇩_i⇩_s⇩_t Sync⇩_R⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L)

corollary Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⇘Suc 0⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R RenamingTick Q (λs. [s])›
  by (simp add: Sync⇩_L⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_l⇩_i⇩_s⇩_t)

corollary Sync⇩_R⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹length⇩_✓⇘m⇙(Q) ⟹ P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⇘Suc 0⇙⟦S⟧⇩_✓⇘m⇙ Q›
  by (simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s Sync⇩_R⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L)

corollary Sync⇩_L⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹length⇩_✓⇘n⇙(P) ⟹ P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q = P ⇘n⇙⟦S⟧⇩_✓⇘Suc 0⇙ RenamingTick Q (λs. [s])›
  by (simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s Sync⇩_L⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R)

corollary Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = RenamingTick P (λr. [r]) ⇘Suc 0⇙⟦S⟧⇩_✓⇘Suc 0⇙ RenamingTick Q (λs. [s])›
  by (simp add: Sync⇩_L⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_L⇩_l⇩_i⇩_s⇩_t
      is_ticks_length_One_RenamingTick_singl)




lemma Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). [r, s]) = P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q›
  by (rule Sync⇩_P⇩_a⇩_i⇩_r.inj_on_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [of ‹λ(r, s). [r, s]›, simplified])
    (auto intro: inj_onI)

lemma Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_to_Sync⇩_P⇩_a⇩_i⇩_r :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q) (λrs. (rs ! 0, rs ! Suc 0)) = P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q›
  by (rule Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.inj_on_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [of ‹λrs. (rs ! 0, rs ! Suc 0)›, simplified])
    (auto intro: inj_onI)

lemma Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_R⇩_l⇩_i⇩_s⇩_t :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). r # s) = P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q›
  by (rule Sync⇩_P⇩_a⇩_i⇩_r.inj_on_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [of ‹λ(r, s). r # s›, simplified])
    (auto intro: inj_onI)

lemma Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_l⇩_i⇩_s⇩_t :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). r @ [s]) = P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q›
  by (rule Sync⇩_P⇩_a⇩_i⇩_r.inj_on_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k
      [of ‹λ(r, s). r @ [s]›, simplified])
    (auto intro: inj_onI)


lemma Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). r @ s) = P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q›
  (is ‹?lhs = ?rhs›) if ‹length⇩_✓⇘n⇙(P)›
proof -
  let ?g = ‹λrs. (take n rs, drop n rs)›
  let ?g' = ‹λ(r, s). r @ s›
  let ?RT = RenamingTick
  have ‹?RT ?lhs ?g = ?RT ?rhs ?g›
  proof (subst Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.inj_on_RenamingTick_Sync⇩_p⇩_t⇩_i⇩_c⇩_k)
    show ‹inj_on ?g (Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.range_tick_join n)›
      by (rule inj_onI) (auto split: if_split_asm)
  next
    have ‹?RT (?RT (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) ?g') ?g = P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q›
    proof (fold RenamingTick_comp, subst (2) RenamingTick_id[of ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q›, symmetric])
      show ‹?RT (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (?g ∘ ?g') = ?RT (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) id›
      proof (rule RenamingTick_is_restrictable_on_strict_ticks_of)
        from that show ‹rs ∈ ❙✓❙s(P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) ⟹ (?g ∘ (λ(x, y). x @ y)) rs = id rs› for rs
          by (auto dest!: set_mp[OF Sync⇩_P⇩_a⇩_i⇩_r.strict_ticks_of_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_subset] is_ticks_lengthD)
      qed
    qed
    also have ‹P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q =
               Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale.Sync⇩_p⇩_t⇩_i⇩_c⇩_k
               (λr s. case if length r = n then ⌊r @ s⌋ else ◇
                      of ◇ ⇒ ◇ | ⌊rs⌋ ⇒ ⌊?g rs⌋) P S Q› (is ‹_ = ?rhs'›)
      by (rule Sync⇩_P⇩_a⇩_i⇩_r.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_same_tick_join_on_strict_ticks_of[symmetric], unfold_locales)
        (use ‹length⇩_✓⇘n⇙(P)› in ‹auto split: if_split_asm dest: is_ticks_lengthD›)
    finally show ‹?RT ?lhs ?g = ?rhs'› .
  qed
  hence ‹?RT (?RT ?lhs ?g) ?g' = ?RT (?RT ?rhs ?g) ?g'› by simp
  also from ‹length⇩_✓⇘n⇙(P)› have ‹?RT (?RT ?lhs ?g) ?g' = ?lhs›
    by (auto simp flip: RenamingTick_comp intro!: RenamingTick_is_restrictable_on_strict_ticks_of
                 dest!: set_mp[OF Sync⇩_P⇩_a⇩_i⇩_r.strict_ticks_of_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_subset] is_ticks_lengthD)
  also from ‹length⇩_✓⇘n⇙(P)› have ‹?RT (?RT ?rhs ?g) ?g' = ?rhs›
    by (fold RenamingTick_comp, subst (2) RenamingTick_id[of ?rhs, symmetric])
      (auto simp del: RenamingTick_id intro!: RenamingTick_is_restrictable_on_strict_ticks_of
               dest!: set_mp[OF Sync⇩_P⇩_a⇩_i⇩_r.strict_ticks_of_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_subset] is_ticks_lengthD)
  finally show ‹?lhs = ?rhs› .
qed


corollary Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). r @ s) = P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q›
  (is ‹?lhs = ?rhs›) if ‹length⇩_✓⇘n⇙(Q)›
proof -
  let ?RT = RenamingTick
  have ‹?RT (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(x, y). x @ y) =
        ?RT (Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r P) ((λ(x, y). x @ y) ∘ prod.swap)›
    by (simp add: RenamingTick_comp subst Sync⇩_P⇩_a⇩_i⇩_r.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_commute)
  also from ‹length⇩_✓⇘n⇙(Q)›
  have ‹… = ?RT (Q ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r P) ((λrs. drop n rs @ take n rs) ∘ (λ(x, y). x @ y))›
    by (auto intro!: RenamingTick_is_restrictable_on_strict_ticks_of
              dest!: set_mp[OF Sync⇩_P⇩_a⇩_i⇩_r.strict_ticks_of_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_subset] is_ticks_lengthD)
  also have ‹… = ?RT (Q ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L P) (λrs. drop n rs @ take n rs)›
    by (simp add: RenamingTick_comp Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L[OF ‹length⇩_✓⇘n⇙(Q)›])
  also have ‹… = P ⇘n⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q›
    by (fact Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_commute)
  finally show ‹?lhs = ?rhs› .
qed

corollary Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹RenamingTick (P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q) (λ(r, s). r @ s) = P ⇘n⇙⟦S⟧⇩_✓⇘m⇙ Q›
  (is ‹?lhs = ?rhs›) if ‹length⇩_✓⇘n⇙(P)› and ‹length⇩_✓⇘m⇙(Q)›
  by (subst Sync⇩_P⇩_a⇩_i⇩_r_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L[OF ‹length⇩_✓⇘n⇙(P)›])
    (rule Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_to_Sync⇩_L⇩_i⇩_s⇩_t⇩_s[OF ‹length⇩_✓⇘m⇙(Q)›])



section ‹First Laws›

corollary Inter⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_STOP [simp] :
  ‹P |||⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c STOP = P ❙; STOP›
  by (simp add: Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of P id])

corollary Inter⇩_P⇩_a⇩_i⇩_r_STOP :
  ‹P |||⇩_✓⇩_P⇩_a⇩_i⇩_r STOP = RenamingTick (P ❙; STOP) (λr. (r, g r))›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of P g])

corollary Inter⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_STOP :
  ‹P |||⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t STOP = RenamingTick (P ❙; STOP) (λr. [r, g r])›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of P g])

corollary Inter⇩_R⇩_l⇩_i⇩_s⇩_t_STOP :
  ‹P |||⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t STOP = RenamingTick (P ❙; STOP) (λr. r # g r)›
  by (simp add: Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of P g])

corollary Inter⇩_L⇩_l⇩_i⇩_s⇩_t_STOP :
  ‹P |||⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t STOP = RenamingTick (P ❙; STOP) (λr. r @ [g r])›
  by (simp add: Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of P g])

corollary Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_STOP :
  ‹P ⇘n⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L STOP =
   RenamingTick (P ❙; STOP) (λr. if length r = n then r @ g r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of n P g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (P ❙; STOP)›])

corollary Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_STOP :
  ‹P ⇘n⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R STOP =
   RenamingTick (P ❙; STOP) (λr. if length (g r) = n then r @ g r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of n P g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (P ❙; STOP)›])

corollary Inter⇩_L⇩_i⇩_s⇩_t⇩_s_STOP :
  ‹P ⇘n⇙|||⇩_✓⇘m⇙ STOP =
   RenamingTick (P ❙; STOP) (λr. if length r = n ∧ length (g r) = m then r @ g r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s.Inter⇩_p⇩_t⇩_i⇩_c⇩_k_STOP[of n m P g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (P ❙; STOP)›])



corollary STOP_Inter⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c [simp] :
  ‹STOP |||⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q = Q ❙; STOP›
  by (simp add: Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of Q id])

corollary STOP_Inter⇩_P⇩_a⇩_i⇩_r :
  ‹STOP |||⇩_✓⇩_P⇩_a⇩_i⇩_r Q = RenamingTick (Q ❙; STOP) (λs. (g s, s))›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of Q g])

corollary STOP_Inter⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t :
  ‹STOP |||⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q = RenamingTick (Q ❙; STOP) (λs. [g s, s])›
  by (simp add: Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of Q g])

corollary STOP_Inter⇩_R⇩_l⇩_i⇩_s⇩_t :
  ‹STOP |||⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q = RenamingTick (Q ❙; STOP) (λs. g s # s)›
  by (simp add: Sync⇩_R⇩_l⇩_i⇩_s⇩_t.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of Q g])

corollary STOP_Inter⇩_L⇩_l⇩_i⇩_s⇩_t :
  ‹STOP |||⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q = RenamingTick (Q ❙; STOP) (λs. g s @ [s])›
  by (simp add: Sync⇩_R⇩_l⇩_i⇩_s⇩_t.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of Q g])

corollary STOP_Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L :
  ‹STOP ⇘n⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q =
   RenamingTick (Q ❙; STOP) (λr. if length (g r) = n then g r @ r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of n Q g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (Q ❙; STOP)›])

corollary STOP_Inter⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R :
  ‹STOP ⇘n⇙|||⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q =
   RenamingTick (Q ❙; STOP) (λr. if length r = n then g r @ r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L.Sync⇩_p⇩_t⇩_i⇩_c⇩_k_comm_locale_sym.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of n Q g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (Q ❙; STOP)›])

corollary STOP_Inter⇩_L⇩_i⇩_s⇩_t⇩_s :
  ‹STOP ⇘n⇙|||⇩_✓⇘m⇙ Q =
   RenamingTick (Q ❙; STOP) (λr. if length (g r) = n ∧ length r = m then g r @ r else undefined)›
  by (auto simp add: Sync⇩_L⇩_i⇩_s⇩_t⇩_s.STOP_Inter⇩_p⇩_t⇩_i⇩_c⇩_k[of n m Q g] option.the_def
      intro!: arg_cong[where f = ‹RenamingTick (Q ❙; STOP)›])



corollary SKIP_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_SKIP :
  ‹SKIP r ⟦A⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c SKIP s =
   (if r = s then SKIP r else STOP)› by simp

corollary SKIP_Sync⇩_P⇩_a⇩_i⇩_r_SKIP :
  ‹SKIP r ⟦A⟧⇩_✓⇩_P⇩_a⇩_i⇩_r SKIP s = SKIP (r, s)› by simp

corollary SKIP_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_SKIP :
  ‹SKIP r ⟦A⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t SKIP s = SKIP [r, s]› by simp

corollary SKIP_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_SKIP :
  ‹SKIP r ⟦A⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t SKIP s = SKIP (r # s)› by simp

corollary SKIP_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_SKIP :
  ‹SKIP r ⟦A⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t SKIP s = SKIP (r @ [s])› by simp

corollary SKIP_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_SKIP :
  ‹SKIP r ⇘n⇙⟦A⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L SKIP s =
   (if length r = n then SKIP (r @ s) else STOP)› by simp

corollary SKIP_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_SKIP :
  ‹SKIP r ⇘n⇙⟦A⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R SKIP s =
   (if length s = n then SKIP (r @ s) else STOP)› by simp

corollary SKIP_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_SKIP :
  ‹SKIP r ⇘n⇙⟦A⟧⇩_✓⇘m⇙ SKIP s =
   (if length r = n ∧ length s = m then SKIP (r @ s) else STOP)› by simp





section ‹Operational Laws›

subsection ‹Classical Version›

locale After_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale = After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if r = s then ⌊r⌋ else ◇›
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⟦S⟧⇩_✓⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c Q› by (fact refl)

end

locale AfterExt_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if r = s then ⌊r⌋ else ◇›

sublocale AfterExt_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale ⊆ After_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if r = s then ⌊r⌋ else ◇›

sublocale OpSemTransitions_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale ⊆ AfterExt_Sync⇩_C⇩_l⇩_a⇩_s⇩_s⇩_i⇩_c_locale
  by unfold_locales


subsection ‹Product Type›

locale After_Sync⇩_P⇩_a⇩_i⇩_r_locale = After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊(r, s)⌋›
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r Q› by (fact refl)

end

locale AfterExt_Sync⇩_P⇩_a⇩_i⇩_r_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊(r, s)⌋›

sublocale AfterExt_Sync⇩_P⇩_a⇩_i⇩_r_locale ⊆ After_Sync⇩_P⇩_a⇩_i⇩_r_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_P⇩_a⇩_i⇩_r_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊(r, s)⌋›

sublocale OpSemTransitions_Sync⇩_P⇩_a⇩_i⇩_r_locale ⊆ AfterExt_Sync⇩_P⇩_a⇩_i⇩_r_locale
  by unfold_locales



subsection ‹List Type›

subsubsection ‹Pair›

locale After_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale = After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊[r, s]⌋›
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⟦S⟧⇩_✓⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t Q› by (fact refl)

end

locale AfterExt_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊[r, s]⌋›

sublocale AfterExt_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale ⊆ After_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊[r, s]⌋›

sublocale OpSemTransitions_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale ⊆ AfterExt_Sync⇩_P⇩_a⇩_i⇩_r⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales



subsubsection ‹Right List›

locale After_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale = After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r # s⌋›
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⟦S⟧⇩_✓⇩_R⇩_l⇩_i⇩_s⇩_t Q› by (fact refl)

end

locale AfterExt_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r # s⌋›

sublocale AfterExt_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale ⊆ After_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r # s⌋›

sublocale OpSemTransitions_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale ⊆ AfterExt_Sync⇩_R⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales



subsubsection ‹Left List›

locale After_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale = After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r @ [s]⌋›
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⟦S⟧⇩_✓⇩_L⇩_l⇩_i⇩_s⇩_t Q› by (fact refl)

end

locale AfterExt_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r @ [s]⌋›

sublocale AfterExt_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale ⊆ After_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. ⌊r @ [s]⌋›

sublocale OpSemTransitions_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale ⊆ AfterExt_Sync⇩_L⇩_l⇩_i⇩_s⇩_t_locale
  by unfold_locales



subsubsection ‹Arbitrary Lists›

paragraph ‹Control on left side›

locale After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale =
  After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length r = lenL then ⌊r @ s⌋ else ◇›
  for lenL :: nat
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⇘lenL⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L Q› by (fact refl)

end

locale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length r = lenL then ⌊r @ s⌋ else ◇›
  for lenL :: nat

sublocale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale ⊆ After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length r = lenL then ⌊r @ s⌋ else ◇›
  for lenL :: nat

sublocale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale ⊆ AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_L_locale
  by unfold_locales



paragraph ‹Control on right side›

locale After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale =
  After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length s = lenR then ⌊r @ s⌋ else ◇›
  for lenR :: nat
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⇘lenR⇙⟦S⟧⇩_✓⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R Q› by (fact refl)

end

locale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length s = lenR then ⌊r @ s⌋ else ◇›
  for lenR :: nat

sublocale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale ⊆ After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale ‹λr s. if length r = lenL then ⌊r @ s⌋ else ◇›
  for lenL :: nat

sublocale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale ⊆ AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s⇩_l⇩_e⇩_n⇩_R_locale
  by unfold_locales



paragraph ‹Control on both sides›

locale After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale =
  After_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale
  ‹λr s. if length r = lenL ∧ length s = lenR then ⌊r @ s⌋ else ◇›
  for lenL lenR :: nat
begin

― ‹Just checking...›
lemma ‹Sync⇩_p⇩_t⇩_i⇩_c⇩_k P S Q = P ⇘lenL⇙⟦S⟧⇩_✓⇘lenR⇙ Q› by (fact refl)

end

locale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale =
  AfterExt_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale
  ‹λr s. if length r = lenL ∧ length s = lenR then ⌊r @ s⌋ else ◇›
  for lenL lenR :: nat

sublocale AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale ⊆ After_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale
  by unfold_locales

locale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale =
  OpSemTransitions_Sync⇩_p⇩_t⇩_i⇩_c⇩_k_locale
  ‹λr s. if length r = lenL ∧ length s = lenR then ⌊r @ s⌋ else ◇›
  for lenL lenR :: nat

sublocale OpSemTransitions_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale ⊆ AfterExt_Sync⇩_L⇩_i⇩_s⇩_t⇩_s_locale
  by unfold_locales


(*<*)
end
  (*>*)