Theory Compactification_Sequential_Composition_Generalized

(***********************************************************************************
 * Copyright (c) 2025 Université Paris-Saclay
 *
 * Author: Benoît Ballenghien, Université Paris-Saclay,
 *         CNRS, ENS Paris-Saclay, LMF
 * Author: Burkhart Wolff, Université Paris-Saclay,
 *         CNRS, ENS Paris-Saclay, LMF
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 ***********************************************************************************)


chapter ‹Compactification of Sequential Composition Generalized ›

(*<*)
theory Compactification_Sequential_Composition_Generalized
  imports Combining_Sequential_Composition_Generalized
begin
  (*>*)


section ‹Iterated Combine›

subsection ‹Definitions›

fun iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k :: ‹[('r ⇒ ('σ, 'e, 'r) A⇩d) list, 'r] ⇒ ('σ list, 'e, 'r) A⇩d› (‹⟪⇩d⨂❙;⇩✓ _⟫› [0])
  where ‹⟪⇩d⨂❙;⇩✓ []⟫ r = ⦇τ = λσs a. ◇, ω = λσs. ⌊r⌋⦈›
  |     ‹⟪⇩d⨂❙;⇩✓ [A⇩0]⟫ r = ⇩d⟪A⇩0 r⟫⇩σ⇩↪⇩σ⇩s›
  |     ‹⟪⇩d⨂❙;⇩✓ A⇩0 # A⇩1 # As⟫ r = ⟪A⇩0 r ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩d⨂❙;⇩✓ A⇩1 # As⟫⟫›

fun iterated_combine⇩n⇩d_Seq⇩p⇩t⇩i⇩c⇩k :: ‹[('r ⇒ ('σ, 'e, 'r) A⇩n⇩d) list, 'r] ⇒ ('σ list, 'e, 'r) A⇩n⇩d› (‹⟪⇩n⇩d⨂❙;⇩✓ _⟫› [0])
  where ‹⟪⇩n⇩d⨂❙;⇩✓ []⟫ r = ⦇τ = λσs a. {}, ω = λσs. {r}⦈›
  |     ‹⟪⇩n⇩d⨂❙;⇩✓ [A⇩0]⟫ r = ⇩n⇩d⟪A⇩0 r⟫⇩σ⇩↪⇩σ⇩s›
  |     ‹⟪⇩n⇩d⨂❙;⇩✓ A⇩0 # A⇩1 # As⟫ r = ⟪A⇩0 r ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩n⇩d⨂❙;⇩✓ A⇩1 # As⟫⟫›


lemma iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k_simps_bis: ‹As ≠ [] ⟹ ⟪⇩d⨂❙;⇩✓ A⇩0 # As⟫ r = ⟪A⇩0 r ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩d⨂❙;⇩✓ As⟫⟫›
  and iterated_combine⇩n⇩d_Seq⇩p⇩t⇩i⇩c⇩k_simps_bis: ‹Bs ≠ [] ⟹ ⟪⇩n⇩d⨂❙;⇩✓ B⇩0 # Bs⟫ r = ⟪B⇩0 r ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩n⇩d⨂❙;⇩✓ Bs⟫⟫›
  by (induct As, simp_all) (induct Bs, simp_all)



subsection ‹First Results›

lemma combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_eq:
  ‹ε ⟪⇩d⟪A⇩0⟫⇩σ⇩↪⇩σ⇩s ⇩d⊗1❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫ (s⇩0 # σs) = ε ⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫ (s⇩0 # σs)›
  ‹τ ⟪⇩d⟪A⇩0⟫⇩σ⇩↪⇩σ⇩s ⇩d⊗1❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫ (s⇩0 # σs) e = τ ⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫ (s⇩0 # σs) e›
  ‹ε ⟪⇩n⇩d⟪B⇩0⟫⇩σ⇩↪⇩σ⇩s ⇩n⇩d⊗1❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L B⇩1⟫ (s⇩0 # σs) = ε ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t B⇩1⟫ (s⇩0 # σs)›
  ‹τ ⟪⇩n⇩d⟪B⇩0⟫⇩σ⇩↪⇩σ⇩s ⇩n⇩d⊗1❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L B⇩1⟫ (s⇩0 # σs) e = τ ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t B⇩1⟫ (s⇩0 # σs) e›
  by (simp_all add: ε_simps ρ_simps combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs σ_σs_conv_defs)
    (safe, auto simp add: map_option_case split: option.splits)


lemma combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_and_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_eq:
  ‹ε ⟪A⇩0 r ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ [s⇩0, s⇩1] = ε (⟪⇩d⨂❙;⇩✓ [A⇩0, A⇩1]⟫ r) [s⇩0, s⇩1]›
  ‹τ ⟪A⇩0 r ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ [s⇩0, s⇩1] e = τ (⟪⇩d⨂❙;⇩✓ [A⇩0, A⇩1]⟫ r) [s⇩0, s⇩1] e›
  ‹ε ⟪B⇩0 r ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t B⇩1⟫ [s⇩0, s⇩1] = ε (⟪⇩n⇩d⨂❙;⇩✓ [B⇩0, B⇩1]⟫ r) [s⇩0, s⇩1]›
  ‹τ ⟪B⇩0 r ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t B⇩1⟫ [s⇩0, s⇩1] e = τ (⟪⇩n⇩d⨂❙;⇩✓ [B⇩0, B⇩1]⟫ r) [s⇩0, s⇩1] e›
  by (simp_all add: ε_simps ρ_simps combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs σ_σs_conv_defs)
    (safe, auto simp add: map_option_case split: option.splits)


lemma combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_and_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_eq :
  ‹ε ⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ [s⇩0, s⇩1] = ε ⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩d⨂❙;⇩✓ [A⇩1]⟫⟫ [s⇩0, s⇩1]›
  ‹τ ⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ [s⇩0, s⇩1] e = τ ⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩d⨂❙;⇩✓ [A⇩1]⟫⟫ [s⇩0, s⇩1] e›
  ‹ε ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t B⇩1⟫ [s⇩0, s⇩1] = ε ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩n⇩d⨂❙;⇩✓ [B⇩1]⟫⟫ [s⇩0, s⇩1]›
  ‹τ ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t B⇩1⟫ [s⇩0, s⇩1] e = τ ⟪B⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩n⇩d⨂❙;⇩✓ [B⇩1]⟫⟫ [s⇩0, s⇩1] e›
  by (simp_all add: ε_simps ρ_simps combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs σ_σs_conv_defs)
    (safe, auto simp add: map_option_case split: option.splits)



subsection ‹Reachability›

lemma same_length_τ_iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹length σs = length As ⟹ ⌊σt⌋ = τ (⟪⇩d⨂❙;⇩✓ As⟫ r) σs a ⟹ length σt = length As›
proof (induct arbitrary: σt r rule: induct_2_lists012)
  case Nil thus ?case by simp
next
  case (single σ⇩0 A⇩0) thus ?case
    by simp (metis length_1_trans⇩dE length_1_trans_from_σ_to_σs(1) length_Cons list.size(3))
next
  case (Cons σ⇩0 σ⇩1 σs A⇩0 A⇩1 As)
  from Cons.prems Cons.hyps(1, 3) show ?case
    by (simp add: combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs map_option_case ρ_simps
        split: if_split_asm option.split_asm) metis
qed

lemma same_length_τ_iterated_combine⇩n⇩d_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹length σs = length As ⟹ σt ∈ τ (⟪⇩n⇩d⨂❙;⇩✓ As⟫ r) σs a ⟹ length σt = length As›
proof (induct arbitrary: σt r rule: induct_2_lists012)
  case Nil thus ?case by simp
next
  case (single σ⇩0 A⇩0) thus ?case
    by simp (meson length_1_trans⇩n⇩d_def length_1_trans_from_σ_to_σs(2))
next
  case (Cons σ⇩0 σ⇩1 σs A⇩0 A⇩1 As)
  from Cons.prems Cons.hyps(1, 3) show ?case
    by (auto simp add: combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs map_option_case ρ_simps
        split: if_split_asm)
qed



lemma same_length_ℛ⇩d_iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹σt ∈ ℛ⇩d (⟪⇩d⨂❙;⇩✓ As⟫ r) σs ⟹ length σs = length As ⟹ length σt = length As›
  by (induct rule: ℛ⇩d.induct, simp) (meson same_length_τ_iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k)

lemma same_length_ℛ⇩n⇩d_iterated_combine⇩n⇩d_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹σt ∈ ℛ⇩n⇩d (⟪⇩n⇩d⨂❙;⇩✓ As⟫ r) σs ⟹ length σs = length As ⟹ length σt = length As›
  by (induct rule: ℛ⇩n⇩d.induct, simp) (meson same_length_τ_iterated_combine⇩n⇩d_Seq⇩p⇩t⇩i⇩c⇩k)



subsection ‹Transmission of Properties›

lemma ρ_disjoint_ε_transmission_to_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹As ≠ [] ⟹ ρ_disjoint_ε ((last As) r) ⟹ ρ_disjoint_ε (⟪⇩d⨂❙;⇩✓ As⟫ r)›
  ‹Bs ≠ [] ⟹ ρ_disjoint_ε ((last Bs) r) ⟹ ρ_disjoint_ε (⟪⇩n⇩d⨂❙;⇩✓ Bs⟫ r)›
  by (induct rule: induct_list012;
      auto simp add: ρ_disjoint_ε_def combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs ε_simps ρ_simps σ_σs_conv_defs)+



subsection ‹Normalization›

lemma ω_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv:
  ‹ω (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) σs = ω ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σs›
  by (induct As arbitrary: σs r rule: induct_list012[case_names Nil singl Cons])
    (simp_all add: from_det_to_ndet_σ_σs_conv_commute combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs
      ω_from_det_to_ndet split: option.split)

lemma ρ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv :
  ‹ρ (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) = ρ ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d›
  by (simp add: ρ_simps ω_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv)


lemma τ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_behaviour:
  ‹length σs = length As ⟹
   τ ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σs e = τ (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) σs e›
proof (induct σs As arbitrary: r rule: induct_2_lists012)
  case Nil show ?case by simp
next
  case (single σ⇩0 A⇩0)
  show ?case by (simp add: from_det_to_ndet_σ_σs_conv_commute(1))
next
  case (Cons σ⇩0 σ⇩1 σs A⇩0 A⇩1 As)
  show ?case
    by (simp add: τ_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_behaviour split: option.split,
        simp add: combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs ρ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv
        ω_from_det_to_ndet split: option.split)
      (metis Cons.hyps(3) ρ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv det_ndet_conv_ρ(1) list.simps(9))
qed



lemma P⇩S⇩K⇩I⇩P⇩S_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_behaviour:
  assumes same_length: ‹length σs = length As›
  shows ‹P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d σs = P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r⟫⇩n⇩d σs›
proof (fold P⇩S⇩K⇩I⇩P⇩S_nd_from_det_to_ndet_is_P⇩S⇩K⇩I⇩P⇩S_d, rule P⇩S⇩K⇩I⇩P⇩S_nd_eqI_strong_id)
  show ‹σt ∈ ℛ⇩n⇩d ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σs ⟹
        τ (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) σt a = τ ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σt a› for σt a
    by (simp add: ℛ⇩n⇩d_from_det_to_ndet τ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_behaviour
        same_length same_length_ℛ⇩d_iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k)
next
  show ‹ω (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) σt = ω ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σt› for σt
    by (simp add: ω_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_det_ndet_conv)
qed

lemma P_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_behaviour:
  assumes same_length: ‹length σs = length As›
  shows ‹P⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d σs = P⟪⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r⟫⇩n⇩d σs›
proof (fold P_nd_from_det_to_ndet_is_P_d, rule P_nd_eqI_strong_id)
  show ‹σt ∈ ℛ⇩n⇩d ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σs ⟹
       τ (⟪⇩n⇩d⨂❙;⇩✓ map (λA r. ⟪A r⟫⇩d⇩↪⇩n⇩d) As⟫ r) σt a = τ ⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d⇩↪⇩n⇩d σt a› for σt a
    by (simp add: ℛ⇩n⇩d_from_det_to_ndet τ_iterated_combine_Seq⇩p⇩t⇩i⇩c⇩k_behaviour
        same_length same_length_ℛ⇩d_iterated_combine⇩d_Seq⇩p⇩t⇩i⇩c⇩k)
qed



section ‹Compactification Theorems›

subsection ‹Binary›

subsubsection ‹Pair›

lemma P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k :
  fixes A⇩0 A⇩1
  assumes at_most_1_elem_term : ‹at_most_1_elem_term A⇩0›
    ― ‹This assumption is necessary in the new setup,
        otherwise the result is not always a Procomaton
        (for example if \<^term>‹ω A⇩0 σ⇩0 = UNIV›,
         we have \<^term>‹P σ⇩0 ❙;⇩✓ Q σ⇩1 = ⊓r∈UNIV. Q σ⇩1 r›).›
    (* TODO: weaken this to reachable terminations ? *)
  defines A_def: ‹A ≡ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫› 
  defines P_def: ‹P ≡ P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d›
    and Q_def: ‹Q ≡ λσ⇩1 r. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σ⇩1›
    and S_def: ‹S ≡ P⇩S⇩K⇩I⇩P⇩S⟪A⟫⇩n⇩d›
  shows ‹P σ⇩0 ❙;⇩✓ Q σ⇩1 = S (σ⇩0, σ⇩1)›
proof -
  let ?f = ‹P⇩S⇩K⇩I⇩P⇩S_nd_step (ε A) (τ A) (ω A) (λσ'. case σ' of (σ⇩0, σ⇩1) ⇒ P σ⇩0 ❙;⇩✓ Q σ⇩1)›
  note cartprod_rwrt = GlobalNdet_cartprod[of _ _ ‹λx y. _ (x, y)›, simplified]
  note Ndet_and_Seq = Seq⇩p⇩t⇩i⇩c⇩k_distrib_GlobalNdet_left Seq⇩p⇩t⇩i⇩c⇩k_distrib_GlobalNdet_right
  have P_rec : ‹P σ⇩0 = P⇩S⇩K⇩I⇩P⇩S_nd_step (ε A⇩0) (τ A⇩0) (ω A⇩0) P σ⇩0› for σ⇩0
    by (fact restriction_fix_eq[OF P⇩S⇩K⇩I⇩P⇩S_nd_step_constructive_bis[of A⇩0],
          folded P⇩S⇩K⇩I⇩P⇩S_nd_def P_def, THEN fun_cong])
  have Q_rec : ‹Q σ⇩1 = (λr. P⇩S⇩K⇩I⇩P⇩S_nd_step (ε (A⇩1 r)) (τ (A⇩1 r)) (ω (A⇩1 r)) (λσ⇩1. Q σ⇩1 r) σ⇩1)› for σ⇩1
    by (rule ext, simp add: Q_def P⇩S⇩K⇩I⇩P⇩S_nd_rec)
  show ‹P σ⇩0 ❙;⇩✓ Q σ⇩1 = S (σ⇩0, σ⇩1)›
  proof (rule fun_cong[of ‹λ(σ⇩0, σ⇩1).P σ⇩0 ❙;⇩✓ Q σ⇩1› _ ‹(σ⇩0, σ⇩1)›, simplified])
    show ‹(λ(σ⇩0, σ⇩1). P σ⇩0 ❙;⇩✓ Q σ⇩1) = S›
    proof (rule restriction_fix_unique[OF P⇩S⇩K⇩I⇩P⇩S_nd_step_constructive_bis[of A],
          symmetric, folded P⇩S⇩K⇩I⇩P⇩S_nd_def S_def])
      show ‹?f = (λ(σ⇩0, σ⇩1). P σ⇩0 ❙;⇩✓ Q σ⇩1)›
      proof (rule ext, clarify)
        show ‹?f (σ⇩0, σ⇩1) = P σ⇩0 ❙;⇩✓ Q σ⇩1› for σ⇩0 σ⇩1
        proof (cases ‹σ⇩0 ∈ ρ A⇩0›)
          show ‹σ⇩0 ∉ ρ A⇩0 ⟹ ?f (σ⇩0, σ⇩1) = P σ⇩0 ❙;⇩✓ Q σ⇩1›
            by (subst (2) P_rec)
              (auto simp add: combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs ε_simps A_def ρ_simps
                Mprefix_Seq⇩p⇩t⇩i⇩c⇩k cartprod_rwrt Ndet_and_Seq intro!: mono_Mprefix_eq)
        next
          assume ‹σ⇩0 ∈ ρ A⇩0›
          hence ‹ω A⇩0 σ⇩0 ≠ {}› by (simp add: ρ_simps)
          then obtain r where ‹ω A⇩0 σ⇩0 = {r}›
            by (meson at_most_1_elem_term at_most_1_elem_termE)
          from ‹σ⇩0 ∈ ρ A⇩0› have P_rec' : ‹P σ⇩0 = SKIPS (ω A⇩0 σ⇩0)› by (simp add: P_rec ρ_simps)
          have ε_A : ‹ε A (σ⇩0, σ⇩1) = (if σ⇩1 ∈ ρ (A⇩1 r) then {} else ε (A⇩1 r) σ⇩1)›
            by (simp add: A_def ε_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k combine_Seq_ε_defs ‹σ⇩0 ∈ ρ A⇩0› ‹ω A⇩0 σ⇩0 = {r}›)
          from ‹σ⇩0 ∈ ρ A⇩0› have ω_A : ‹ω A (σ⇩0, σ⇩1) = ω (A⇩1 r) σ⇩1›
            by (simp add: A_def combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs ‹ω A⇩0 σ⇩0 = {r}›)
          show ‹?f (σ⇩0, σ⇩1) = P σ⇩0 ❙;⇩✓ Q σ⇩1›
          proof (cases ‹σ⇩1 ∈ ρ (A⇩1 r)›)
            show ‹σ⇩1 ∈ ρ (A⇩1 r) ⟹ ?f (σ⇩0, σ⇩1) = P σ⇩0 ❙;⇩✓ Q σ⇩1›
              by (subst (2) Q_rec)
                (simp add: P_rec' ε_A ω_A SKIPS_def Ndet_and_Seq ‹ω A⇩0 σ⇩0 = {r}› ρ_simps)
          next
            show ‹σ⇩1 ∉ ρ (A⇩1 r) ⟹ ?f (σ⇩0, σ⇩1) = P σ⇩0 ❙;⇩✓ Q σ⇩1›
              by (subst (2) Q_rec, unfold ε_A ω_A SKIPS_def)
                (auto simp add: A_def P_rec' Ndet_and_Seq ‹ω A⇩0 σ⇩0 = {r}›
                  ρ_simps cartprod_rwrt combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs intro!: mono_Mprefix_eq)
          qed
        qed
      qed
    qed
  qed
qed

corollary P⇩S⇩K⇩I⇩P⇩S_d_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σ⇩1) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫⟫⇩d (σ⇩0, σ⇩1)›
proof -
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σ⇩1) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σ⇩1)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_from_det_to_ndet_is_P⇩S⇩K⇩I⇩P⇩S_d)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r (λr. ⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d)⟫⟫⇩n⇩d (σ⇩0, σ⇩1)›
    by (metis P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k at_most_1_elem_from_det_to_ndet
        at_most_1_elem_imp_at_most_1_elem_term)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫⟫⇩d (σ⇩0, σ⇩1)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_behaviour)
  finally show ?thesis .
qed



subsubsection ‹Pairlist›

lemma P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σ⇩1) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩n⇩d [σ⇩0, σ⇩1]›
  if ‹at_most_1_elem_term A⇩0›
proof -
  from P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k[OF ‹at_most_1_elem_term A⇩0›]
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σ⇩1) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫⟫⇩n⇩d (σ⇩0, σ⇩1)› .
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩n⇩d [σ⇩0, σ⇩1]›
  proof (rule P⇩S⇩K⇩I⇩P⇩S_nd_eqI_strong[of ‹λ(σ⇩0, σ⇩1). [σ⇩0, σ⇩1]› _ ‹(σ⇩0, σ⇩1)›, simplified])
    show ‹inj_on (λ(σ⇩0, σ⇩1). [σ⇩0, σ⇩1]) (ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σ⇩0, σ⇩1))›
      by (auto intro: inj_onI)
  next
    show ‹τ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ (case σ' of (σ⇩0, σ⇩1) ⇒ [σ⇩0, σ⇩1]) a =
          (λσ'. case σ' of (σ⇩0, σ⇩1) ⇒ [σ⇩0, σ⇩1]) ` τ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σ' a› for σ' a
      by (cases σ') (auto simp add: combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs)
  next
    show ‹ω ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫ (case σ' of (σ⇩0, σ⇩1) ⇒ [σ⇩0, σ⇩1]) = ω ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σ'› for σ'
      by (cases σ') (auto simp add: combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs)
  qed
  finally show ?thesis .
qed

corollary P⇩S⇩K⇩I⇩P⇩S_d_combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σ⇩1) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩d [σ⇩0, σ⇩1]›
proof -
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σ⇩1) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σ⇩1)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_from_det_to_ndet_is_P⇩S⇩K⇩I⇩P⇩S_d)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t (λr. ⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d)⟫⟫⇩n⇩d [σ⇩0, σ⇩1]›
    by (metis P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k at_most_1_elem_from_det_to_ndet
        at_most_1_elem_imp_at_most_1_elem_term)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩d [σ⇩0, σ⇩1]›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_combine⇩P⇩a⇩i⇩r⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_behaviour)
  finally show ?thesis .
qed



subsubsection ‹Rlist›

lemma P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σs) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩n⇩d (σ⇩0 # σs)›
  if ‹at_most_1_elem_term A⇩0›
proof -
  from P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k[OF ‹at_most_1_elem_term A⇩0›]
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σs) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫⟫⇩n⇩d (σ⇩0, σs)› .
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩n⇩d (σ⇩0 # σs)›
  proof (rule P⇩S⇩K⇩I⇩P⇩S_nd_eqI_strong[of ‹λ(σ⇩0, σs). σ⇩0 # σs› _ ‹(σ⇩0, σs)›, simplified])
    show ‹inj_on (λ(σ⇩0, σs). σ⇩0 # σs) (ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σ⇩0, σs))›
      by (auto intro: inj_onI)
  next
    show ‹τ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫ (case σ' of (σ⇩0, σs) ⇒ σ⇩0 # σs) a =
         (λσ'. case σ' of (σ⇩0, σs) ⇒ σ⇩0 # σs) ` τ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σ' a› for σ' a
      by (cases σ') (auto simp add: combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs)
  next
    show ‹ω ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫ (case σ' of (σ⇩0, σs) ⇒ σ⇩0 # σs) = ω ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σ'› for σ'
      by (cases σ') (auto simp add: combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_defs)
  qed
  finally show ?thesis .
qed

corollary P⇩S⇩K⇩I⇩P⇩S_d_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σs) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩d (σ⇩0 # σs)›
proof -
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σs) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σs)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_from_det_to_ndet_is_P⇩S⇩K⇩I⇩P⇩S_d)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t (λr. ⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d)⟫⟫⇩n⇩d (σ⇩0 # σs)›
    by (metis P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k at_most_1_elem_from_det_to_ndet
        at_most_1_elem_imp_at_most_1_elem_term)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t A⇩1⟫⟫⇩d (σ⇩0 # σs)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k_behaviour)
  finally show ?thesis .
qed



subsection ‹ListslenL›

lemma P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σs⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σs⇩1) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫⟫⇩n⇩d (σs⇩0 @ σs⇩1)›
  if same_length_reach : ‹⋀σs⇩0'. σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0 ⟹ length σs⇩0' = len⇩0›
    and ‹at_most_1_elem_term A⇩0›
proof -
  from P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k[OF ‹at_most_1_elem_term A⇩0›]
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩n⇩d σs⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩n⇩d σs⇩1) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫⟫⇩n⇩d (σs⇩0, σs⇩1)› .
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩n⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫⟫⇩n⇩d (σs⇩0 @ σs⇩1)›
  proof (rule P⇩S⇩K⇩I⇩P⇩S_nd_eqI_strong[of ‹λ(σs⇩0, σs⇩1). σs⇩0 @ σs⇩1› _ ‹(σs⇩0, σs⇩1)›, simplified])
    show ‹inj_on (λ(σs⇩0, σs⇩1). σs⇩0 @ σs⇩1) (ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σs⇩0, σs⇩1))›
    proof (rule inj_onI, clarify)
      fix σs⇩0' σs⇩1' σs⇩0'' σs⇩1''
      assume assms : ‹(σs⇩0', σs⇩1') ∈ ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σs⇩0, σs⇩1)›
        ‹(σs⇩0'', σs⇩1'') ∈ ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σs⇩0, σs⇩1)›
        ‹σs⇩0' @ σs⇩1' = σs⇩0'' @ σs⇩1''›
      from ℛ⇩n⇩d_combine⇩n⇩d⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_subset assms(1, 2)
      have ‹σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› ‹σs⇩0'' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› by fast+
      with same_length_reach have ‹length σs⇩0' = length σs⇩0''› by blast
      with assms(3) show ‹σs⇩0' = σs⇩0'' ∧ σs⇩1' = σs⇩1''› by simp
    qed
  next
    fix σs' a
    assume ‹σs' ∈ ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σs⇩0, σs⇩1)›
    with ℛ⇩n⇩d_combine⇩n⇩d⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_subset
    obtain σs⇩0' σs⇩1' where ‹σs' = (σs⇩0', σs⇩1')› ‹σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› by fast
    from ‹σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› same_length_reach have ‹length σs⇩0' = len⇩0› by blast
    show ‹τ ⟪A⇩0 ⇩n⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫ (case σs' of (σs⇩0, σs⇩1) ⇒ σs⇩0 @ σs⇩1) a =
          (λσs'. case σs' of (σs⇩0, σs⇩1) ⇒ σs⇩0 @ σs⇩1) ` τ ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σs' a›
      by (auto simp add: ‹σs' = (σs⇩0', σs⇩1')› ‹length σs⇩0' = len⇩0›
          combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k)
  next
    fix σs' a
    assume ‹σs' ∈ ℛ⇩n⇩d ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ (σs⇩0, σs⇩1)›
    with ℛ⇩n⇩d_combine⇩n⇩d⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_subset
    obtain σs⇩0' σs⇩1' where ‹σs' = (σs⇩0', σs⇩1')› ‹σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› by fast
    from ‹σs⇩0' ∈ ℛ⇩n⇩d A⇩0 σs⇩0› same_length_reach have ‹length σs⇩0' = len⇩0› by blast
    show ‹ω ⟪A⇩0 ⇩n⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫ (case σs' of (σs⇩0, σs⇩1) ⇒ σs⇩0 @ σs⇩1) = ω ⟪A⇩0 ⇩n⇩d⊗❙;⇩✓⇩P⇩a⇩i⇩r A⇩1⟫ σs'›
      by (auto simp add: ‹σs' = (σs⇩0', σs⇩1')› ‹length σs⇩0' = len⇩0›
          combine⇩P⇩a⇩i⇩r_Seq⇩p⇩t⇩i⇩c⇩k_defs combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k)
  qed
  finally show ?thesis .
qed


corollary P⇩S⇩K⇩I⇩P⇩S_d_combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k :
  ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σs⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σs⇩1) = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫⟫⇩d (σs⇩0 @ σs⇩1)›
  if same_length_reach : ‹⋀σs⇩0'. σs⇩0' ∈ ℛ⇩d A⇩0 σs⇩0 ⟹ length σs⇩0' = len⇩0›
proof -
  have ‹P⇩S⇩K⇩I⇩P⇩S⟪A⇩0⟫⇩d σs⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩1 r⟫⇩d σs⇩1) =
        P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σs⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d⟫⇩n⇩d σs⇩1)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_from_det_to_ndet_is_P⇩S⇩K⇩I⇩P⇩S_d)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪⟪A⇩0⟫⇩d⇩↪⇩n⇩d ⇩n⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L (λr. ⟪A⇩1 r⟫⇩d⇩↪⇩n⇩d)⟫⟫⇩n⇩d (σs⇩0 @ σs⇩1)›
    by (rule P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k[OF same_length_reach])
      (simp_all add: ℛ⇩n⇩d_from_det_to_ndet at_most_1_elem_imp_at_most_1_elem_term)
  also have ‹… = P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 ⇩d⊗len⇩0❙;⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L A⇩1⟫⟫⇩d (σs⇩0 @ σs⇩1)›
    by (simp add: P⇩S⇩K⇩I⇩P⇩S_combine⇩L⇩i⇩s⇩t⇩s⇩l⇩e⇩n⇩L_Seq⇩p⇩t⇩i⇩c⇩k_behaviour same_length_reach)
  finally show ?thesis .
qed



subsection ‹Multiple›

theorem P⇩S⇩K⇩I⇩P⇩S_nd_compactification_Seq⇩p⇩t⇩i⇩c⇩k:
  ‹⟦length σs = length As; ⋀A r. A ∈ set (butlast As) ⟹ at_most_1_elem_term (A r)⟧ ⟹
   SEQ⇩✓ (σ, A) ∈@ zip σs As. (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩n⇩d σ) = (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩n⇩d⨂❙;⇩✓ As⟫ r⟫⇩n⇩d σs)›
proof (induct σs As rule: induct_2_lists012)
  case Nil show ?case by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_rec)
next
  case (single σ⇩0 A⇩0) show ?case by (simp add: P⇩S⇩K⇩I⇩P⇩S_nd_from_σ_to_σs_is_P⇩S⇩K⇩I⇩P⇩S_nd)
next
  case (Cons σ⇩0 σ⇩1 σs A⇩0 A⇩1 As)
  have ‹SEQ⇩✓ (σ, A) ∈@ zip (σ⇩0 # σ⇩1 # σs) (A⇩0 # A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩n⇩d σ) =
        (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩0 r⟫⇩n⇩d σ⇩0 ❙;⇩✓ SEQ⇩✓ (σ, A) ∈@ zip (σ⇩1 # σs) (A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩n⇩d σ))› by simp
  also have ‹SEQ⇩✓ (σ, A) ∈@ zip (σ⇩1 # σs) (A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩n⇩d σ) =
             (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩n⇩d⨂❙;⇩✓ A⇩1 # As⟫ r⟫⇩n⇩d (σ⇩1 # σs))›
    by (rule Cons.hyps(3)) (simp add: Cons.prems)
  also have ‹(λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩0 r⟫⇩n⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩n⇩d⨂❙;⇩✓ A⇩1 # As ⟫ r⟫⇩n⇩d (σ⇩1 # σs))) =
             (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 r ⇩n⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩n⇩d⨂❙;⇩✓ A⇩1 # As⟫⟫⟫⇩n⇩d (σ⇩0 # σ⇩1 # σs))›
    by (intro ext P⇩S⇩K⇩I⇩P⇩S_nd_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k) (simp add: Cons.prems)
  also have ‹… = (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩n⇩d⨂❙;⇩✓ A⇩0 # A⇩1 # As⟫ r⟫⇩n⇩d (σ⇩0 # σ⇩1 # σs))› by simp
  finally show ?case .
qed

corollary P⇩S⇩K⇩I⇩P⇩S_d_compactification_Seq⇩p⇩t⇩i⇩c⇩k:
  ‹length σs = length As ⟹
   SEQ⇩✓ (σ, A) ∈@ zip σs As. (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩d σ) = (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩d⨂❙;⇩✓ As⟫ r⟫⇩d σs)›
proof (induct σs As rule: induct_2_lists012)
  case Nil show ?case by (simp add: P⇩S⇩K⇩I⇩P⇩S_d_rec)
next
  case (single σ⇩0 A⇩0) show ?case by (simp add: P⇩S⇩K⇩I⇩P⇩S_d_from_σ_to_σs_is_P⇩S⇩K⇩I⇩P⇩S_d)
next
  case (Cons σ⇩0 σ⇩1 σs A⇩0 A⇩1 As)
  have ‹SEQ⇩✓ (σ, A) ∈@ zip (σ⇩0 # σ⇩1 # σs) (A⇩0 # A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩d σ) =
        (λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩0 r⟫⇩d σ⇩0 ❙;⇩✓ SEQ⇩✓ (σ, A) ∈@ zip (σ⇩1 # σs) (A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩d σ))› by simp
  also have ‹SEQ⇩✓ (σ, A) ∈@ zip (σ⇩1 # σs) (A⇩1 # As). (λr. P⇩S⇩K⇩I⇩P⇩S⟪A r⟫⇩d σ) =
             (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩d⨂❙;⇩✓ A⇩1 # As⟫ r⟫⇩d (σ⇩1 # σs))›
    by (fact Cons.hyps(3))
  also have ‹(λr. P⇩S⇩K⇩I⇩P⇩S⟪A⇩0 r⟫⇩d σ⇩0 ❙;⇩✓ (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩d⨂❙;⇩✓ A⇩1 # As⟫ r⟫⇩d (σ⇩1 # σs))) =
             (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪A⇩0 r ⇩d⊗❙;⇩✓⇩R⇩l⇩i⇩s⇩t ⟪⇩d⨂❙;⇩✓ A⇩1 # As⟫⟫⟫⇩d (σ⇩0 # σ⇩1 # σs))›
    by (intro ext P⇩S⇩K⇩I⇩P⇩S_d_combine⇩R⇩l⇩i⇩s⇩t_Seq⇩p⇩t⇩i⇩c⇩k)
  also have ‹… = (λr. P⇩S⇩K⇩I⇩P⇩S⟪⟪⇩d⨂❙;⇩✓ A⇩0 # A⇩1 # As⟫ r⟫⇩d (σ⇩0 # σ⇩1 # σs))› by simp
  finally show ?case .
qed



(*<*)
end
  (*>*)