Theory CSP_Restriction_Adm
section ‹Admissibility›
theory CSP_Restriction_Adm
imports Process_Restriction_Space After_Operator_Non_Too_Destructive
"HOL-CSP_OpSem.Operational_Semantics_Laws"
begin
named_theorems restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset
subsection ‹Belonging›
lemma restriction_adm_in_D [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹adm⇩↓ (λx. t ∈ 𝒟 (f x))›
and restriction_adm_notin_D [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹adm⇩↓ (λx. t ∉ 𝒟 (f x))›
and restriction_adm_in_F [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹adm⇩↓ (λx. (t, X) ∈ ℱ (f x))›
and restriction_adm_notin_F [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹adm⇩↓ (λx. (t, X) ∉ ℱ (f x))› if ‹cont⇩↓ f›
for f :: ‹'b :: restriction ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
proof (all ‹rule restriction_adm_subst[OF ‹cont⇩↓ f›]›)
have * : ‹σ ─↓→ Σ ⟹ ∃n0. ∀n ≥ n0. σ n ↓ Suc (length t) = Σ ↓ Suc (length t)›
for σ and Σ :: ‹('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
by (metis restriction_tendstoD)
show ‹adm⇩↓ (λx. t ∈ 𝒟 x)› ‹adm⇩↓ (λx. t ∉ 𝒟 x)›
by (rule restriction_admI,
metis (no_types) "*" D_restriction_process⇩p⇩t⇩i⇩c⇩k_Suc_length_iff_D dual_order.refl)+
show ‹adm⇩↓ (λx. (t, X) ∈ ℱ x)› ‹adm⇩↓ (λx. (t, X) ∉ ℱ x)›
by (rule restriction_admI,
metis (no_types) "*" F_restriction_process⇩p⇩t⇩i⇩c⇩k_Suc_length_iff_F dual_order.refl)+
qed
corollary restriction_adm_in_T [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ adm⇩↓ (λx. t ∈ 𝒯 (f x))›
and restriction_adm_notin_T [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ adm⇩↓ (λx. t ∉ 𝒯 (f x))›
by (fact restriction_adm_in_F[of f t ‹{}›, simplified T_F_spec])
(fact restriction_adm_notin_F[of f t ‹{}›, simplified T_F_spec])
corollary restriction_adm_in_initials [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ adm⇩↓ (λx. e ∈ (f x)⇧0)›
and restriction_adm_notin_initials [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ adm⇩↓ (λx. e ∉ (f x)⇧0)›
by (simp_all add: initials_def restriction_adm_in_T restriction_adm_notin_T)
subsection ‹Refining›
corollary restriction_adm_leF [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ⊑⇩F g x)›
by (simp add: failure_refine_def subset_iff restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset)
corollary restriction_adm_leD [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ⊑⇩D g x)›
by (simp add: divergence_refine_def subset_iff restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset)
corollary restriction_adm_leT [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ⊑⇩T g x)›
by (simp add: trace_refine_def subset_iff restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset)
corollary restriction_adm_leFD [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ⊑⇩F⇩D g x)›
by (simp add: failure_divergence_refine_def restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset)
corollary restriction_adm_leDT [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset] :
‹cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ⊑⇩D⇩T g x)›
by (simp add: trace_divergence_refine_def restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset)
subsubsection ‹Transitions›
lemma (in After) restriction_cont_After [restriction_adm_simpset] :
‹cont⇩↓ (λx. f x after a)› if ‹cont⇩↓ f› and ‹cont⇩↓ Ψ›
proof (rule restriction_cont_comp[OF _ ‹cont⇩↓ f›])
show ‹cont⇩↓ (λP. P after a)›
proof (rule restriction_contI)
show ‹(λn. σ n after a) ─↓→ Σ after a› if ‹σ ─↓→ Σ› for σ Σ
proof (rule restriction_tendstoI)
fix n
from ‹σ ─↓→ Σ› obtain n0
where * : ‹∀k≥n0. Σ ↓ Suc n = σ k ↓ Suc n›
by (blast dest: restriction_tendstoD)
consider ‹ev a ∈ Σ⇧0› ‹∀n≥Suc n0. ev a ∈ (σ n)⇧0›
| ‹ev a ∉ Σ⇧0› ‹∀n≥Suc n0. ev a ∉ (σ n)⇧0›
by (metis "*" Suc_leD initials_restriction_process⇩p⇩t⇩i⇩c⇩k nat.distinct(1))
thus ‹∃n0. ∀k≥n0. Σ after a ↓ n = σ k after a ↓ n›
proof cases
assume ‹ev a ∈ Σ⇧0› ‹∀n≥Suc n0. ev a ∈ (σ n)⇧0›
hence ‹∀k≥Suc n0. Σ after a ↓ n = σ k after a ↓ n›
by (metis "*" Suc_leD restriction_process⇩p⇩t⇩i⇩c⇩k_After)
thus ‹∃n0. ∀k≥n0. Σ after a ↓ n = σ k after a ↓ n› ..
next
assume ‹ev a ∉ Σ⇧0› ‹∀n≥Suc n0. ev a ∉ (σ n)⇧0›
hence ‹Σ after a = Ψ Σ a› ‹∀k≥Suc n0. σ k after a = Ψ (σ k) a›
by (simp_all add: not_initial_After)
moreover from ‹cont⇩↓ Ψ›[THEN restriction_contD]
obtain n1 where ‹∀k≥n1. Ψ Σ ↓ n = Ψ (σ k) ↓ n›
by (blast intro: ‹σ ─↓→ Σ› dest: restriction_tendstoD)
ultimately have ‹∀k≥max n1 (Suc n0). Σ after a ↓ n = σ k after a ↓ n›
by simp (metis restriction_fun_def)
thus ‹∃n0. ∀k≥n0. Σ after a ↓ n = σ k after a ↓ n› ..
qed
qed
qed
qed
lemma (in AfterExt) restriction_cont_After⇩t⇩i⇩c⇩k [restriction_adm_simpset] :
‹cont⇩↓ (λx. f x after⇩✓ e)› if ‹cont⇩↓ f› and ‹cont⇩↓ Ψ› and ‹cont⇩↓ Ω›
proof (cases e)
show ‹e = ev a ⟹ cont⇩↓ (λx. f x after⇩✓ e)› for a
by (simp add: After⇩t⇩i⇩c⇩k_def restriction_cont_After ‹cont⇩↓ f› ‹cont⇩↓ Ψ›)
next
fix r assume ‹e = ✓(r)›
hence ‹(λx. f x after⇩✓ e) = (λx. Ω (f x) r)› by (simp add: After⇩t⇩i⇩c⇩k_def)
thus ‹cont⇩↓ (λx. f x after⇩✓ e)›
by (metis restriction_cont_comp restriction_cont_fun_imp that(1,3))
qed
lemma (in AfterExt) restriction_cont_After⇩t⇩r⇩a⇩c⇩e [restriction_adm_simpset] :
‹cont⇩↓ (λx. f x after⇩𝒯 t)› if ‹cont⇩↓ f› and ‹cont⇩↓ Ψ› and ‹cont⇩↓ Ω›
proof (rule restriction_cont_comp[OF _ ‹cont⇩↓ f›])
show ‹cont⇩↓ (λP. P after⇩𝒯 t)›
proof (induct t)
show ‹cont⇩↓ (λP. P after⇩𝒯 [])› by simp
next
fix e t assume ‹cont⇩↓ (λP. P after⇩𝒯 t)›
show ‹cont⇩↓ (λP. P after⇩𝒯 (e # t))›
by (simp, rule restriction_cont_comp[OF ‹cont⇩↓ (λP. P after⇩𝒯 t)›])
(simp add: restriction_cont_After⇩t⇩i⇩c⇩k ‹cont⇩↓ Ψ› ‹cont⇩↓ Ω›)
qed
qed
lemma (in OpSemTransitions) restriction_adm_weak_ev_trans [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset]:
fixes f g :: ‹'b :: restriction ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
assumes τ_trans_restriction_adm:
‹⋀f g :: 'b ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k. cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ↝⇩τ g x)›
and ‹cont⇩↓ f› and ‹cont⇩↓ g› and ‹cont⇩↓ Ψ› and ‹cont⇩↓ Ω›
shows ‹adm⇩↓ (λx. f x ↝⇘e⇙ g x)›
proof (intro restriction_adm_conj)
show ‹adm⇩↓ (λx. ev e ∈ (f x)⇧0)›
by (simp add: ‹cont⇩↓ f› restriction_adm_in_initials)
next
show ‹adm⇩↓ (λx. f x after⇩✓ ev e ↝⇩τ g x)›
proof (rule τ_trans_restriction_adm[OF _ ‹cont⇩↓ g›],
rule restriction_cont_comp[OF _ ‹cont⇩↓ f›])
show ‹cont⇩↓ (λx. x after⇩✓ ev e)›
by (simp add: ‹cont⇩↓ Ψ› ‹cont⇩↓ Ω› restriction_cont_After⇩t⇩i⇩c⇩k)
qed
qed
lemma (in OpSemTransitions) restriction_adm_weak_tick_trans [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset]:
fixes f g :: ‹'b :: restriction ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
assumes τ_trans_restriction_adm:
‹⋀f g :: 'b ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k. cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ↝⇩τ g x)›
and ‹cont⇩↓ f› and ‹cont⇩↓ g› and ‹cont⇩↓ Ψ› and ‹cont⇩↓ Ω›
shows ‹adm⇩↓ (λx. f x ↝⇩✓⇘r⇙ (g x))›
proof (intro restriction_adm_conj)
show ‹adm⇩↓ (λx. ✓(r) ∈ (f x)⇧0)›
by (simp add: ‹cont⇩↓ f› restriction_adm_in_initials)
next
show ‹adm⇩↓ (λx. f x after⇩✓ ✓(r) ↝⇩τ g x)›
proof (rule τ_trans_restriction_adm[OF _ ‹cont⇩↓ g›],
rule restriction_cont_comp[OF _ ‹cont⇩↓ f›])
show ‹cont⇩↓ (λx. x after⇩✓ ✓(r))›
by (simp add: ‹cont⇩↓ Ψ› ‹cont⇩↓ Ω› restriction_cont_After⇩t⇩i⇩c⇩k)
qed
qed
lemma (in OpSemTransitions) restriction_adm_weak_trace_trans [restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset]:
fixes f g :: ‹'b :: restriction ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
assumes τ_trans_restriction_adm:
‹⋀f g :: 'b ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k. cont⇩↓ f ⟹ cont⇩↓ g ⟹ adm⇩↓ (λx. f x ↝⇩τ g x)›
and ‹cont⇩↓ f› and ‹cont⇩↓ g› and ‹cont⇩↓ Ψ› and ‹cont⇩↓ Ω›
shows ‹adm⇩↓ (λx. f x ↝⇧* t (g x))›
proof (subst trace_trans_iff_T_and_After⇩t⇩r⇩a⇩c⇩e_τ_trans, intro restriction_adm_conj)
show ‹adm⇩↓ (λx. t ∈ 𝒯 (f x))› by (simp add: ‹cont⇩↓ f› restriction_adm_in_T)
next
show ‹adm⇩↓ (λx. f x after⇩𝒯 t ↝⇩τ g x)›
proof (rule τ_trans_restriction_adm[OF _ ‹cont⇩↓ g›])
show ‹cont⇩↓ (λx. f x after⇩𝒯 t)›
by (simp add: ‹cont⇩↓ f› ‹cont⇩↓ Ψ› ‹cont⇩↓ Ω› restriction_cont_After⇩t⇩r⇩a⇩c⇩e)
qed
qed
declare restriction_adm_process⇩p⇩t⇩i⇩c⇩k_simpset [simp]
end